Malware Analysis Report

2025-01-03 08:14

Sample ID 240704-dn1k6stbre
Target bfa6f8462754d66e9687394a84bf18af3a89720f9206fc438d08beee1ba43ec9
SHA256 bfa6f8462754d66e9687394a84bf18af3a89720f9206fc438d08beee1ba43ec9
Tags
metasploit backdoor trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

bfa6f8462754d66e9687394a84bf18af3a89720f9206fc438d08beee1ba43ec9

Threat Level: Known bad

The file bfa6f8462754d66e9687394a84bf18af3a89720f9206fc438d08beee1ba43ec9 was found to be: Known bad.

Malicious Activity Summary

metasploit backdoor trojan

MetaSploit

Metasploit family

Checks computer location settings

Loads dropped DLL

Executes dropped EXE

Unsigned PE

Program crash

Enumerates physical storage devices

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Checks processor information in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: RenamesItself

Modifies system certificate store

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-04 03:10

Signatures

Metasploit family

metasploit

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-07-04 03:10

Reported

2024-07-04 03:12

Platform

win7-20240419-en

Max time kernel

119s

Max time network

120s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsProcess.dll,#1

Signatures

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsProcess.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsProcess.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 224

Network

N/A

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-07-04 03:10

Reported

2024-07-04 03:12

Platform

win7-20240508-en

Max time kernel

120s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\bin\SteamService.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\bin\SteamService.exe

"C:\Users\Admin\AppData\Local\Temp\bin\SteamService.exe"

Network

N/A

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2024-07-04 03:10

Reported

2024-07-04 03:12

Platform

win7-20240611-en

Max time kernel

117s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\uninstall.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\uninstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A

Enumerates physical storage devices

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\uninstall.exe

"C:\Users\Admin\AppData\Local\Temp\uninstall.exe"

C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe

"C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe" _?=C:\Users\Admin\AppData\Local\Temp\

Network

N/A

Files

\Users\Admin\AppData\Local\Temp\nso5054.tmp\LangDLL.dll

MD5 0c44f21d4afc81cc99fac7cc35e4503a
SHA1 3d0d5c684df99a46510c0e2c0020163a9d11c08d
SHA256 8dc2be6679497994e3ddc97bc7bc1ce2b3c17ef3528b03ded6696ef198a11d10
SHA512 4e4bd35d6aa21cecbfe7a93a2ee7db8ee78ca710a4193dfe240d1067afbe10f61db332c1c85f6cc3ba404d895a959742401b615ef8ff5bd9028254c4a43a0923

C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe

MD5 4f009883567dfa9e908c5ffa25a2fa0a
SHA1 5848783144c5a04fd4fff71651e3195444156b03
SHA256 d0b0305b42c35716482a6aa08c8257c19aad225e3ffd9ab1f0de411d8b9e592e
SHA512 015e03849ccb6f646538ebb5a1f75bd973258564a4d2664f51da11e88316e9a3d2863de131f105daf2173a5c494e6c6bcc621c6952144ed4bf4bd2bbdec5ef6d

Analysis: behavioral23

Detonation Overview

Submitted

2024-07-04 03:10

Reported

2024-07-04 03:12

Platform

win7-20240611-en

Max time kernel

118s

Max time network

119s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsExec.dll,#1

Signatures

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsExec.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsExec.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 224

Network

N/A

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-04 03:10

Reported

2024-07-04 03:12

Platform

win7-20240611-en

Max time kernel

147s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\bfa6f8462754d66e9687394a84bf18af3a89720f9206fc438d08beee1ba43ec9.exe"

Signatures

MetaSploit

trojan backdoor metasploit

Processes

C:\Users\Admin\AppData\Local\Temp\bfa6f8462754d66e9687394a84bf18af3a89720f9206fc438d08beee1ba43ec9.exe

"C:\Users\Admin\AppData\Local\Temp\bfa6f8462754d66e9687394a84bf18af3a89720f9206fc438d08beee1ba43ec9.exe"

Network

Country Destination Domain Proto
N/A 192.168.47.129:4444 tcp

Files

memory/2436-0-0x00000000001C0000-0x00000000001C1000-memory.dmp

Analysis: behavioral6

Detonation Overview

Submitted

2024-07-04 03:10

Reported

2024-07-04 03:12

Platform

win10v2004-20240611-en

Max time kernel

149s

Max time network

152s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 936 wrote to memory of 2752 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 936 wrote to memory of 2752 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 936 wrote to memory of 2752 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 2752 -ip 2752

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 612

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 24.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-07-04 03:10

Reported

2024-07-04 03:12

Platform

win10v2004-20240508-en

Max time kernel

93s

Max time network

153s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsExec.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3264 wrote to memory of 3016 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 3264 wrote to memory of 3016 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 3264 wrote to memory of 3016 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsExec.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsExec.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 3016 -ip 3016

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 612

Network

Country Destination Domain Proto
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2024-07-04 03:10

Reported

2024-07-04 03:12

Platform

win7-20231129-en

Max time kernel

117s

Max time network

121s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\LangDLL.dll,#1

Signatures

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\LangDLL.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\LangDLL.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 224

Network

N/A

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2024-07-04 03:10

Reported

2024-07-04 03:12

Platform

win10v2004-20240508-en

Max time kernel

147s

Max time network

150s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\ShellLink.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1644 wrote to memory of 1332 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1644 wrote to memory of 1332 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1644 wrote to memory of 1332 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\ShellLink.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\ShellLink.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1332 -ip 1332

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1332 -s 612

Network

Country Destination Domain Proto
US 52.111.229.43:443 tcp

Files

N/A

Analysis: behavioral24

Detonation Overview

Submitted

2024-07-04 03:10

Reported

2024-07-04 03:12

Platform

win10v2004-20240508-en

Max time kernel

41s

Max time network

47s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsExec.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3984 wrote to memory of 1768 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 3984 wrote to memory of 1768 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 3984 wrote to memory of 1768 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsExec.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsExec.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1768 -ip 1768

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 612

Network

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-07-04 03:10

Reported

2024-07-04 03:12

Platform

win7-20240508-en

Max time kernel

119s

Max time network

120s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsDialogs.dll,#1

Signatures

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsDialogs.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsDialogs.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 244

Network

N/A

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-07-04 03:10

Reported

2024-07-04 03:12

Platform

win10v2004-20240611-en

Max time kernel

127s

Max time network

144s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsDialogs.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1112 wrote to memory of 3148 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1112 wrote to memory of 3148 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1112 wrote to memory of 3148 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsDialogs.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsDialogs.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 3148 -ip 3148

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 636

Network

Country Destination Domain Proto
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-07-04 03:10

Reported

2024-07-04 03:12

Platform

win10v2004-20240611-en

Max time kernel

132s

Max time network

105s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsProcess.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3268 wrote to memory of 1428 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 3268 wrote to memory of 1428 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 3268 wrote to memory of 1428 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsProcess.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsProcess.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 356 -p 1428 -ip 1428

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1428 -s 600

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 107.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-07-04 03:10

Reported

2024-07-04 03:12

Platform

win7-20240221-en

Max time kernel

86s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Steam.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\vulkandriverquery64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\vulkandriverquery.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc252000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc35300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a82000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A

Suspicious behavior: RenamesItself

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1736 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe C:\Users\Admin\AppData\Local\Temp\Steam.exe
PID 1736 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe C:\Users\Admin\AppData\Local\Temp\Steam.exe
PID 1736 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe C:\Users\Admin\AppData\Local\Temp\Steam.exe
PID 1736 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe C:\Users\Admin\AppData\Local\Temp\Steam.exe
PID 2168 wrote to memory of 540 N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 2168 wrote to memory of 540 N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 2168 wrote to memory of 540 N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 2168 wrote to memory of 540 N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 540 wrote to memory of 488 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 540 wrote to memory of 488 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 540 wrote to memory of 488 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 540 wrote to memory of 952 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 540 wrote to memory of 952 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 540 wrote to memory of 952 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 540 wrote to memory of 952 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 540 wrote to memory of 952 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 540 wrote to memory of 952 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 540 wrote to memory of 952 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 540 wrote to memory of 952 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 540 wrote to memory of 952 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 540 wrote to memory of 952 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 540 wrote to memory of 952 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 540 wrote to memory of 952 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 540 wrote to memory of 952 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 540 wrote to memory of 952 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 540 wrote to memory of 952 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 540 wrote to memory of 952 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 540 wrote to memory of 952 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 540 wrote to memory of 952 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 540 wrote to memory of 952 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 540 wrote to memory of 952 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 540 wrote to memory of 952 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 540 wrote to memory of 952 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 540 wrote to memory of 952 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 540 wrote to memory of 952 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 540 wrote to memory of 952 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 540 wrote to memory of 952 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 540 wrote to memory of 952 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 540 wrote to memory of 952 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 540 wrote to memory of 952 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 540 wrote to memory of 952 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 540 wrote to memory of 952 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 540 wrote to memory of 952 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 540 wrote to memory of 952 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 540 wrote to memory of 952 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 540 wrote to memory of 952 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 540 wrote to memory of 952 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 540 wrote to memory of 952 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 540 wrote to memory of 952 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 540 wrote to memory of 952 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 540 wrote to memory of 952 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 540 wrote to memory of 952 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 540 wrote to memory of 952 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 2168 wrote to memory of 2304 N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery64.exe
PID 2168 wrote to memory of 2304 N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery64.exe
PID 2168 wrote to memory of 2304 N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery64.exe
PID 2168 wrote to memory of 2304 N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery64.exe
PID 2168 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery.exe
PID 2168 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery.exe
PID 2168 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery.exe
PID 2168 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Local\Temp\Steam.exe C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery.exe
PID 540 wrote to memory of 1468 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 540 wrote to memory of 1468 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 540 wrote to memory of 1468 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Steam.exe

"C:\Users\Admin\AppData\Local\Temp\Steam.exe"

C:\Users\Admin\AppData\Local\Temp\Steam.exe

C:\Users\Admin\AppData\Local\Temp\Steam.exe

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=2168" "-buildid=1718904662" "-steamid=0" "-logdir=C:\Users\Admin\AppData\Local\Temp\logs" "-uimode=7" "-startcount=0" "-userdatadir=C:\Users\Admin\AppData\Local\Steam\cefdata" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Users\Admin\AppData\Local\Temp\clientui" "-steampath=C:\Users\Admin\AppData\Local\Temp\Steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write --disablehighdpi "--force-device-scale-factor=1" "--device-scale-factor=1" "--log-file=C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --disable-quick-menu "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal"

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\dumps "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1718904662 --initial-client-data=0x224,0x228,0x22c,0x1f8,0x230,0x7fef5d3ee38,0x7fef5d3ee48,0x7fef5d3ee58

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --force-device-scale-factor=1 --disablehighdpi --buildid=1718904662 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=1104 --field-trial-handle=1160,i,12466342355622504681,9869735192416403909,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2

C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery64.exe

.\bin\gldriverquery64.exe

C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery.exe

.\bin\gldriverquery.exe

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --force-device-scale-factor=1 --disablehighdpi --buildid=1718904662 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=1372 --field-trial-handle=1160,i,12466342355622504681,9869735192416403909,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2

C:\Users\Admin\AppData\Local\Temp\bin\vulkandriverquery64.exe

.\bin\vulkandriverquery64.exe

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --force-device-scale-factor=1 --disablehighdpi --buildid=1718904662 --steamid=0 --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=1584 --field-trial-handle=1160,i,12466342355622504681,9869735192416403909,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --force-device-scale-factor=1 --disablehighdpi --buildid=1718904662 --steamid=0 --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=1636 --field-trial-handle=1160,i,12466342355622504681,9869735192416403909,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --force-device-scale-factor=1 --disablehighdpi --buildid=1718904662 --steamid=0 --first-renderer-process --force-device-scale-factor=1 --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2272 --field-trial-handle=1160,i,12466342355622504681,9869735192416403909,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1

C:\Users\Admin\AppData\Local\Temp\bin\vulkandriverquery.exe

.\bin\vulkandriverquery.exe

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --force-device-scale-factor=1 --disablehighdpi --buildid=1718904662 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=1512 --field-trial-handle=1160,i,12466342355622504681,9869735192416403909,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --force-device-scale-factor=1 --disablehighdpi --buildid=1718904662 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=2396 --field-trial-handle=1160,i,12466342355622504681,9869735192416403909,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=2168" "-buildid=1718904662" "-steamid=0" "-logdir=C:\Users\Admin\AppData\Local\Temp\logs" "-uimode=7" "-startcount=1" "-userdatadir=C:\Users\Admin\AppData\Local\Steam\cefdata" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Users\Admin\AppData\Local\Temp\clientui" "-steampath=C:\Users\Admin\AppData\Local\Temp\Steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write --disablehighdpi "--force-device-scale-factor=1" "--device-scale-factor=1" "--log-file=C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --disable-quick-menu "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal"

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\dumps "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1718904662 --initial-client-data=0x228,0x22c,0x230,0x1fc,0x234,0x7fef5b3ee38,0x7fef5b3ee48,0x7fef5b3ee58

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --force-device-scale-factor=1 --disablehighdpi --buildid=1718904662 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=1152 --field-trial-handle=1208,i,5217385301849896282,17258978991601259561,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --force-device-scale-factor=1 --disablehighdpi --buildid=1718904662 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=1500 --field-trial-handle=1208,i,5217385301849896282,17258978991601259561,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --force-device-scale-factor=1 --disablehighdpi --buildid=1718904662 --steamid=0 --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=1276 --field-trial-handle=1208,i,5217385301849896282,17258978991601259561,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --force-device-scale-factor=1 --disablehighdpi --buildid=1718904662 --steamid=0 --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=1280 --field-trial-handle=1208,i,5217385301849896282,17258978991601259561,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --force-device-scale-factor=1 --disablehighdpi --buildid=1718904662 --steamid=0 --first-renderer-process --force-device-scale-factor=1 --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2152 --field-trial-handle=1208,i,5217385301849896282,17258978991601259561,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --force-device-scale-factor=1 --disablehighdpi --buildid=1718904662 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=1556 --field-trial-handle=1208,i,5217385301849896282,17258978991601259561,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --force-device-scale-factor=1 --disablehighdpi --buildid=1718904662 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=1588 --field-trial-handle=1208,i,5217385301849896282,17258978991601259561,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 media.steampowered.com udp
BE 23.14.90.90:80 media.steampowered.com tcp
BE 23.14.90.90:80 media.steampowered.com tcp
BE 23.14.90.90:80 media.steampowered.com tcp
US 8.8.8.8:53 api.steampowered.com udp
US 8.8.8.8:53 test.steampowered.com udp
US 8.8.8.8:53 ipv6check-udp.steamserver.net udp
US 8.8.8.8:53 cdn.steamstatic.com udp
BE 23.14.90.98:80 test.steampowered.com tcp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
BE 23.14.90.81:443 cdn.steamstatic.com tcp
US 8.8.8.8:53 r11.o.lencr.org udp
NL 23.63.101.170:80 r11.o.lencr.org tcp
US 8.8.8.8:53 api.steampowered.com udp
BE 104.68.92.92:443 api.steampowered.com tcp
US 8.8.8.8:53 ext1-sgp1.steamserver.net udp
US 8.8.8.8:53 ext1-sgp1.steamserver.net udp
US 8.8.8.8:53 ext3-sgp1.steamserver.net udp
US 8.8.8.8:53 ext1-hkg1.steamserver.net udp
SG 103.10.124.122:27032 ext1-sgp1.steamserver.net tcp
SG 103.10.124.122:27022 ext1-sgp1.steamserver.net tcp
SG 103.10.124.124:443 ext3-sgp1.steamserver.net tcp
HK 103.28.54.165:27025 ext1-hkg1.steamserver.net tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 ext2-hkg1.steamserver.net udp
US 8.8.8.8:53 ext4-hkg1.steamserver.net udp
US 8.8.8.8:53 ext3-tyo3.steamserver.net udp
US 8.8.8.8:53 ext4-tyo3.steamserver.net udp
HK 103.28.54.181:27030 ext2-hkg1.steamserver.net tcp
HK 103.28.54.178:443 ext4-hkg1.steamserver.net tcp
JP 45.121.184.22:27029 ext3-tyo3.steamserver.net tcp
JP 45.121.184.23:27029 ext4-tyo3.steamserver.net tcp
US 8.8.8.8:53 ext2-lax1.steamserver.net udp
JP 45.121.184.22:443 ext3-tyo3.steamserver.net tcp
US 162.254.195.71:27031 ext2-lax1.steamserver.net tcp
SG 103.10.124.122:27032 ext1-sgp1.steamserver.net tcp
US 8.8.8.8:53 api.steampowered.com udp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
US 8.8.8.8:53 test.steampowered.com udp
N/A 127.0.0.1:61411 tcp
N/A 127.0.0.1:61378 tcp
US 8.8.8.8:53 api.steampowered.com udp
US 8.8.8.8:53 ext1-eze1.steamserver.net udp
US 8.8.8.8:53 ext2-eze1.steamserver.net udp
US 8.8.8.8:53 ext1-eze1.steamserver.net udp
AR 155.133.255.100:27032 ext1-eze1.steamserver.net tcp
AR 155.133.255.100:27024 ext1-eze1.steamserver.net tcp
AR 155.133.255.164:443 ext2-eze1.steamserver.net tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
AR 155.133.255.100:27032 ext1-eze1.steamserver.net tcp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
US 8.8.8.8:53 test.steampowered.com udp
US 8.8.8.8:53 api.steampowered.com udp
US 8.8.8.8:53 ext1-lim1.steamserver.net udp
US 8.8.8.8:53 ext1-lim1.steamserver.net udp
US 8.8.8.8:53 ext2-lim1.steamserver.net udp
US 8.8.8.8:53 ext1-scl1.steamserver.net udp
PE 155.133.244.50:27030 ext2-lim1.steamserver.net tcp
PE 155.133.244.34:27028 ext1-lim1.steamserver.net tcp
PE 155.133.244.34:443 ext1-lim1.steamserver.net tcp
CL 155.133.249.180:27019 ext1-scl1.steamserver.net tcp
US 8.8.8.8:53 ext2-scl1.steamserver.net udp
CL 155.133.249.180:27020 ext1-scl1.steamserver.net tcp
CL 155.133.249.164:443 ext2-scl1.steamserver.net tcp
AR 155.133.255.164:27021 ext2-eze1.steamserver.net tcp
AR 155.133.255.164:27023 ext2-eze1.steamserver.net tcp
US 8.8.8.8:53 ext2-gru1.steamserver.net udp
AR 155.133.255.164:443 ext2-eze1.steamserver.net tcp
BR 155.133.227.50:27031 ext2-gru1.steamserver.net tcp
PE 155.133.244.50:27030 ext2-lim1.steamserver.net tcp
US 8.8.8.8:53 api.steampowered.com udp
US 8.8.8.8:53 ipv6check-udp.steamserver.net udp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
US 8.8.8.8:53 test.steampowered.com udp
BE 23.14.90.80:80 test.steampowered.com tcp
US 8.8.8.8:443 dns.google udp
GB 142.250.187.195:443 tcp

Files

C:\Users\Admin\AppData\Local\Temp\package\tmp\graphics\[email protected]_

MD5 577b7286c7b05cecde9bea0a0d39740e
SHA1 144d97afe83738177a2dbe43994f14ec11e44b53
SHA256 983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824
SHA512 8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

C:\Users\Admin\AppData\Local\Temp\package\tmp\graphics\icon_button_news_mousedown.tga_

MD5 00bf35778a90f9dfa68ce0d1a032d9b5
SHA1 de6a3d102de9a186e1585be14b49390dcb9605d6
SHA256 cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2
SHA512 342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

C:\Users\Admin\AppData\Local\Temp\package\tmp\resource\filter_clean_bulgarian.txt.gz_

MD5 836dd6b25a8902af48cd52738b675e4b
SHA1 449347c06a872bedf311046bca8d316bfba3830b
SHA256 6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64
SHA512 6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

\Users\Admin\AppData\Local\Temp\steam.exe

MD5 ce0a74211f43c9aa7e5a1f50d14e893a
SHA1 c3419ef0a20d1afe1d000d5bf35cb640fd3b3430
SHA256 f693a45a4597490203a89534d6fa64da4e886fbdde68911783476aaf543fa796
SHA512 2a5bddd02f5a39138f27a5a68061ae16f99e29c4707279f4e78fff797613580e08347ad18f6b6bbae70b3b208eb475d7f3522663760542ad142c95b63290d3d1

C:\Users\Admin\AppData\Local\Temp\public\steambootstrapper_english.txt

MD5 da6cd2483ad8a21e8356e63d036df55b
SHA1 0e808a400facec559e6fbab960a7bdfaab4c6b04
SHA256 ebececd3f691ac20e5b73e5c81861a01531203df3cf2baa9e1b6d004733a42a6
SHA512 06145861eb4803c9813a88cd715769a4baa0bab0e87b28f59aa242d4369817789f4c85114e8d0ceb502e080ec3ec03400385924ec7537e7b04f724ba7f17b925

\Users\Admin\AppData\Local\Temp\crashhandler.dll

MD5 9734b8f1dbde2e34f012deaad3d0cd54
SHA1 ab2498ba3976fc5f1b1debf1861a49bb5d31458a
SHA256 b0878682d846a4a3d8b953f237304a43961fda731f063b39c01c95bada04a091
SHA512 7deb0cd1192111ae92f2b2c624ba23db4e5821d305b08e9839120a874c83cb2ca6c48bca85ec2b91300dcc0145472dbf54345c6b6457a84fc62ae9f635282f21

C:\Users\Admin\AppData\Local\Temp\package\steam_client_win32.manifest

MD5 c1b0eb2527f93eb50c9307c7992a6892
SHA1 2b208a9af9e0de3537bef137a7f2bed01c9d814b
SHA256 919e50219d0d8fcff77805d4029a77b8e71912ab05684dca287545de3835a288
SHA512 1c60d3a523d764a74ab35c5e9c4874291288c5570410f8c6e1c4ca8ed9149b001008ee0c361be4160f057bc725447aa94f9e3100ef7ebac9e29152d102190b37

C:\Users\Admin\AppData\Local\Temp\logs\bootstrap_log.txt

MD5 a88fef5b73a5685dcc8cce7f2a179da7
SHA1 7fc9583783b1a1714a2e4e20cf4de25b89e427f6
SHA256 f9ac4a6b05b80454aea685ec050a6e35c8119f78569ade7239a24f2dda8abeef
SHA512 767230576e716cca67bd32e0295e2413d1e9816f8140f2d025a3f36e10d7b7b7a1a51ce093d9399bec0636cca8e2d15c6512c6613f47ea5348e35fc67e571aaf

memory/1736-12125-0x0000000000F10000-0x0000000001386000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\package\steam_client_metrics.bin

MD5 9fe935ff59c7d585c759066466918d18
SHA1 117a5cdb19ef06bdb2d7947f15af1d4dc8222d1b
SHA256 f8dab306a50cd0e7d1ca11af5063c5ea1834a38e307d3b7f7ff331d553d5b1f2
SHA512 252a548b1703e97989fce0cfd4d619afb803cb5ab1c7db732c7f2644068ce6b8d5d308db485ace6b1fd18eba2cf85b360bbd7fcf008803fe760c73c1c7264c56

C:\Users\Admin\AppData\Local\Temp\package\steam_client_win32.installed

MD5 fc06540f620bc3536e41b8a4f176df11
SHA1 317eabddd7c780103e9b39777ef6025b9ee7c6f1
SHA256 25d796aae65a37b21953e7bce8c21b8d48f8c3bd65af954be71d65829075ad43
SHA512 b021d71ec6d866e40cf2304e7a3937b894364a273da19b3190deec9d966d3b09349b7b2a450592d6b51ec3eebeb90cbbfa8f23bc39247a6505978da83daa9d5c

C:\Users\Admin\AppData\Local\Temp\aom.dll

MD5 d764264518e77cc546a5876c3bcebad4
SHA1 ea17d45b396fa193a851bfd345e2b2c20ad60e12
SHA256 e78492de0ab575add50b925bfd44216d224d09904a9b14c17087a92fdcbc15cd
SHA512 7cf132ea5254a55c08186ffcf5e47360ef5ddd57d03d7051171f6753b22e3925304d183c2037bfd320ad56c08e079f9b2c4640db8cb3dbd38ff500c7a39e997f

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-datetime-l1-1-0.dll

MD5 e763390e8aebf15cb2b9b5b8c9cc4e9e
SHA1 0f9f6544903700fa26c8892ff7e4881c56238282
SHA256 5963b1cdb894ce297e52844741047f74f8d86fa7e97437e26d9bc8f0094e1003
SHA512 4c8089029c0d97ef1a1570dc47a8eda08f2071332521cdb54b5b52786d078c19bf0324fa43b9d1c49b942f8eedf7a6dab606b25a3913a80f6c8d7bb97d28a768

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-console-l1-2-0.dll

MD5 f9bf7d30ea5a945b77910a06151ff620
SHA1 3158c9ab3fd9b6fed40e77abe39eb53234151977
SHA256 b4ff5467266a4f8e5d8998525a8948b8b86d51a23c2f4f7023c505c8db341802
SHA512 07e01ebde7c80fa3937f2169da9dc496f0a5efbbbc9c305e7772e28e334906054c14747fe10cca0ac1f1f275d95a08801ae7c44ca1cbddae1c1e008bf428d1a4

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-console-l1-1-0.dll

MD5 4cbad862a3ff6e7ac0f33a904d247536
SHA1 57ed831d8f3739aee41735fce679641862c36076
SHA256 32a70082cf3496745580c0e4b7d1bdbe925013300f0573ccef466e7a1915a51c
SHA512 355e5f5081588c2460b6c21818172eea17b18f6d94a958902db57a585409c8a2231a2666bc12548316a041bfce8a2eeeef2e4759a9e38900550b6a7c96d7ed2a

C:\Users\Admin\AppData\Local\Temp\bin\audio.dll

MD5 1f2d6a54ee20a1fc3e421f4617e11fee
SHA1 8faacf81b34ff7eb54c70520a15b53954ad27565
SHA256 8683b6868f2fa1f29aa4d800a11b8cf628cda3b3651575c147b1e51e89a19309
SHA512 4f52fa530755fd3dc775861f880729e9ca9a892408707e816d89f25f1ec03b17779945b3ebda228ca83a320c167523a9801afdcb526420b314df6861b9f97f06

C:\Users\Admin\AppData\Local\Temp\avif-16.dll

MD5 a09c5fa842fa4456a0b53b46f1050225
SHA1 9e4677f19e77bf55e7d0e2e82d8c27f79dbbd78e
SHA256 3d7ba6fedfdfd6e751693d718a21438304690b754d1c5d13c847a829b2423b8b
SHA512 71c962da6ed6894209891513bf9f0132a5eab6c65a5d9ba334efcaf73463be5625665a060863a106d59fad1949f6191f641aa4c59ddb0e825701bef08ef9b5a5

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-localization-l1-2-0.dll

MD5 b20db974fdaf13d7a6c518c8cc4d124e
SHA1 3939b029019a583c3a65ae0e3bc2926f0889cc11
SHA256 c7253d57e123911ca6a0cdc8c74f103fc048399224393e97bf5a2a993cc13fdc
SHA512 5dde8bc5f30b69c98eec6d4d279bf1b1747ae119b8ddf8e96515d503c7937154e74bb88d7a01ebcb2b15b0f3fc2e74344c8f0df7add45af944028e3b3cba8245

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-processenvironment-l1-1-0.dll

MD5 3d9d3eaad4d1f94fd099877e3c3574ee
SHA1 3dc985619b35e8d8bda17bbffe3fb9d73c697998
SHA256 0986c9945e4db6c7e5bf42556f28ae54afafe5d991573590bffb9c494deaebdb
SHA512 5fa46bbd7eb1df2f5c233c70f5a4adc316b24e1de7e91c608d52f537a1ffa6d5cc8b1b4c6b4880b33acefb8236d7676ef50527b737ac23be968e5bdbdcd2f368

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-namedpipe-l1-1-0.dll

MD5 38949794f4b5ed88fc604583ae0c9b1a
SHA1 ffe2baaa0dcf56b56a726e314795e70d23149fe5
SHA256 2dcec9017298d32b92223c0b9125ecf15cf330973414b3e181a9dbbbd74145d4
SHA512 001f460d03b71f52cda97f5305b15c5fc40c1abe8c6deb429ecbd15d06a4ed26f7bc8cc491629cea14492cf13e22c1817312978b6095ee06b1592004a361818f

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-memory-l1-1-0.dll

MD5 c5c07cce6b571f4d566fbb2dfcfb009f
SHA1 4379f23072f145b3c31631faebba76321713e454
SHA256 dfcea447a3436a3b36287becb215633e73760de7d1df88dd24ce0f998aadf597
SHA512 d7d53c04459d373659056ed8535982ad6c558cac6239e9fef51074e8479b8777eb2dbdbf63678868f5902b6414a446b46d9d9acb9d70f3bd3dba5cba9512d982

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-libraryloader-l1-1-0.dll

MD5 f51c295b1f6d6845be84a53ac650e0bc
SHA1 edf0d80ea2c7de134af5d1da1f07f7cd33d9d972
SHA256 6d85722c07e91050b89692e647c8c9c6fec8c39a998286e0084a4a20619d956e
SHA512 f84224a40bf12cc61ee47607fb3d367135205d7f26667de6ac930e7fda064d8322c0279fe2d67da92d8e017b9ede8a14ff26c050c35347112052e9fa840c5c3e

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-interlocked-l1-1-0.dll

MD5 64350026ead6e66e58759314ab2b2c8d
SHA1 e81696c0cdd81af0af47c696806e745283538c94
SHA256 f30dff7c389fc5143475a99945eaf9f2e36f2f50709e256c990b10459e32b8be
SHA512 6f55429adaa2107680c9d67a15b8094346b5bf295603ec7b2cbde7698d1e1f18436b6b2303b08b83f0177c77f877a33c16cd88cad13681616c0f9c3d751eb7bc

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-heap-l1-1-0.dll

MD5 1b292e0f2b2d1a67d2032b5414c280a7
SHA1 3f42ab6ad2c6fc52d11d677c1287c58bee3d0a37
SHA256 60fa39cc05a21ce16a8651331445da1dd0e5e6c0194de819b4fa6a245f517396
SHA512 b9f6da412491d9919cb8a33483147c608d30cfa9651f326aceb96c85cf5163dd85a434ed8421cbe9a6d355df650564252cbae46a4b340459bb3d30f616e244ed

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-handle-l1-1-0.dll

MD5 a6c34ff1ecc9abc954922c5e569d7912
SHA1 910709fc703f559d37ea6d7d75ee13b62cbb4290
SHA256 b71658e60bfa69f0bbcafbc8df40b118e9fc5df747e2069db0ac18b66aaab818
SHA512 c0612a7cfe143c22d9945e287a4be0378b808e974a845ba762bbff028080eb6149bf5451d1f7aa0c2cea74499b82007dc730ad51b0b2db4b0f8fc11c03f8e20d

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-file-l2-1-0.dll

MD5 b3a3f902a5fe7b70c988aebd0e523d53
SHA1 6fb07024c76cd0c4e07c3d0efa088b74998d59b1
SHA256 61365671b9fccbc10c06ccc0d4c8875dd98ca51e8d3eb77e91069b1bd11e4a96
SHA512 3bc057781870932f9703561bed8f786af9306a6a237582551edd12220e95521b8433a507ce702fa929654e930d0cba976eb0fc72fbe567d44620232e18390ce9

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-file-l1-2-0.dll

MD5 2bfcd1d1b70eef1a10c939a4eeab5403
SHA1 12656ee086124eaf205a9eb470a78bc5e3d2512e
SHA256 b0919c80eb88d5d6aeb7a6eb42344f40ebf6bf0914a45045d9606e2469f15132
SHA512 9143ffd7e00f4168f78f72e9e08e6a901ffc57a1bdc07531d73f0d4fc59ae2a114d939bf2a60313ac34aa835e6c297168f255685cbd795c748fe9c8906d2215c

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-file-l1-1-0.dll

MD5 d218fcedc1bee50c45f4e786c6d60564
SHA1 c4371579afbfae000e5b9a0ce07472be17badc9f
SHA256 13266c9674e9c663252ff2dc1a014a86cbaa42801d210f408269bd1dff681440
SHA512 efc30d116515ee000084db671a4c2d68551035b5512e7117c3c53d6ceb2b0418ee2ccdb5f76fa267be48e37d21a950e20423f95fc4e1c4d2c9e5fb47b692c882

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-fibers-l1-1-0.dll

MD5 b72dcda47e269f98aa6998df1b27b3e5
SHA1 8a68318787497d2ed4ee6d981de825c874bcb603
SHA256 b9aefe9709a17fcaf8b85168c68f42e2b57f8214e7456a82c74495b815dc5bfe
SHA512 17b00481db67db8bf8f07035c760eb7adff65d59c532711d918bb1f2bbdbb6230cd0c583f3418102b80b6a085d45d3e3efe9a641e7dfa821c8a18505e9bb1420

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-errorhandling-l1-1-0.dll

MD5 649e3b7d4b114213383aebd2dda0308d
SHA1 ba1ba5acb362cbab817c5e1a3126d6ebf600740b
SHA256 b15dd0c332b261d62a0b37b8981980a15e47b4682e6985e26f155a85f19e1466
SHA512 e667462ba457d44982337edda451a5d78eb4b6eab2e6a696ca333bdcd6688873e2c50b45e464e333ecf9f5b07dc35412bc746ff187b99e8139f9b8ef0456849c

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-debug-l1-1-0.dll

MD5 df9e90a38a99d1f609ba721a3d329195
SHA1 ad8859c5ec7f591800c0d4b6453eb10167ae142d
SHA256 ba17d3a66e3df85fbf8b82b500f1360f8598cd48a814fda3e552cdd995e6f449
SHA512 e41ba10d2c679754627c348232bd8124a01eceedfe30c88b6f7ed257895a7b59e5149d448a68415c4d2cc1a5c2c32a575f032b764a14a2330d62f08ccb87de85

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-synch-l1-2-0.dll

MD5 747bedc394cb41b6a0e1b94b6ea8693e
SHA1 e6388ae7dcd0df0396e6cfabe65be85789bf72db
SHA256 ac30c50dc71795c7e0419389f15bf7676718e23f4b786da2ccd4103f24198656
SHA512 15814d5a904fd9d8fba2eb451b27c0f15d892afe98edca36e3adf55fd2df5d516012eb104035aaff0885c5dacc784c44a1f2df3f8a59324483bcb86c8b213bf0

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-synch-l1-1-0.dll

MD5 94eb94712d2eca213b446f17c62380f3
SHA1 90a32ddb5c5c3e8757670ebc75ffc237de12f2bc
SHA256 902ae18339560e5142c87f97e9574864b518a0ca4572298b418acadecd8ac6ad
SHA512 a9d68a3f68532f8b3e698ad6aa7303ad9c5fb838bd61444f415e20537c76f463d849d3b458f5fdd8f133e46083a3dff93ec6bf48d77495beea27ce342b1f84dc

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-string-l1-1-0.dll

MD5 6e55ff194d5bc03a8ebe89c7b237e10e
SHA1 fec152c0e14bdcee73ce234be9b5bb1608b85fd1
SHA256 9f3a2d40be41b0c47fb03df21c4f7e4120cbb348553b642c5c80b92c64b3b357
SHA512 18d8353f171a34e29674dcbff59f4db7e74857c3bb2155215d4179c7c94be7d85d43552f256b002d0e72fcfc3f9d9c4999ae83bf4599c4e68c808419e1618d8a

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-rtlsupport-l1-1-0.dll

MD5 189af34aa567cd8ca0d18c1dededd39a
SHA1 0f6d013f294b267a0aa082ec3d422cf7eec2ba96
SHA256 bb2576e861a0c507db9ab2a29577803d7258eff03e52dc5f36faa51249c892d2
SHA512 e294e462cde5f099f2b3b6ac14b3771ada2ca1ec26ef485712698a98e5f4c4298a4ffed2e8cb99dfb096adf48e368ef50f30d7a5652a67fa16b250c7653d8580

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-profile-l1-1-0.dll

MD5 724d2fe0b0268b30e7db9a7488f2b306
SHA1 6cccc9bab72e205f18bb5485619dd3ccfe58202e
SHA256 074a6052a889456895d4eb8d592088b1d3858d3f6cecb884c528e74400710079
SHA512 37e6f1ddb7d57aea23da10d13a3690740babbd3634d2966a3377c59248e75982a7fe2ed5197c1ba97d7d77906235c87d78067a3430c6d45dc8a4e5fa4d7e6409

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-processthreads-l1-1-1.dll

MD5 2da80fbfb025423ba529e0ed5d396caa
SHA1 94eddff83c93411c0fb48101177b238f2cbabdb6
SHA256 a074cc02be4cfa314ddd7223c288b1a71fe74143c3229c7cd30fb309419d7aa6
SHA512 c23e38776c826f1f2c9bec5ba2b0fd0366d1afdb06b805749814472a362f0fffaa5231bd678af17ecd7640333c5af4f2607d976521f649053ea3d24c8e7e9c9d

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-processthreads-l1-1-0.dll

MD5 fbb8d74d5ca41920f285ed9d4634d501
SHA1 b1157ff444075b76bc3533b036793bda4afd96e4
SHA256 7748f69d1f67fb4afa2ebb9712687d0b9235346d35909fee80dd5cb776ce7638
SHA512 a7d6ca4666eeedc5c4bb3db07919c4d08efa67638d0cbde7cbaaa5f40a59f2c61745fc129e882d47a39a561ea78aa7ff309286921945d940ef26d121bc865cf1

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-runtime-l1-1-0.dll

MD5 af184e36ef33584a5af2e23ce8d90c91
SHA1 5b518eb0bb17d45e5c7e2cb3ae16d5cf981a54ce
SHA256 b350748aa75d4f06e11c228161e1e94019b38aab9f5b59ca84db27acac00442d
SHA512 4190753f181c24592839bc52427ef65237ee8ed21c58d04dc9d5d4c52f0f9a00bc98443e1608ea665cf0fbf9dbec5b9be7c1d174c687b0ef8c47541605b2bff0

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-string-l1-1-0.dll

MD5 4eb2c6779a43c3be314c37f4ce88c647
SHA1 d6a30623bddc2436cfbd56b003146f98a4bd36a3
SHA256 9b05a59ea3bb4365385b718be93faee0f4d8470f244bf32ee21a4fa23b738076
SHA512 1fa95a9d690e94ca630ad9c9e7bbee441e3ab48c2b0022ce3d324b5f0275aaf718750d988de83ef751105f7a0663633b4a8f632d95eceeb81e9d5b394f555a17

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-stdio-l1-1-0.dll

MD5 977d803ac9d935b15fbb8d96f920bf3b
SHA1 558ae5c0bb4daa27e4e97a0e07a729c379777181
SHA256 509e51146b6a3e77b82cb786e17d4d52e398064446c469a45ad0c087ac5df270
SHA512 03237327bc1e9534c9d82671938d3f019be7785f8727772d901cf03a3175b0118d6952c32ce49bd2b12160077e997e41ff140b848199bbf24051d5299a6ad74c

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-process-l1-1-0.dll

MD5 39cd364433575b3811f032005c229e5c
SHA1 6f8789d3191cd227375395b3d47837cc21d2baa0
SHA256 17394645fbccf060d02902c9aa9522626383437c1dd83554e3ac564e50f62716
SHA512 0fc2e80f5656624c2bdd7d847a4eba23cff81e47313d97da09ef76e9287ca96cbc60809232417957cd2c3078b87f8da353ba11c62a37df3a2d17369cd8d7ddec

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-private-l1-1-0.dll

MD5 9a786144e410dfa13579eb73a375d918
SHA1 811d783ea1d4b799e6ad51ec5720fa9e9b60f158
SHA256 c9dd515e999f64af123f396d3deddc49012011060c843e5edb4223345143b0c5
SHA512 3877ebbfc62ea741f77ac1ef04e969855af17ccaa2e3df9a18895b794ac6a3dc2bb4ebb8b46aae5cfc5bc032741f3dcb8a6df8631bf169ef7457b13c8b277620

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-multibyte-l1-1-0.dll

MD5 d099dba2a0c6e5a6e53bd09c4d09a23d
SHA1 e925991619eefffbef71fef5374cb4f29c0c046f
SHA256 3b6f668eaa9efcdb8b36d57747666fe76aa4f3b7873ae83bece0099f105bc145
SHA512 0c73c00a134895bbc563676f9314ab2190fed2db9b02d5c9500b0f735dcd37b46c262920550eb6959324499dc9d0337fde731e1221f8d1185023737401d51745

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-math-l1-1-0.dll

MD5 8f8dbf4eafbef6a3c488bfca1529e06d
SHA1 a8c916c20326aa6960e46608daaa39fe09fa8138
SHA256 f1d44a0a83fa84f5fc9a05008f57174930d42db834ddadb3e9df7650042961fc
SHA512 ebcff256e4f9a6035a02b05dd6ba6d1c652151d76a5b553495925b692496c18663677dbf39a7d7827af9d13cdb81c4064d9e21b0fc0123a65e0432736192c3e4

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-locale-l1-1-0.dll

MD5 74add032773802678bbfec4d07c2f95a
SHA1 f30cd5da7d9768696d0d57cde1ba7141804ffb0d
SHA256 f55be8b606d5715e54cb795b822aa295c4e0e92170359fedf0f72c1fe07057f1
SHA512 7f2e74a2d158588aff68ea5a23237f5a08d75ee1dfc72c2b8ba4c1a172cfa826eb71ed3dafe524dc6ca4eb4d96e2d1fffc6a39e85caff5aeb3925af761623da9

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-heap-l1-1-0.dll

MD5 295a7f69076e8e789860bb3d566caa0c
SHA1 4d7ee1025ac08ce85f95c620949f9af9a0b8ad3d
SHA256 516dc0852025a741cf5cfc6be3e4ad791d4a5aa692fa35498ba7b5f146d54a1e
SHA512 959d1171c77a0c7267d69737c781c0e66cd9f513a6267e8e5c986677aaec4facae8e024bdd0a3a6ed4905df116e5d80f706d51da0a3cf26cafda2b13bcd86c14

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-filesystem-l1-1-0.dll

MD5 d2b88081e89aa26e825b04c15ed158e4
SHA1 3d6073d8ca42ef7fd671856cbe7eec20bd78da23
SHA256 9da16f7fb466e63a5ccc24eb7ee95a80ed4216e925545a59fd6fb5d7236211f3
SHA512 4544ee07592758723947b039e7f4712c0658ef40942355e3424838aab6382c110366c9013cbd042a605bfca73b6535cedcd146db8a6e850bdb5a50f4132135a5

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-environment-l1-1-0.dll

MD5 c1da1a8ee38c89a989b8a892edf48099
SHA1 0a65c36944a2c2e210d96ca394f5065dae34f665
SHA256 f2d19e04a9fe1a382fe5c492501236a0cadc9f106036af8496a8f24457a3feb2
SHA512 085acf718846bed78e73908481aa61b3bc64ff8dd7117baa556a535b5f32d304a2f6d20cae06b0c43ecb5c934bcff4758095a0638aac428a98036e91d3047908

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-convert-l1-1-0.dll

MD5 75f7dd0261c0a7e89abe0971a6f7fad1
SHA1 a657010c0896034178caac01093430a9b550745b
SHA256 d8f04afab237a0177bc3062c6508c57f884c23013985d3c48af26b7c25028949
SHA512 07960af507910ed1366feb86487b3eb0d942f638eaeba85e1fb1bcf1dba09359c95ca93488cde969259b7e0b78df8a418e62848f49f40d3cceb8cd5f52bd5760

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-conio-l1-1-0.dll

MD5 09a4172deab1aab62c3eabfe126b2cd1
SHA1 5ecfb94c505258be83a471a22979f7f85960bb02
SHA256 56fb8c7b7d12814ab0f5fc2eb69dfe98c3e9d00dc554a5e00f2ffdf9fc8728d8
SHA512 e31adafece4e16a76e1cb54d92d82edf441e5c5e3a9c8c68d63bda6f9014705b3a9eee4502bb492b09e3384029878ebb28b82e5c9caf95f8fcae8347aba6dadf

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-util-l1-1-0.dll

MD5 27262395d098572d6babe49373d357cf
SHA1 b6c3bcecc99ad8d03a4b8672422a5aa5199eb297
SHA256 8b2197d96a4a01465e0062d5854a940232734123536ebd3c4f4116efae772688
SHA512 42e1b4ae70cd97a50b6459ba0f9375de0e1586930c8b9cc12884794de1da905fc7d766811785a98f81f13dc77cf8ba6aaa5ad8592cab4a5b873df9027fbccc82

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-timezone-l1-1-0.dll

MD5 b4bfb5cd23ca6f9ef9dfd43f70e8bba7
SHA1 2ad09fc7c204d74b4c3c67710a72e10b699d7345
SHA256 e3d05dd8f99995cb289b3f86eaaadd99a0b1ca2e12f0a0db22feec335a938111
SHA512 023d892f449f578c68074a77b46f7fabc4688a276fb0ced6b1eb6c91037f296776e2ddfd81e71c4f8976285b2e1d5d35bad2fe0ee93ff661b78d45fd34cdf476

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-sysinfo-l1-1-0.dll

MD5 d2716cd25fd6ac67580982c8efb5629a
SHA1 199c6b5208331881e9425904e345feaf1af45b82
SHA256 329149e3a2360b9e4231ebae9fc3c467d3c560195fc3bc5d2fd31c6a5fd65da5
SHA512 cfca74a6b909bb7d1e20487c4c3bb8e20e9970b49b14fe9d693c5b75fc4b83d8dcfa4ac085fc8db4ed76382266c934939b4e41a70d4ec5308fd8c7f065ccd95a

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-time-l1-1-0.dll

MD5 6f44147a91b963156f9dea1c98716aee
SHA1 008013027a74b8d01a8919ec6cf87523e0f4c195
SHA256 5b631c6ad94a3c4324441218a56e40e787f42b1b4dfeabc62219108e1f94f909
SHA512 ebe7ac4124a7c73964c3e6f83f7d6e500b406c8b986fea3f07f8f2fd715cc3fd4a2415a4d5944e72c12f88209d262427809be41849afa7f0ab5924a76da09378

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-utility-l1-1-0.dll

MD5 5a7d13e6bba89541eec057d688873fe3
SHA1 06a2e58128cd5546307e1f460b541a279c93be02
SHA256 342c302523d87300f0681385079d43910b955dfbfa9cbcc0294e9d7082737845
SHA512 8a2417797f99111b0126a69e061378ba0b8402e86a41d20798f974cab3b7c996553e5b0d3152a7ae369f945844a99f965e6fdfffd0483999174ffd79662d6268

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-downlevel-kernel32-l2-1-0.dll

MD5 860c422073ff7fb5ef9b2981a29b1d7f
SHA1 b62651108a60afb5836a158d977fb4a60bb7d950
SHA256 661624d83863560b6631e61bb059ce12e4a81c264b278c924b0fedb64f531a91
SHA512 58af3c15d7f9fe401c0fa2d4571920227cc790d2458153b04beefb9054c13b06c9c3c8af4c6ecc0298b94802e6cb7a1f69c170be540b8d2e83ee03d0f4b54096

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-eventing-provider-l1-1-0.dll

MD5 9d49b90f5f2576331cd4a8e341150b00
SHA1 da0e87790579dc685f37c9e7cec96b5f3e4668cf
SHA256 9115fe3d50b3002921f4e4d00454b671ef5f632e13efecb145ee179d46ee9ef0
SHA512 4c1ebcf0c1522dc806ee2c9f6889eaf075a57665025132d4a5d18a266a0c037e306c13f5a4bfd361a8e90f4df4cd7885dd6792ce77a7ab727f50d6e670f1e04e

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\chrome_elf.dll

MD5 d1a09e0f93f67fd004c8bd8b27a0a9d7
SHA1 4882f2c4d31516b024007a316fcb095223c9d662
SHA256 b859852cef9d62d7b82d5e2db18e98c33361a308223051f72cfa77a29aaab557
SHA512 0778a4547cef5598af335ae683daddf980f6043c401381dd753a57655de34ab7066e2ae21f873b69d487121605950644ee9569a9bffca2fe3bd5a7627382f9b5

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\d3dcompiler_47.dll

MD5 129a6a5b439700c7992caaaa1913c3ee
SHA1 658b02bec515977a0bc2218e7ada2e55d917f43b
SHA256 e52b155fb6c915d1db04d48ed8dd7025514f81e33d0d86d5f0d71bd1ad92cfc8
SHA512 0f85412f9ecd2aabc7243e8bac805e68e84e044fdab4f5cefff3fcef79f31e5ce0db3edffb05de8179898992b80a27497dff7b5421d9ce07dec14ee7eadf1b7c

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\libEGL.dll

MD5 a5fd94ff62f8da64198c565906f24f33
SHA1 27bf7c895e9e6ac3dcbc89bbca913f6324042e92
SHA256 e0c1cc83d6f0e0bb228993e7a46f026b5a904aca03d5fa237e1a4c00c00c7a8b
SHA512 b98cad6d884d2971ffc267055f5cad83c122f7828e20d899b09c399bfc7577ed6a4b8f90c38d0f6b3e4000f895a5238d521e82700cb0aa610ebc8bcec31ee822

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\libGLESv2.dll

MD5 bd25190140be582a0eadec4ea303794c
SHA1 74869deaeb7c3c8b5948bf561ff34fc2eb45f8f8
SHA256 f4523a293f4a4f8b656e7db31f0b7ccf01a83d62e4665f00abd3c290d564ea01
SHA512 c60bfd0b25c2c8986f443b01affb7e6c1a1a1dc59bdd2ac094542d98a36105f723573acdfbe76ecec8c5c8669a2b7448ee5211285074d80c4fce456ea9a948bd

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\msvcp140.dll

MD5 a0b8c3ce44339ae58b4124ea54b8c942
SHA1 68467b3bbf03aaefef39b5ba006fae83cbc48f57
SHA256 e84e94e230782a971a121103861db6d6877d2bce1308182650177cc251d08eb2
SHA512 4000356f858d0951884158f62bfc229854973ab72831cb30a9bc20874fb68451e8b22750f23d6a397fe32de85c3afe9df0917760478c9784b54b2a7bd717c0a5

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\openvr_api.dll

MD5 4398179b668c70f4464ce9448fa0bac3
SHA1 a12848d2488fbd31a2481922664a2875f162bbdd
SHA256 0ba4d3049449403e1966cf8922ac5c2e6130fabe72c0cc6b3218da82f9110ac9
SHA512 98db440b4c220a9e71b60104c819c402bd88b6c10b9ed518660e8550884fa518e165bf20ec2d85a4bb5c379a28e9524d4b69dd25dc599e062498670fe8f28bc5

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\SDL3.dll

MD5 bb75f1052411f83aae98b4242bfc5d83
SHA1 00384e09572f8952da0d891d7cfb416b0494acb2
SHA256 95a5f33ff16d89c8ffa1e4f8aea8cafcd55c1a5e66af7624b5052d0ebb8bc97d
SHA512 fffd47a594a8202d2b65169067f1d6dbc3de1d6aa31a34374d757ec7d13ac9df34eefb7740ec0b6897bea3b7da9733db8a7e83fdea36c6ff56554a45d8d03e80

memory/952-12192-0x0000000000060000-0x0000000000061000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\CURRENT~RFf76f631.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Steam\htmlcache\Local Storage\leveldb\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Steam\htmlcache\Session Storage\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Steam\htmlcache\GPUCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Steam\htmlcache\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Steam\htmlcache\GPUCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Steam\htmlcache\GPUCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

memory/2168-12517-0x0000000070640000-0x00000000719B9000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\Local Storage\leveldb\000004.dbtmp

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Temp\Cab2CBE.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar2DFD.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c7fe187236b32a5a3f5448ae69ef4d1e
SHA1 d98a460a4815b24108c687e1d8539314f0e10b90
SHA256 6b1a24811bbb52ffced59fdceeeabc9b33a3e3cd8bc2a1f17693a1203efa261c
SHA512 5d38fbe78ab5977f23722052cb57c7b29d65b2a8eff90d1ad02d946ac396c1140ac43e286bdc6f23b8a623376b542fb587548782378dcaf7a4bdfe2630dc132c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 26a4ab70098ffbdc0a8987200e94bace
SHA1 399dcace46573911d9e7b97f640949880596ed32
SHA256 3d4ad1b4d8320691f16d146c3d42a3eebbdd5fc19d0d143775a24dfddb1d903f
SHA512 3619592936087d53e7cbada3e3ef0d0aa5c98daa5783892fd2356ea4e6b7e1a7fa2e91b6edf15199849308373597de83003a9ddc6d60daf75a072ec8ec60094f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 061a50cff7bc5b5ca94941735b527379
SHA1 d681a4a3a6cafb150538a1fe37389adc57a0f6d0
SHA256 4e0ce49caf604d793d5ce5ca4d2f0af4cdb300bd8ef98f278cded13d059bc48d
SHA512 1e420668f98e195b19b4893741a6077783127a96d20acf46cf785516ddcc383f0812d5042aeca3caba08f0c53c12f1bacdc534edb7ec2c7541011fc051487a92

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f91783ce19ef24b6313cc5af4dcca2ca
SHA1 f79ecc0b9d4400b64e062290412ceb9a21a93fb7
SHA256 5aca078dc4f663b46bc95dd41cfa824876507f67426cc3dd3ccc62373f78fc59
SHA512 a4321e814a05281e75df71d9aab22f56058d9843828168b4650b7393c355fc78bdfa9563e41fe72a11ab1994d80feece6e005420a4c26bead560265e0ba3c7f1

memory/2168-13003-0x0000000070640000-0x00000000719B9000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 edcd1813e18c1604e4f0d137d0409411
SHA1 3793b9b4246845e163139c40cbc2f6f92cc49771
SHA256 fd468e7799be701dea0a9f34d0cbca1ead1a999f5e3211961d7b6fb00c957515
SHA512 37a3a4d984274034b7334c1281f16692a30ddaffcb9065d981bc035d5c440c0b2510e840048f61b98fd6e5e571e5c5a4ddea56e90b22698f4493147ff9094a70

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 24a55f4a6a33f3cd3ac82efc3addf702
SHA1 032afa77a234708e87e649d8594e279421957f4d
SHA256 fccd2db5bdae25db5dcd8a1609b94cb2994017e33d2dcad8330d3dccd95b552f
SHA512 0b432d4ed68f164ef491d08075a71122bea93e893411fb4e9120e35153672031be3563d7a7300dade597ce53bc6ecf8101902876c00601f004d5a6ece8c12157

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5da5284984399b29483aa36ba9ef110e
SHA1 bce3dca1e767b2a8ed90d998af26dee472f7af9c
SHA256 a01489a71d1b12135af615d50d8a242bc49f34e1f1e5c1ffcdb42d79bee7f29b
SHA512 cac47d9801bbb7f4846b2f72beaec299554c300b6a89fc7026e44ef0ef2ef8ae3fd7bad9f77de5903fa2161a42c7c4d3590a17e99093bea91c4d1cebb426dfb5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 36d84edafa41919001dff02250296672
SHA1 170827999f9f024bcfee4e960cc56b394df9ec00
SHA256 ae28d31aa62358de77cbe67fe60c5e782351b13bd2287c5c1e72861a1f6b2e2f
SHA512 a2d81ed0eb9b2ece756a70475666637383798bcff756e252156fc6fc68bf16fa25b98c1fbfbfeea4f8dc6855c3228c686541c6c63d2bc3a2535ff7051d35ab1c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 486c816cf1260e8339e03da2cc1177dc
SHA1 c912df3b97adb75a528e1add01be149a48228b85
SHA256 bb9d07603cdeba1a9a777b26f3aea64930d0e038adf95154fe9f290ec7f3ebae
SHA512 a439b0a31a0e4785c7f49fb099d92e5adcf1ff2eb08c0dfa10987bbb2bc2ccd1466ed61c6426eb8f0ffc3b65b7af7609cc67c34d4af93741aa887df67b3cb670

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a8a5eb1d927bd87ffcf8217a70c8058d
SHA1 5192c811cba0b9e43c800ccff0e9131da22545bb
SHA256 a55436e2b7a5a46dc56946d2e10f7f62b0a215e313069e75acdf865a962a19ca
SHA512 2889e608ee3217c1c66d546dccec6b083ecad9ef6bfabe522ebaa36ad050254b98210c58a0ea0e8b46d72f9ca083ba61684dc39a552c60daf811fe8b32396d7d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a9cb0e83448a1b7e707fa5c1d19d0131
SHA1 297403a47b7a8e2a2caba2cb4e030765a095a057
SHA256 e07e1e74a82b3c733d4f2a2af0e6b17fb25b863bc6187de1e7d631e3c1027b41
SHA512 3a6723b61a741f40c844ab0fe23ac7faa7d073de32f4184790a99ad5fa0cd44a390e41661f0f7daa702e0ba43f26dce372db84bbb2b10c7b4256879392633243

memory/2168-13524-0x0000000070640000-0x00000000719B9000-memory.dmp

memory/2168-13529-0x0000000070640000-0x00000000719B9000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 716c7e2ec4e780358014d5808da75934
SHA1 65853ea323480926dc3f4f10382d0aa557b86e18
SHA256 fac41afd73d3632f682b0dece8e4cbca4da192fc4d785f198977868b92e52457
SHA512 4fb8805f2c7020806e4ee986fd300325f267188213203e52979818435628ae8e2b2acfb06936dffd9d41d75a61e3389d48e043ab3f236f38753e5325d4ae2c28

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 611cc245bebdeeaa6ad09abd1b00d559
SHA1 cfa52df2d2b5f1672370be6cf15c8a2b0c34b77a
SHA256 5557c1ef296da2da6bf95cb5fd63f27c989a7094230d376e7de2c3b5771e69f4
SHA512 1f9ab04119a606e20a01959ad86d60c0f25d07562f81c17f03ce2d6e817412f335ec7c3d3482ec02188eb134c8487f9c3a3a714b0821ca30694d705b02f5aed0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 db9a349957fc49b72dc7ed3cddf998d3
SHA1 aba171810dd2dbd366387cb799f0eec8c02a5c83
SHA256 e840593854e6dd2afce80432098c456020fde15439115a5da18234a74b38f61c
SHA512 f7a767f3e139fbcaf11ff933f14739b9e93adeb0904f5da2dcf3a79366a408f4199c3b7ace135e26891c302273b5dceba3f488402fded22a13c34feca756b07c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f09aea4f9ff63adec78545fa24a969b5
SHA1 9f4490ffb08972b344c9bda77abc46b796b16e05
SHA256 5a6dbd21dcb05469300644945fef0f20c88bcc7c16156f4c2ca77da5e832414e
SHA512 b4badeb4a10efe957fc98aea73291a8f18f23b11c0d6f82c11b716afe0268167bf93911ce1b7626099e3c8573c224865c6df4760268b8bc0d14c132d4cbd8aae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3ac77c1d87f6caecc834f6515fe1f0e2
SHA1 edeeea375f89db710f14dc790141328b30dc297d
SHA256 7f0eb67e05fa5882087c85de9b6289663e45036a6b3fd009a90e02af9baba35e
SHA512 facd51882281d80b78087e8d86cf1784e25ab5efbe6b982e4f23cb01471d90d561d2793c2cb8a5b14fdefdc673ac76317c8fa5acd1fff23f4723f49517882fdc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cc99f6ba4f9b836c497d41972706248e
SHA1 b7fb60947d177e9739157e3b799687d4e0a41c83
SHA256 0ec33f86865b95ffd28bbf157f393a542ef857ab16841d7606800cacf9bf97c5
SHA512 fe1e84ce3f7c8209449e61b20305fb265cd4c132ea7a403050c50394da21d9fef4e5b4b38db45d9a917150ce4a4c584a047d64ec654c66b6f19c88586f17bbca

memory/2168-13830-0x0000000070640000-0x00000000719B9000-memory.dmp

memory/2168-13831-0x0000000070640000-0x00000000719B9000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 8f63bbff8e8606cb0be7971d735b72e7
SHA1 6f57bf5d0ae1db867407b09c9f31268aae755291
SHA256 160c506e734ad09375991782ac9589d9dd5cc660aaddc6fae6369b964413f3bf
SHA512 f1e6cd6de419ae52507c7c5b8b5c2cbcdf716cc3b28a06dac6c22d71cdac0da775c99df39cd9d962b5ae842d432c205fb68ce3d5cc2e6977ebf38c8e7324d51b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a54a9789aa36bc6739f9cbee7ad24e2e
SHA1 acd1d799f01b3fd07dfcd779734d78e3876c6f09
SHA256 76ecf86ef89e04f3733a723d68d28a3d1f088b323818245ac53d9212ac79c693
SHA512 aadb58ffbe0adf3873d0e97b5dc202e1a038e57fded9db7c8e007eff3f18e01f0fc4e0e8ba283dbce76db4852809fcb4f8de1264ea71581a99ff89533efbb258

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 924074772562b21f19a9388f41bb13f3
SHA1 05907ad741aba3b2c43bd785b548f5c95ba26acb
SHA256 0159c4ffc74c63b25e7fe45fdeaa014a540a44f1ff053c04a0323ff95caf2558
SHA512 e58855aa7085959a7893d53693b2d4aa3e5d537da32ed744b31aa19d01e9015f5ae78b71ee735f37f327c50b4a479d1895eb433f613d215898b987647c8ac01b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2791a44fba3053581349a070c7debfef
SHA1 26168fb3ad9a6b562335ff10f207c7d3b1e99b53
SHA256 cac4b9e0632b595a0df65b0332d604627165af2701c7fdf83ce9736453ff28cd
SHA512 a92d68635efc07c82fa0d192d6acb2dde02cb082a0bdd3698ec215bb0517fe997f44dc11c1dc7ab9b5c5a1a826a4aee2e3445bf9cc9530391824e742cce6abfd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a97ef69df227fee361733fd46a077301
SHA1 d91e3ee96f9a00f0edd9e7da3bdf879803479466
SHA256 85c7ff8ee444ee2daa35dbba97dd1947f18e10af185e79c6bf1fda10f500fa97
SHA512 e2a4e75c8331ca8e5723f9c7d52a682408cb6b8c7b0a705892a52b63f10c43a22f9d863fa52857b40c9aa131c71c67f3b8a1fafad2acad2bfefc1c28a65759ee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 34f2b01cf163d4bbf9ce1b679cba12e2
SHA1 9e61d01abe92bb75fc576bfb373a4634a5e00cc7
SHA256 ca220b31fb435c110a58dcb59c8c6b9e9ac4e67dd038e15f0b5cd2a8d1e47fba
SHA512 81ed74b295592ca61bf12fc83dd4850be531e24aacf0db7f50cf20ee460679c74fa12c8b84570e65480e92a789e23f44e4380d05d9f484fe6b8f9f485babe282

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 77b50b417fe1b5ebebe1c88ccfce53e8
SHA1 0451f670da2b37756e34f57a8e02973927fedd34
SHA256 2a9eee07e819210e7589ec760af03cb704dcf22425fe0eae72d2061fe791cdd5
SHA512 823cdc487dbc55af7bbd5417db559dfb17df252ba7b3f356c561f1288ae58ea7b572d8a3f246b9cb58b081803dbaebb5e052e6eb75219470022e6e9b764ae0d5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f6d3b7777914a33e8d746704000cd949
SHA1 469ce59b9553756fd76eeabfd51032adc66cbffa
SHA256 b57acd8754894336c401cd9ede608d4c35d5c73fb7ad370346c139e0970993e8
SHA512 7676414e4a560df52974154ac9f48b06b12810e4590573a9d2708f7dfa694d52521d4abfe47307c7258170cd9e6b2452613332aeb9b9b07ec8ac86e3c430b528

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f694435c92db6523b55fbf64d22bc101
SHA1 206062b15a8346ec6dd4411799cf81ee663c1063
SHA256 0acd9be9a8f888f90e4bd5f983ff4bdcc6c94189a9fc86d17e1b87175fa7026b
SHA512 b7d7f5f56798fa6ab8b2b18ddaafdad211f689792461b03173e5bed041fb05c6c4e375b80fdf287b443b5c29f615088ac1f3f1c478a8fc1f57ae4906ea445910

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5741185c5447b116db7ee7b2f68fb91b
SHA1 ea85c0a0e213b73d02c7d81fee7c12dbd0c609ce
SHA256 9fa31aef4af3d7a83e2a52b48710782b5d9df54465aa07103a92bc1b8f9929cd
SHA512 82877a34fcb40d0e04a38bd0866ed8d9f62a137fbe70351725ec33118e8adf0fa056368a70772fad78544cab1d7c12e87a2e87ee43392068bee6aabf3f92b78f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b4311c6b5f1eadb221386655ea0a080d
SHA1 ab41a6caedff0f1b9bd04ea59e77de5181dc72b7
SHA256 dbbe502d79ae376d8470fa212588ebe0c217f19432088b2a6757219d4f6f754c
SHA512 71b89936f5c5e56c1a5af3118b45575adf249c1e6ac2c540a5b637c8ba30754a065961ed49ce63efd89d324784db7f6551fcd8b81bc84bb9f06bbeb5800a0f29

memory/2168-14386-0x0000000070640000-0x00000000719B9000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b69172f296ab87206f376778333accdf
SHA1 bb504b94adebe31a86db1398bae0337272d17ec4
SHA256 d9cb84298f40f1d000a19fcdad478c58454b8b4c1d6d025615f3bccdeceb95c9
SHA512 2b6f88311d75f106e6570a2a53c827409d930828ba2c7044017b569033b97560367f4aa10fcab5960c363220c737495166bb9799c8e0ea79e6cb7ad78a84e695

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 67ceeb1ac2d69a0b1da63f32b99cbc65
SHA1 5418f81e7479dbbc403500cea91ad52dc0f6b5bc
SHA256 4fbbbfdfd64885392aee35d62f43070ba9e1108364b712a239e927c3446efea9
SHA512 e943913a50041e5cf111036ed9c49c8f293f4bbf3d0f0271a8d7c40863298be61a0a5199e12d21da14d5fdaabd7afeb87601f1791742813d6a92426d1b1caac8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4d96f11cdf51163031a6bd32b3f7b8bf
SHA1 56e403e2b38ecb74e9d3a4b852d91a1df5eafa89
SHA256 e15fdd58d2293bea4ddc24961720bd18fa251ad06189f79a66c19da954f83363
SHA512 ff6cc59b1293f19c2337181ef3fac0a7fa9746e01d2c0d16bcb7cffd04bae51c1513d98bae46358bab26f14ff2ce2caf08160354e824d98e5c1e72129defa71c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 82c2ef00021bfb8f53e1f9af015640a3
SHA1 12cfcdd04e2a5d14d849462cfbaaab1941675182
SHA256 d1c36dfdbbcadaa063d1baa0ee1a18142477ae18c3275ab55e07425980ce0390
SHA512 5844f5061cb9b0b76c9604da7ff81dd0c8b63bafd58d8ef0745fe95f68bd32c70530788ed6fdbaafa07cf1387b6a99add01e2b968d906116aabaad6e5be2f2b4

memory/2168-14653-0x0000000070640000-0x00000000719B9000-memory.dmp

memory/2168-14662-0x0000000070640000-0x00000000719B9000-memory.dmp

Analysis: behavioral16

Detonation Overview

Submitted

2024-07-04 03:10

Reported

2024-07-04 03:12

Platform

win10v2004-20240611-en

Max time kernel

135s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\bin\SteamService.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\bin\SteamService.exe

"C:\Users\Admin\AppData\Local\Temp\bin\SteamService.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 107.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-04 03:10

Reported

2024-07-04 03:12

Platform

win10v2004-20240508-en

Max time kernel

148s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\bfa6f8462754d66e9687394a84bf18af3a89720f9206fc438d08beee1ba43ec9.exe"

Signatures

MetaSploit

trojan backdoor metasploit

Processes

C:\Users\Admin\AppData\Local\Temp\bfa6f8462754d66e9687394a84bf18af3a89720f9206fc438d08beee1ba43ec9.exe

"C:\Users\Admin\AppData\Local\Temp\bfa6f8462754d66e9687394a84bf18af3a89720f9206fc438d08beee1ba43ec9.exe"

Network

Country Destination Domain Proto
N/A 192.168.47.129:4444 tcp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 24.173.189.20.in-addr.arpa udp

Files

memory/1972-0-0x00000000006F0000-0x00000000006F1000-memory.dmp

Analysis: behavioral5

Detonation Overview

Submitted

2024-07-04 03:10

Reported

2024-07-04 03:12

Platform

win7-20240508-en

Max time kernel

117s

Max time network

117s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

Signatures

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 224

Network

N/A

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-07-04 03:10

Reported

2024-07-04 03:12

Platform

win7-20240611-en

Max time kernel

119s

Max time network

120s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsExec.dll,#1

Signatures

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsExec.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsExec.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 224

Network

N/A

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-07-04 03:10

Reported

2024-07-04 03:12

Platform

win10v2004-20240508-en

Max time kernel

120s

Max time network

50s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Steam.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Steam.exe

"C:\Users\Admin\AppData\Local\Temp\Steam.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 media.steampowered.com udp

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2024-07-04 03:10

Reported

2024-07-04 03:12

Platform

win10v2004-20240611-en

Max time kernel

133s

Max time network

127s

Command Line

"C:\Users\Admin\AppData\Local\Temp\uninstall.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A

Enumerates physical storage devices

Processes

C:\Users\Admin\AppData\Local\Temp\uninstall.exe

"C:\Users\Admin\AppData\Local\Temp\uninstall.exe"

C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe

"C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe" _?=C:\Users\Admin\AppData\Local\Temp\

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4268,i,7869973516895866428,11647313872437892197,262144 --variations-seed-version --mojo-platform-channel-handle=4160 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe

MD5 4f009883567dfa9e908c5ffa25a2fa0a
SHA1 5848783144c5a04fd4fff71651e3195444156b03
SHA256 d0b0305b42c35716482a6aa08c8257c19aad225e3ffd9ab1f0de411d8b9e592e
SHA512 015e03849ccb6f646538ebb5a1f75bd973258564a4d2664f51da11e88316e9a3d2863de131f105daf2173a5c494e6c6bcc621c6952144ed4bf4bd2bbdec5ef6d

C:\Users\Admin\AppData\Local\Temp\nso220.tmp\LangDLL.dll

MD5 0c44f21d4afc81cc99fac7cc35e4503a
SHA1 3d0d5c684df99a46510c0e2c0020163a9d11c08d
SHA256 8dc2be6679497994e3ddc97bc7bc1ce2b3c17ef3528b03ded6696ef198a11d10
SHA512 4e4bd35d6aa21cecbfe7a93a2ee7db8ee78ca710a4193dfe240d1067afbe10f61db332c1c85f6cc3ba404d895a959742401b615ef8ff5bd9028254c4a43a0923

Analysis: behavioral20

Detonation Overview

Submitted

2024-07-04 03:10

Reported

2024-07-04 03:12

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

151s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\LangDLL.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 64 wrote to memory of 4464 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 64 wrote to memory of 4464 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 64 wrote to memory of 4464 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\LangDLL.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\LangDLL.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4464 -ip 4464

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 600

Network

Country Destination Domain Proto
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 52.111.229.43:443 tcp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 210.143.182.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral21

Detonation Overview

Submitted

2024-07-04 03:10

Reported

2024-07-04 03:12

Platform

win7-20240221-en

Max time kernel

120s

Max time network

121s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\ShellLink.dll,#1

Signatures

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\ShellLink.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\ShellLink.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 340 -s 224

Network

N/A

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-07-04 03:10

Reported

2024-07-04 03:12

Platform

win7-20240611-en

Max time kernel

117s

Max time network

119s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

Signatures

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 220

Network

N/A

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-07-04 03:10

Reported

2024-07-04 03:12

Platform

win10v2004-20240508-en

Max time kernel

125s

Max time network

127s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1392 wrote to memory of 3500 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1392 wrote to memory of 3500 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1392 wrote to memory of 3500 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 3500 -ip 3500

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 616

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=1032,i,13640054265074968359,8146127767143474550,262144 --variations-seed-version --mojo-platform-channel-handle=4172 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 93.65.42.20.in-addr.arpa udp

Files

N/A