7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb

Analysis

max time kernel
84s
max time network
154s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09-09-2024 07:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Steam.exe
Size

4.2MB
MD5

33bcb1c8975a4063a134a72803e0ca16
SHA1

ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65
SHA256

12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1
SHA512

13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49
SSDEEP

98304:7JeV/ztZBe91oiImuUiK9N9EGQKF9lSHbr7aw:1S/hwkmg4EpbrOw

Score

5^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

steamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe

Executes dropped EXE 24 IoCs

Processes:

Steam.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exegldriverquery64.exegldriverquery.exesteamerrorreporter64.exevulkandriverquery64.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exevulkandriverquery.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exe

pid	process
2428	Steam.exe
1044	steamwebhelper.exe
1840	steamwebhelper.exe
2660	steamwebhelper.exe
1988	gldriverquery64.exe
2384	gldriverquery.exe
1108	steamerrorreporter64.exe
928	vulkandriverquery64.exe
876	steamwebhelper.exe
1972	steamwebhelper.exe
2808	steamwebhelper.exe
3052	steamwebhelper.exe
2612	vulkandriverquery.exe
2712	steamwebhelper.exe
2416	steamwebhelper.exe
2784	steamwebhelper.exe
2688	steamwebhelper.exe
2568	steamwebhelper.exe
1620	steamwebhelper.exe
2512	steamwebhelper.exe
2968	steamwebhelper.exe
2988	steamwebhelper.exe
904	steamwebhelper.exe
3020	steamwebhelper.exe

Loads dropped DLL 64 IoCs

Processes:

Steam.exeSteam.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamerrorreporter64.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exe

pid	process
2688	Steam.exe
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe
1044	steamwebhelper.exe
1044	steamwebhelper.exe
1044	steamwebhelper.exe
1044	steamwebhelper.exe
1044	steamwebhelper.exe
1840	steamwebhelper.exe
1840	steamwebhelper.exe
1840	steamwebhelper.exe
1044	steamwebhelper.exe
2660	steamwebhelper.exe
2428	Steam.exe
2660	steamwebhelper.exe
2660	steamwebhelper.exe
2660	steamwebhelper.exe
2660	steamwebhelper.exe
2660	steamwebhelper.exe
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe
1044	steamwebhelper.exe
1108	steamerrorreporter64.exe
1108	steamerrorreporter64.exe
1108	steamerrorreporter64.exe
1108	steamerrorreporter64.exe
1108	steamerrorreporter64.exe
1108	steamerrorreporter64.exe
1108	steamerrorreporter64.exe
1108	steamerrorreporter64.exe
2428	Steam.exe
2428	Steam.exe
1108	steamerrorreporter64.exe
1108	steamerrorreporter64.exe
1108	steamerrorreporter64.exe
1108	steamerrorreporter64.exe
1044	steamwebhelper.exe
876	steamwebhelper.exe
876	steamwebhelper.exe
876	steamwebhelper.exe
1044	steamwebhelper.exe
1044	steamwebhelper.exe
2808	steamwebhelper.exe
2808	steamwebhelper.exe
2808	steamwebhelper.exe
1972	steamwebhelper.exe
1972	steamwebhelper.exe
1972	steamwebhelper.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

Steam.exeSteam.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Steam.exe

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Steam.exesteamwebhelper.exeSteam.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Steam.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Steam.exe

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

Steam.exeSteam.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	Steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	Steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	Steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc252000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	Steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc35300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a82000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	Steam.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

Steam.exesteamerrorreporter64.exe

pid	process
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe
1108	steamerrorreporter64.exe
1108	steamerrorreporter64.exe
1108	steamerrorreporter64.exe
1108	steamerrorreporter64.exe
1108	steamerrorreporter64.exe
1108	steamerrorreporter64.exe
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe
2428	Steam.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

Steam.exe

pid process

2428 Steam.exe
Suspicious behavior: RenamesItself 1 IoCs

Processes:

Steam.exe

pid process

2688 Steam.exe

Suspicious use of AdjustPrivilegeToken 21 IoCs

Processes:

steamwebhelper.exesteamerrorreporter64.exesteamwebhelper.exe

description	pid	process
Token: SeShutdownPrivilege	1044	steamwebhelper.exe
Token: SeShutdownPrivilege	1044	steamwebhelper.exe
Token: SeShutdownPrivilege	1044	steamwebhelper.exe
Token: SeShutdownPrivilege	1044	steamwebhelper.exe
Token: SeShutdownPrivilege	1108	steamerrorreporter64.exe
Token: SeShutdownPrivilege	1044	steamwebhelper.exe
Token: SeShutdownPrivilege	1044	steamwebhelper.exe
Token: SeShutdownPrivilege	2784	steamwebhelper.exe
Token: SeShutdownPrivilege	2784	steamwebhelper.exe
Token: SeShutdownPrivilege	2784	steamwebhelper.exe
Token: SeShutdownPrivilege	2784	steamwebhelper.exe
Token: SeShutdownPrivilege	2784	steamwebhelper.exe
Token: SeShutdownPrivilege	2784	steamwebhelper.exe
Token: SeShutdownPrivilege	2784	steamwebhelper.exe
Token: SeShutdownPrivilege	2784	steamwebhelper.exe
Token: SeShutdownPrivilege	2784	steamwebhelper.exe
Token: SeShutdownPrivilege	2784	steamwebhelper.exe
Token: SeShutdownPrivilege	2784	steamwebhelper.exe
Token: SeShutdownPrivilege	2784	steamwebhelper.exe
Token: SeShutdownPrivilege	2784	steamwebhelper.exe
Token: SeShutdownPrivilege	2784	steamwebhelper.exe

Suspicious use of FindShellTrayWindow 11 IoCs

Processes:

steamwebhelper.exe

pid	process
2784	steamwebhelper.exe
2784	steamwebhelper.exe
2784	steamwebhelper.exe
2784	steamwebhelper.exe
2784	steamwebhelper.exe
2784	steamwebhelper.exe
2784	steamwebhelper.exe
2784	steamwebhelper.exe
2784	steamwebhelper.exe
2784	steamwebhelper.exe
2784	steamwebhelper.exe

Suspicious use of SendNotifyMessage 10 IoCs

Processes:

steamwebhelper.exe

pid	process
2784	steamwebhelper.exe
2784	steamwebhelper.exe
2784	steamwebhelper.exe
2784	steamwebhelper.exe
2784	steamwebhelper.exe
2784	steamwebhelper.exe
2784	steamwebhelper.exe
2784	steamwebhelper.exe
2784	steamwebhelper.exe
2784	steamwebhelper.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

Steam.exe

pid process

2428 Steam.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

Steam.exeSteam.exesteamwebhelper.exe

description	pid	process	target process
PID 2688 wrote to memory of 2428	2688	Steam.exe	Steam.exe
PID 2688 wrote to memory of 2428	2688	Steam.exe	Steam.exe
PID 2688 wrote to memory of 2428	2688	Steam.exe	Steam.exe
PID 2688 wrote to memory of 2428	2688	Steam.exe	Steam.exe
PID 2428 wrote to memory of 1044	2428	Steam.exe	steamwebhelper.exe
PID 2428 wrote to memory of 1044	2428	Steam.exe	steamwebhelper.exe
PID 2428 wrote to memory of 1044	2428	Steam.exe	steamwebhelper.exe
PID 2428 wrote to memory of 1044	2428	Steam.exe	steamwebhelper.exe
PID 1044 wrote to memory of 1840	1044	steamwebhelper.exe	steamwebhelper.exe
PID 1044 wrote to memory of 1840	1044	steamwebhelper.exe	steamwebhelper.exe
PID 1044 wrote to memory of 1840	1044	steamwebhelper.exe	steamwebhelper.exe
PID 1044 wrote to memory of 2660	1044	steamwebhelper.exe	steamwebhelper.exe
PID 1044 wrote to memory of 2660	1044	steamwebhelper.exe	steamwebhelper.exe
PID 1044 wrote to memory of 2660	1044	steamwebhelper.exe	steamwebhelper.exe
PID 1044 wrote to memory of 2660	1044	steamwebhelper.exe	steamwebhelper.exe
PID 1044 wrote to memory of 2660	1044	steamwebhelper.exe	steamwebhelper.exe
PID 1044 wrote to memory of 2660	1044	steamwebhelper.exe	steamwebhelper.exe
PID 1044 wrote to memory of 2660	1044	steamwebhelper.exe	steamwebhelper.exe
PID 1044 wrote to memory of 2660	1044	steamwebhelper.exe	steamwebhelper.exe
PID 1044 wrote to memory of 2660	1044	steamwebhelper.exe	steamwebhelper.exe
PID 1044 wrote to memory of 2660	1044	steamwebhelper.exe	steamwebhelper.exe
PID 1044 wrote to memory of 2660	1044	steamwebhelper.exe	steamwebhelper.exe
PID 1044 wrote to memory of 2660	1044	steamwebhelper.exe	steamwebhelper.exe
PID 1044 wrote to memory of 2660	1044	steamwebhelper.exe	steamwebhelper.exe
PID 1044 wrote to memory of 2660	1044	steamwebhelper.exe	steamwebhelper.exe
PID 1044 wrote to memory of 2660	1044	steamwebhelper.exe	steamwebhelper.exe
PID 1044 wrote to memory of 2660	1044	steamwebhelper.exe	steamwebhelper.exe
PID 1044 wrote to memory of 2660	1044	steamwebhelper.exe	steamwebhelper.exe
PID 1044 wrote to memory of 2660	1044	steamwebhelper.exe	steamwebhelper.exe
PID 1044 wrote to memory of 2660	1044	steamwebhelper.exe	steamwebhelper.exe
PID 1044 wrote to memory of 2660	1044	steamwebhelper.exe	steamwebhelper.exe
PID 1044 wrote to memory of 2660	1044	steamwebhelper.exe	steamwebhelper.exe
PID 1044 wrote to memory of 2660	1044	steamwebhelper.exe	steamwebhelper.exe
PID 1044 wrote to memory of 2660	1044	steamwebhelper.exe	steamwebhelper.exe
PID 1044 wrote to memory of 2660	1044	steamwebhelper.exe	steamwebhelper.exe
PID 1044 wrote to memory of 2660	1044	steamwebhelper.exe	steamwebhelper.exe
PID 1044 wrote to memory of 2660	1044	steamwebhelper.exe	steamwebhelper.exe
PID 1044 wrote to memory of 2660	1044	steamwebhelper.exe	steamwebhelper.exe
PID 1044 wrote to memory of 2660	1044	steamwebhelper.exe	steamwebhelper.exe
PID 1044 wrote to memory of 2660	1044	steamwebhelper.exe	steamwebhelper.exe
PID 1044 wrote to memory of 2660	1044	steamwebhelper.exe	steamwebhelper.exe
PID 1044 wrote to memory of 2660	1044	steamwebhelper.exe	steamwebhelper.exe
PID 1044 wrote to memory of 2660	1044	steamwebhelper.exe	steamwebhelper.exe
PID 1044 wrote to memory of 2660	1044	steamwebhelper.exe	steamwebhelper.exe
PID 1044 wrote to memory of 2660	1044	steamwebhelper.exe	steamwebhelper.exe
PID 1044 wrote to memory of 2660	1044	steamwebhelper.exe	steamwebhelper.exe
PID 1044 wrote to memory of 2660	1044	steamwebhelper.exe	steamwebhelper.exe
PID 1044 wrote to memory of 2660	1044	steamwebhelper.exe	steamwebhelper.exe
PID 1044 wrote to memory of 2660	1044	steamwebhelper.exe	steamwebhelper.exe
PID 1044 wrote to memory of 2660	1044	steamwebhelper.exe	steamwebhelper.exe
PID 1044 wrote to memory of 2660	1044	steamwebhelper.exe	steamwebhelper.exe
PID 1044 wrote to memory of 2660	1044	steamwebhelper.exe	steamwebhelper.exe
PID 1044 wrote to memory of 2660	1044	steamwebhelper.exe	steamwebhelper.exe
PID 2428 wrote to memory of 1988	2428	Steam.exe	gldriverquery64.exe
PID 2428 wrote to memory of 1988	2428	Steam.exe	gldriverquery64.exe
PID 2428 wrote to memory of 1988	2428	Steam.exe	gldriverquery64.exe
PID 2428 wrote to memory of 1988	2428	Steam.exe	gldriverquery64.exe
PID 2428 wrote to memory of 2384	2428	Steam.exe	gldriverquery.exe
PID 2428 wrote to memory of 2384	2428	Steam.exe	gldriverquery.exe
PID 2428 wrote to memory of 2384	2428	Steam.exe	gldriverquery.exe
PID 2428 wrote to memory of 2384	2428	Steam.exe	gldriverquery.exe
PID 1044 wrote to memory of 1108	1044	steamwebhelper.exe	steamerrorreporter64.exe
PID 1044 wrote to memory of 1108	1044	steamwebhelper.exe	steamerrorreporter64.exe
PID 1044 wrote to memory of 1108	1044	steamwebhelper.exe	steamerrorreporter64.exe

C:\Users\Admin\AppData\Local\Temp\Steam.exe
"C:\Users\Admin\AppData\Local\Temp\Steam.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies system certificate store
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:2688
- C:\Users\Admin\AppData\Local\Temp\Steam.exe
  C:\Users\Admin\AppData\Local\Temp\Steam.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2428
- - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
    C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=2428" "-buildid=1721173382" "-steamid=0" "-logdir=C:\Users\Admin\AppData\Local\Temp\logs" "-uimode=7" "-startcount=0" "-userdatadir=C:\Users\Admin\AppData\Local\Steam\cefdata" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Users\Admin\AppData\Local\Temp\clientui" "-steampath=C:\Users\Admin\AppData\Local\Temp\Steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write --disablehighdpi "--force-device-scale-factor=1" "--device-scale-factor=1" "--log-file=C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --disable-quick-menu "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:1044
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\dumps "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1721173382 --initial-client-data=0x228,0x22c,0x230,0x1fc,0x234,0x7fef700ee38,0x7fef700ee48,0x7fef700ee58
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1840
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --force-device-scale-factor=1 --disablehighdpi --buildid=1721173382 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=1104 --field-trial-handle=1204,i,13326866478822949177,13241260104185688390,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2660
  - - C:\Users\Admin\AppData\Local\Temp\steamerrorreporter64.exe
      C:\Users\Admin\AppData\Local\Temp\steamerrorreporter64.exe -pid=1044
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:1108
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --force-device-scale-factor=1 --disablehighdpi --buildid=1721173382 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=1388 --field-trial-handle=1204,i,13326866478822949177,13241260104185688390,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:876
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --force-device-scale-factor=1 --disablehighdpi --buildid=1721173382 --steamid=0 --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=1568 --field-trial-handle=1204,i,13326866478822949177,13241260104185688390,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1972
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --force-device-scale-factor=1 --disablehighdpi --buildid=1721173382 --steamid=0 --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=1608 --field-trial-handle=1204,i,13326866478822949177,13241260104185688390,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2808
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --force-device-scale-factor=1 --disablehighdpi --buildid=1721173382 --steamid=0 --first-renderer-process --force-device-scale-factor=1 --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2300 --field-trial-handle=1204,i,13326866478822949177,13241260104185688390,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      PID:3052
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --force-device-scale-factor=1 --disablehighdpi --buildid=1721173382 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=1740 --field-trial-handle=1204,i,13326866478822949177,13241260104185688390,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2
      4⤵
      Executes dropped EXE
      PID:2712
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --force-device-scale-factor=1 --disablehighdpi --buildid=1721173382 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=2620 --field-trial-handle=1204,i,13326866478822949177,13241260104185688390,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2
      4⤵
      Executes dropped EXE
      PID:2416
- - C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery64.exe
    .\bin\gldriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:1988
- - C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery.exe
    .\bin\gldriverquery.exe
    3⤵
    - Executes dropped EXE
    PID:2384
- - C:\Users\Admin\AppData\Local\Temp\bin\vulkandriverquery64.exe
    .\bin\vulkandriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:928
- - C:\Users\Admin\AppData\Local\Temp\bin\vulkandriverquery.exe
    .\bin\vulkandriverquery.exe
    3⤵
    - Executes dropped EXE
    PID:2612
- - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
    C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=2428" "-buildid=1721173382" "-steamid=0" "-logdir=C:\Users\Admin\AppData\Local\Temp\logs" "-uimode=7" "-startcount=1" "-userdatadir=C:\Users\Admin\AppData\Local\Steam\cefdata" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Users\Admin\AppData\Local\Temp\clientui" "-steampath=C:\Users\Admin\AppData\Local\Temp\Steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write --disablehighdpi "--force-device-scale-factor=1" "--device-scale-factor=1" "--log-file=C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --disable-quick-menu "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Checks processor information in registry
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:2784
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\dumps "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1721173382 --initial-client-data=0x224,0x228,0x22c,0x1f8,0x230,0x7fef723ee38,0x7fef723ee48,0x7fef723ee58
      4⤵
      Executes dropped EXE
      PID:2688
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --force-device-scale-factor=1 --disablehighdpi --buildid=1721173382 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=1140 --field-trial-handle=1224,i,3373601244451772976,158422503891221561,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2
      4⤵
      Executes dropped EXE
      PID:2568
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --force-device-scale-factor=1 --disablehighdpi --buildid=1721173382 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=1300 --field-trial-handle=1224,i,3373601244451772976,158422503891221561,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2
      4⤵
      Executes dropped EXE
      PID:1620
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --force-device-scale-factor=1 --disablehighdpi --buildid=1721173382 --steamid=0 --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=1632 --field-trial-handle=1224,i,3373601244451772976,158422503891221561,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8
      4⤵
      Executes dropped EXE
      PID:2512
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --force-device-scale-factor=1 --disablehighdpi --buildid=1721173382 --steamid=0 --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=1676 --field-trial-handle=1224,i,3373601244451772976,158422503891221561,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8
      4⤵
      Executes dropped EXE
      PID:2968
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --force-device-scale-factor=1 --disablehighdpi --buildid=1721173382 --steamid=0 --first-renderer-process --force-device-scale-factor=1 --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2244 --field-trial-handle=1224,i,3373601244451772976,158422503891221561,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      PID:2988
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --force-device-scale-factor=1 --disablehighdpi --buildid=1721173382 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=1492 --field-trial-handle=1224,i,3373601244451772976,158422503891221561,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2
      4⤵
      Executes dropped EXE
      PID:904
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --force-device-scale-factor=1 --disablehighdpi --buildid=1721173382 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=2616 --field-trial-handle=1224,i,3373601244451772976,158422503891221561,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2
      4⤵
      Executes dropped EXE
      PID:3020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e3278e3b2d1de8538bd6920d3ec49c01

SHA1
9c6b681e2cdfaef577f691cf737d4e036b5b6656

SHA256
86c205fa34e69aa64695e44b48e6c31b0938437f5da7a0daa0bede281ced0cc5

SHA512
6d5cc4309e4b65e58a0edf55f12074fd3dff502f16238008073a5c8da8adb3a42b8aba452707c7807ef96c35a79a04582fb701ee64a595b2806526ecfc119596

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d5a1f03e3d06fd1b92dd38e33408fc89

SHA1
07a9fdfb139a551a83db3649036b60655c74ba38

SHA256
d465f4ab1977f86c2d4354f5f37742f27797ca79dbeefc63bbf75a5b3ee20b68

SHA512
7e1278ab8f91a2f05a4b56339c447fa25164553e311b95a494bc6ea06d37f792812d363fbf4e38ec6f97f81d09dc98ba2edbb35c519a1038c004fccef0a98a66

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9c1e2d661736b47c4b705b82b0a3d1d2

SHA1
a8f89916f65836b43e2cd40192196d9d4d0bc574

SHA256
706e14e498ee35343ee991af85ede421c73c96d303bfb5c5be1f6ee75600a79c

SHA512
0acf9767e785d72049548e87496b5dd0397ae9e8b4ec32e19ac5762f8a79d0c471f346ed37c2623cb994e4214cdc0b9a66b6dd430450850fe2637bb63670c349

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8a9b45d6afeb3aa6746d6fe9657f4ca8

SHA1
469ebd9ded52c7c813b60a7de4755980603f13b8

SHA256
9cc69e269bac14923bad7c64943a38b3499f7ba0f68a2e2749111d34dff878ad

SHA512
936fb4abcdf13342ed231107e290bd539e7daa73fe5e42a381208d68cfa38df25f5157e54da584677b4ab99319532d815933cf6772567f8b772ad528538a24e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
30c509f6183b8926ade7a6ff8dd8f534

SHA1
39461abfb511bec2a8653a4b83b8729dc35078bc

SHA256
3f82c7be2928ff52237d1c6ef431efb584506982a1a9b6319e8281f2b9ffdef6

SHA512
cfad4df7660a9534519bf18480c6a809a0abcfd90d469dedd3d4f38f452aa047b87f42b9fbc06255bece1cf260656164753cd88780e0a281d1b5ec6d2ddd9c11

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
94807c4285a9669152f3a7ed71eb2e06

SHA1
571e7d9df3585370e6df6a8d53b9e1aa6f88c0cc

SHA256
be96d76029997e86d3cd68bd4bfbc7c62a55be4f081657ec0674ee3e03f145c7

SHA512
749e2b4a88c41ba9ced19eeefa2a908462fe485f8f37c05d13e8f532723151e8af05ebd9ed1dad8a3a021845a112f070bf1405394fd34cf09b73342cf728d595

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
77cfeb1bff22a036858fa1b625275225

SHA1
7190f58f4fce7eed5448699a5a7ebf8acbeba37e

SHA256
d7510e6338bcc5ec73eddf49f8bf929f87f2b353325f3660ea9f6290be826bc6

SHA512
1eca6a8ab832f840155843331b825a477b4c67f7697aa9164661de01d65ad936cdd5bc536ef743e57a18a2273aa24a2a906774fac228a793ac5f2122edf0a5a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
084d06defd98c7fcf34c9e221d4ad0ba

SHA1
510c5ce21b25e0c99fb263e1518daf6bd983f35e

SHA256
0e4adb497bb337fec89849a1ccdab0f5db2e147016400059307e79a0222552dc

SHA512
4658daa782d18f3d4bc6cc681d7c52bb28cefc2c57d583fe0f83359a5c3d359501e2c010429e9d0a8215e506cee40af81f582453651657150bda0c62f099a678

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4d6225adae37ef83464bd4205d344e20

SHA1
0119b375923ebff9ac8d53fc96d6bc3256863d95

SHA256
086dcc6c7f7a8027843c2c81b02327ed9af0ea4f67a7ba4ed3db9bdd62d5e2e6

SHA512
9b55ac4dad8b79092fc220cd8c42411d96e1e31f041b5d68ff897761b58aaaa7a09988062bac5ec8dbc65e0b496828172d67e124efe3c9f61fde0e02c3fb7e13

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
acc2886fd7283f757a565d3ff019349b

SHA1
3007cad7f469e99e15a415a3d3f2a393b86d1cfe

SHA256
0eb321207b9564974f7cbafa9e0c3c94fbf3da392e3cc01cb7fa980918ef7fca

SHA512
dfe5b6a00527f368a850382a55ee8b5d56ddae7db9e441e22d925bc6c093f750df38131d5a46dd6c5b5b01762da2a8e833284dc7476054a7f2f8c5fdde7eae45

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Local Storage\leveldb\000002.dbtmp

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Local Storage\leveldb\000004.dbtmp

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab83B.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2BB4.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\aom.dll

Filesize
7.1MB

MD5
d764264518e77cc546a5876c3bcebad4

SHA1
ea17d45b396fa193a851bfd345e2b2c20ad60e12

SHA256
e78492de0ab575add50b925bfd44216d224d09904a9b14c17087a92fdcbc15cd

SHA512
7cf132ea5254a55c08186ffcf5e47360ef5ddd57d03d7051171f6753b22e3925304d183c2037bfd320ad56c08e079f9b2c4640db8cb3dbd38ff500c7a39e997f

Download Submit
C:\Users\Admin\AppData\Local\Temp\avif-16.dll

Filesize
226KB

MD5
a09c5fa842fa4456a0b53b46f1050225

SHA1
9e4677f19e77bf55e7d0e2e82d8c27f79dbbd78e

SHA256
3d7ba6fedfdfd6e751693d718a21438304690b754d1c5d13c847a829b2423b8b

SHA512
71c962da6ed6894209891513bf9f0132a5eab6c65a5d9ba334efcaf73463be5625665a060863a106d59fad1949f6191f641aa4c59ddb0e825701bef08ef9b5a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\audio.dll

Filesize
177KB

MD5
c3f779618f359161cb4584d8b4f76c96

SHA1
ed20aefa670c8a9a01b2e5648228e1d38a2f7a99

SHA256
06b721c371debecc442b7d03774f99935f46b261311bb1ab110bfe8b0a48a516

SHA512
7aaeef7574def8c27e3b63d07dd9db09619ff047de47253d1035764c80fd6000ad6718cf60e5e2e3a6b4bdeefc407bb5a43961ce03ba512b271c326a5cc307b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\SDL3.dll

Filesize
1.9MB

MD5
34f0f2540c2b37233f92e60c9abbfcaf

SHA1
c677fada2b6d89029236d3e425d01598acc1d789

SHA256
a38394b71cd60ce768b031a4429dd1a9ab5b86e37c14b0a2de8311cb41f0edec

SHA512
b2efd9f481deacccf8fe44fd0d029bb138934d08e6b3cd07ac872c89a13f5bee11a78e8adbcdacd81235fde8de2eb4aad9e5e7ec6ab644484d749c1e8b61e0fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-console-l1-1-0.dll

Filesize
23KB

MD5
4cbad862a3ff6e7ac0f33a904d247536

SHA1
57ed831d8f3739aee41735fce679641862c36076

SHA256
32a70082cf3496745580c0e4b7d1bdbe925013300f0573ccef466e7a1915a51c

SHA512
355e5f5081588c2460b6c21818172eea17b18f6d94a958902db57a585409c8a2231a2666bc12548316a041bfce8a2eeeef2e4759a9e38900550b6a7c96d7ed2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-console-l1-2-0.dll

Filesize
23KB

MD5
f9bf7d30ea5a945b77910a06151ff620

SHA1
3158c9ab3fd9b6fed40e77abe39eb53234151977

SHA256
b4ff5467266a4f8e5d8998525a8948b8b86d51a23c2f4f7023c505c8db341802

SHA512
07e01ebde7c80fa3937f2169da9dc496f0a5efbbbc9c305e7772e28e334906054c14747fe10cca0ac1f1f275d95a08801ae7c44ca1cbddae1c1e008bf428d1a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-datetime-l1-1-0.dll

Filesize
23KB

MD5
e763390e8aebf15cb2b9b5b8c9cc4e9e

SHA1
0f9f6544903700fa26c8892ff7e4881c56238282

SHA256
5963b1cdb894ce297e52844741047f74f8d86fa7e97437e26d9bc8f0094e1003

SHA512
4c8089029c0d97ef1a1570dc47a8eda08f2071332521cdb54b5b52786d078c19bf0324fa43b9d1c49b942f8eedf7a6dab606b25a3913a80f6c8d7bb97d28a768

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-debug-l1-1-0.dll

Filesize
23KB

MD5
df9e90a38a99d1f609ba721a3d329195

SHA1
ad8859c5ec7f591800c0d4b6453eb10167ae142d

SHA256
ba17d3a66e3df85fbf8b82b500f1360f8598cd48a814fda3e552cdd995e6f449

SHA512
e41ba10d2c679754627c348232bd8124a01eceedfe30c88b6f7ed257895a7b59e5149d448a68415c4d2cc1a5c2c32a575f032b764a14a2330d62f08ccb87de85

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-errorhandling-l1-1-0.dll

Filesize
23KB

MD5
649e3b7d4b114213383aebd2dda0308d

SHA1
ba1ba5acb362cbab817c5e1a3126d6ebf600740b

SHA256
b15dd0c332b261d62a0b37b8981980a15e47b4682e6985e26f155a85f19e1466

SHA512
e667462ba457d44982337edda451a5d78eb4b6eab2e6a696ca333bdcd6688873e2c50b45e464e333ecf9f5b07dc35412bc746ff187b99e8139f9b8ef0456849c

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-fibers-l1-1-0.dll

Filesize
23KB

MD5
b72dcda47e269f98aa6998df1b27b3e5

SHA1
8a68318787497d2ed4ee6d981de825c874bcb603

SHA256
b9aefe9709a17fcaf8b85168c68f42e2b57f8214e7456a82c74495b815dc5bfe

SHA512
17b00481db67db8bf8f07035c760eb7adff65d59c532711d918bb1f2bbdbb6230cd0c583f3418102b80b6a085d45d3e3efe9a641e7dfa821c8a18505e9bb1420

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-file-l1-1-0.dll

Filesize
27KB

MD5
d218fcedc1bee50c45f4e786c6d60564

SHA1
c4371579afbfae000e5b9a0ce07472be17badc9f

SHA256
13266c9674e9c663252ff2dc1a014a86cbaa42801d210f408269bd1dff681440

SHA512
efc30d116515ee000084db671a4c2d68551035b5512e7117c3c53d6ceb2b0418ee2ccdb5f76fa267be48e37d21a950e20423f95fc4e1c4d2c9e5fb47b692c882

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-file-l1-2-0.dll

Filesize
23KB

MD5
2bfcd1d1b70eef1a10c939a4eeab5403

SHA1
12656ee086124eaf205a9eb470a78bc5e3d2512e

SHA256
b0919c80eb88d5d6aeb7a6eb42344f40ebf6bf0914a45045d9606e2469f15132

SHA512
9143ffd7e00f4168f78f72e9e08e6a901ffc57a1bdc07531d73f0d4fc59ae2a114d939bf2a60313ac34aa835e6c297168f255685cbd795c748fe9c8906d2215c

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-file-l2-1-0.dll

Filesize
23KB

MD5
b3a3f902a5fe7b70c988aebd0e523d53

SHA1
6fb07024c76cd0c4e07c3d0efa088b74998d59b1

SHA256
61365671b9fccbc10c06ccc0d4c8875dd98ca51e8d3eb77e91069b1bd11e4a96

SHA512
3bc057781870932f9703561bed8f786af9306a6a237582551edd12220e95521b8433a507ce702fa929654e930d0cba976eb0fc72fbe567d44620232e18390ce9

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-handle-l1-1-0.dll

Filesize
23KB

MD5
a6c34ff1ecc9abc954922c5e569d7912

SHA1
910709fc703f559d37ea6d7d75ee13b62cbb4290

SHA256
b71658e60bfa69f0bbcafbc8df40b118e9fc5df747e2069db0ac18b66aaab818

SHA512
c0612a7cfe143c22d9945e287a4be0378b808e974a845ba762bbff028080eb6149bf5451d1f7aa0c2cea74499b82007dc730ad51b0b2db4b0f8fc11c03f8e20d

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-heap-l1-1-0.dll

Filesize
23KB

MD5
1b292e0f2b2d1a67d2032b5414c280a7

SHA1
3f42ab6ad2c6fc52d11d677c1287c58bee3d0a37

SHA256
60fa39cc05a21ce16a8651331445da1dd0e5e6c0194de819b4fa6a245f517396

SHA512
b9f6da412491d9919cb8a33483147c608d30cfa9651f326aceb96c85cf5163dd85a434ed8421cbe9a6d355df650564252cbae46a4b340459bb3d30f616e244ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-interlocked-l1-1-0.dll

Filesize
23KB

MD5
64350026ead6e66e58759314ab2b2c8d

SHA1
e81696c0cdd81af0af47c696806e745283538c94

SHA256
f30dff7c389fc5143475a99945eaf9f2e36f2f50709e256c990b10459e32b8be

SHA512
6f55429adaa2107680c9d67a15b8094346b5bf295603ec7b2cbde7698d1e1f18436b6b2303b08b83f0177c77f877a33c16cd88cad13681616c0f9c3d751eb7bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-libraryloader-l1-1-0.dll

Filesize
23KB

MD5
f51c295b1f6d6845be84a53ac650e0bc

SHA1
edf0d80ea2c7de134af5d1da1f07f7cd33d9d972

SHA256
6d85722c07e91050b89692e647c8c9c6fec8c39a998286e0084a4a20619d956e

SHA512
f84224a40bf12cc61ee47607fb3d367135205d7f26667de6ac930e7fda064d8322c0279fe2d67da92d8e017b9ede8a14ff26c050c35347112052e9fa840c5c3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-localization-l1-2-0.dll

Filesize
23KB

MD5
b20db974fdaf13d7a6c518c8cc4d124e

SHA1
3939b029019a583c3a65ae0e3bc2926f0889cc11

SHA256
c7253d57e123911ca6a0cdc8c74f103fc048399224393e97bf5a2a993cc13fdc

SHA512
5dde8bc5f30b69c98eec6d4d279bf1b1747ae119b8ddf8e96515d503c7937154e74bb88d7a01ebcb2b15b0f3fc2e74344c8f0df7add45af944028e3b3cba8245

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-memory-l1-1-0.dll

Filesize
23KB

MD5
c5c07cce6b571f4d566fbb2dfcfb009f

SHA1
4379f23072f145b3c31631faebba76321713e454

SHA256
dfcea447a3436a3b36287becb215633e73760de7d1df88dd24ce0f998aadf597

SHA512
d7d53c04459d373659056ed8535982ad6c558cac6239e9fef51074e8479b8777eb2dbdbf63678868f5902b6414a446b46d9d9acb9d70f3bd3dba5cba9512d982

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-namedpipe-l1-1-0.dll

Filesize
23KB

MD5
38949794f4b5ed88fc604583ae0c9b1a

SHA1
ffe2baaa0dcf56b56a726e314795e70d23149fe5

SHA256
2dcec9017298d32b92223c0b9125ecf15cf330973414b3e181a9dbbbd74145d4

SHA512
001f460d03b71f52cda97f5305b15c5fc40c1abe8c6deb429ecbd15d06a4ed26f7bc8cc491629cea14492cf13e22c1817312978b6095ee06b1592004a361818f

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-processenvironment-l1-1-0.dll

Filesize
23KB

MD5
3d9d3eaad4d1f94fd099877e3c3574ee

SHA1
3dc985619b35e8d8bda17bbffe3fb9d73c697998

SHA256
0986c9945e4db6c7e5bf42556f28ae54afafe5d991573590bffb9c494deaebdb

SHA512
5fa46bbd7eb1df2f5c233c70f5a4adc316b24e1de7e91c608d52f537a1ffa6d5cc8b1b4c6b4880b33acefb8236d7676ef50527b737ac23be968e5bdbdcd2f368

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-processthreads-l1-1-0.dll

Filesize
23KB

MD5
fbb8d74d5ca41920f285ed9d4634d501

SHA1
b1157ff444075b76bc3533b036793bda4afd96e4

SHA256
7748f69d1f67fb4afa2ebb9712687d0b9235346d35909fee80dd5cb776ce7638

SHA512
a7d6ca4666eeedc5c4bb3db07919c4d08efa67638d0cbde7cbaaa5f40a59f2c61745fc129e882d47a39a561ea78aa7ff309286921945d940ef26d121bc865cf1

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
23KB

MD5
2da80fbfb025423ba529e0ed5d396caa

SHA1
94eddff83c93411c0fb48101177b238f2cbabdb6

SHA256
a074cc02be4cfa314ddd7223c288b1a71fe74143c3229c7cd30fb309419d7aa6

SHA512
c23e38776c826f1f2c9bec5ba2b0fd0366d1afdb06b805749814472a362f0fffaa5231bd678af17ecd7640333c5af4f2607d976521f649053ea3d24c8e7e9c9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-profile-l1-1-0.dll

Filesize
23KB

MD5
724d2fe0b0268b30e7db9a7488f2b306

SHA1
6cccc9bab72e205f18bb5485619dd3ccfe58202e

SHA256
074a6052a889456895d4eb8d592088b1d3858d3f6cecb884c528e74400710079

SHA512
37e6f1ddb7d57aea23da10d13a3690740babbd3634d2966a3377c59248e75982a7fe2ed5197c1ba97d7d77906235c87d78067a3430c6d45dc8a4e5fa4d7e6409

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-rtlsupport-l1-1-0.dll

Filesize
23KB

MD5
189af34aa567cd8ca0d18c1dededd39a

SHA1
0f6d013f294b267a0aa082ec3d422cf7eec2ba96

SHA256
bb2576e861a0c507db9ab2a29577803d7258eff03e52dc5f36faa51249c892d2

SHA512
e294e462cde5f099f2b3b6ac14b3771ada2ca1ec26ef485712698a98e5f4c4298a4ffed2e8cb99dfb096adf48e368ef50f30d7a5652a67fa16b250c7653d8580

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-string-l1-1-0.dll

Filesize
23KB

MD5
6e55ff194d5bc03a8ebe89c7b237e10e

SHA1
fec152c0e14bdcee73ce234be9b5bb1608b85fd1

SHA256
9f3a2d40be41b0c47fb03df21c4f7e4120cbb348553b642c5c80b92c64b3b357

SHA512
18d8353f171a34e29674dcbff59f4db7e74857c3bb2155215d4179c7c94be7d85d43552f256b002d0e72fcfc3f9d9c4999ae83bf4599c4e68c808419e1618d8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-synch-l1-1-0.dll

Filesize
23KB

MD5
94eb94712d2eca213b446f17c62380f3

SHA1
90a32ddb5c5c3e8757670ebc75ffc237de12f2bc

SHA256
902ae18339560e5142c87f97e9574864b518a0ca4572298b418acadecd8ac6ad

SHA512
a9d68a3f68532f8b3e698ad6aa7303ad9c5fb838bd61444f415e20537c76f463d849d3b458f5fdd8f133e46083a3dff93ec6bf48d77495beea27ce342b1f84dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-synch-l1-2-0.dll

Filesize
23KB

MD5
747bedc394cb41b6a0e1b94b6ea8693e

SHA1
e6388ae7dcd0df0396e6cfabe65be85789bf72db

SHA256
ac30c50dc71795c7e0419389f15bf7676718e23f4b786da2ccd4103f24198656

SHA512
15814d5a904fd9d8fba2eb451b27c0f15d892afe98edca36e3adf55fd2df5d516012eb104035aaff0885c5dacc784c44a1f2df3f8a59324483bcb86c8b213bf0

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-sysinfo-l1-1-0.dll

Filesize
23KB

MD5
d2716cd25fd6ac67580982c8efb5629a

SHA1
199c6b5208331881e9425904e345feaf1af45b82

SHA256
329149e3a2360b9e4231ebae9fc3c467d3c560195fc3bc5d2fd31c6a5fd65da5

SHA512
cfca74a6b909bb7d1e20487c4c3bb8e20e9970b49b14fe9d693c5b75fc4b83d8dcfa4ac085fc8db4ed76382266c934939b4e41a70d4ec5308fd8c7f065ccd95a

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-timezone-l1-1-0.dll

Filesize
23KB

MD5
b4bfb5cd23ca6f9ef9dfd43f70e8bba7

SHA1
2ad09fc7c204d74b4c3c67710a72e10b699d7345

SHA256
e3d05dd8f99995cb289b3f86eaaadd99a0b1ca2e12f0a0db22feec335a938111

SHA512
023d892f449f578c68074a77b46f7fabc4688a276fb0ced6b1eb6c91037f296776e2ddfd81e71c4f8976285b2e1d5d35bad2fe0ee93ff661b78d45fd34cdf476

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-util-l1-1-0.dll

Filesize
23KB

MD5
27262395d098572d6babe49373d357cf

SHA1
b6c3bcecc99ad8d03a4b8672422a5aa5199eb297

SHA256
8b2197d96a4a01465e0062d5854a940232734123536ebd3c4f4116efae772688

SHA512
42e1b4ae70cd97a50b6459ba0f9375de0e1586930c8b9cc12884794de1da905fc7d766811785a98f81f13dc77cf8ba6aaa5ad8592cab4a5b873df9027fbccc82

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-conio-l1-1-0.dll

Filesize
23KB

MD5
09a4172deab1aab62c3eabfe126b2cd1

SHA1
5ecfb94c505258be83a471a22979f7f85960bb02

SHA256
56fb8c7b7d12814ab0f5fc2eb69dfe98c3e9d00dc554a5e00f2ffdf9fc8728d8

SHA512
e31adafece4e16a76e1cb54d92d82edf441e5c5e3a9c8c68d63bda6f9014705b3a9eee4502bb492b09e3384029878ebb28b82e5c9caf95f8fcae8347aba6dadf

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-convert-l1-1-0.dll

Filesize
27KB

MD5
75f7dd0261c0a7e89abe0971a6f7fad1

SHA1
a657010c0896034178caac01093430a9b550745b

SHA256
d8f04afab237a0177bc3062c6508c57f884c23013985d3c48af26b7c25028949

SHA512
07960af507910ed1366feb86487b3eb0d942f638eaeba85e1fb1bcf1dba09359c95ca93488cde969259b7e0b78df8a418e62848f49f40d3cceb8cd5f52bd5760

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-environment-l1-1-0.dll

Filesize
23KB

MD5
c1da1a8ee38c89a989b8a892edf48099

SHA1
0a65c36944a2c2e210d96ca394f5065dae34f665

SHA256
f2d19e04a9fe1a382fe5c492501236a0cadc9f106036af8496a8f24457a3feb2

SHA512
085acf718846bed78e73908481aa61b3bc64ff8dd7117baa556a535b5f32d304a2f6d20cae06b0c43ecb5c934bcff4758095a0638aac428a98036e91d3047908

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
23KB

MD5
d2b88081e89aa26e825b04c15ed158e4

SHA1
3d6073d8ca42ef7fd671856cbe7eec20bd78da23

SHA256
9da16f7fb466e63a5ccc24eb7ee95a80ed4216e925545a59fd6fb5d7236211f3

SHA512
4544ee07592758723947b039e7f4712c0658ef40942355e3424838aab6382c110366c9013cbd042a605bfca73b6535cedcd146db8a6e850bdb5a50f4132135a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-heap-l1-1-0.dll

Filesize
23KB

MD5
295a7f69076e8e789860bb3d566caa0c

SHA1
4d7ee1025ac08ce85f95c620949f9af9a0b8ad3d

SHA256
516dc0852025a741cf5cfc6be3e4ad791d4a5aa692fa35498ba7b5f146d54a1e

SHA512
959d1171c77a0c7267d69737c781c0e66cd9f513a6267e8e5c986677aaec4facae8e024bdd0a3a6ed4905df116e5d80f706d51da0a3cf26cafda2b13bcd86c14

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-locale-l1-1-0.dll

Filesize
23KB

MD5
74add032773802678bbfec4d07c2f95a

SHA1
f30cd5da7d9768696d0d57cde1ba7141804ffb0d

SHA256
f55be8b606d5715e54cb795b822aa295c4e0e92170359fedf0f72c1fe07057f1

SHA512
7f2e74a2d158588aff68ea5a23237f5a08d75ee1dfc72c2b8ba4c1a172cfa826eb71ed3dafe524dc6ca4eb4d96e2d1fffc6a39e85caff5aeb3925af761623da9

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-math-l1-1-0.dll

Filesize
31KB

MD5
8f8dbf4eafbef6a3c488bfca1529e06d

SHA1
a8c916c20326aa6960e46608daaa39fe09fa8138

SHA256
f1d44a0a83fa84f5fc9a05008f57174930d42db834ddadb3e9df7650042961fc

SHA512
ebcff256e4f9a6035a02b05dd6ba6d1c652151d76a5b553495925b692496c18663677dbf39a7d7827af9d13cdb81c4064d9e21b0fc0123a65e0432736192c3e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-multibyte-l1-1-0.dll

Filesize
31KB

MD5
d099dba2a0c6e5a6e53bd09c4d09a23d

SHA1
e925991619eefffbef71fef5374cb4f29c0c046f

SHA256
3b6f668eaa9efcdb8b36d57747666fe76aa4f3b7873ae83bece0099f105bc145

SHA512
0c73c00a134895bbc563676f9314ab2190fed2db9b02d5c9500b0f735dcd37b46c262920550eb6959324499dc9d0337fde731e1221f8d1185023737401d51745

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-private-l1-1-0.dll

Filesize
75KB

MD5
9a786144e410dfa13579eb73a375d918

SHA1
811d783ea1d4b799e6ad51ec5720fa9e9b60f158

SHA256
c9dd515e999f64af123f396d3deddc49012011060c843e5edb4223345143b0c5

SHA512
3877ebbfc62ea741f77ac1ef04e969855af17ccaa2e3df9a18895b794ac6a3dc2bb4ebb8b46aae5cfc5bc032741f3dcb8a6df8631bf169ef7457b13c8b277620

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-process-l1-1-0.dll

Filesize
23KB

MD5
39cd364433575b3811f032005c229e5c

SHA1
6f8789d3191cd227375395b3d47837cc21d2baa0

SHA256
17394645fbccf060d02902c9aa9522626383437c1dd83554e3ac564e50f62716

SHA512
0fc2e80f5656624c2bdd7d847a4eba23cff81e47313d97da09ef76e9287ca96cbc60809232417957cd2c3078b87f8da353ba11c62a37df3a2d17369cd8d7ddec

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
27KB

MD5
af184e36ef33584a5af2e23ce8d90c91

SHA1
5b518eb0bb17d45e5c7e2cb3ae16d5cf981a54ce

SHA256
b350748aa75d4f06e11c228161e1e94019b38aab9f5b59ca84db27acac00442d

SHA512
4190753f181c24592839bc52427ef65237ee8ed21c58d04dc9d5d4c52f0f9a00bc98443e1608ea665cf0fbf9dbec5b9be7c1d174c687b0ef8c47541605b2bff0

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
27KB

MD5
977d803ac9d935b15fbb8d96f920bf3b

SHA1
558ae5c0bb4daa27e4e97a0e07a729c379777181

SHA256
509e51146b6a3e77b82cb786e17d4d52e398064446c469a45ad0c087ac5df270

SHA512
03237327bc1e9534c9d82671938d3f019be7785f8727772d901cf03a3175b0118d6952c32ce49bd2b12160077e997e41ff140b848199bbf24051d5299a6ad74c

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-string-l1-1-0.dll

Filesize
27KB

MD5
4eb2c6779a43c3be314c37f4ce88c647

SHA1
d6a30623bddc2436cfbd56b003146f98a4bd36a3

SHA256
9b05a59ea3bb4365385b718be93faee0f4d8470f244bf32ee21a4fa23b738076

SHA512
1fa95a9d690e94ca630ad9c9e7bbee441e3ab48c2b0022ce3d324b5f0275aaf718750d988de83ef751105f7a0663633b4a8f632d95eceeb81e9d5b394f555a17

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-time-l1-1-0.dll

Filesize
23KB

MD5
6f44147a91b963156f9dea1c98716aee

SHA1
008013027a74b8d01a8919ec6cf87523e0f4c195

SHA256
5b631c6ad94a3c4324441218a56e40e787f42b1b4dfeabc62219108e1f94f909

SHA512
ebe7ac4124a7c73964c3e6f83f7d6e500b406c8b986fea3f07f8f2fd715cc3fd4a2415a4d5944e72c12f88209d262427809be41849afa7f0ab5924a76da09378

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-utility-l1-1-0.dll

Filesize
23KB

MD5
5a7d13e6bba89541eec057d688873fe3

SHA1
06a2e58128cd5546307e1f460b541a279c93be02

SHA256
342c302523d87300f0681385079d43910b955dfbfa9cbcc0294e9d7082737845

SHA512
8a2417797f99111b0126a69e061378ba0b8402e86a41d20798f974cab3b7c996553e5b0d3152a7ae369f945844a99f965e6fdfffd0483999174ffd79662d6268

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-downlevel-kernel32-l2-1-0.dll

Filesize
27KB

MD5
860c422073ff7fb5ef9b2981a29b1d7f

SHA1
b62651108a60afb5836a158d977fb4a60bb7d950

SHA256
661624d83863560b6631e61bb059ce12e4a81c264b278c924b0fedb64f531a91

SHA512
58af3c15d7f9fe401c0fa2d4571920227cc790d2458153b04beefb9054c13b06c9c3c8af4c6ecc0298b94802e6cb7a1f69c170be540b8d2e83ee03d0f4b54096

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-eventing-provider-l1-1-0.dll

Filesize
23KB

MD5
9d49b90f5f2576331cd4a8e341150b00

SHA1
da0e87790579dc685f37c9e7cec96b5f3e4668cf

SHA256
9115fe3d50b3002921f4e4d00454b671ef5f632e13efecb145ee179d46ee9ef0

SHA512
4c1ebcf0c1522dc806ee2c9f6889eaf075a57665025132d4a5d18a266a0c037e306c13f5a4bfd361a8e90f4df4cd7885dd6792ce77a7ab727f50d6e670f1e04e

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\chrome_elf.dll

Filesize
1.4MB

MD5
d1a09e0f93f67fd004c8bd8b27a0a9d7

SHA1
4882f2c4d31516b024007a316fcb095223c9d662

SHA256
b859852cef9d62d7b82d5e2db18e98c33361a308223051f72cfa77a29aaab557

SHA512
0778a4547cef5598af335ae683daddf980f6043c401381dd753a57655de34ab7066e2ae21f873b69d487121605950644ee9569a9bffca2fe3bd5a7627382f9b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\d3dcompiler_47.dll

Filesize
4.7MB

MD5
129a6a5b439700c7992caaaa1913c3ee

SHA1
658b02bec515977a0bc2218e7ada2e55d917f43b

SHA256
e52b155fb6c915d1db04d48ed8dd7025514f81e33d0d86d5f0d71bd1ad92cfc8

SHA512
0f85412f9ecd2aabc7243e8bac805e68e84e044fdab4f5cefff3fcef79f31e5ce0db3edffb05de8179898992b80a27497dff7b5421d9ce07dec14ee7eadf1b7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\libEGL.dll

Filesize
469KB

MD5
a5fd94ff62f8da64198c565906f24f33

SHA1
27bf7c895e9e6ac3dcbc89bbca913f6324042e92

SHA256
e0c1cc83d6f0e0bb228993e7a46f026b5a904aca03d5fa237e1a4c00c00c7a8b

SHA512
b98cad6d884d2971ffc267055f5cad83c122f7828e20d899b09c399bfc7577ed6a4b8f90c38d0f6b3e4000f895a5238d521e82700cb0aa610ebc8bcec31ee822

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\libGLESv2.dll

Filesize
7.1MB

MD5
bd25190140be582a0eadec4ea303794c

SHA1
74869deaeb7c3c8b5948bf561ff34fc2eb45f8f8

SHA256
f4523a293f4a4f8b656e7db31f0b7ccf01a83d62e4665f00abd3c290d564ea01

SHA512
c60bfd0b25c2c8986f443b01affb7e6c1a1a1dc59bdd2ac094542d98a36105f723573acdfbe76ecec8c5c8669a2b7448ee5211285074d80c4fce456ea9a948bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\msvcp140.dll

Filesize
555KB

MD5
a0b8c3ce44339ae58b4124ea54b8c942

SHA1
68467b3bbf03aaefef39b5ba006fae83cbc48f57

SHA256
e84e94e230782a971a121103861db6d6877d2bce1308182650177cc251d08eb2

SHA512
4000356f858d0951884158f62bfc229854973ab72831cb30a9bc20874fb68451e8b22750f23d6a397fe32de85c3afe9df0917760478c9784b54b2a7bd717c0a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\openvr_api.dll

Filesize
806KB

MD5
4398179b668c70f4464ce9448fa0bac3

SHA1
a12848d2488fbd31a2481922664a2875f162bbdd

SHA256
0ba4d3049449403e1966cf8922ac5c2e6130fabe72c0cc6b3218da82f9110ac9

SHA512
98db440b4c220a9e71b60104c819c402bd88b6c10b9ed518660e8550884fa518e165bf20ec2d85a4bb5c379a28e9524d4b69dd25dc599e062498670fe8f28bc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\logs\bootstrap_log.txt

Filesize
14KB

MD5
a607a2def2922b283f800cca2cb5654a

SHA1
85fd52e4a7dae6259d3df72f0d688752bd08121a

SHA256
060b3326c5bb607426452ac32408e6a312245adbb263233a0d833f5b7f1fa451

SHA512
aecde649eea26b56de0f32f31e06c152568fdddf991219b7e9a4ffeed52d3a903f882a681a026c9381e1f7d9af52221883d1f8910b99c34729eebdee06f3d428

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\steam_client_metrics.bin

Filesize
3KB

MD5
da77637a10802d71c9aec8b177229e42

SHA1
e72575d4f61c5535b2c131ec44563eb9719564bb

SHA256
59544a7dc98912fbba722c38c6221e31f1b1d214627b35afefe23edb61fc8754

SHA512
894899f7faa275a06103572116812f37779573443f7861f1b717a744f2e1f3b4b28a34c04b4ccfcc2d9caeabd29ab02cd83376e1b42f5bfcbbd6925fe197889e

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\steam_client_win32.installed

Filesize
473KB

MD5
5e106d249ec5621a5e1108b283957786

SHA1
07544be7fe36e112eb92ef963f1767aefbdb3805

SHA256
6c496358b33601a40237cdadadb91045668e456f06d0775fbb41a9ce01fe989a

SHA512
61396b87a1e8b6f27f67a3569b89aca5183e5abbaafd548ba10fc3aa97c51e2f59d6ac4b9d29348ffd1ab40b84f4d33505d4f64e74294f480fea9cb474179774

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\steam_client_win32.manifest

Filesize
9KB

MD5
628c58048e8d0dfd0d5a985b359b353f

SHA1
fa1c6b8addaeca7da658894e64b62252f8aacacb

SHA256
290816f20a98ea9b9ab3185c2c59eeb3c4c7b9a861c72d453622e7d1e07653d4

SHA512
be287f2c42927f939997b61052e23fb4c13b7709655fc20c34956c5d131d8820cf90aa67139191f801c1ca118ee71a33b74970e263ed87916203fc0f3e6fdb8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\tmp\graphics\[email protected]_

Filesize
15KB

MD5
577b7286c7b05cecde9bea0a0d39740e

SHA1
144d97afe83738177a2dbe43994f14ec11e44b53

SHA256
983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824

SHA512
8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\tmp\graphics\icon_button_news_mousedown.tga_

Filesize
20KB

MD5
00bf35778a90f9dfa68ce0d1a032d9b5

SHA1
de6a3d102de9a186e1585be14b49390dcb9605d6

SHA256
cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2

SHA512
342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\tmp\resource\filter_clean_bulgarian.txt.gz_

Filesize
23B

MD5
836dd6b25a8902af48cd52738b675e4b

SHA1
449347c06a872bedf311046bca8d316bfba3830b

SHA256
6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64

SHA512
6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

Download Submit
C:\Users\Admin\AppData\Local\Temp\public\steambootstrapper_english.txt

Filesize
4KB

MD5
da6cd2483ad8a21e8356e63d036df55b

SHA1
0e808a400facec559e6fbab960a7bdfaab4c6b04

SHA256
ebececd3f691ac20e5b73e5c81861a01531203df3cf2baa9e1b6d004733a42a6

SHA512
06145861eb4803c9813a88cd715769a4baa0bab0e87b28f59aa242d4369817789f4c85114e8d0ceb502e080ec3ec03400385924ec7537e7b04f724ba7f17b925

Download Submit
\Users\Admin\AppData\Local\Temp\crashhandler.dll

Filesize
361KB

MD5
7fd9c99282f84cb7895b1461c5b6c903

SHA1
3ace763ad9bc84f85825bb96cbba9162c5c28d2c

SHA256
c57cdc261c15b4c6872e39b6eecf60a0ef7e09632b7fff34c38c3c7b8f715b19

SHA512
832a20949a72d916151ad98539407d2c7e9b15933c01b1b21adf4d14f47464329f07c180d0e1960fb42efab068ad5f310779aaf6cc40bee1c8bcbc32fa981608

Download Submit
\Users\Admin\AppData\Local\Temp\steam.exe

Filesize
4.2MB

MD5
ea6ae07191d791da1243a8c84e45b484

SHA1
b09c09f5ef38e2c95b91edf42ece680bd6246798

SHA256
4cf97f554b7c2bb90aecbfffbb2168804784b1a65ec357503a1bb7e450d31207

SHA512
6d779d0d4e5cbdf4cad14d048aabf79be7bbf13b20e244f96565ae444ad3433cfe1aa89fb8b4e86bc8a98689d24549c44d3156ac1a1409b8c052d1d977813462

Download Submit
memory/2428-13079-0x0000000070730000-0x0000000071AA9000-memory.dmp

Filesize
19.5MB

Download
memory/2428-12780-0x0000000070730000-0x0000000071AA9000-memory.dmp

Filesize
19.5MB

Download
memory/2428-13072-0x0000000070730000-0x0000000071AA9000-memory.dmp

Filesize
19.5MB

Download
memory/2428-13067-0x0000000070730000-0x0000000071AA9000-memory.dmp

Filesize
19.5MB

Download
memory/2428-13083-0x0000000070730000-0x0000000071AA9000-memory.dmp

Filesize
19.5MB

Download
memory/2428-13080-0x0000000070730000-0x0000000071AA9000-memory.dmp

Filesize
19.5MB

Download
memory/2428-13078-0x0000000070730000-0x0000000071AA9000-memory.dmp

Filesize
19.5MB

Download
memory/2428-13077-0x0000000070730000-0x0000000071AA9000-memory.dmp

Filesize
19.5MB

Download
memory/2660-12458-0x0000000000060000-0x0000000000061000-memory.dmp

Filesize
4KB

Download
memory/2688-12391-0x0000000000C10000-0x00000000010C2000-memory.dmp

Filesize
4.7MB

Download