7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
26-09-2024 18:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Steam.exe
Size

4.2MB
MD5

33bcb1c8975a4063a134a72803e0ca16
SHA1

ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65
SHA256

12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1
SHA512

13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49
SSDEEP

98304:7JeV/ztZBe91oiImuUiK9N9EGQKF9lSHbr7aw:1S/hwkmg4EpbrOw

Score

5^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

steamwebhelper.exesteamwebhelper.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe

Drops file in Program Files directory 6 IoCs

Processes:

steamwebhelper.exe

description	ioc	process
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping17608_131884986\_platform_specific\win_x64\widevinecdm.dll.sig	steamwebhelper.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping17608_131884986\_platform_specific\win_x64\widevinecdm.dll	steamwebhelper.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping17608_131884986\LICENSE	steamwebhelper.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping17608_131884986\manifest.json	steamwebhelper.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping17608_131884986\_metadata\verified_contents.json	steamwebhelper.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping17608_131884986\manifest.fingerprint	steamwebhelper.exe

Executes dropped EXE 12 IoCs

Processes:

Steam.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exegldriverquery64.exesteamwebhelper.exesteamwebhelper.exegldriverquery.exevulkandriverquery64.exevulkandriverquery.exesteamwebhelper.exe

pid	process
8008	Steam.exe
17608	steamwebhelper.exe
17572	steamwebhelper.exe
1728	steamwebhelper.exe
16392	steamwebhelper.exe
16564	gldriverquery64.exe
16632	steamwebhelper.exe
16688	steamwebhelper.exe
16952	gldriverquery.exe
17000	vulkandriverquery64.exe
7752	vulkandriverquery.exe
15064	steamwebhelper.exe

Loads dropped DLL 44 IoCs

Processes:

Steam.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exe

pid	process
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
17608	steamwebhelper.exe
17608	steamwebhelper.exe
17608	steamwebhelper.exe
17608	steamwebhelper.exe
17572	steamwebhelper.exe
17572	steamwebhelper.exe
17572	steamwebhelper.exe
8008	Steam.exe
8008	Steam.exe
1728	steamwebhelper.exe
1728	steamwebhelper.exe
1728	steamwebhelper.exe
1728	steamwebhelper.exe
1728	steamwebhelper.exe
1728	steamwebhelper.exe
1728	steamwebhelper.exe
16392	steamwebhelper.exe
16392	steamwebhelper.exe
16392	steamwebhelper.exe
8008	Steam.exe
16632	steamwebhelper.exe
16632	steamwebhelper.exe
16632	steamwebhelper.exe
16688	steamwebhelper.exe
16688	steamwebhelper.exe
16688	steamwebhelper.exe
16688	steamwebhelper.exe
15064	steamwebhelper.exe
15064	steamwebhelper.exe
15064	steamwebhelper.exe

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

Steam.exeSteam.exegldriverquery.exevulkandriverquery.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	gldriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vulkandriverquery.exe

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

steamwebhelper.exeSteam.exeSteam.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Steam.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

Steam.exeSteam.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	Steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	Steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	Steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	Steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	Steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	Steam.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

Steam.exe

pid	process
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe
8008	Steam.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

Steam.exe

pid process

8008 Steam.exe
Suspicious behavior: RenamesItself 1 IoCs

Processes:

Steam.exe

pid process

3536 Steam.exe

pid	process
3536	Steam.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

steamwebhelper.exe

description	pid	process
Token: SeShutdownPrivilege	17608	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17608	steamwebhelper.exe
Token: SeShutdownPrivilege	17608	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17608	steamwebhelper.exe
Token: SeShutdownPrivilege	17608	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17608	steamwebhelper.exe
Token: SeShutdownPrivilege	17608	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17608	steamwebhelper.exe
Token: SeShutdownPrivilege	17608	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17608	steamwebhelper.exe
Token: SeShutdownPrivilege	17608	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17608	steamwebhelper.exe
Token: SeShutdownPrivilege	17608	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17608	steamwebhelper.exe
Token: SeShutdownPrivilege	17608	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17608	steamwebhelper.exe
Token: SeShutdownPrivilege	17608	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17608	steamwebhelper.exe
Token: SeShutdownPrivilege	17608	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17608	steamwebhelper.exe
Token: SeShutdownPrivilege	17608	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17608	steamwebhelper.exe
Token: SeShutdownPrivilege	17608	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17608	steamwebhelper.exe
Token: SeShutdownPrivilege	17608	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17608	steamwebhelper.exe
Token: SeShutdownPrivilege	17608	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17608	steamwebhelper.exe
Token: SeShutdownPrivilege	17608	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17608	steamwebhelper.exe
Token: SeShutdownPrivilege	17608	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17608	steamwebhelper.exe
Token: SeShutdownPrivilege	17608	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17608	steamwebhelper.exe
Token: SeShutdownPrivilege	17608	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17608	steamwebhelper.exe
Token: SeShutdownPrivilege	17608	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17608	steamwebhelper.exe
Token: SeShutdownPrivilege	17608	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17608	steamwebhelper.exe
Token: SeShutdownPrivilege	17608	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17608	steamwebhelper.exe
Token: SeShutdownPrivilege	17608	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17608	steamwebhelper.exe
Token: SeShutdownPrivilege	17608	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17608	steamwebhelper.exe
Token: SeShutdownPrivilege	17608	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17608	steamwebhelper.exe
Token: SeShutdownPrivilege	17608	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17608	steamwebhelper.exe
Token: SeShutdownPrivilege	17608	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17608	steamwebhelper.exe
Token: SeShutdownPrivilege	17608	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17608	steamwebhelper.exe
Token: SeShutdownPrivilege	17608	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17608	steamwebhelper.exe
Token: SeShutdownPrivilege	17608	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17608	steamwebhelper.exe
Token: SeShutdownPrivilege	17608	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17608	steamwebhelper.exe
Token: SeShutdownPrivilege	17608	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17608	steamwebhelper.exe
Token: SeShutdownPrivilege	17608	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17608	steamwebhelper.exe

Suspicious use of FindShellTrayWindow 16 IoCs

Processes:

steamwebhelper.exe

pid	process
17608	steamwebhelper.exe
17608	steamwebhelper.exe
17608	steamwebhelper.exe
17608	steamwebhelper.exe
17608	steamwebhelper.exe
17608	steamwebhelper.exe
17608	steamwebhelper.exe
17608	steamwebhelper.exe
17608	steamwebhelper.exe
17608	steamwebhelper.exe
17608	steamwebhelper.exe
17608	steamwebhelper.exe
17608	steamwebhelper.exe
17608	steamwebhelper.exe
17608	steamwebhelper.exe
17608	steamwebhelper.exe

Suspicious use of SendNotifyMessage 15 IoCs

Processes:

steamwebhelper.exe

pid	process
17608	steamwebhelper.exe
17608	steamwebhelper.exe
17608	steamwebhelper.exe
17608	steamwebhelper.exe
17608	steamwebhelper.exe
17608	steamwebhelper.exe
17608	steamwebhelper.exe
17608	steamwebhelper.exe
17608	steamwebhelper.exe
17608	steamwebhelper.exe
17608	steamwebhelper.exe
17608	steamwebhelper.exe
17608	steamwebhelper.exe
17608	steamwebhelper.exe
17608	steamwebhelper.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

Steam.exe

pid process

8008 Steam.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

Steam.exeSteam.exesteamwebhelper.exe

description	pid	process	target process
PID 3536 wrote to memory of 8008	3536	Steam.exe	Steam.exe
PID 3536 wrote to memory of 8008	3536	Steam.exe	Steam.exe
PID 3536 wrote to memory of 8008	3536	Steam.exe	Steam.exe
PID 8008 wrote to memory of 17608	8008	Steam.exe	steamwebhelper.exe
PID 8008 wrote to memory of 17608	8008	Steam.exe	steamwebhelper.exe
PID 17608 wrote to memory of 17572	17608	steamwebhelper.exe	steamwebhelper.exe
PID 17608 wrote to memory of 17572	17608	steamwebhelper.exe	steamwebhelper.exe
PID 17608 wrote to memory of 1728	17608	steamwebhelper.exe	steamwebhelper.exe
PID 17608 wrote to memory of 1728	17608	steamwebhelper.exe	steamwebhelper.exe
PID 17608 wrote to memory of 1728	17608	steamwebhelper.exe	steamwebhelper.exe
PID 17608 wrote to memory of 1728	17608	steamwebhelper.exe	steamwebhelper.exe
PID 17608 wrote to memory of 1728	17608	steamwebhelper.exe	steamwebhelper.exe
PID 17608 wrote to memory of 1728	17608	steamwebhelper.exe	steamwebhelper.exe
PID 17608 wrote to memory of 1728	17608	steamwebhelper.exe	steamwebhelper.exe
PID 17608 wrote to memory of 1728	17608	steamwebhelper.exe	steamwebhelper.exe
PID 17608 wrote to memory of 1728	17608	steamwebhelper.exe	steamwebhelper.exe
PID 17608 wrote to memory of 1728	17608	steamwebhelper.exe	steamwebhelper.exe
PID 17608 wrote to memory of 1728	17608	steamwebhelper.exe	steamwebhelper.exe
PID 17608 wrote to memory of 1728	17608	steamwebhelper.exe	steamwebhelper.exe
PID 17608 wrote to memory of 1728	17608	steamwebhelper.exe	steamwebhelper.exe
PID 17608 wrote to memory of 1728	17608	steamwebhelper.exe	steamwebhelper.exe
PID 17608 wrote to memory of 1728	17608	steamwebhelper.exe	steamwebhelper.exe
PID 17608 wrote to memory of 1728	17608	steamwebhelper.exe	steamwebhelper.exe
PID 17608 wrote to memory of 1728	17608	steamwebhelper.exe	steamwebhelper.exe
PID 17608 wrote to memory of 1728	17608	steamwebhelper.exe	steamwebhelper.exe
PID 17608 wrote to memory of 1728	17608	steamwebhelper.exe	steamwebhelper.exe
PID 17608 wrote to memory of 1728	17608	steamwebhelper.exe	steamwebhelper.exe
PID 17608 wrote to memory of 1728	17608	steamwebhelper.exe	steamwebhelper.exe
PID 17608 wrote to memory of 1728	17608	steamwebhelper.exe	steamwebhelper.exe
PID 17608 wrote to memory of 1728	17608	steamwebhelper.exe	steamwebhelper.exe
PID 17608 wrote to memory of 1728	17608	steamwebhelper.exe	steamwebhelper.exe
PID 17608 wrote to memory of 1728	17608	steamwebhelper.exe	steamwebhelper.exe
PID 17608 wrote to memory of 1728	17608	steamwebhelper.exe	steamwebhelper.exe
PID 17608 wrote to memory of 1728	17608	steamwebhelper.exe	steamwebhelper.exe
PID 17608 wrote to memory of 1728	17608	steamwebhelper.exe	steamwebhelper.exe
PID 17608 wrote to memory of 1728	17608	steamwebhelper.exe	steamwebhelper.exe
PID 17608 wrote to memory of 1728	17608	steamwebhelper.exe	steamwebhelper.exe
PID 17608 wrote to memory of 1728	17608	steamwebhelper.exe	steamwebhelper.exe
PID 17608 wrote to memory of 1728	17608	steamwebhelper.exe	steamwebhelper.exe
PID 17608 wrote to memory of 1728	17608	steamwebhelper.exe	steamwebhelper.exe
PID 17608 wrote to memory of 1728	17608	steamwebhelper.exe	steamwebhelper.exe
PID 17608 wrote to memory of 1728	17608	steamwebhelper.exe	steamwebhelper.exe
PID 17608 wrote to memory of 1728	17608	steamwebhelper.exe	steamwebhelper.exe
PID 17608 wrote to memory of 1728	17608	steamwebhelper.exe	steamwebhelper.exe
PID 17608 wrote to memory of 1728	17608	steamwebhelper.exe	steamwebhelper.exe
PID 17608 wrote to memory of 1728	17608	steamwebhelper.exe	steamwebhelper.exe
PID 17608 wrote to memory of 1728	17608	steamwebhelper.exe	steamwebhelper.exe
PID 17608 wrote to memory of 1728	17608	steamwebhelper.exe	steamwebhelper.exe
PID 17608 wrote to memory of 16392	17608	steamwebhelper.exe	steamwebhelper.exe
PID 17608 wrote to memory of 16392	17608	steamwebhelper.exe	steamwebhelper.exe
PID 8008 wrote to memory of 16564	8008	Steam.exe	gldriverquery64.exe
PID 8008 wrote to memory of 16564	8008	Steam.exe	gldriverquery64.exe
PID 17608 wrote to memory of 16632	17608	steamwebhelper.exe	steamwebhelper.exe
PID 17608 wrote to memory of 16632	17608	steamwebhelper.exe	steamwebhelper.exe
PID 17608 wrote to memory of 16632	17608	steamwebhelper.exe	steamwebhelper.exe
PID 17608 wrote to memory of 16632	17608	steamwebhelper.exe	steamwebhelper.exe
PID 17608 wrote to memory of 16632	17608	steamwebhelper.exe	steamwebhelper.exe
PID 17608 wrote to memory of 16632	17608	steamwebhelper.exe	steamwebhelper.exe
PID 17608 wrote to memory of 16632	17608	steamwebhelper.exe	steamwebhelper.exe
PID 17608 wrote to memory of 16632	17608	steamwebhelper.exe	steamwebhelper.exe
PID 17608 wrote to memory of 16632	17608	steamwebhelper.exe	steamwebhelper.exe
PID 17608 wrote to memory of 16632	17608	steamwebhelper.exe	steamwebhelper.exe
PID 17608 wrote to memory of 16632	17608	steamwebhelper.exe	steamwebhelper.exe
PID 17608 wrote to memory of 16632	17608	steamwebhelper.exe	steamwebhelper.exe

C:\Users\Admin\AppData\Local\Temp\Steam.exe
"C:\Users\Admin\AppData\Local\Temp\Steam.exe"
1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies system certificate store
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:3536
- C:\Users\Admin\AppData\Local\Temp\Steam.exe
  C:\Users\Admin\AppData\Local\Temp\Steam.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:8008
- - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
    C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=8008" "-buildid=1726604483" "-steamid=0" "-logdir=C:\Users\Admin\AppData\Local\Temp\logs" "-uimode=7" "-startcount=0" "-userdatadir=C:\Users\Admin\AppData\Local\Steam\cefdata" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Users\Admin\AppData\Local\Temp\clientui" "-steampath=C:\Users\Admin\AppData\Local\Temp\Steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal"
    3⤵
    - Checks computer location settings
    - Drops file in Program Files directory
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:17608
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\dumps "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1726604483 --initial-client-data=0x364,0x368,0x36c,0x340,0x370,0x7ff9835dee38,0x7ff9835dee48,0x7ff9835dee58
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:17572
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=1604 --field-trial-handle=1728,i,5141302313614291252,5959909603289025993,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1728
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=2196 --field-trial-handle=1728,i,5141302313614291252,5959909603289025993,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:16392
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=2508 --field-trial-handle=1728,i,5141302313614291252,5959909603289025993,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:16632
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --first-renderer-process --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2988 --field-trial-handle=1728,i,5141302313614291252,5959909603289025993,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:16688
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=2656 --field-trial-handle=1728,i,5141302313614291252,5959909603289025993,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:15064
- - C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery64.exe
    .\bin\gldriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:16564
- - C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery.exe
    .\bin\gldriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:16952
- - C:\Users\Admin\AppData\Local\Temp\bin\vulkandriverquery64.exe
    .\bin\vulkandriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:17000
- - C:\Users\Admin\AppData\Local\Temp\bin\vulkandriverquery.exe
    .\bin\vulkandriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:7752

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x504 0x498
1⤵
PID:16500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping17608_131884986\LICENSE

Filesize
473B

MD5
f6719687bed7403612eaed0b191eb4a9

SHA1
dd03919750e45507743bd089a659e8efcefa7af1

SHA256
afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59

SHA512
dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56

Download Submit
C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping17608_131884986\manifest.json

Filesize
1003B

MD5
32ef54fcac37d3d390c05880067559d6

SHA1
ab44258473c7c1a920596ccc33463a765e5fe60f

SHA256
d97f5e50808d1ef75bb241df2dde8f7293b9bfcd498dc525e258c97b39564211

SHA512
3bcdd94edb8b0df2d1684ef865f9711bf544c4c4f6adde927611b648dab2776e398e3b29681369a80e8c7ebfb9cd100ba8469ea69c5034ec023c796d8cbfefa0

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
4a9beb0967f2c531a0bbcc69994651ad

SHA1
40918281ca0ab5b02612525dde4643f511613f2b

SHA256
66d3573939915195c486ed1198b603103bd04addd58c02224e6aa93a53bfb275

SHA512
f0892f88eb1e83cc1afa98640b64b0e4b2a3ee6e3c0bdc473a33945bcb558f6436b4bb3f1235d516b6205349c2b83509424ebb572fab64f94d537a30a1033030

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index~RFe58aa16.TMP

Filesize
48B

MD5
2fb5c5423892d18fb142fda8110b9c8f

SHA1
0e444486d0623c3c420e121e7b0c96620733d2d9

SHA256
a9b80e56c5c526f99254dc3725cf1406ae3f1f3bbae7164a9a6abbf5fccaf106

SHA512
131206d8db3fa6bd59addf83296fd7373774cf7c4d1e9a3efaccf3fa98cde6acb843f0d06ae3282e75a4ff9793249392fecd7b00afc4463b93c9c61652b7f759

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Local Storage\leveldb\000001.dbtmp

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
700B

MD5
cf8348ea3e517f13c679c60f67616da8

SHA1
61d835f02597158c633d7680433f1f06a525078b

SHA256
40cd5723ac4e9a9be549dbd5aedb7dbdeb8982b4df3bf9ff4cba897dae0eb964

SHA512
649d0e975f3bf1efc846705d3a056145e6905148f89624bd665379d8ab0bad88989c297b58d02c8cc580f0efe6edde0ae2e16aaa65521420dcbbf2559c87cce3

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json~RFe596586.TMP

Filesize
484B

MD5
7b6214fc36c6947a18e0ae9182220a93

SHA1
bf8fb51bdf100efc76e448adfcb97da390fb9496

SHA256
f8b42360df574b99bebb96aa1e6b726042868180e6318604fb5e7ba4161d1790

SHA512
4877066db857e5118c9d8a4ca58ebbb7d8f5b117c16a5d2d28e4c5d39f8546269187345f08fec821e4c85fe95da65e74f6486d7260316a0e3ad69c7ff9ff580b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\0eca67a0-c2d3-41db-bfaa-205222a0a95c.tmp

Filesize
300B

MD5
4744152030ca8a56841ece6957a8a049

SHA1
5bfd513181bb53775b20a2013e845027646012d3

SHA256
d0dce7e2d58b122fb595ec869506829fb4249ebd49f7d0e266c2691b13a485e7

SHA512
7f4ab1db52d8618bc54e44dd1e76d3b86f6917a6e7baf88334bf61bb41780e93b400ddc347dce6ac931b2e5ae6b998dcd60a36d64af89d4ee37bcdc9e39efe75

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State~RFe597a08.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\aom.dll

Filesize
7.1MB

MD5
d764264518e77cc546a5876c3bcebad4

SHA1
ea17d45b396fa193a851bfd345e2b2c20ad60e12

SHA256
e78492de0ab575add50b925bfd44216d224d09904a9b14c17087a92fdcbc15cd

SHA512
7cf132ea5254a55c08186ffcf5e47360ef5ddd57d03d7051171f6753b22e3925304d183c2037bfd320ad56c08e079f9b2c4640db8cb3dbd38ff500c7a39e997f

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\audio.dll

Filesize
183KB

MD5
bdbf3fd3d78b9f6e01301748f6d1d280

SHA1
5a6b927c5ac3969f4e4d3aa526a8b7aa4cbb0204

SHA256
9345afacd7f25b7a4ef0e7a02cf1ad4fc3015c93f4c7f7b480aa48cd3b184847

SHA512
b973010a30447b9cece7b3ded7c6bd15399098b7d98da988fe96f14f003c056711547c5d04bc9cf81764680ab11b118168b937dc9445d05f8cab27d457788561

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\SDL3.dll

Filesize
2.1MB

MD5
fb0146e69ec8c83859d64c1239f8ce93

SHA1
84b7d2ad8abec223ed84f9c60df860cb1058b383

SHA256
1abcd507437b9a1efd7ba5e0338cc86d24328d47bd9c40eedaaf4360efacb476

SHA512
3b8304ac86e49570cefbef0511a8d0c3060e46e501c203f5e8cb52df797080793ea62840f5b904bfd8ca42eb20ebe4dc74cde963c18939a356682d6d42b78845

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-console-l1-1-0.dll

Filesize
23KB

MD5
03068ddf42f4e6cf8cbacb82d12acd2c

SHA1
d4a92bace1759a9990de598a31ecc37dcdcc482c

SHA256
633470b3bcc1bf209ac5c9d3e5d8cf1aa0c51af86f7694e088a842908cd6dd62

SHA512
bdc44c95e83f01066ae54e9ebea83e6a2fc0975af1a00814b005b73fea2b004e0a2c52bf812aa945f00eeb132f89e427cdd8c7de463cdb0fe71c81fd97065272

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-console-l1-2-0.dll

Filesize
23KB

MD5
ecc4653141cd6f0980d3de87ada003c6

SHA1
7e911ca31f4320f4355f1ee5ac52d788ef3d55f0

SHA256
d37289cd28bd3d63fc7cb140616bbd2641975b7511d85376e2a9b83729564783

SHA512
44109105a6c21b8b28e8addc241ddf83aaafbedc10ffce73730b9e0973180c0aeaee4e7ae0c4a3c9b10c6c7930e905023066766aa122f43dbd21ab8ae73abcf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-datetime-l1-1-0.dll

Filesize
23KB

MD5
43edf34edf20ccdd0ed7acc7b25748ff

SHA1
b474d11f41ca492be762a8de1c13416f31ba9372

SHA256
8d18111e53502f05828578df32101b10a1ee2f4a4504c27046083ddb4bef1ab9

SHA512
5995684ee6265bf4ac4e2cd376193083bdf9693b5ef29b07cf33a86ec373505fd431d47557263d5eb15e6d3ffc9787ca8634037c51b90ab0e7b258fc57f1e3a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-debug-l1-1-0.dll

Filesize
23KB

MD5
fd8029b4da3083b475a48ac76ec4993c

SHA1
040f3273c52e0e963b9a2d11cebfb0bcf06d13c7

SHA256
abacc78b4c8dfb89083aecc59234930460c6b1072c8d55d01369b20fb044181d

SHA512
cd3d4a6a33cd3b698bfec460cc2b9433ef7290558aa031f4d888d9801b5f025900923d51cdc78bc35d81d8c33a3e7ab335b60d7c4cd6a301e60e0506e29208a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-errorhandling-l1-1-0.dll

Filesize
23KB

MD5
3a2dbd4334b9cc234496f2d7cf9e1d26

SHA1
99bdae37b42ce7bd386b0479fa1a1ea3c53caf1b

SHA256
1af61ea6c2bfbb2dfa24ebc20ac50fa69441a641dc60e3dfae8181901cd444c8

SHA512
8cee7c2189b51d8920939b2fc16fb8daf8b10b3ab1a889a8bebb65b5adc10175da0894660bc01a6d11c0eafc93194c4c9045a4f6bd2944628c5362d9ceda6839

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-fibers-l1-1-0.dll

Filesize
23KB

MD5
52ff2bff29dd0d39daf082e77d2bf244

SHA1
452b1787f8b35def0c3dd815a4dc66f7814989e3

SHA256
fc43d6feb3425cf49ac39f242b2c1f8e078df6827fd28d829d27df5f601850f7

SHA512
805e5edf61fd44042e71302b61e236e74a736c1f5ae6ca5f61217b074865544a90aa48530964b3f502eb79c52b123a95245e8c206cec81dec78b11d209ac1308

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-file-l1-1-0.dll

Filesize
27KB

MD5
87f9288def26465cd646991688c0edd8

SHA1
fc327cba7f20d0a2378a5c5609ab426a4ff93013

SHA256
641c7902819e885f1cea916e56df83999ddfc4d7ac150aa056b27e2e2ada7de2

SHA512
8f2c17822daf7c28742c0c7d3849d7433edba99af8ede77c9a03fc4784a73195b7c195bb75b2f0423dcd3c49ae1b8e57177add5cd4c6119693fbc6903e20ff7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-file-l1-2-0.dll

Filesize
23KB

MD5
fcee2ad431d015f2645f6e87083ffd55

SHA1
8a5e202f310afd2832fc8c1a2d431025325fb046

SHA256
dcde2bd75c67d8dd94485e8c19b0a557cf30d980f1d3d23b98b7ec5b30b2a215

SHA512
a31611091139d4ad0fa1f6477fb557a4b2435e4ea90db021d80d66cd943ed4728e5c5a2962061f31c67433441103bf419fac2e3c8eb544402fe2f9428123a856

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-file-l2-1-0.dll

Filesize
23KB

MD5
20cc1bc113ca79a3ae0639e8adcde6e3

SHA1
1d8760c01218059b3e3b5313ad932de13684d0ea

SHA256
e2618f8e40ba85f0eea466af889a311316a545b15f1c982035d68827999e15ad

SHA512
c46d129eb313ef801a7637bbb9a9040fb8f770ea0626146b5028141cede9c7e2a46f58bc3c17f2515cd5bed3f6775ad93cebca57373faec4fcc1821dde1fac58

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-handle-l1-1-0.dll

Filesize
23KB

MD5
d61bba9bf72ba9fe6cfa57b878a946ef

SHA1
2e3e41f596219de5232311dcd6d7fa73342411c3

SHA256
667db417bdb9a7ce632b249616273f8cd3ee69ae6dcfc1b4ed11b16f1378c540

SHA512
34cb9e3f826c13c6a6622508ccdf94e803c080106e26fd311c1dd55d1bc9f3b7451a8984b58f72da3f20fcc837be6b036c27e3286954ad5f6979c70c637cc308

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-heap-l1-1-0.dll

Filesize
23KB

MD5
8aa73ea893c069d0aa98240d57e88fca

SHA1
a14511fa2c916a27ec1fb3a2c207165db6cd7ea4

SHA256
2400936d6a7a396a7c282b9b02df974c463d2b89c7a16dce7d87612908124c76

SHA512
d5f9fa3ccce52a56945bc34f0a58c3cd87412a660d4a84c8c40a50364e550e0f1eda045e9456c9b99e2e46245afd25696ed3f7337bf1398ff088e218b1c1105d

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-interlocked-l1-1-0.dll

Filesize
23KB

MD5
b265d592a17183a8d1450b45fc76df66

SHA1
8e2ce55c543bd41adeb8198067f0dabcf7bf2faf

SHA256
6037a1b25c98e00832ea1e3c8dbcc1a85549992f6286b80d68ad2ccac3d3bec5

SHA512
f67cf871345b17b638d294afbe7c8afe408c6a43fb85df7758d1a8249f56f1f0a74f754b45bc685e00ba5f6d88ba64f25e43b5fcc88d4f0b91a848c748172afc

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-libraryloader-l1-1-0.dll

Filesize
23KB

MD5
622a8247e84fe7a8cb8ed8bdffbf31f4

SHA1
4656444f64f5d1c20d8c355c74f4d41eb8001246

SHA256
105aa615c6b77e3325700a6325e56a78d584fb1a792c33704b6412b7cf16f36f

SHA512
276cc4b255801d68ba649a7b48d52fc7ead890e31941b9f6b459555711bdf2336494e3178cee41460a2605005630073a0c68c65bc4aaefa2399df0107947a267

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-localization-l1-2-0.dll

Filesize
23KB

MD5
97b1a95703862d7b1a45d8494563bd04

SHA1
f96ca4ebdc21564bd6f4e9bf7ef538f700f702a2

SHA256
4036ec9bc6598c72ba6f6216a6dd24eb9a303070acd4b18bbeffb5228d4c3428

SHA512
bbe64ae065f29596b954b87921a41471ec56e279d273a287e7e777afd032d8fa505e03d883acd91b3bf0b0fe32e7782a652a543729314c9585498809ff394ebe

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-memory-l1-1-0.dll

Filesize
23KB

MD5
497a278be3d7a88000d9bcac0abdaf37

SHA1
4237b72d2ea44d63f6806a8f10dc05824492a9e6

SHA256
5b124268dbb56e55afddbb414bdfbea3439d17bf32022a2c2b25ebca55b07a8a

SHA512
861f6fbe9c210afa71280797a87a909c14e0d1f865f21788a86c187e95069e79c3eef99b4c8250732069fa5160c6a3d60474b9f0a94d0d96b0c447a7fc2b7e83

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-namedpipe-l1-1-0.dll

Filesize
23KB

MD5
7d60f7c85f257423b6ba52840118e80f

SHA1
7fab0d6b48172e5c9fe5cad4ea65a9b9559c9bcf

SHA256
fa662dd9b22e3f4d59effd6ee1e2beeb4016184f7eea38d26a1a0df888f59f77

SHA512
8c047a9706713ea5c8bc848d4f20b29d51a9b9715aeb937ebd341b94038b4c1d03aa92c19f23126afac4171577cc8ba41202b676f9ceefa1e0f5404bd736575c

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-processenvironment-l1-1-0.dll

Filesize
23KB

MD5
2ee0b0440783ce843c2655baba9c76e4

SHA1
4665e7a8f30cedca77351d9321696ad65521da88

SHA256
b912bb78003def510b17b9bbf360fff929b5d5d94298254ef792ec34b82a2bab

SHA512
6fd0336a998b6b824b0b41a58fd25a9ea1dc0e98accd6a4a7902ff29ae1b475f9d7e881276576b7ed39d1b3f855bb1e66458148fe92bc13722fbefc7e56f79fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-processthreads-l1-1-0.dll

Filesize
23KB

MD5
94e709a3b938de4cfe760545d18e3da2

SHA1
d81ac1d6c4ee2623a7d9a51f6d941c3960118cec

SHA256
0e683c31dff835cf09124c652a654e17f0f0fa99c4bdc91411d75f418992b10e

SHA512
8e7d7305a23f7478934e62a59ed722e9f018af304d2c4ed5ef752ea36594fdee265e99af87db196ca094b1e7fa466393e599cbffb1b2d26364872a508a241ef5

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
23KB

MD5
1308def8f9663fb6b7c476f52cb60675

SHA1
18d7da1e088c1872221b33aaf390618239e31ae8

SHA256
353478f36be9c35bfdf49d48e9080373c13093ed0671683b5eb7a7bae21b0271

SHA512
aae2fa620b6fa96cb4c7135f53bdabbc75f30c60b9cc7c320bb766c5832ecbd0b3f24a140160f3a93b3201e7182634957e5c615e72f2f16874422d2f6ad27897

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-profile-l1-1-0.dll

Filesize
23KB

MD5
b7728c6b8a37780f11ed65cb26f6bed3

SHA1
8e9a01284b2904f3f91d218e1c28ca1ebb982f61

SHA256
7c01b2e4c6e47bc5cece6baaf41ce489594179afe9b3bb55ecdfa3834251fea2

SHA512
ed5f7f6069dce09cd0361e82719068df89f61b4280135e2b1657b04c9a8b053e24b971cd9af31f34f995d31dadd8c2fc218c80840a5ae5a41dcd9c0e88c22e6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-rtlsupport-l1-1-0.dll

Filesize
23KB

MD5
092dcf30ecf88949733ef075379d0684

SHA1
fdeedb592ce196195c70740bafe23d0b63518cf0

SHA256
d78968f651f021fff75d6e93e4dfab8704fd6f317ccc3e8a6023d4b84d550de6

SHA512
5de27ee9f64c6779f7e0beffd7b3a114a4bfc74bee6f29c21f6b584b3077466bdc81d2276f62f195f3c658ce62e360ffca5999874cd7456520ce646692a47bba

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-string-l1-1-0.dll

Filesize
23KB

MD5
060f3540d5afdc5335d6c77d71eefc00

SHA1
eb36802b982dba740312d4f1813de725c9315e34

SHA256
a9b13b7b54757e5c39430c3b2f9c59e20ac382092e1813bea2870745b5913702

SHA512
3b172f0f3a3884516de16183e8cf1797ec394c24f98cf5dd846000088c624f83af705f687ed1d8bed0125731cb4fb07d20c358956719cddf477a070c2f846daf

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-synch-l1-1-0.dll

Filesize
23KB

MD5
040a9e244f28398fc442ecbb5d926ea5

SHA1
f1216233562e53f04e8ba541e7e2aba171c83234

SHA256
13b3355b7a60f1fd6467d789c121ce91cfaa62d412e9ccf5dd59bd69ae0cf6ee

SHA512
a2745daf1712a7552ca434f76508151d16c3528df7b3ae2c72ab05221134783c16ae8152d1eb3e84403e6fc48f3c6d27044066cb84c9e537805a9f2417c90410

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-synch-l1-2-0.dll

Filesize
23KB

MD5
f455b70c2aeb62e5a066f3c92fbc604c

SHA1
3481ef600d680e5a211faff858fede7391c5703e

SHA256
86a25ff00b7ed5374999ec459e7c3c195301414e42e00c5716faa4eec49be2f3

SHA512
6522dd1186267b0daa95a412864fff50b982e1c0bba985749df8894c5997672ad211946d2acc38719d424a6c81603ad70e77333571c57b68da501cfff5abdd54

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-sysinfo-l1-1-0.dll

Filesize
23KB

MD5
d1d1cfcbcf15736905aa904a4920968d

SHA1
3e2c06622f27d8d4d546b5c46f64cd537dc2ce09

SHA256
654bb2887bdcb4c8d67aedd856a8fe881a10203e921303e7e46cb4613e7aa379

SHA512
bba0bd89fd5264b60c944102985dd809b5ca4fd7ce4ba313bd4e8d3521be8fc06ca82e8d657de0c5b7b8929330c53309d9d6ffbad94ff7067769ae4c5daf5f3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-timezone-l1-1-0.dll

Filesize
23KB

MD5
cd4384d834b29da7dfdb9fcea4ab6223

SHA1
b4056ff01555ed2ecefff6001ec053bfe024c52b

SHA256
1926b6136d8fb0687f6d20c95e3a0a5175c4e6f5c092a33c927f2d9a3db9be25

SHA512
282fab1479da157298fe9885037bbf7b13c1b3c29a5758b2fa8602f9e3db975d26373c787e42e16f58fac3073175738e263d717e919809dd020b0546a581fd41

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-util-l1-1-0.dll

Filesize
23KB

MD5
a91581391c80947348f5ce910bb7edba

SHA1
2c73aaa678cdea87ffcca1b1ca52ece9856d6c63

SHA256
6ca2639951d66cdf24da81e8377c38534b06fdc0fa8b9e61637a9d615fc053c4

SHA512
5ef069fcacf0ec7fdd6f38d82bca4a902267f98b16bc033dd0ae4b6d27f8b3069872d35ee9494ce0777e698f5711dfeeb261de979f8ed73297ce185698da1df4

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-conio-l1-1-0.dll

Filesize
23KB

MD5
052f1dc5169479370e1d93cba74164b4

SHA1
2a8de8c16718829f34c00fed6dccbbad0a329378

SHA256
9a8f77edc424c0acb982f1a3d95804b43e644877f29d7e6770f84f55ceb57097

SHA512
771455fd9c409e27c473ca37e8cbd0da4458d00f09754e29b1fc7df2973243d43d79449fd7cf71907730c6098edd96c109ebab57dc20c908f893538ddb0fffbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-convert-l1-1-0.dll

Filesize
27KB

MD5
eba8a48db9c108f331b1ee877d1bfa34

SHA1
572552bdfb506db07a7d580253645dfdde962edf

SHA256
7e3bdcb763330065d7918f1bf053a31970c7ab4aa65794fb256315d4a17cad20

SHA512
f665d2ffc9d64f18c35121726af4c8e764bc401a96d29ba9e67a3ec3ae6a0a34a4e9beeb541a5cb79d3b4ddf50255a07d7d4b95a4abed6ff4808b8b115dd9648

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-environment-l1-1-0.dll

Filesize
23KB

MD5
0c7a94fa6692d5ace1ab988bda3f638f

SHA1
2708c24ca07b2cca643c6c964a5a1592d162e69a

SHA256
9c023467bc9b8d72b7071f6ff2eecee47a2d93feeee21b787e579f035a545134

SHA512
2fd30032347b6914fb18c95328edf1f44e1d02409221b785086e9d0223fd1b021710cd680bd1994e1e51ba7712025d51c91e3aee86e5a04bacd92e61a9eac05e

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
23KB

MD5
936b063b07ca5ed344ecba8894a2f81e

SHA1
08fead434135fa721af1b6d523260db7593d1c0f

SHA256
349dc4a320f444123a27bc3ee0dd3771dd085a2f9b30818a7586a9a74e67af91

SHA512
697c5301cd21a080c1e5a96904b06cee11473dd6f6b454a04229903affd6ba6bca28d21f0051730db2365e774f6cac468f0fa7ca77e2bd3ac5cace64992979a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-heap-l1-1-0.dll

Filesize
23KB

MD5
f4669a5e62c2cbdcb2ec53e117cb81b9

SHA1
f86843d53ece07d1847b5e64638bd3823832e5b0

SHA256
6781669609378301d5dce01d8c9187ce9cc50d160fa4022042403f3ad4e55145

SHA512
4ebb9fd49e8cdfbc7b23d0b2961a097b98d351b678e1be0196487972014db13ed2bebfc361eb9e5d51bcf6886df3f9313073f99949559c499c4277a22c4c3385

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-locale-l1-1-0.dll

Filesize
23KB

MD5
942062f614fc18a4fde240b6c430ba97

SHA1
fcbb4afa9a0eb45d1e3e1509137a6af5e0d51e8e

SHA256
43d1f6551c2e6c74f148831956938524bef57ad8d9c1c092ee1fb592797410d9

SHA512
861a7c2a3f22759df2d9f0f6c8f602e930b478cb65c93de583f84e3ac507d57a211057c812faad07539fe4b3bfdf96734024af1c81606dfdf6238effef0e3f1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-math-l1-1-0.dll

Filesize
31KB

MD5
1d65c5490dd8f1caebdde1f5b0466e23

SHA1
d9478b035a98e16467cca63fd3366e3e3bbcb783

SHA256
c7ff94b866b7dd4089ce1c6fd7881aa52f3ea98c10ba643107c66c54a989a982

SHA512
c99537c463629ec575519993f311d3cc2463648a2f20fea84e7023ae2d3b21e51842124406fabcf5d6b7433e7746771ab68b18c2615d21a1d0170df2eb81ec0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-multibyte-l1-1-0.dll

Filesize
31KB

MD5
69c4dfe1858bd882de30689f7cb49b7c

SHA1
3189383adbb657cf498405f6497b4525c1946014

SHA256
2a4826347187214023d66c1e393b2caf1cdf6be8fde7c01b13021fc1932932d0

SHA512
084caeac9cee8e5b014533348f3df4384f7f8ad6df3220934db84eb988b6b168611767e0fb354085f6bc5aef321620d810c37f0c7179e269b794582ebd4ce713

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-private-l1-1-0.dll

Filesize
75KB

MD5
acdf763c0486219bd9b53b33ac3913dc

SHA1
0df77372450308b264218a27f8f9d209d06b887a

SHA256
6132664b27d0a2ad946e3bd889a413a0ff944570ec2c54e409b60f89c6d6717f

SHA512
258cf73c6b0840813155dd1beead36fb78b3b346de869f12f2dd1c70b4e238d296122e8543a6fd32eeba2fb80b0776640d47edfb589423b6eecc4c0b149a5550

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-process-l1-1-0.dll

Filesize
23KB

MD5
557b2ea4b05d51ed2292eff830663ca8

SHA1
8b1b70006661b897913c10875d61b74110117248

SHA256
d8d9acbc53fed08518cce07c807f692dbf60237a5e28c392532a81775273c8ac

SHA512
cb491ce5406d2b0794cd44ca4c800640349fceb554cd29a0e290a9b12cdd99109bca00c7dde95f8abf970b4d588967f34c1cad3461383c09c2cee84cd42d7868

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
27KB

MD5
b455090bfe194e7f5a921c559640533c

SHA1
2d03a96fd2cacf6c27a4377f8fd96d5fc857bccd

SHA256
424506add7d1e719e260fe7cddf5715c28001e30a0263bb3a6471570ffb80d6c

SHA512
0f830530e02e1e8af3aae472dde6ff9b3fff69c97f98ce0f699e19327020bd5ed9e46aab841f6d85dc2c3df8674724a8246a6f1d2e6338ea0691ff06ec782c1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
27KB

MD5
58924fdca4cd1348d9596666bd4afe13

SHA1
dd637743697a69c2223bc4f1414eb3fd1d28bad6

SHA256
9a953bfd49474a64f047615f8bd1d88e85c28cdb8de8b13aac666ba46a38ef67

SHA512
5b0468c92e8779ff51842ad4075b6eccb9cbb1da5b3b57af0f314756ad6d58924e992fa71f5ab430aa5861947855eff82dcdbd3bcdc0fc3e5004752a4533e350

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-string-l1-1-0.dll

Filesize
27KB

MD5
2813873c58376d67e3a62cd8a8ef4aed

SHA1
e7bcbfa33d24700bcc1ed983416e995b7c0777ac

SHA256
83a32cbd5789db3593e6a082deb7f779ce80521ecf25dd658abb9f47d78520bc

SHA512
b8ae51929a450ed205096f2c93eb6be7309ae36fe4f88fed13883bf8d7005d86d822de891a379cbed8a4b44450dcde88310cc10cfa539ba421b0625c95ee4a21

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-time-l1-1-0.dll

Filesize
23KB

MD5
f06dd1ab509cc25e89d4c27c6ba38a00

SHA1
0675d0bf206a720e6f97976f0b7c71f142f24db2

SHA256
d3efd5b3f5ee0871f5e9eaffc09351acd12e8dc34bdfad4380b3a4f33ca3f36c

SHA512
899d1ca42315acf87e26b7ad9f3a94a7a771a7274ba463cab424d96523dfef690e5691330faeb3b9f74ce1d2b7c59acb05a31fef12991446e387cfd91261888d

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-utility-l1-1-0.dll

Filesize
23KB

MD5
04a189d8e5d81b5adbf49a41c002c3c9

SHA1
8583800456dec8e1abb9289ec69d7bd7ec3e5582

SHA256
12d5fbf88ff7237ba8ac8f464407931670852b8e5bf53b8b323ffdda74a76246

SHA512
ea3b3927a1441aa2f811cd193f58621d7fbd5842a27a726bb13e04c87b44759168113ee5dd6d8dc7355c7acf70d20c6cc83e8cae80ad3ec0c91bbbd5b060ffe1

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-downlevel-kernel32-l2-1-0.dll

Filesize
27KB

MD5
6702bb7db237d299da2820a6825833dd

SHA1
14e252b123257c28c51e6f8a8d0356e44318a379

SHA256
55217cf8c263a8edf1f53457ef4c33fecbe9839790ee574d66f2651e81e4ed45

SHA512
f1daa09b84bd5d3cb7f53675a54bc8db5079932cc141fe7ad91e7073e6532dcca7fefe6ac6daa3012e66ac7c9e89c0472c90d7c0b39148c200b7c069ec2c7125

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-eventing-provider-l1-1-0.dll

Filesize
23KB

MD5
cdc98428d40f78aac93a496295204cc9

SHA1
17d4048de696ebd600ab66be2e64a96079db6163

SHA256
4d50d8ecc545712937f6aa043614c92d2478e97f61323426cd54aee57c8f3020

SHA512
f3d9fc1825856ed66271b5eea6536258b215ba9fda619f6e8d3a26e71a411b803d52ef0bdc712ff5e578ec0cd8210dcdf885de9754eab5f356e36b05374e8a2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\chrome_elf.dll

Filesize
1.4MB

MD5
7eeafccf8085f5165d62323b74e749d5

SHA1
cccdd90707566168154b4f3767720dcf21c0d33b

SHA256
58b28a65e8cfd98aff76fe1f16c524b10cc7ffb2da6efc3d849fd2c2c8e99756

SHA512
01f5478a0444e481f75d98fb9123b2d93b7b6482b306fa6b533f125732630643cf16580916ca7d9b1f27ea5b3b7b11d7f44ce5a3a1ee6cf9fc9cabcb68d38224

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\d3dcompiler_47.dll

Filesize
4.7MB

MD5
02a2119aca2560ee6e0c68fcea6283b5

SHA1
792a8be1019c4199bc87c18e0497315d979d6978

SHA256
5e975f4ec2928ace98eb1494abed0db80e3969315843bac579ba25d9b5e90383

SHA512
a2647dac5632edc3e7e6bbe2200aa9b938c738cd47f40cde39c029b7f07fbcde4034bf4f25e01925d0ea6eeba2e09e509120b329d6f29314f62c6c2d3df59164

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\libEGL.dll

Filesize
469KB

MD5
34472baa3b47dc579984ab3a337aff6e

SHA1
aeaf3a0af26f2c7c63358c84b0d00c18e2765783

SHA256
0de3083bd1d8754418dda6bafc4b7966ca83f8a8c6394f227d987977dd349867

SHA512
9f1d900ac48d6a90891c639f1a94356a77b3e50ce6e8e257419a1f68d3cb1973c986cc5d7ef2271864fa072d0896e9d349a72053a12cda38faf8febfcd00d933

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\libGLESv2.dll

Filesize
7.1MB

MD5
1101bd027df0c007f3cc9aa28fa7b8df

SHA1
3e02e65f60be2711bb59af18c4f2c568b56bbece

SHA256
f6586969d373d8d1729b4aaac4e0a6880d631b72dbd68728094588b62276a1eb

SHA512
091fdd8cb0df15359a0e39f950851ef0754e5c4d7684613396085d978483b527b2a45c627510fa7249b5710be0d533289766da20c42c8051c8ad60df73a8a61d

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\msvcp140.dll

Filesize
555KB

MD5
8c17c57f1b00350acae7806413c81580

SHA1
c84587b5f1fd5268d93cedb5e3ec1e52aa54fe6f

SHA256
3be2becb55f1cdb6a33d3ec489553e181efa201017bc47c65dc8c4bf434a9b75

SHA512
4f17570905c1b85f1df746a5414a6d0cb29f6a4a5055150af4e1ff96fe903477c382e9e6fb117596aff1398433add2d214c983ccbaa29cd692464dda5c3cdd6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\openvr_api.dll

Filesize
806KB

MD5
4398179b668c70f4464ce9448fa0bac3

SHA1
a12848d2488fbd31a2481922664a2875f162bbdd

SHA256
0ba4d3049449403e1966cf8922ac5c2e6130fabe72c0cc6b3218da82f9110ac9

SHA512
98db440b4c220a9e71b60104c819c402bd88b6c10b9ed518660e8550884fa518e165bf20ec2d85a4bb5c379a28e9524d4b69dd25dc599e062498670fe8f28bc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe

Filesize
6.9MB

MD5
3f50565f679455826293c9ba0ae13afe

SHA1
e0685d0128724c41f7a9c7a8cd616bf9e9a94d9c

SHA256
0a545f7a9c75d89e626e61d04d008aba3e66cba7474df43fc7648805dffe446b

SHA512
076ca17b1098efc2fcb44547af33ff991d5fffc3f288c39828eed0a5bb0fe36edb1bdf465dc5d599626d6050a2b985c65068503898cb79ad11d9e7376304508b

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\ucrtbase.dll

Filesize
994KB

MD5
7d1ae656bda38ff35d63bd5b2e93c33e

SHA1
e68f675b329a31513fdb491d197e1599ff9c8df0

SHA256
eec733d6b9d485fff5bf6aa2ada0a417b42e2b47b6ee5adea58d57cd19f9849b

SHA512
49f6287678f6992cab10ffffb90d5b02a590ac1123f5f528583e7a9c013bedb9cc76ff11c000450bc8ae7d3769e3836132825019d187ff420fc0c835cb46e420

Download Submit
C:\Users\Admin\AppData\Local\Temp\crashhandler.dll

Filesize
346KB

MD5
8b0b8be2a990e84f4c9aac90e17e9c79

SHA1
cad7fddfe6421c00c005aebe1267f1354e7980e3

SHA256
1e0a3e673d126c8407c3501c6f5910974a9a2604dc13efb92cd09accddf26eb6

SHA512
0c3962e8ed5f5192bd06b604c791865c3179fe5cf71685598e46f0db71b46158f6d124fed8a33c120609419e9d179991a0250db33d12f1b230d6a850402625e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\logs\bootstrap_log.txt

Filesize
12KB

MD5
ab534e57cb69a610e76da0177ee01d22

SHA1
7c4508fdb2b24358c36aa383b1df6a001bd23934

SHA256
69b6cccfdd2368c455a3450082416172d2e18d90307a57daf1f3f6dfef957678

SHA512
28fbba3dd0ee283d926f075ddedc22c74e5123741ade6518af3df73ea46dc2a6ac7eabc941666a5e8209ead858c7b9d6f61ad5b198dc13e781396d5addf17fb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\steam_client_metrics.bin

Filesize
2KB

MD5
45a80b822c605e311177c3643f0a917f

SHA1
75c7d243469a096db9e5d6703ac18da387ec7dac

SHA256
5dae03d7aad04c4148549ad3f5f13033dd218332c2f02824b4764fb105f75869

SHA512
7599dfc272d5c9526acd1eb1186968e4e1770ed3d36eac23dfdd0ffa69fcad7a1d75406eebf17701770885a195ebf074118a65c96dfda2d88e3d2386de73cb32

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\steam_client_win32.installed

Filesize
468KB

MD5
40ce961398c6ad6146d6d7dfa8a82490

SHA1
b4855086b0dd98c6728ce296b966d949de4db7df

SHA256
d62fc6727e283e75889eabb9a214d3bb275e1e317988636bd1f31fef1f76b8aa

SHA512
2a89ade9e04486fa2b7ca385cfa5f362bd2641333171dde2bf386eea69f2c8b34a0db2d5e8c4d2c35aa6c0f7201c05a7099ce4926012d3cb72e84a5c117df3ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\steam_client_win32.manifest

Filesize
8KB

MD5
02b5961bd0e56bc64b88ddcf903fc42a

SHA1
6b38e72dfc69a1df2eabfbff33d8c8ba41fcf6b2

SHA256
bd6016432b150c897af0e8ea6a7ae8df353b67a5e6293359b79dde002cabd8e0

SHA512
1539f90f4822b34ec8a841e8482144625738173e2eef5ef33bac75cd4666a20a449b7009ddc4fa04cd53197a2e6cd35075bea65f8583d9eea36813bd964807cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\tmp\graphics\[email protected]_

Filesize
15KB

MD5
ed5a80646f2db86576c13465290b043f

SHA1
e3f60f73605e16b0c6c97b93fb1fd4a67e00112a

SHA256
569c9a310105c4e87e070b84ff23830252a50a6c55656c5b4607692838c90b62

SHA512
6168e28a1bc89a2b0e759e75a184900c2b188cfd8343b505b51277d52175013be60fafa5be5a249c3a7b2badc51ebad1c45845e806696b97e23928cbc94a0531

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\tmp\graphics\icon_button_news_mousedown.tga_

Filesize
20KB

MD5
00bf35778a90f9dfa68ce0d1a032d9b5

SHA1
de6a3d102de9a186e1585be14b49390dcb9605d6

SHA256
cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2

SHA512
342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\tmp\resource\filter_clean_bulgarian.txt.gz_

Filesize
23B

MD5
836dd6b25a8902af48cd52738b675e4b

SHA1
449347c06a872bedf311046bca8d316bfba3830b

SHA256
6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64

SHA512
6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

Download Submit
C:\Users\Admin\AppData\Local\Temp\public\steambootstrapper_english.txt

Filesize
4KB

MD5
555f3a1a3e2ba4f9a31c0e1c7906f238

SHA1
b0d8b147b34f4812aa5df61fe3b5cf227b4ada7f

SHA256
38c292abd86eb2a50eb4ea1a74efc7dff017f9183e0252892e9adef5f577119c

SHA512
bed445e47f14625063683cb7635500e91632bd7f19f78eb566f8d7ea376ebdcb3994eb4e9d68b7e33acac17dec86c58652f73cb1b85251dde274f2b51741c765

Download Submit
C:\Users\Admin\AppData\Local\Temp\steam.exe

Filesize
4.2MB

MD5
b52c89b709394038e3ab592831dd5e35

SHA1
e32eded6e6d6f4c846a25119dda83afb751898c1

SHA256
7d0ca9b7dee8c4b3d0ea55d5dd60ab7343bfafb4019d8b33578ede69d6f6ad92

SHA512
288bb968dd7f96f463801da6a11904cc140ebc97f62d72185682549901bfe43863cf4203435d3221e72de1975ad1edb4bfc154fa48f40a45ef0e126c8aec9ac9

Download Submit
memory/3536-12211-0x0000000000090000-0x0000000000542000-memory.dmp

Filesize
4.7MB

Download
memory/8008-12378-0x000000006F510000-0x00000000708FB000-memory.dmp

Filesize
19.9MB

Download
memory/8008-12438-0x000000006F510000-0x00000000708FB000-memory.dmp

Filesize
19.9MB

Download
memory/8008-12392-0x000000006F510000-0x00000000708FB000-memory.dmp

Filesize
19.9MB

Download
memory/8008-12397-0x000000006F510000-0x00000000708FB000-memory.dmp

Filesize
19.9MB

Download
memory/8008-12402-0x000000006F510000-0x00000000708FB000-memory.dmp

Filesize
19.9MB

Download
memory/8008-12407-0x000000006F510000-0x00000000708FB000-memory.dmp

Filesize
19.9MB

Download
memory/8008-12413-0x000000006F510000-0x00000000708FB000-memory.dmp

Filesize
19.9MB

Download
memory/8008-12348-0x000000006F510000-0x00000000708FB000-memory.dmp

Filesize
19.9MB

Download
memory/15064-12479-0x0000017607480000-0x000001760755A000-memory.dmp

Filesize
872KB

Download
memory/15064-12460-0x0000017607390000-0x000001760743C000-memory.dmp

Filesize
688KB

Download
memory/16632-12373-0x00000270EDCD0000-0x00000270EDDAA000-memory.dmp

Filesize
872KB

Download
memory/16632-12295-0x00007FF9A00E0000-0x00007FF9A00E1000-memory.dmp

Filesize
4KB

Download
memory/16632-12372-0x00000270EDC10000-0x00000270EDCBC000-memory.dmp

Filesize
688KB

Download
memory/16632-12294-0x00007FF99FB70000-0x00007FF99FB71000-memory.dmp

Filesize
4KB

Download
memory/16632-12398-0x00000270EDC10000-0x00000270EDCBC000-memory.dmp

Filesize
688KB

Download
memory/16688-12375-0x0000022BF0300000-0x0000022BF03DA000-memory.dmp

Filesize
872KB

Download
memory/16688-12374-0x0000022BF0170000-0x0000022BF021C000-memory.dmp

Filesize
688KB

Download