7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb

Analysis

max time kernel
150s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
14-09-2024 00:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Steam.exe
Size

4.2MB
MD5

33bcb1c8975a4063a134a72803e0ca16
SHA1

ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65
SHA256

12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1
SHA512

13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49
SSDEEP

98304:7JeV/ztZBe91oiImuUiK9N9EGQKF9lSHbr7aw:1S/hwkmg4EpbrOw

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 6 IoCs

Processes:

steamwebhelper.exe

description	ioc	process
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping12800_1041282887\_platform_specific\win_x64\widevinecdm.dll.sig	steamwebhelper.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping12800_1041282887\_platform_specific\win_x64\widevinecdm.dll	steamwebhelper.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping12800_1041282887\LICENSE	steamwebhelper.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping12800_1041282887\manifest.json	steamwebhelper.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping12800_1041282887\_metadata\verified_contents.json	steamwebhelper.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping12800_1041282887\manifest.fingerprint	steamwebhelper.exe

Executes dropped EXE 14 IoCs

Processes:

Steam.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exegldriverquery64.exesteamwebhelper.exesteamwebhelper.exegldriverquery.exevulkandriverquery64.exevulkandriverquery.exesteamerrorreporter.exesteamerrorreporter.exesteamwebhelper.exe

pid	process
11424	Steam.exe
12800	steamwebhelper.exe
12836	steamwebhelper.exe
13736	steamwebhelper.exe
14208	steamwebhelper.exe
14460	gldriverquery64.exe
14540	steamwebhelper.exe
16924	steamwebhelper.exe
17656	gldriverquery.exe
17740	vulkandriverquery64.exe
18188	vulkandriverquery.exe
21068	steamerrorreporter.exe
21864	steamerrorreporter.exe
21936	steamwebhelper.exe

Loads dropped DLL 50 IoCs

Processes:

Steam.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamerrorreporter.exesteamerrorreporter.exesteamwebhelper.exe

pid	process
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
12800	steamwebhelper.exe
12800	steamwebhelper.exe
12800	steamwebhelper.exe
12800	steamwebhelper.exe
12836	steamwebhelper.exe
12836	steamwebhelper.exe
12836	steamwebhelper.exe
11424	Steam.exe
13736	steamwebhelper.exe
13736	steamwebhelper.exe
13736	steamwebhelper.exe
11424	Steam.exe
13736	steamwebhelper.exe
13736	steamwebhelper.exe
13736	steamwebhelper.exe
13736	steamwebhelper.exe
14208	steamwebhelper.exe
14208	steamwebhelper.exe
14208	steamwebhelper.exe
11424	Steam.exe
14540	steamwebhelper.exe
14540	steamwebhelper.exe
14540	steamwebhelper.exe
16924	steamwebhelper.exe
16924	steamwebhelper.exe
16924	steamwebhelper.exe
16924	steamwebhelper.exe
21068	steamerrorreporter.exe
21068	steamerrorreporter.exe
21864	steamerrorreporter.exe
21864	steamerrorreporter.exe
21936	steamwebhelper.exe
21936	steamwebhelper.exe
21936	steamwebhelper.exe

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

steamerrorreporter.exesteamerrorreporter.exeSteam.exeSteam.exegldriverquery.exevulkandriverquery.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steamerrorreporter.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steamerrorreporter.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	gldriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vulkandriverquery.exe

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Steam.exeSteam.exesteamwebhelper.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Steam.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

Steam.exeSteam.exe

description	ioc	process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	Steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	Steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	Steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	Steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	Steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	Steam.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

Steam.exe

pid	process
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe
11424	Steam.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

Steam.exe

pid process

11424 Steam.exe
Suspicious behavior: RenamesItself 1 IoCs

Processes:

Steam.exe

pid process

1564 Steam.exe

pid	process
1564	Steam.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

steamwebhelper.exe

description	pid	process
Token: SeShutdownPrivilege	12800	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12800	steamwebhelper.exe
Token: SeShutdownPrivilege	12800	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12800	steamwebhelper.exe
Token: SeShutdownPrivilege	12800	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12800	steamwebhelper.exe
Token: SeShutdownPrivilege	12800	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12800	steamwebhelper.exe
Token: SeShutdownPrivilege	12800	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12800	steamwebhelper.exe
Token: SeShutdownPrivilege	12800	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12800	steamwebhelper.exe
Token: SeShutdownPrivilege	12800	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12800	steamwebhelper.exe
Token: SeShutdownPrivilege	12800	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12800	steamwebhelper.exe
Token: SeShutdownPrivilege	12800	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12800	steamwebhelper.exe
Token: SeShutdownPrivilege	12800	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12800	steamwebhelper.exe
Token: SeShutdownPrivilege	12800	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12800	steamwebhelper.exe
Token: SeShutdownPrivilege	12800	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12800	steamwebhelper.exe
Token: SeShutdownPrivilege	12800	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12800	steamwebhelper.exe
Token: SeShutdownPrivilege	12800	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12800	steamwebhelper.exe
Token: SeShutdownPrivilege	12800	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12800	steamwebhelper.exe
Token: SeShutdownPrivilege	12800	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12800	steamwebhelper.exe
Token: SeShutdownPrivilege	12800	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12800	steamwebhelper.exe
Token: SeShutdownPrivilege	12800	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12800	steamwebhelper.exe
Token: SeShutdownPrivilege	12800	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12800	steamwebhelper.exe
Token: SeShutdownPrivilege	12800	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12800	steamwebhelper.exe
Token: SeShutdownPrivilege	12800	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12800	steamwebhelper.exe
Token: SeShutdownPrivilege	12800	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12800	steamwebhelper.exe
Token: SeShutdownPrivilege	12800	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12800	steamwebhelper.exe
Token: SeShutdownPrivilege	12800	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12800	steamwebhelper.exe
Token: SeShutdownPrivilege	12800	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12800	steamwebhelper.exe
Token: SeShutdownPrivilege	12800	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12800	steamwebhelper.exe
Token: SeShutdownPrivilege	12800	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12800	steamwebhelper.exe
Token: SeShutdownPrivilege	12800	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12800	steamwebhelper.exe
Token: SeShutdownPrivilege	12800	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12800	steamwebhelper.exe
Token: SeShutdownPrivilege	12800	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12800	steamwebhelper.exe
Token: SeShutdownPrivilege	12800	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12800	steamwebhelper.exe
Token: SeShutdownPrivilege	12800	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	12800	steamwebhelper.exe

Suspicious use of FindShellTrayWindow 16 IoCs

Processes:

steamwebhelper.exe

pid	process
12800	steamwebhelper.exe
12800	steamwebhelper.exe
12800	steamwebhelper.exe
12800	steamwebhelper.exe
12800	steamwebhelper.exe
12800	steamwebhelper.exe
12800	steamwebhelper.exe
12800	steamwebhelper.exe
12800	steamwebhelper.exe
12800	steamwebhelper.exe
12800	steamwebhelper.exe
12800	steamwebhelper.exe
12800	steamwebhelper.exe
12800	steamwebhelper.exe
12800	steamwebhelper.exe
12800	steamwebhelper.exe

Suspicious use of SendNotifyMessage 3 IoCs

Processes:

steamwebhelper.exe

pid process

12800 steamwebhelper.exe
12800 steamwebhelper.exe
12800 steamwebhelper.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

Steam.exe

pid process

11424 Steam.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

Steam.exeSteam.exesteamwebhelper.exe

description	pid	process	target process
PID 1564 wrote to memory of 11424	1564	Steam.exe	Steam.exe
PID 1564 wrote to memory of 11424	1564	Steam.exe	Steam.exe
PID 1564 wrote to memory of 11424	1564	Steam.exe	Steam.exe
PID 11424 wrote to memory of 12800	11424	Steam.exe	steamwebhelper.exe
PID 11424 wrote to memory of 12800	11424	Steam.exe	steamwebhelper.exe
PID 12800 wrote to memory of 12836	12800	steamwebhelper.exe	steamwebhelper.exe
PID 12800 wrote to memory of 12836	12800	steamwebhelper.exe	steamwebhelper.exe
PID 12800 wrote to memory of 13736	12800	steamwebhelper.exe	steamwebhelper.exe
PID 12800 wrote to memory of 13736	12800	steamwebhelper.exe	steamwebhelper.exe
PID 12800 wrote to memory of 13736	12800	steamwebhelper.exe	steamwebhelper.exe
PID 12800 wrote to memory of 13736	12800	steamwebhelper.exe	steamwebhelper.exe
PID 12800 wrote to memory of 13736	12800	steamwebhelper.exe	steamwebhelper.exe
PID 12800 wrote to memory of 13736	12800	steamwebhelper.exe	steamwebhelper.exe
PID 12800 wrote to memory of 13736	12800	steamwebhelper.exe	steamwebhelper.exe
PID 12800 wrote to memory of 13736	12800	steamwebhelper.exe	steamwebhelper.exe
PID 12800 wrote to memory of 13736	12800	steamwebhelper.exe	steamwebhelper.exe
PID 12800 wrote to memory of 13736	12800	steamwebhelper.exe	steamwebhelper.exe
PID 12800 wrote to memory of 13736	12800	steamwebhelper.exe	steamwebhelper.exe
PID 12800 wrote to memory of 13736	12800	steamwebhelper.exe	steamwebhelper.exe
PID 12800 wrote to memory of 13736	12800	steamwebhelper.exe	steamwebhelper.exe
PID 12800 wrote to memory of 13736	12800	steamwebhelper.exe	steamwebhelper.exe
PID 12800 wrote to memory of 13736	12800	steamwebhelper.exe	steamwebhelper.exe
PID 12800 wrote to memory of 13736	12800	steamwebhelper.exe	steamwebhelper.exe
PID 12800 wrote to memory of 13736	12800	steamwebhelper.exe	steamwebhelper.exe
PID 12800 wrote to memory of 13736	12800	steamwebhelper.exe	steamwebhelper.exe
PID 12800 wrote to memory of 13736	12800	steamwebhelper.exe	steamwebhelper.exe
PID 12800 wrote to memory of 13736	12800	steamwebhelper.exe	steamwebhelper.exe
PID 12800 wrote to memory of 13736	12800	steamwebhelper.exe	steamwebhelper.exe
PID 12800 wrote to memory of 13736	12800	steamwebhelper.exe	steamwebhelper.exe
PID 12800 wrote to memory of 13736	12800	steamwebhelper.exe	steamwebhelper.exe
PID 12800 wrote to memory of 13736	12800	steamwebhelper.exe	steamwebhelper.exe
PID 12800 wrote to memory of 13736	12800	steamwebhelper.exe	steamwebhelper.exe
PID 12800 wrote to memory of 13736	12800	steamwebhelper.exe	steamwebhelper.exe
PID 12800 wrote to memory of 13736	12800	steamwebhelper.exe	steamwebhelper.exe
PID 12800 wrote to memory of 13736	12800	steamwebhelper.exe	steamwebhelper.exe
PID 12800 wrote to memory of 13736	12800	steamwebhelper.exe	steamwebhelper.exe
PID 12800 wrote to memory of 13736	12800	steamwebhelper.exe	steamwebhelper.exe
PID 12800 wrote to memory of 13736	12800	steamwebhelper.exe	steamwebhelper.exe
PID 12800 wrote to memory of 13736	12800	steamwebhelper.exe	steamwebhelper.exe
PID 12800 wrote to memory of 13736	12800	steamwebhelper.exe	steamwebhelper.exe
PID 12800 wrote to memory of 13736	12800	steamwebhelper.exe	steamwebhelper.exe
PID 12800 wrote to memory of 13736	12800	steamwebhelper.exe	steamwebhelper.exe
PID 12800 wrote to memory of 13736	12800	steamwebhelper.exe	steamwebhelper.exe
PID 12800 wrote to memory of 13736	12800	steamwebhelper.exe	steamwebhelper.exe
PID 12800 wrote to memory of 13736	12800	steamwebhelper.exe	steamwebhelper.exe
PID 12800 wrote to memory of 13736	12800	steamwebhelper.exe	steamwebhelper.exe
PID 12800 wrote to memory of 13736	12800	steamwebhelper.exe	steamwebhelper.exe
PID 12800 wrote to memory of 13736	12800	steamwebhelper.exe	steamwebhelper.exe
PID 12800 wrote to memory of 14208	12800	steamwebhelper.exe	steamwebhelper.exe
PID 12800 wrote to memory of 14208	12800	steamwebhelper.exe	steamwebhelper.exe
PID 11424 wrote to memory of 14460	11424	Steam.exe	gldriverquery64.exe
PID 11424 wrote to memory of 14460	11424	Steam.exe	gldriverquery64.exe
PID 12800 wrote to memory of 14540	12800	steamwebhelper.exe	steamwebhelper.exe
PID 12800 wrote to memory of 14540	12800	steamwebhelper.exe	steamwebhelper.exe
PID 12800 wrote to memory of 14540	12800	steamwebhelper.exe	steamwebhelper.exe
PID 12800 wrote to memory of 14540	12800	steamwebhelper.exe	steamwebhelper.exe
PID 12800 wrote to memory of 14540	12800	steamwebhelper.exe	steamwebhelper.exe
PID 12800 wrote to memory of 14540	12800	steamwebhelper.exe	steamwebhelper.exe
PID 12800 wrote to memory of 14540	12800	steamwebhelper.exe	steamwebhelper.exe
PID 12800 wrote to memory of 14540	12800	steamwebhelper.exe	steamwebhelper.exe
PID 12800 wrote to memory of 14540	12800	steamwebhelper.exe	steamwebhelper.exe
PID 12800 wrote to memory of 14540	12800	steamwebhelper.exe	steamwebhelper.exe
PID 12800 wrote to memory of 14540	12800	steamwebhelper.exe	steamwebhelper.exe
PID 12800 wrote to memory of 14540	12800	steamwebhelper.exe	steamwebhelper.exe

C:\Users\Admin\AppData\Local\Temp\Steam.exe
"C:\Users\Admin\AppData\Local\Temp\Steam.exe"
1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies system certificate store
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:1564
- C:\Users\Admin\AppData\Local\Temp\Steam.exe
  C:\Users\Admin\AppData\Local\Temp\Steam.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:11424
- - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
    C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=11424" "-buildid=1726256783" "-steamid=0" "-logdir=C:\Users\Admin\AppData\Local\Temp\logs" "-uimode=7" "-startcount=0" "-userdatadir=C:\Users\Admin\AppData\Local\Steam\cefdata" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Users\Admin\AppData\Local\Temp\clientui" "-steampath=C:\Users\Admin\AppData\Local\Temp\Steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal"
    3⤵
    - Drops file in Program Files directory
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:12800
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\dumps "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1726256783 --initial-client-data=0x344,0x348,0x34c,0x320,0x350,0x7fff374eee38,0x7fff374eee48,0x7fff374eee58
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:12836
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726256783 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=1580 --field-trial-handle=1712,i,6043042072218333471,13740920413753630208,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:13736
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726256783 --steamid=0 --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=2156 --field-trial-handle=1712,i,6043042072218333471,13740920413753630208,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:14208
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726256783 --steamid=0 --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=2524 --field-trial-handle=1712,i,6043042072218333471,13740920413753630208,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:14540
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726256783 --steamid=0 --first-renderer-process --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2936 --field-trial-handle=1712,i,6043042072218333471,13740920413753630208,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:16924
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726256783 --steamid=0 --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=1684 --field-trial-handle=1712,i,6043042072218333471,13740920413753630208,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:21936
- - C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery64.exe
    .\bin\gldriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:14460
- - C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery.exe
    .\bin\gldriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:17656
- - C:\Users\Admin\AppData\Local\Temp\bin\vulkandriverquery64.exe
    .\bin\vulkandriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:17740
- - C:\Users\Admin\AppData\Local\Temp\bin\vulkandriverquery.exe
    .\bin\vulkandriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:18188
- - C:\Users\Admin\AppData\Local\Temp\steamerrorreporter.exe
    C:\Users\Admin\AppData\Local\Temp\ste
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:21068
- - C:\Users\Admin\AppData\Local\Temp\steamerrorreporter.exe
    C:\Users\Admin\AppData\Local\Temp\ste
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:21864

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004D0
1⤵
PID:14328

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping12800_1041282887\LICENSE

Filesize
473B

MD5
f6719687bed7403612eaed0b191eb4a9

SHA1
dd03919750e45507743bd089a659e8efcefa7af1

SHA256
afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59

SHA512
dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56

Download Submit
C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping12800_1041282887\manifest.json

Filesize
1003B

MD5
32ef54fcac37d3d390c05880067559d6

SHA1
ab44258473c7c1a920596ccc33463a765e5fe60f

SHA256
d97f5e50808d1ef75bb241df2dde8f7293b9bfcd498dc525e258c97b39564211

SHA512
3bcdd94edb8b0df2d1684ef865f9711bf544c4c4f6adde927611b648dab2776e398e3b29681369a80e8c7ebfb9cd100ba8469ea69c5034ec023c796d8cbfefa0

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
1a48e013a07e195bb86f6729c658c437

SHA1
4a985e00bc7031c071a48830f2ea575d3565c651

SHA256
ac3b50639305910e496b9aa58b7802a5cf7898fdcffcaf1943e4a5dbcaac771b

SHA512
486060c9ce4678b58948309932df477e9461017b3b2614fd1b7c46a795199c42c9ff6f3456169bde38dde17bc4c79b1b3ab023d12084f776ff853f79fa6015bf

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index~RFe58bc75.TMP

Filesize
48B

MD5
e725bea02e95ba012a2d88b9e0d7ae7b

SHA1
183cd5fabfcfe1293b53cf9f2b8645fe3655043a

SHA256
477829349a9d47110728888c10db42106d5c4acc148ebabb4910bd288b872d25

SHA512
2f809c50de48d2cd1919249ee90938a178a0af4035ee6663f0897cf32bb1a94796078a6bb7321460277574e29956b0370ab4a8cb719630f24d9cf5137f6ba61a

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Local Storage\leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
700B

MD5
b90b5e4cc7d5ce13469ea69a0421cb96

SHA1
06772d7d719160a5dc13433de68b7a461280d8c6

SHA256
327ea2b8488b145ccf823de4c8bfe6ffea8348c111a079107e4844f3e1608030

SHA512
d8cd2ae577f67992999e37935a74a2f7a39ca8d440d12ce6e8e94a2263fc48ea33d759ecc35f30c682eb123006e677662c4a001e2dbcda8d3ae1f562e1332d0a

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
795B

MD5
27cbb4c2cf107a95cbfafa1e56d78532

SHA1
08847feabaedbd10054e85416019695dc1bbec5e

SHA256
6fce35b380acb0b74f3b454258bce06981510556c7ca1776db950947a77471cb

SHA512
155fde8c04dced69708ea6a05ba3131f86b35b76c3a81be77181fa75d3b3493e763929518e225e2956c84a2f01330bbf67d03efd1c7bc3385a8b030faaf962b3

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json~RFe5977c6.TMP

Filesize
484B

MD5
8e2f87b9bd332f96535f26e2c968d7e6

SHA1
59cacfef831a20677436eda396ed920f99f1eda0

SHA256
3eed7570624e6945a212a0351d1cde2cf094becbfad6546dd47c9e9064d7875c

SHA512
721adb5630ffbe4e5c31c4e3bcbd0f90ecf09d1501c24a3a6aa6bcfb35e8182e03f60eb6329367392610e7039ae1873367a1cfa53e409dca5ea221a236ab84b9

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
300B

MD5
068e7adc945ece389c725cd85f464951

SHA1
38624f05e8b80142e239610b5308f059d90fb3a3

SHA256
f3c1e812dd2db5bd7bd84f31a50b0b0f7d9d0d95723151cd383343c0181cabd9

SHA512
c97c9410762c2a2890144d64fc65e53a91497223735aa918eaf80ad68a69b3c1817562c254e68876a968a05498295e338747fbe97ae708a8546f52326b2afd80

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State~RFe598eb9.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\aom.dll

Filesize
7.1MB

MD5
d764264518e77cc546a5876c3bcebad4

SHA1
ea17d45b396fa193a851bfd345e2b2c20ad60e12

SHA256
e78492de0ab575add50b925bfd44216d224d09904a9b14c17087a92fdcbc15cd

SHA512
7cf132ea5254a55c08186ffcf5e47360ef5ddd57d03d7051171f6753b22e3925304d183c2037bfd320ad56c08e079f9b2c4640db8cb3dbd38ff500c7a39e997f

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\audio.dll

Filesize
183KB

MD5
2d2a3a3ced0f8e17b3707c17597c6ddd

SHA1
71ca99bbd796e5413ffa0390ba6efee09b413f27

SHA256
51fc252c8d2e92804089bdf81efa0f1e0a5e9b0a130126a9db64d7884538d5b1

SHA512
83bb97c0a79a4f1e772c3509df46ee887dcc88ec5ddb656fe5951fa7b8263f9750f63a83d3b41b1e6fee59eaa42f4ae08b652eba658d4f77995d8a7c97d533d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\SDL3.dll

Filesize
2.1MB

MD5
cd4e6e6d0ce67807209266d3c1d2bc27

SHA1
fdf38f312ef4bdf289c1e93ff4ddb01a0c50d94c

SHA256
dba6ea28bc01f782c2e3871b034225523ec444bb5500a2da756ca0f9bd0f7cfc

SHA512
5b6a8d7db7b4a759e82c224bef33b091daa569061210a34c7ac91592d87c866d736ce245c4ad29983cf74f7b9fcf7fc047690fede4c2c08f385c7fd8811a42da

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-console-l1-1-0.dll

Filesize
23KB

MD5
03068ddf42f4e6cf8cbacb82d12acd2c

SHA1
d4a92bace1759a9990de598a31ecc37dcdcc482c

SHA256
633470b3bcc1bf209ac5c9d3e5d8cf1aa0c51af86f7694e088a842908cd6dd62

SHA512
bdc44c95e83f01066ae54e9ebea83e6a2fc0975af1a00814b005b73fea2b004e0a2c52bf812aa945f00eeb132f89e427cdd8c7de463cdb0fe71c81fd97065272

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-console-l1-2-0.dll

Filesize
23KB

MD5
ecc4653141cd6f0980d3de87ada003c6

SHA1
7e911ca31f4320f4355f1ee5ac52d788ef3d55f0

SHA256
d37289cd28bd3d63fc7cb140616bbd2641975b7511d85376e2a9b83729564783

SHA512
44109105a6c21b8b28e8addc241ddf83aaafbedc10ffce73730b9e0973180c0aeaee4e7ae0c4a3c9b10c6c7930e905023066766aa122f43dbd21ab8ae73abcf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-datetime-l1-1-0.dll

Filesize
23KB

MD5
43edf34edf20ccdd0ed7acc7b25748ff

SHA1
b474d11f41ca492be762a8de1c13416f31ba9372

SHA256
8d18111e53502f05828578df32101b10a1ee2f4a4504c27046083ddb4bef1ab9

SHA512
5995684ee6265bf4ac4e2cd376193083bdf9693b5ef29b07cf33a86ec373505fd431d47557263d5eb15e6d3ffc9787ca8634037c51b90ab0e7b258fc57f1e3a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-debug-l1-1-0.dll

Filesize
23KB

MD5
fd8029b4da3083b475a48ac76ec4993c

SHA1
040f3273c52e0e963b9a2d11cebfb0bcf06d13c7

SHA256
abacc78b4c8dfb89083aecc59234930460c6b1072c8d55d01369b20fb044181d

SHA512
cd3d4a6a33cd3b698bfec460cc2b9433ef7290558aa031f4d888d9801b5f025900923d51cdc78bc35d81d8c33a3e7ab335b60d7c4cd6a301e60e0506e29208a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-errorhandling-l1-1-0.dll

Filesize
23KB

MD5
3a2dbd4334b9cc234496f2d7cf9e1d26

SHA1
99bdae37b42ce7bd386b0479fa1a1ea3c53caf1b

SHA256
1af61ea6c2bfbb2dfa24ebc20ac50fa69441a641dc60e3dfae8181901cd444c8

SHA512
8cee7c2189b51d8920939b2fc16fb8daf8b10b3ab1a889a8bebb65b5adc10175da0894660bc01a6d11c0eafc93194c4c9045a4f6bd2944628c5362d9ceda6839

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-fibers-l1-1-0.dll

Filesize
23KB

MD5
52ff2bff29dd0d39daf082e77d2bf244

SHA1
452b1787f8b35def0c3dd815a4dc66f7814989e3

SHA256
fc43d6feb3425cf49ac39f242b2c1f8e078df6827fd28d829d27df5f601850f7

SHA512
805e5edf61fd44042e71302b61e236e74a736c1f5ae6ca5f61217b074865544a90aa48530964b3f502eb79c52b123a95245e8c206cec81dec78b11d209ac1308

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-file-l1-1-0.dll

Filesize
27KB

MD5
87f9288def26465cd646991688c0edd8

SHA1
fc327cba7f20d0a2378a5c5609ab426a4ff93013

SHA256
641c7902819e885f1cea916e56df83999ddfc4d7ac150aa056b27e2e2ada7de2

SHA512
8f2c17822daf7c28742c0c7d3849d7433edba99af8ede77c9a03fc4784a73195b7c195bb75b2f0423dcd3c49ae1b8e57177add5cd4c6119693fbc6903e20ff7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-file-l1-2-0.dll

Filesize
23KB

MD5
fcee2ad431d015f2645f6e87083ffd55

SHA1
8a5e202f310afd2832fc8c1a2d431025325fb046

SHA256
dcde2bd75c67d8dd94485e8c19b0a557cf30d980f1d3d23b98b7ec5b30b2a215

SHA512
a31611091139d4ad0fa1f6477fb557a4b2435e4ea90db021d80d66cd943ed4728e5c5a2962061f31c67433441103bf419fac2e3c8eb544402fe2f9428123a856

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-file-l2-1-0.dll

Filesize
23KB

MD5
20cc1bc113ca79a3ae0639e8adcde6e3

SHA1
1d8760c01218059b3e3b5313ad932de13684d0ea

SHA256
e2618f8e40ba85f0eea466af889a311316a545b15f1c982035d68827999e15ad

SHA512
c46d129eb313ef801a7637bbb9a9040fb8f770ea0626146b5028141cede9c7e2a46f58bc3c17f2515cd5bed3f6775ad93cebca57373faec4fcc1821dde1fac58

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-handle-l1-1-0.dll

Filesize
23KB

MD5
d61bba9bf72ba9fe6cfa57b878a946ef

SHA1
2e3e41f596219de5232311dcd6d7fa73342411c3

SHA256
667db417bdb9a7ce632b249616273f8cd3ee69ae6dcfc1b4ed11b16f1378c540

SHA512
34cb9e3f826c13c6a6622508ccdf94e803c080106e26fd311c1dd55d1bc9f3b7451a8984b58f72da3f20fcc837be6b036c27e3286954ad5f6979c70c637cc308

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-heap-l1-1-0.dll

Filesize
23KB

MD5
8aa73ea893c069d0aa98240d57e88fca

SHA1
a14511fa2c916a27ec1fb3a2c207165db6cd7ea4

SHA256
2400936d6a7a396a7c282b9b02df974c463d2b89c7a16dce7d87612908124c76

SHA512
d5f9fa3ccce52a56945bc34f0a58c3cd87412a660d4a84c8c40a50364e550e0f1eda045e9456c9b99e2e46245afd25696ed3f7337bf1398ff088e218b1c1105d

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-interlocked-l1-1-0.dll

Filesize
23KB

MD5
b265d592a17183a8d1450b45fc76df66

SHA1
8e2ce55c543bd41adeb8198067f0dabcf7bf2faf

SHA256
6037a1b25c98e00832ea1e3c8dbcc1a85549992f6286b80d68ad2ccac3d3bec5

SHA512
f67cf871345b17b638d294afbe7c8afe408c6a43fb85df7758d1a8249f56f1f0a74f754b45bc685e00ba5f6d88ba64f25e43b5fcc88d4f0b91a848c748172afc

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-libraryloader-l1-1-0.dll

Filesize
23KB

MD5
622a8247e84fe7a8cb8ed8bdffbf31f4

SHA1
4656444f64f5d1c20d8c355c74f4d41eb8001246

SHA256
105aa615c6b77e3325700a6325e56a78d584fb1a792c33704b6412b7cf16f36f

SHA512
276cc4b255801d68ba649a7b48d52fc7ead890e31941b9f6b459555711bdf2336494e3178cee41460a2605005630073a0c68c65bc4aaefa2399df0107947a267

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-localization-l1-2-0.dll

Filesize
23KB

MD5
97b1a95703862d7b1a45d8494563bd04

SHA1
f96ca4ebdc21564bd6f4e9bf7ef538f700f702a2

SHA256
4036ec9bc6598c72ba6f6216a6dd24eb9a303070acd4b18bbeffb5228d4c3428

SHA512
bbe64ae065f29596b954b87921a41471ec56e279d273a287e7e777afd032d8fa505e03d883acd91b3bf0b0fe32e7782a652a543729314c9585498809ff394ebe

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-memory-l1-1-0.dll

Filesize
23KB

MD5
497a278be3d7a88000d9bcac0abdaf37

SHA1
4237b72d2ea44d63f6806a8f10dc05824492a9e6

SHA256
5b124268dbb56e55afddbb414bdfbea3439d17bf32022a2c2b25ebca55b07a8a

SHA512
861f6fbe9c210afa71280797a87a909c14e0d1f865f21788a86c187e95069e79c3eef99b4c8250732069fa5160c6a3d60474b9f0a94d0d96b0c447a7fc2b7e83

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-namedpipe-l1-1-0.dll

Filesize
23KB

MD5
7d60f7c85f257423b6ba52840118e80f

SHA1
7fab0d6b48172e5c9fe5cad4ea65a9b9559c9bcf

SHA256
fa662dd9b22e3f4d59effd6ee1e2beeb4016184f7eea38d26a1a0df888f59f77

SHA512
8c047a9706713ea5c8bc848d4f20b29d51a9b9715aeb937ebd341b94038b4c1d03aa92c19f23126afac4171577cc8ba41202b676f9ceefa1e0f5404bd736575c

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-processenvironment-l1-1-0.dll

Filesize
23KB

MD5
2ee0b0440783ce843c2655baba9c76e4

SHA1
4665e7a8f30cedca77351d9321696ad65521da88

SHA256
b912bb78003def510b17b9bbf360fff929b5d5d94298254ef792ec34b82a2bab

SHA512
6fd0336a998b6b824b0b41a58fd25a9ea1dc0e98accd6a4a7902ff29ae1b475f9d7e881276576b7ed39d1b3f855bb1e66458148fe92bc13722fbefc7e56f79fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-processthreads-l1-1-0.dll

Filesize
23KB

MD5
94e709a3b938de4cfe760545d18e3da2

SHA1
d81ac1d6c4ee2623a7d9a51f6d941c3960118cec

SHA256
0e683c31dff835cf09124c652a654e17f0f0fa99c4bdc91411d75f418992b10e

SHA512
8e7d7305a23f7478934e62a59ed722e9f018af304d2c4ed5ef752ea36594fdee265e99af87db196ca094b1e7fa466393e599cbffb1b2d26364872a508a241ef5

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
23KB

MD5
1308def8f9663fb6b7c476f52cb60675

SHA1
18d7da1e088c1872221b33aaf390618239e31ae8

SHA256
353478f36be9c35bfdf49d48e9080373c13093ed0671683b5eb7a7bae21b0271

SHA512
aae2fa620b6fa96cb4c7135f53bdabbc75f30c60b9cc7c320bb766c5832ecbd0b3f24a140160f3a93b3201e7182634957e5c615e72f2f16874422d2f6ad27897

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-profile-l1-1-0.dll

Filesize
23KB

MD5
b7728c6b8a37780f11ed65cb26f6bed3

SHA1
8e9a01284b2904f3f91d218e1c28ca1ebb982f61

SHA256
7c01b2e4c6e47bc5cece6baaf41ce489594179afe9b3bb55ecdfa3834251fea2

SHA512
ed5f7f6069dce09cd0361e82719068df89f61b4280135e2b1657b04c9a8b053e24b971cd9af31f34f995d31dadd8c2fc218c80840a5ae5a41dcd9c0e88c22e6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-rtlsupport-l1-1-0.dll

Filesize
23KB

MD5
092dcf30ecf88949733ef075379d0684

SHA1
fdeedb592ce196195c70740bafe23d0b63518cf0

SHA256
d78968f651f021fff75d6e93e4dfab8704fd6f317ccc3e8a6023d4b84d550de6

SHA512
5de27ee9f64c6779f7e0beffd7b3a114a4bfc74bee6f29c21f6b584b3077466bdc81d2276f62f195f3c658ce62e360ffca5999874cd7456520ce646692a47bba

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-string-l1-1-0.dll

Filesize
23KB

MD5
060f3540d5afdc5335d6c77d71eefc00

SHA1
eb36802b982dba740312d4f1813de725c9315e34

SHA256
a9b13b7b54757e5c39430c3b2f9c59e20ac382092e1813bea2870745b5913702

SHA512
3b172f0f3a3884516de16183e8cf1797ec394c24f98cf5dd846000088c624f83af705f687ed1d8bed0125731cb4fb07d20c358956719cddf477a070c2f846daf

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-synch-l1-1-0.dll

Filesize
23KB

MD5
040a9e244f28398fc442ecbb5d926ea5

SHA1
f1216233562e53f04e8ba541e7e2aba171c83234

SHA256
13b3355b7a60f1fd6467d789c121ce91cfaa62d412e9ccf5dd59bd69ae0cf6ee

SHA512
a2745daf1712a7552ca434f76508151d16c3528df7b3ae2c72ab05221134783c16ae8152d1eb3e84403e6fc48f3c6d27044066cb84c9e537805a9f2417c90410

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-synch-l1-2-0.dll

Filesize
23KB

MD5
f455b70c2aeb62e5a066f3c92fbc604c

SHA1
3481ef600d680e5a211faff858fede7391c5703e

SHA256
86a25ff00b7ed5374999ec459e7c3c195301414e42e00c5716faa4eec49be2f3

SHA512
6522dd1186267b0daa95a412864fff50b982e1c0bba985749df8894c5997672ad211946d2acc38719d424a6c81603ad70e77333571c57b68da501cfff5abdd54

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-sysinfo-l1-1-0.dll

Filesize
23KB

MD5
d1d1cfcbcf15736905aa904a4920968d

SHA1
3e2c06622f27d8d4d546b5c46f64cd537dc2ce09

SHA256
654bb2887bdcb4c8d67aedd856a8fe881a10203e921303e7e46cb4613e7aa379

SHA512
bba0bd89fd5264b60c944102985dd809b5ca4fd7ce4ba313bd4e8d3521be8fc06ca82e8d657de0c5b7b8929330c53309d9d6ffbad94ff7067769ae4c5daf5f3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-timezone-l1-1-0.dll

Filesize
23KB

MD5
cd4384d834b29da7dfdb9fcea4ab6223

SHA1
b4056ff01555ed2ecefff6001ec053bfe024c52b

SHA256
1926b6136d8fb0687f6d20c95e3a0a5175c4e6f5c092a33c927f2d9a3db9be25

SHA512
282fab1479da157298fe9885037bbf7b13c1b3c29a5758b2fa8602f9e3db975d26373c787e42e16f58fac3073175738e263d717e919809dd020b0546a581fd41

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-util-l1-1-0.dll

Filesize
23KB

MD5
a91581391c80947348f5ce910bb7edba

SHA1
2c73aaa678cdea87ffcca1b1ca52ece9856d6c63

SHA256
6ca2639951d66cdf24da81e8377c38534b06fdc0fa8b9e61637a9d615fc053c4

SHA512
5ef069fcacf0ec7fdd6f38d82bca4a902267f98b16bc033dd0ae4b6d27f8b3069872d35ee9494ce0777e698f5711dfeeb261de979f8ed73297ce185698da1df4

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-conio-l1-1-0.dll

Filesize
23KB

MD5
052f1dc5169479370e1d93cba74164b4

SHA1
2a8de8c16718829f34c00fed6dccbbad0a329378

SHA256
9a8f77edc424c0acb982f1a3d95804b43e644877f29d7e6770f84f55ceb57097

SHA512
771455fd9c409e27c473ca37e8cbd0da4458d00f09754e29b1fc7df2973243d43d79449fd7cf71907730c6098edd96c109ebab57dc20c908f893538ddb0fffbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-convert-l1-1-0.dll

Filesize
27KB

MD5
eba8a48db9c108f331b1ee877d1bfa34

SHA1
572552bdfb506db07a7d580253645dfdde962edf

SHA256
7e3bdcb763330065d7918f1bf053a31970c7ab4aa65794fb256315d4a17cad20

SHA512
f665d2ffc9d64f18c35121726af4c8e764bc401a96d29ba9e67a3ec3ae6a0a34a4e9beeb541a5cb79d3b4ddf50255a07d7d4b95a4abed6ff4808b8b115dd9648

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-environment-l1-1-0.dll

Filesize
23KB

MD5
0c7a94fa6692d5ace1ab988bda3f638f

SHA1
2708c24ca07b2cca643c6c964a5a1592d162e69a

SHA256
9c023467bc9b8d72b7071f6ff2eecee47a2d93feeee21b787e579f035a545134

SHA512
2fd30032347b6914fb18c95328edf1f44e1d02409221b785086e9d0223fd1b021710cd680bd1994e1e51ba7712025d51c91e3aee86e5a04bacd92e61a9eac05e

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
23KB

MD5
936b063b07ca5ed344ecba8894a2f81e

SHA1
08fead434135fa721af1b6d523260db7593d1c0f

SHA256
349dc4a320f444123a27bc3ee0dd3771dd085a2f9b30818a7586a9a74e67af91

SHA512
697c5301cd21a080c1e5a96904b06cee11473dd6f6b454a04229903affd6ba6bca28d21f0051730db2365e774f6cac468f0fa7ca77e2bd3ac5cace64992979a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-heap-l1-1-0.dll

Filesize
23KB

MD5
f4669a5e62c2cbdcb2ec53e117cb81b9

SHA1
f86843d53ece07d1847b5e64638bd3823832e5b0

SHA256
6781669609378301d5dce01d8c9187ce9cc50d160fa4022042403f3ad4e55145

SHA512
4ebb9fd49e8cdfbc7b23d0b2961a097b98d351b678e1be0196487972014db13ed2bebfc361eb9e5d51bcf6886df3f9313073f99949559c499c4277a22c4c3385

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-locale-l1-1-0.dll

Filesize
23KB

MD5
942062f614fc18a4fde240b6c430ba97

SHA1
fcbb4afa9a0eb45d1e3e1509137a6af5e0d51e8e

SHA256
43d1f6551c2e6c74f148831956938524bef57ad8d9c1c092ee1fb592797410d9

SHA512
861a7c2a3f22759df2d9f0f6c8f602e930b478cb65c93de583f84e3ac507d57a211057c812faad07539fe4b3bfdf96734024af1c81606dfdf6238effef0e3f1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-math-l1-1-0.dll

Filesize
31KB

MD5
1d65c5490dd8f1caebdde1f5b0466e23

SHA1
d9478b035a98e16467cca63fd3366e3e3bbcb783

SHA256
c7ff94b866b7dd4089ce1c6fd7881aa52f3ea98c10ba643107c66c54a989a982

SHA512
c99537c463629ec575519993f311d3cc2463648a2f20fea84e7023ae2d3b21e51842124406fabcf5d6b7433e7746771ab68b18c2615d21a1d0170df2eb81ec0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-multibyte-l1-1-0.dll

Filesize
31KB

MD5
69c4dfe1858bd882de30689f7cb49b7c

SHA1
3189383adbb657cf498405f6497b4525c1946014

SHA256
2a4826347187214023d66c1e393b2caf1cdf6be8fde7c01b13021fc1932932d0

SHA512
084caeac9cee8e5b014533348f3df4384f7f8ad6df3220934db84eb988b6b168611767e0fb354085f6bc5aef321620d810c37f0c7179e269b794582ebd4ce713

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-private-l1-1-0.dll

Filesize
75KB

MD5
acdf763c0486219bd9b53b33ac3913dc

SHA1
0df77372450308b264218a27f8f9d209d06b887a

SHA256
6132664b27d0a2ad946e3bd889a413a0ff944570ec2c54e409b60f89c6d6717f

SHA512
258cf73c6b0840813155dd1beead36fb78b3b346de869f12f2dd1c70b4e238d296122e8543a6fd32eeba2fb80b0776640d47edfb589423b6eecc4c0b149a5550

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-process-l1-1-0.dll

Filesize
23KB

MD5
557b2ea4b05d51ed2292eff830663ca8

SHA1
8b1b70006661b897913c10875d61b74110117248

SHA256
d8d9acbc53fed08518cce07c807f692dbf60237a5e28c392532a81775273c8ac

SHA512
cb491ce5406d2b0794cd44ca4c800640349fceb554cd29a0e290a9b12cdd99109bca00c7dde95f8abf970b4d588967f34c1cad3461383c09c2cee84cd42d7868

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
27KB

MD5
b455090bfe194e7f5a921c559640533c

SHA1
2d03a96fd2cacf6c27a4377f8fd96d5fc857bccd

SHA256
424506add7d1e719e260fe7cddf5715c28001e30a0263bb3a6471570ffb80d6c

SHA512
0f830530e02e1e8af3aae472dde6ff9b3fff69c97f98ce0f699e19327020bd5ed9e46aab841f6d85dc2c3df8674724a8246a6f1d2e6338ea0691ff06ec782c1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
27KB

MD5
58924fdca4cd1348d9596666bd4afe13

SHA1
dd637743697a69c2223bc4f1414eb3fd1d28bad6

SHA256
9a953bfd49474a64f047615f8bd1d88e85c28cdb8de8b13aac666ba46a38ef67

SHA512
5b0468c92e8779ff51842ad4075b6eccb9cbb1da5b3b57af0f314756ad6d58924e992fa71f5ab430aa5861947855eff82dcdbd3bcdc0fc3e5004752a4533e350

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-string-l1-1-0.dll

Filesize
27KB

MD5
2813873c58376d67e3a62cd8a8ef4aed

SHA1
e7bcbfa33d24700bcc1ed983416e995b7c0777ac

SHA256
83a32cbd5789db3593e6a082deb7f779ce80521ecf25dd658abb9f47d78520bc

SHA512
b8ae51929a450ed205096f2c93eb6be7309ae36fe4f88fed13883bf8d7005d86d822de891a379cbed8a4b44450dcde88310cc10cfa539ba421b0625c95ee4a21

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-time-l1-1-0.dll

Filesize
23KB

MD5
f06dd1ab509cc25e89d4c27c6ba38a00

SHA1
0675d0bf206a720e6f97976f0b7c71f142f24db2

SHA256
d3efd5b3f5ee0871f5e9eaffc09351acd12e8dc34bdfad4380b3a4f33ca3f36c

SHA512
899d1ca42315acf87e26b7ad9f3a94a7a771a7274ba463cab424d96523dfef690e5691330faeb3b9f74ce1d2b7c59acb05a31fef12991446e387cfd91261888d

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-utility-l1-1-0.dll

Filesize
23KB

MD5
04a189d8e5d81b5adbf49a41c002c3c9

SHA1
8583800456dec8e1abb9289ec69d7bd7ec3e5582

SHA256
12d5fbf88ff7237ba8ac8f464407931670852b8e5bf53b8b323ffdda74a76246

SHA512
ea3b3927a1441aa2f811cd193f58621d7fbd5842a27a726bb13e04c87b44759168113ee5dd6d8dc7355c7acf70d20c6cc83e8cae80ad3ec0c91bbbd5b060ffe1

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-downlevel-kernel32-l2-1-0.dll

Filesize
27KB

MD5
6702bb7db237d299da2820a6825833dd

SHA1
14e252b123257c28c51e6f8a8d0356e44318a379

SHA256
55217cf8c263a8edf1f53457ef4c33fecbe9839790ee574d66f2651e81e4ed45

SHA512
f1daa09b84bd5d3cb7f53675a54bc8db5079932cc141fe7ad91e7073e6532dcca7fefe6ac6daa3012e66ac7c9e89c0472c90d7c0b39148c200b7c069ec2c7125

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-eventing-provider-l1-1-0.dll

Filesize
23KB

MD5
cdc98428d40f78aac93a496295204cc9

SHA1
17d4048de696ebd600ab66be2e64a96079db6163

SHA256
4d50d8ecc545712937f6aa043614c92d2478e97f61323426cd54aee57c8f3020

SHA512
f3d9fc1825856ed66271b5eea6536258b215ba9fda619f6e8d3a26e71a411b803d52ef0bdc712ff5e578ec0cd8210dcdf885de9754eab5f356e36b05374e8a2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\chrome_elf.dll

Filesize
1.4MB

MD5
7eeafccf8085f5165d62323b74e749d5

SHA1
cccdd90707566168154b4f3767720dcf21c0d33b

SHA256
58b28a65e8cfd98aff76fe1f16c524b10cc7ffb2da6efc3d849fd2c2c8e99756

SHA512
01f5478a0444e481f75d98fb9123b2d93b7b6482b306fa6b533f125732630643cf16580916ca7d9b1f27ea5b3b7b11d7f44ce5a3a1ee6cf9fc9cabcb68d38224

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\d3dcompiler_47.dll

Filesize
4.7MB

MD5
02a2119aca2560ee6e0c68fcea6283b5

SHA1
792a8be1019c4199bc87c18e0497315d979d6978

SHA256
5e975f4ec2928ace98eb1494abed0db80e3969315843bac579ba25d9b5e90383

SHA512
a2647dac5632edc3e7e6bbe2200aa9b938c738cd47f40cde39c029b7f07fbcde4034bf4f25e01925d0ea6eeba2e09e509120b329d6f29314f62c6c2d3df59164

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\libEGL.dll

Filesize
469KB

MD5
34472baa3b47dc579984ab3a337aff6e

SHA1
aeaf3a0af26f2c7c63358c84b0d00c18e2765783

SHA256
0de3083bd1d8754418dda6bafc4b7966ca83f8a8c6394f227d987977dd349867

SHA512
9f1d900ac48d6a90891c639f1a94356a77b3e50ce6e8e257419a1f68d3cb1973c986cc5d7ef2271864fa072d0896e9d349a72053a12cda38faf8febfcd00d933

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\libGLESv2.dll

Filesize
7.1MB

MD5
1101bd027df0c007f3cc9aa28fa7b8df

SHA1
3e02e65f60be2711bb59af18c4f2c568b56bbece

SHA256
f6586969d373d8d1729b4aaac4e0a6880d631b72dbd68728094588b62276a1eb

SHA512
091fdd8cb0df15359a0e39f950851ef0754e5c4d7684613396085d978483b527b2a45c627510fa7249b5710be0d533289766da20c42c8051c8ad60df73a8a61d

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\msvcp140.dll

Filesize
555KB

MD5
8c17c57f1b00350acae7806413c81580

SHA1
c84587b5f1fd5268d93cedb5e3ec1e52aa54fe6f

SHA256
3be2becb55f1cdb6a33d3ec489553e181efa201017bc47c65dc8c4bf434a9b75

SHA512
4f17570905c1b85f1df746a5414a6d0cb29f6a4a5055150af4e1ff96fe903477c382e9e6fb117596aff1398433add2d214c983ccbaa29cd692464dda5c3cdd6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\openvr_api.dll

Filesize
806KB

MD5
4398179b668c70f4464ce9448fa0bac3

SHA1
a12848d2488fbd31a2481922664a2875f162bbdd

SHA256
0ba4d3049449403e1966cf8922ac5c2e6130fabe72c0cc6b3218da82f9110ac9

SHA512
98db440b4c220a9e71b60104c819c402bd88b6c10b9ed518660e8550884fa518e165bf20ec2d85a4bb5c379a28e9524d4b69dd25dc599e062498670fe8f28bc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe

Filesize
6.9MB

MD5
3b6a4ba5c3e189785156e29d1f87f8ff

SHA1
aa43f6b0632f567e72a9a1458b2f2d1a261e19d0

SHA256
17d31a1ce1c060015d0f4f4b15e1bf100d41b54fc63c1bc6a59050f056ebab53

SHA512
f40538bf93f958b914ba044e56833cfe69fb5947a4a63e04fdd01aa21e50ef38674ebab69072dd2a5625d15d3d78c1cf37e5da6653165d013c0c88fd9cad1a62

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\ucrtbase.dll

Filesize
994KB

MD5
7d1ae656bda38ff35d63bd5b2e93c33e

SHA1
e68f675b329a31513fdb491d197e1599ff9c8df0

SHA256
eec733d6b9d485fff5bf6aa2ada0a417b42e2b47b6ee5adea58d57cd19f9849b

SHA512
49f6287678f6992cab10ffffb90d5b02a590ac1123f5f528583e7a9c013bedb9cc76ff11c000450bc8ae7d3769e3836132825019d187ff420fc0c835cb46e420

Download Submit
C:\Users\Admin\AppData\Local\Temp\crashhandler.dll

Filesize
346KB

MD5
a70d8f0cbc5c01f4b8cdb17b2fd21d65

SHA1
bcde9d0ca95d661e24c3ded3f86ef83807a7e0c3

SHA256
b433cc35ccf6c351b0f19321e914fabfed5cab095d97659952d0a30032cab34a

SHA512
9c662999392041d2912c0b4f526e990b1f0848580f68e14331c7f10ebd9ffc42fc293b7acb0683e7f72ad38d0e0da5d135e7d8ab5de9de94b2a429cdc4813211

Download Submit
C:\Users\Admin\AppData\Local\Temp\logs\bootstrap_log.txt

Filesize
13KB

MD5
bd532233483d0b817ddf9824bb51a97e

SHA1
8466e64f5543dfe7acc41b97d54d04b06a6168b6

SHA256
04311a0e719c443c0625b01ecf5ab5c3bee2ad0c00497d83a754c0284d683b35

SHA512
23ce35b04ce1d7fbb820562687ffa7f4427cbc472d9c875c9ec9c23fd49def43031fcb9fb70a7e0eb598cf49861d8fd63dc711bf894331ec3877da40eade3586

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\steam_client_metrics.bin

Filesize
3KB

MD5
8a3417ff29b6e1c3e2af8c1f3c8c7899

SHA1
823c6ea46643cbd030efc113a4d2b603965d97c4

SHA256
1281c1abc91ba618bbf82603ecd0c715e65cdb1580076f0388ce098d846ed25d

SHA512
d43692ec221aff389d5b3a90a048723f3daee1f75ac96aa1ec77a79f0e2721b69551c7bc5e84abf810f7c3201511dff1a8de47042d300e1eb66fc5105250ea5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\steam_client_win32.installed

Filesize
477KB

MD5
5f4199574d182904aea55860ab4f0ca4

SHA1
8c0605900f10d07b57c430308d043d071673ee5f

SHA256
4debe06927d2019795955d14f635e10b22bb3f63e0006e455bef6edf0d00b717

SHA512
972a8a6799cfbe706330fabd5e3792e23f9c412a1447664a91aba9c2d5a869eb4bc13d76f05d23603cb40bd1b1ca0924173ef3c407f9ffe4d5371e5347418811

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\steam_client_win32.manifest

Filesize
8KB

MD5
14431dec6e0ec03e40bcd8750b8bae72

SHA1
c645290cc3588b1dff6cef51465706ae28bb8edf

SHA256
c652cc8f96e6ce4e05a46dfb78f4c0dc0b93612f79d2ee4bee183b6af891a80d

SHA512
cdc96a1fc9f09af37b76865c301df11b335523251058f09841e71ff1bb33d42169f5ba3de32ba84ab274c407b16905d77abd979d3dc01348e02880e5a81f5efa

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\tmp\graphics\[email protected]_

Filesize
15KB

MD5
577b7286c7b05cecde9bea0a0d39740e

SHA1
144d97afe83738177a2dbe43994f14ec11e44b53

SHA256
983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824

SHA512
8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\tmp\graphics\icon_button_news_mousedown.tga_

Filesize
20KB

MD5
00bf35778a90f9dfa68ce0d1a032d9b5

SHA1
de6a3d102de9a186e1585be14b49390dcb9605d6

SHA256
cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2

SHA512
342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\tmp\resource\filter_clean_bulgarian.txt.gz_

Filesize
23B

MD5
836dd6b25a8902af48cd52738b675e4b

SHA1
449347c06a872bedf311046bca8d316bfba3830b

SHA256
6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64

SHA512
6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

Download Submit
C:\Users\Admin\AppData\Local\Temp\public\steambootstrapper_english.txt

Filesize
4KB

MD5
555f3a1a3e2ba4f9a31c0e1c7906f238

SHA1
b0d8b147b34f4812aa5df61fe3b5cf227b4ada7f

SHA256
38c292abd86eb2a50eb4ea1a74efc7dff017f9183e0252892e9adef5f577119c

SHA512
bed445e47f14625063683cb7635500e91632bd7f19f78eb566f8d7ea376ebdcb3994eb4e9d68b7e33acac17dec86c58652f73cb1b85251dde274f2b51741c765

Download Submit
C:\Users\Admin\AppData\Local\Temp\steam.exe

Filesize
4.2MB

MD5
834a68034461540f09775c5c157e3761

SHA1
ef13e725fb16d14304f786b940c49fe785867e65

SHA256
db07296c093d92699536efc0e5cb706aa598e076dd397979a64165b1bfa0b4df

SHA512
8f4ae512ba442a548b690202cf23798440f941c768c74cf8fa235358c63db3d8ee1b8a2c47f31abb8769843f9bad4e1532be228807199b2c409090f74144c958

Download Submit
memory/1564-12465-0x0000000000EE0000-0x0000000001392000-memory.dmp

Filesize
4.7MB

Download
memory/11424-12644-0x000000006F9B0000-0x0000000070D9B000-memory.dmp

Filesize
19.9MB

Download
memory/11424-12678-0x000000006F9B0000-0x0000000070D9B000-memory.dmp

Filesize
19.9MB

Download
memory/11424-12639-0x000000006F9B0000-0x0000000070D9B000-memory.dmp

Filesize
19.9MB

Download
memory/11424-12603-0x000000006F9B0000-0x0000000070D9B000-memory.dmp

Filesize
19.9MB

Download
memory/11424-12649-0x000000006F9B0000-0x0000000070D9B000-memory.dmp

Filesize
19.9MB

Download
memory/11424-12655-0x000000006F9B0000-0x0000000070D9B000-memory.dmp

Filesize
19.9MB

Download
memory/11424-12620-0x000000006F9B0000-0x0000000070D9B000-memory.dmp

Filesize
19.9MB

Download
memory/11424-12741-0x000000006F9B0000-0x0000000070D9B000-memory.dmp

Filesize
19.9MB

Download
memory/11424-12758-0x000000006F9B0000-0x0000000070D9B000-memory.dmp

Filesize
19.9MB

Download
memory/11424-12634-0x000000006F9B0000-0x0000000070D9B000-memory.dmp

Filesize
19.9MB

Download
memory/14540-12549-0x00007FFF49390000-0x00007FFF49391000-memory.dmp

Filesize
4KB

Download
memory/14540-12613-0x0000017CAF360000-0x0000017CAF391000-memory.dmp

Filesize
196KB

Download
memory/14540-12612-0x0000017CAF280000-0x0000017CAF356000-memory.dmp

Filesize
856KB

Download
memory/14540-12548-0x00007FFF4B0B0000-0x00007FFF4B0B1000-memory.dmp

Filesize
4KB

Download
memory/16924-12615-0x00000208E3290000-0x00000208E32C1000-memory.dmp

Filesize
196KB

Download
memory/16924-12614-0x00000208E31B0000-0x00000208E3286000-memory.dmp

Filesize
856KB

Download
memory/21936-12719-0x000001378C820000-0x000001378C851000-memory.dmp

Filesize
196KB

Download
memory/21936-12718-0x000001378C980000-0x000001378CA56000-memory.dmp

Filesize
856KB

Download