7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb

Analysis

max time kernel
1800s
max time network
1765s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
27-09-2024 07:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Steam.exe
Size

4.2MB
MD5

33bcb1c8975a4063a134a72803e0ca16
SHA1

ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65
SHA256

12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1
SHA512

13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49
SSDEEP

98304:7JeV/ztZBe91oiImuUiK9N9EGQKF9lSHbr7aw:1S/hwkmg4EpbrOw

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 6 IoCs

Processes:

steamwebhelper.exe

description	ioc	process
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping15844_478985772\manifest.fingerprint	steamwebhelper.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping15844_478985772\_platform_specific\win_x64\widevinecdm.dll.sig	steamwebhelper.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping15844_478985772\_platform_specific\win_x64\widevinecdm.dll	steamwebhelper.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping15844_478985772\LICENSE	steamwebhelper.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping15844_478985772\manifest.json	steamwebhelper.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping15844_478985772\_metadata\verified_contents.json	steamwebhelper.exe

Executes dropped EXE 13 IoCs

Processes:

Steam.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exegldriverquery64.exesteamwebhelper.exesteamwebhelper.exegldriverquery.exevulkandriverquery64.exevulkandriverquery.exesteamwebhelper.exesteamwebhelper.exe

pid	process
15532	Steam.exe
15844	steamwebhelper.exe
15888	steamwebhelper.exe
16660	steamwebhelper.exe
17452	steamwebhelper.exe
18216	gldriverquery64.exe
18332	steamwebhelper.exe
18400	steamwebhelper.exe
18660	gldriverquery.exe
18716	vulkandriverquery64.exe
18800	vulkandriverquery.exe
23196	steamwebhelper.exe
25124	steamwebhelper.exe

Loads dropped DLL 49 IoCs

Processes:

Steam.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exe

pid	process
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15844	steamwebhelper.exe
15844	steamwebhelper.exe
15844	steamwebhelper.exe
15844	steamwebhelper.exe
15888	steamwebhelper.exe
15888	steamwebhelper.exe
15888	steamwebhelper.exe
15532	Steam.exe
16660	steamwebhelper.exe
16660	steamwebhelper.exe
16660	steamwebhelper.exe
16660	steamwebhelper.exe
16660	steamwebhelper.exe
16660	steamwebhelper.exe
16660	steamwebhelper.exe
17452	steamwebhelper.exe
17452	steamwebhelper.exe
17452	steamwebhelper.exe
15532	Steam.exe
15532	Steam.exe
18332	steamwebhelper.exe
18332	steamwebhelper.exe
18332	steamwebhelper.exe
18400	steamwebhelper.exe
18400	steamwebhelper.exe
18400	steamwebhelper.exe
18400	steamwebhelper.exe
23196	steamwebhelper.exe
23196	steamwebhelper.exe
23196	steamwebhelper.exe
25124	steamwebhelper.exe
25124	steamwebhelper.exe
25124	steamwebhelper.exe
25124	steamwebhelper.exe

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

gldriverquery.exevulkandriverquery.exeSteam.exeSteam.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	gldriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vulkandriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Steam.exe

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Steam.exesteamwebhelper.exeSteam.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Steam.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Steam.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

Steam.exeSteam.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	Steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	Steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	Steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	Steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	Steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	Steam.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

Steam.exe

pid	process
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe
15532	Steam.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

Steam.exe

pid process

15532 Steam.exe
Suspicious behavior: RenamesItself 1 IoCs

Processes:

Steam.exe

pid process

2868 Steam.exe

pid	process
2868	Steam.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

steamwebhelper.exe

description	pid	process
Token: SeShutdownPrivilege	15844	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	15844	steamwebhelper.exe
Token: SeShutdownPrivilege	15844	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	15844	steamwebhelper.exe
Token: SeShutdownPrivilege	15844	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	15844	steamwebhelper.exe
Token: SeShutdownPrivilege	15844	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	15844	steamwebhelper.exe
Token: SeShutdownPrivilege	15844	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	15844	steamwebhelper.exe
Token: SeShutdownPrivilege	15844	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	15844	steamwebhelper.exe
Token: SeShutdownPrivilege	15844	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	15844	steamwebhelper.exe
Token: SeShutdownPrivilege	15844	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	15844	steamwebhelper.exe
Token: SeShutdownPrivilege	15844	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	15844	steamwebhelper.exe
Token: SeShutdownPrivilege	15844	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	15844	steamwebhelper.exe
Token: SeShutdownPrivilege	15844	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	15844	steamwebhelper.exe
Token: SeShutdownPrivilege	15844	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	15844	steamwebhelper.exe
Token: SeShutdownPrivilege	15844	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	15844	steamwebhelper.exe
Token: SeShutdownPrivilege	15844	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	15844	steamwebhelper.exe
Token: SeShutdownPrivilege	15844	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	15844	steamwebhelper.exe
Token: SeShutdownPrivilege	15844	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	15844	steamwebhelper.exe
Token: SeShutdownPrivilege	15844	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	15844	steamwebhelper.exe
Token: SeShutdownPrivilege	15844	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	15844	steamwebhelper.exe
Token: SeShutdownPrivilege	15844	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	15844	steamwebhelper.exe
Token: SeShutdownPrivilege	15844	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	15844	steamwebhelper.exe
Token: SeShutdownPrivilege	15844	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	15844	steamwebhelper.exe
Token: SeShutdownPrivilege	15844	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	15844	steamwebhelper.exe
Token: SeShutdownPrivilege	15844	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	15844	steamwebhelper.exe
Token: SeShutdownPrivilege	15844	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	15844	steamwebhelper.exe
Token: SeShutdownPrivilege	15844	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	15844	steamwebhelper.exe
Token: SeShutdownPrivilege	15844	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	15844	steamwebhelper.exe
Token: SeShutdownPrivilege	15844	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	15844	steamwebhelper.exe
Token: SeShutdownPrivilege	15844	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	15844	steamwebhelper.exe
Token: SeShutdownPrivilege	15844	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	15844	steamwebhelper.exe
Token: SeShutdownPrivilege	15844	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	15844	steamwebhelper.exe
Token: SeShutdownPrivilege	15844	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	15844	steamwebhelper.exe
Token: SeShutdownPrivilege	15844	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	15844	steamwebhelper.exe

Suspicious use of FindShellTrayWindow 16 IoCs

Processes:

steamwebhelper.exe

pid	process
15844	steamwebhelper.exe
15844	steamwebhelper.exe
15844	steamwebhelper.exe
15844	steamwebhelper.exe
15844	steamwebhelper.exe
15844	steamwebhelper.exe
15844	steamwebhelper.exe
15844	steamwebhelper.exe
15844	steamwebhelper.exe
15844	steamwebhelper.exe
15844	steamwebhelper.exe
15844	steamwebhelper.exe
15844	steamwebhelper.exe
15844	steamwebhelper.exe
15844	steamwebhelper.exe
15844	steamwebhelper.exe

Suspicious use of SendNotifyMessage 3 IoCs

Processes:

steamwebhelper.exe

pid process

15844 steamwebhelper.exe
15844 steamwebhelper.exe
15844 steamwebhelper.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

Steam.exe

pid process

15532 Steam.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

Steam.exeSteam.exesteamwebhelper.exe

description	pid	process	target process
PID 2868 wrote to memory of 15532	2868	Steam.exe	Steam.exe
PID 2868 wrote to memory of 15532	2868	Steam.exe	Steam.exe
PID 2868 wrote to memory of 15532	2868	Steam.exe	Steam.exe
PID 15532 wrote to memory of 15844	15532	Steam.exe	steamwebhelper.exe
PID 15532 wrote to memory of 15844	15532	Steam.exe	steamwebhelper.exe
PID 15844 wrote to memory of 15888	15844	steamwebhelper.exe	steamwebhelper.exe
PID 15844 wrote to memory of 15888	15844	steamwebhelper.exe	steamwebhelper.exe
PID 15844 wrote to memory of 16660	15844	steamwebhelper.exe	steamwebhelper.exe
PID 15844 wrote to memory of 16660	15844	steamwebhelper.exe	steamwebhelper.exe
PID 15844 wrote to memory of 16660	15844	steamwebhelper.exe	steamwebhelper.exe
PID 15844 wrote to memory of 16660	15844	steamwebhelper.exe	steamwebhelper.exe
PID 15844 wrote to memory of 16660	15844	steamwebhelper.exe	steamwebhelper.exe
PID 15844 wrote to memory of 16660	15844	steamwebhelper.exe	steamwebhelper.exe
PID 15844 wrote to memory of 16660	15844	steamwebhelper.exe	steamwebhelper.exe
PID 15844 wrote to memory of 16660	15844	steamwebhelper.exe	steamwebhelper.exe
PID 15844 wrote to memory of 16660	15844	steamwebhelper.exe	steamwebhelper.exe
PID 15844 wrote to memory of 16660	15844	steamwebhelper.exe	steamwebhelper.exe
PID 15844 wrote to memory of 16660	15844	steamwebhelper.exe	steamwebhelper.exe
PID 15844 wrote to memory of 16660	15844	steamwebhelper.exe	steamwebhelper.exe
PID 15844 wrote to memory of 16660	15844	steamwebhelper.exe	steamwebhelper.exe
PID 15844 wrote to memory of 16660	15844	steamwebhelper.exe	steamwebhelper.exe
PID 15844 wrote to memory of 16660	15844	steamwebhelper.exe	steamwebhelper.exe
PID 15844 wrote to memory of 16660	15844	steamwebhelper.exe	steamwebhelper.exe
PID 15844 wrote to memory of 16660	15844	steamwebhelper.exe	steamwebhelper.exe
PID 15844 wrote to memory of 16660	15844	steamwebhelper.exe	steamwebhelper.exe
PID 15844 wrote to memory of 16660	15844	steamwebhelper.exe	steamwebhelper.exe
PID 15844 wrote to memory of 16660	15844	steamwebhelper.exe	steamwebhelper.exe
PID 15844 wrote to memory of 16660	15844	steamwebhelper.exe	steamwebhelper.exe
PID 15844 wrote to memory of 16660	15844	steamwebhelper.exe	steamwebhelper.exe
PID 15844 wrote to memory of 16660	15844	steamwebhelper.exe	steamwebhelper.exe
PID 15844 wrote to memory of 16660	15844	steamwebhelper.exe	steamwebhelper.exe
PID 15844 wrote to memory of 16660	15844	steamwebhelper.exe	steamwebhelper.exe
PID 15844 wrote to memory of 16660	15844	steamwebhelper.exe	steamwebhelper.exe
PID 15844 wrote to memory of 16660	15844	steamwebhelper.exe	steamwebhelper.exe
PID 15844 wrote to memory of 16660	15844	steamwebhelper.exe	steamwebhelper.exe
PID 15844 wrote to memory of 16660	15844	steamwebhelper.exe	steamwebhelper.exe
PID 15844 wrote to memory of 16660	15844	steamwebhelper.exe	steamwebhelper.exe
PID 15844 wrote to memory of 16660	15844	steamwebhelper.exe	steamwebhelper.exe
PID 15844 wrote to memory of 16660	15844	steamwebhelper.exe	steamwebhelper.exe
PID 15844 wrote to memory of 16660	15844	steamwebhelper.exe	steamwebhelper.exe
PID 15844 wrote to memory of 16660	15844	steamwebhelper.exe	steamwebhelper.exe
PID 15844 wrote to memory of 16660	15844	steamwebhelper.exe	steamwebhelper.exe
PID 15844 wrote to memory of 16660	15844	steamwebhelper.exe	steamwebhelper.exe
PID 15844 wrote to memory of 16660	15844	steamwebhelper.exe	steamwebhelper.exe
PID 15844 wrote to memory of 16660	15844	steamwebhelper.exe	steamwebhelper.exe
PID 15844 wrote to memory of 16660	15844	steamwebhelper.exe	steamwebhelper.exe
PID 15844 wrote to memory of 16660	15844	steamwebhelper.exe	steamwebhelper.exe
PID 15844 wrote to memory of 16660	15844	steamwebhelper.exe	steamwebhelper.exe
PID 15844 wrote to memory of 17452	15844	steamwebhelper.exe	steamwebhelper.exe
PID 15844 wrote to memory of 17452	15844	steamwebhelper.exe	steamwebhelper.exe
PID 15532 wrote to memory of 18216	15532	Steam.exe	gldriverquery64.exe
PID 15532 wrote to memory of 18216	15532	Steam.exe	gldriverquery64.exe
PID 15844 wrote to memory of 18332	15844	steamwebhelper.exe	steamwebhelper.exe
PID 15844 wrote to memory of 18332	15844	steamwebhelper.exe	steamwebhelper.exe
PID 15844 wrote to memory of 18332	15844	steamwebhelper.exe	steamwebhelper.exe
PID 15844 wrote to memory of 18332	15844	steamwebhelper.exe	steamwebhelper.exe
PID 15844 wrote to memory of 18332	15844	steamwebhelper.exe	steamwebhelper.exe
PID 15844 wrote to memory of 18332	15844	steamwebhelper.exe	steamwebhelper.exe
PID 15844 wrote to memory of 18332	15844	steamwebhelper.exe	steamwebhelper.exe
PID 15844 wrote to memory of 18332	15844	steamwebhelper.exe	steamwebhelper.exe
PID 15844 wrote to memory of 18332	15844	steamwebhelper.exe	steamwebhelper.exe
PID 15844 wrote to memory of 18332	15844	steamwebhelper.exe	steamwebhelper.exe
PID 15844 wrote to memory of 18332	15844	steamwebhelper.exe	steamwebhelper.exe
PID 15844 wrote to memory of 18332	15844	steamwebhelper.exe	steamwebhelper.exe

C:\Users\Admin\AppData\Local\Temp\Steam.exe
"C:\Users\Admin\AppData\Local\Temp\Steam.exe"
1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies system certificate store
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:2868
- C:\Users\Admin\AppData\Local\Temp\Steam.exe
  C:\Users\Admin\AppData\Local\Temp\Steam.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:15532
- - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
    C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=15532" "-buildid=1726604483" "-steamid=0" "-logdir=C:\Users\Admin\AppData\Local\Temp\logs" "-uimode=7" "-startcount=0" "-userdatadir=C:\Users\Admin\AppData\Local\Steam\cefdata" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Users\Admin\AppData\Local\Temp\clientui" "-steampath=C:\Users\Admin\AppData\Local\Temp\Steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal"
    3⤵
    - Drops file in Program Files directory
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:15844
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\dumps "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1726604483 --initial-client-data=0x350,0x354,0x358,0x32c,0x35c,0x7ffb4ba1ee38,0x7ffb4ba1ee48,0x7ffb4ba1ee58
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:15888
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=1644 --field-trial-handle=1724,i,4507498314888526320,16870288262052507893,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:16660
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=2188 --field-trial-handle=1724,i,4507498314888526320,16870288262052507893,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:17452
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=2468 --field-trial-handle=1724,i,4507498314888526320,16870288262052507893,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:18332
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --first-renderer-process --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2948 --field-trial-handle=1724,i,4507498314888526320,16870288262052507893,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:18400
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=1288 --field-trial-handle=1724,i,4507498314888526320,16870288262052507893,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:23196
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=1652 --field-trial-handle=1724,i,4507498314888526320,16870288262052507893,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:25124
- - C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery64.exe
    .\bin\gldriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:18216
- - C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery.exe
    .\bin\gldriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:18660
- - C:\Users\Admin\AppData\Local\Temp\bin\vulkandriverquery64.exe
    .\bin\vulkandriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:18716
- - C:\Users\Admin\AppData\Local\Temp\bin\vulkandriverquery.exe
    .\bin\vulkandriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:18800

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004D0
1⤵
PID:17624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping15844_478985772\LICENSE

Filesize
473B

MD5
f6719687bed7403612eaed0b191eb4a9

SHA1
dd03919750e45507743bd089a659e8efcefa7af1

SHA256
afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59

SHA512
dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56

Download Submit
C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping15844_478985772\manifest.json

Filesize
1003B

MD5
32ef54fcac37d3d390c05880067559d6

SHA1
ab44258473c7c1a920596ccc33463a765e5fe60f

SHA256
d97f5e50808d1ef75bb241df2dde8f7293b9bfcd498dc525e258c97b39564211

SHA512
3bcdd94edb8b0df2d1684ef865f9711bf544c4c4f6adde927611b648dab2776e398e3b29681369a80e8c7ebfb9cd100ba8469ea69c5034ec023c796d8cbfefa0

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
6205dd79f94f4982c891b840d458dbb6

SHA1
8387146c0bcec8ecd6a0fd6b49d55c5298b46cd5

SHA256
80f809dabb8b8d57db065ee894a94b2b5e05832ab84fb81f94246ca04944c7c1

SHA512
bc5901e4d6ffb708dfb5a34c903137823e4c04ccd2c9994f73b9f405796afcaade80e79978b1b379567bce94333323d3e1d4887dec5aae268eb791b60bf89c4d

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index~RFe58c5eb.TMP

Filesize
48B

MD5
fa1b05fbc19e505dd622dfa62a141a27

SHA1
be351221c18243827b3cf695bb4bc05b70afc5d5

SHA256
4e67aa07c8affd260031d32bb619b1a0c198926b5c6aed96987680555ac10bf6

SHA512
bd6ecdc661908e7f2f11f6f057be4c164736cdf77744560134be649d876d405851d17bdb9b17a2e045f163d192379ffe38436cb74581531c78fb54e22d05c933

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Local Storage\leveldb\000001.dbtmp

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
700B

MD5
7a64135aeb87011a3382735f4c1b2f1c

SHA1
40cf32dd501a323055c889e33f0acda8e8cc850a

SHA256
a3cbfb1c39f98c810b9e2c9ad15fc0e92cc8bb5e37a64018481d822bc9d0526d

SHA512
622d3bec968ec02983c0242d7b0a219f1914bbe37ed03ee4c98fd7471a3cbb55b9eea977eb2bc39dfabae0fa9061b3b5890fa5a25bd7ee982bd6294968ee1a19

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
795B

MD5
e1e8517714f1978ab6db86a850b1f581

SHA1
e5feb8851eea574192ab7a6ed8d375f2736a6d4d

SHA256
dd8fdc587b6a94cd377d7c85015365a9eab8d09a3f350961201b9775975f2d42

SHA512
c8c2b47ed16c6a6cb07a4d1888316e03f5cee1b6f18b6fe6998ded65dd00c24a9a92ed3644b393c226dd98b82c1a8bb9be54e563b2d63425be82141517f9fbd3

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json~RFe597e3e.TMP

Filesize
484B

MD5
e4d5f528097459500dfce95c89fffb8d

SHA1
c4de20ae6ba8c2be87020ea4d6aa3b44561a456d

SHA256
c250c1a38015d86d4da9d79335e5449877a5e64daa36ba83367d2c88bb171849

SHA512
cd90b3d6f6dde9d4d5d05047712b532f5b600ad4f2b4f91a4d10239785748c9c1035e18fbf0b6bd7de92987ad375f20a93db2b1a74a56e17e4f311f181c8278e

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
300B

MD5
72f5810bf7a92e652db4242b96d6b3e1

SHA1
22625d52ddc2f6c98c2e337d4ef992f3a92903ef

SHA256
fb80b41e58a43161a2d38a09ee9fec88d035a06d17b4c97f1fef87ac2c4274d8

SHA512
7e66643aa87a1a19cde8d32f63f071b1ea51bc14b88111cd0bb0b72ea5cb7ae33813d96b3d18059c6e8775936781a8cd1b5913d3de5b95d96d6f389cdd33b55a

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State~RFe5991c6.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\aom.dll

Filesize
7.1MB

MD5
d764264518e77cc546a5876c3bcebad4

SHA1
ea17d45b396fa193a851bfd345e2b2c20ad60e12

SHA256
e78492de0ab575add50b925bfd44216d224d09904a9b14c17087a92fdcbc15cd

SHA512
7cf132ea5254a55c08186ffcf5e47360ef5ddd57d03d7051171f6753b22e3925304d183c2037bfd320ad56c08e079f9b2c4640db8cb3dbd38ff500c7a39e997f

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\audio.dll

Filesize
183KB

MD5
bdbf3fd3d78b9f6e01301748f6d1d280

SHA1
5a6b927c5ac3969f4e4d3aa526a8b7aa4cbb0204

SHA256
9345afacd7f25b7a4ef0e7a02cf1ad4fc3015c93f4c7f7b480aa48cd3b184847

SHA512
b973010a30447b9cece7b3ded7c6bd15399098b7d98da988fe96f14f003c056711547c5d04bc9cf81764680ab11b118168b937dc9445d05f8cab27d457788561

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\SDL3.dll

Filesize
2.1MB

MD5
fb0146e69ec8c83859d64c1239f8ce93

SHA1
84b7d2ad8abec223ed84f9c60df860cb1058b383

SHA256
1abcd507437b9a1efd7ba5e0338cc86d24328d47bd9c40eedaaf4360efacb476

SHA512
3b8304ac86e49570cefbef0511a8d0c3060e46e501c203f5e8cb52df797080793ea62840f5b904bfd8ca42eb20ebe4dc74cde963c18939a356682d6d42b78845

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-console-l1-1-0.dll

Filesize
23KB

MD5
03068ddf42f4e6cf8cbacb82d12acd2c

SHA1
d4a92bace1759a9990de598a31ecc37dcdcc482c

SHA256
633470b3bcc1bf209ac5c9d3e5d8cf1aa0c51af86f7694e088a842908cd6dd62

SHA512
bdc44c95e83f01066ae54e9ebea83e6a2fc0975af1a00814b005b73fea2b004e0a2c52bf812aa945f00eeb132f89e427cdd8c7de463cdb0fe71c81fd97065272

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-console-l1-2-0.dll

Filesize
23KB

MD5
ecc4653141cd6f0980d3de87ada003c6

SHA1
7e911ca31f4320f4355f1ee5ac52d788ef3d55f0

SHA256
d37289cd28bd3d63fc7cb140616bbd2641975b7511d85376e2a9b83729564783

SHA512
44109105a6c21b8b28e8addc241ddf83aaafbedc10ffce73730b9e0973180c0aeaee4e7ae0c4a3c9b10c6c7930e905023066766aa122f43dbd21ab8ae73abcf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-datetime-l1-1-0.dll

Filesize
23KB

MD5
43edf34edf20ccdd0ed7acc7b25748ff

SHA1
b474d11f41ca492be762a8de1c13416f31ba9372

SHA256
8d18111e53502f05828578df32101b10a1ee2f4a4504c27046083ddb4bef1ab9

SHA512
5995684ee6265bf4ac4e2cd376193083bdf9693b5ef29b07cf33a86ec373505fd431d47557263d5eb15e6d3ffc9787ca8634037c51b90ab0e7b258fc57f1e3a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-debug-l1-1-0.dll

Filesize
23KB

MD5
fd8029b4da3083b475a48ac76ec4993c

SHA1
040f3273c52e0e963b9a2d11cebfb0bcf06d13c7

SHA256
abacc78b4c8dfb89083aecc59234930460c6b1072c8d55d01369b20fb044181d

SHA512
cd3d4a6a33cd3b698bfec460cc2b9433ef7290558aa031f4d888d9801b5f025900923d51cdc78bc35d81d8c33a3e7ab335b60d7c4cd6a301e60e0506e29208a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-errorhandling-l1-1-0.dll

Filesize
23KB

MD5
3a2dbd4334b9cc234496f2d7cf9e1d26

SHA1
99bdae37b42ce7bd386b0479fa1a1ea3c53caf1b

SHA256
1af61ea6c2bfbb2dfa24ebc20ac50fa69441a641dc60e3dfae8181901cd444c8

SHA512
8cee7c2189b51d8920939b2fc16fb8daf8b10b3ab1a889a8bebb65b5adc10175da0894660bc01a6d11c0eafc93194c4c9045a4f6bd2944628c5362d9ceda6839

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-fibers-l1-1-0.dll

Filesize
23KB

MD5
52ff2bff29dd0d39daf082e77d2bf244

SHA1
452b1787f8b35def0c3dd815a4dc66f7814989e3

SHA256
fc43d6feb3425cf49ac39f242b2c1f8e078df6827fd28d829d27df5f601850f7

SHA512
805e5edf61fd44042e71302b61e236e74a736c1f5ae6ca5f61217b074865544a90aa48530964b3f502eb79c52b123a95245e8c206cec81dec78b11d209ac1308

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-file-l1-1-0.dll

Filesize
27KB

MD5
87f9288def26465cd646991688c0edd8

SHA1
fc327cba7f20d0a2378a5c5609ab426a4ff93013

SHA256
641c7902819e885f1cea916e56df83999ddfc4d7ac150aa056b27e2e2ada7de2

SHA512
8f2c17822daf7c28742c0c7d3849d7433edba99af8ede77c9a03fc4784a73195b7c195bb75b2f0423dcd3c49ae1b8e57177add5cd4c6119693fbc6903e20ff7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-file-l1-2-0.dll

Filesize
23KB

MD5
fcee2ad431d015f2645f6e87083ffd55

SHA1
8a5e202f310afd2832fc8c1a2d431025325fb046

SHA256
dcde2bd75c67d8dd94485e8c19b0a557cf30d980f1d3d23b98b7ec5b30b2a215

SHA512
a31611091139d4ad0fa1f6477fb557a4b2435e4ea90db021d80d66cd943ed4728e5c5a2962061f31c67433441103bf419fac2e3c8eb544402fe2f9428123a856

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-file-l2-1-0.dll

Filesize
23KB

MD5
20cc1bc113ca79a3ae0639e8adcde6e3

SHA1
1d8760c01218059b3e3b5313ad932de13684d0ea

SHA256
e2618f8e40ba85f0eea466af889a311316a545b15f1c982035d68827999e15ad

SHA512
c46d129eb313ef801a7637bbb9a9040fb8f770ea0626146b5028141cede9c7e2a46f58bc3c17f2515cd5bed3f6775ad93cebca57373faec4fcc1821dde1fac58

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-handle-l1-1-0.dll

Filesize
23KB

MD5
d61bba9bf72ba9fe6cfa57b878a946ef

SHA1
2e3e41f596219de5232311dcd6d7fa73342411c3

SHA256
667db417bdb9a7ce632b249616273f8cd3ee69ae6dcfc1b4ed11b16f1378c540

SHA512
34cb9e3f826c13c6a6622508ccdf94e803c080106e26fd311c1dd55d1bc9f3b7451a8984b58f72da3f20fcc837be6b036c27e3286954ad5f6979c70c637cc308

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-heap-l1-1-0.dll

Filesize
23KB

MD5
8aa73ea893c069d0aa98240d57e88fca

SHA1
a14511fa2c916a27ec1fb3a2c207165db6cd7ea4

SHA256
2400936d6a7a396a7c282b9b02df974c463d2b89c7a16dce7d87612908124c76

SHA512
d5f9fa3ccce52a56945bc34f0a58c3cd87412a660d4a84c8c40a50364e550e0f1eda045e9456c9b99e2e46245afd25696ed3f7337bf1398ff088e218b1c1105d

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-interlocked-l1-1-0.dll

Filesize
23KB

MD5
b265d592a17183a8d1450b45fc76df66

SHA1
8e2ce55c543bd41adeb8198067f0dabcf7bf2faf

SHA256
6037a1b25c98e00832ea1e3c8dbcc1a85549992f6286b80d68ad2ccac3d3bec5

SHA512
f67cf871345b17b638d294afbe7c8afe408c6a43fb85df7758d1a8249f56f1f0a74f754b45bc685e00ba5f6d88ba64f25e43b5fcc88d4f0b91a848c748172afc

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-libraryloader-l1-1-0.dll

Filesize
23KB

MD5
622a8247e84fe7a8cb8ed8bdffbf31f4

SHA1
4656444f64f5d1c20d8c355c74f4d41eb8001246

SHA256
105aa615c6b77e3325700a6325e56a78d584fb1a792c33704b6412b7cf16f36f

SHA512
276cc4b255801d68ba649a7b48d52fc7ead890e31941b9f6b459555711bdf2336494e3178cee41460a2605005630073a0c68c65bc4aaefa2399df0107947a267

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-localization-l1-2-0.dll

Filesize
23KB

MD5
97b1a95703862d7b1a45d8494563bd04

SHA1
f96ca4ebdc21564bd6f4e9bf7ef538f700f702a2

SHA256
4036ec9bc6598c72ba6f6216a6dd24eb9a303070acd4b18bbeffb5228d4c3428

SHA512
bbe64ae065f29596b954b87921a41471ec56e279d273a287e7e777afd032d8fa505e03d883acd91b3bf0b0fe32e7782a652a543729314c9585498809ff394ebe

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-memory-l1-1-0.dll

Filesize
23KB

MD5
497a278be3d7a88000d9bcac0abdaf37

SHA1
4237b72d2ea44d63f6806a8f10dc05824492a9e6

SHA256
5b124268dbb56e55afddbb414bdfbea3439d17bf32022a2c2b25ebca55b07a8a

SHA512
861f6fbe9c210afa71280797a87a909c14e0d1f865f21788a86c187e95069e79c3eef99b4c8250732069fa5160c6a3d60474b9f0a94d0d96b0c447a7fc2b7e83

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-namedpipe-l1-1-0.dll

Filesize
23KB

MD5
7d60f7c85f257423b6ba52840118e80f

SHA1
7fab0d6b48172e5c9fe5cad4ea65a9b9559c9bcf

SHA256
fa662dd9b22e3f4d59effd6ee1e2beeb4016184f7eea38d26a1a0df888f59f77

SHA512
8c047a9706713ea5c8bc848d4f20b29d51a9b9715aeb937ebd341b94038b4c1d03aa92c19f23126afac4171577cc8ba41202b676f9ceefa1e0f5404bd736575c

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-processenvironment-l1-1-0.dll

Filesize
23KB

MD5
2ee0b0440783ce843c2655baba9c76e4

SHA1
4665e7a8f30cedca77351d9321696ad65521da88

SHA256
b912bb78003def510b17b9bbf360fff929b5d5d94298254ef792ec34b82a2bab

SHA512
6fd0336a998b6b824b0b41a58fd25a9ea1dc0e98accd6a4a7902ff29ae1b475f9d7e881276576b7ed39d1b3f855bb1e66458148fe92bc13722fbefc7e56f79fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-processthreads-l1-1-0.dll

Filesize
23KB

MD5
94e709a3b938de4cfe760545d18e3da2

SHA1
d81ac1d6c4ee2623a7d9a51f6d941c3960118cec

SHA256
0e683c31dff835cf09124c652a654e17f0f0fa99c4bdc91411d75f418992b10e

SHA512
8e7d7305a23f7478934e62a59ed722e9f018af304d2c4ed5ef752ea36594fdee265e99af87db196ca094b1e7fa466393e599cbffb1b2d26364872a508a241ef5

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
23KB

MD5
1308def8f9663fb6b7c476f52cb60675

SHA1
18d7da1e088c1872221b33aaf390618239e31ae8

SHA256
353478f36be9c35bfdf49d48e9080373c13093ed0671683b5eb7a7bae21b0271

SHA512
aae2fa620b6fa96cb4c7135f53bdabbc75f30c60b9cc7c320bb766c5832ecbd0b3f24a140160f3a93b3201e7182634957e5c615e72f2f16874422d2f6ad27897

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-profile-l1-1-0.dll

Filesize
23KB

MD5
b7728c6b8a37780f11ed65cb26f6bed3

SHA1
8e9a01284b2904f3f91d218e1c28ca1ebb982f61

SHA256
7c01b2e4c6e47bc5cece6baaf41ce489594179afe9b3bb55ecdfa3834251fea2

SHA512
ed5f7f6069dce09cd0361e82719068df89f61b4280135e2b1657b04c9a8b053e24b971cd9af31f34f995d31dadd8c2fc218c80840a5ae5a41dcd9c0e88c22e6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-rtlsupport-l1-1-0.dll

Filesize
23KB

MD5
092dcf30ecf88949733ef075379d0684

SHA1
fdeedb592ce196195c70740bafe23d0b63518cf0

SHA256
d78968f651f021fff75d6e93e4dfab8704fd6f317ccc3e8a6023d4b84d550de6

SHA512
5de27ee9f64c6779f7e0beffd7b3a114a4bfc74bee6f29c21f6b584b3077466bdc81d2276f62f195f3c658ce62e360ffca5999874cd7456520ce646692a47bba

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-string-l1-1-0.dll

Filesize
23KB

MD5
060f3540d5afdc5335d6c77d71eefc00

SHA1
eb36802b982dba740312d4f1813de725c9315e34

SHA256
a9b13b7b54757e5c39430c3b2f9c59e20ac382092e1813bea2870745b5913702

SHA512
3b172f0f3a3884516de16183e8cf1797ec394c24f98cf5dd846000088c624f83af705f687ed1d8bed0125731cb4fb07d20c358956719cddf477a070c2f846daf

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-synch-l1-1-0.dll

Filesize
23KB

MD5
040a9e244f28398fc442ecbb5d926ea5

SHA1
f1216233562e53f04e8ba541e7e2aba171c83234

SHA256
13b3355b7a60f1fd6467d789c121ce91cfaa62d412e9ccf5dd59bd69ae0cf6ee

SHA512
a2745daf1712a7552ca434f76508151d16c3528df7b3ae2c72ab05221134783c16ae8152d1eb3e84403e6fc48f3c6d27044066cb84c9e537805a9f2417c90410

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-synch-l1-2-0.dll

Filesize
23KB

MD5
f455b70c2aeb62e5a066f3c92fbc604c

SHA1
3481ef600d680e5a211faff858fede7391c5703e

SHA256
86a25ff00b7ed5374999ec459e7c3c195301414e42e00c5716faa4eec49be2f3

SHA512
6522dd1186267b0daa95a412864fff50b982e1c0bba985749df8894c5997672ad211946d2acc38719d424a6c81603ad70e77333571c57b68da501cfff5abdd54

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-sysinfo-l1-1-0.dll

Filesize
23KB

MD5
d1d1cfcbcf15736905aa904a4920968d

SHA1
3e2c06622f27d8d4d546b5c46f64cd537dc2ce09

SHA256
654bb2887bdcb4c8d67aedd856a8fe881a10203e921303e7e46cb4613e7aa379

SHA512
bba0bd89fd5264b60c944102985dd809b5ca4fd7ce4ba313bd4e8d3521be8fc06ca82e8d657de0c5b7b8929330c53309d9d6ffbad94ff7067769ae4c5daf5f3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-timezone-l1-1-0.dll

Filesize
23KB

MD5
cd4384d834b29da7dfdb9fcea4ab6223

SHA1
b4056ff01555ed2ecefff6001ec053bfe024c52b

SHA256
1926b6136d8fb0687f6d20c95e3a0a5175c4e6f5c092a33c927f2d9a3db9be25

SHA512
282fab1479da157298fe9885037bbf7b13c1b3c29a5758b2fa8602f9e3db975d26373c787e42e16f58fac3073175738e263d717e919809dd020b0546a581fd41

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-util-l1-1-0.dll

Filesize
23KB

MD5
a91581391c80947348f5ce910bb7edba

SHA1
2c73aaa678cdea87ffcca1b1ca52ece9856d6c63

SHA256
6ca2639951d66cdf24da81e8377c38534b06fdc0fa8b9e61637a9d615fc053c4

SHA512
5ef069fcacf0ec7fdd6f38d82bca4a902267f98b16bc033dd0ae4b6d27f8b3069872d35ee9494ce0777e698f5711dfeeb261de979f8ed73297ce185698da1df4

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-conio-l1-1-0.dll

Filesize
23KB

MD5
052f1dc5169479370e1d93cba74164b4

SHA1
2a8de8c16718829f34c00fed6dccbbad0a329378

SHA256
9a8f77edc424c0acb982f1a3d95804b43e644877f29d7e6770f84f55ceb57097

SHA512
771455fd9c409e27c473ca37e8cbd0da4458d00f09754e29b1fc7df2973243d43d79449fd7cf71907730c6098edd96c109ebab57dc20c908f893538ddb0fffbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-convert-l1-1-0.dll

Filesize
27KB

MD5
eba8a48db9c108f331b1ee877d1bfa34

SHA1
572552bdfb506db07a7d580253645dfdde962edf

SHA256
7e3bdcb763330065d7918f1bf053a31970c7ab4aa65794fb256315d4a17cad20

SHA512
f665d2ffc9d64f18c35121726af4c8e764bc401a96d29ba9e67a3ec3ae6a0a34a4e9beeb541a5cb79d3b4ddf50255a07d7d4b95a4abed6ff4808b8b115dd9648

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-environment-l1-1-0.dll

Filesize
23KB

MD5
0c7a94fa6692d5ace1ab988bda3f638f

SHA1
2708c24ca07b2cca643c6c964a5a1592d162e69a

SHA256
9c023467bc9b8d72b7071f6ff2eecee47a2d93feeee21b787e579f035a545134

SHA512
2fd30032347b6914fb18c95328edf1f44e1d02409221b785086e9d0223fd1b021710cd680bd1994e1e51ba7712025d51c91e3aee86e5a04bacd92e61a9eac05e

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
23KB

MD5
936b063b07ca5ed344ecba8894a2f81e

SHA1
08fead434135fa721af1b6d523260db7593d1c0f

SHA256
349dc4a320f444123a27bc3ee0dd3771dd085a2f9b30818a7586a9a74e67af91

SHA512
697c5301cd21a080c1e5a96904b06cee11473dd6f6b454a04229903affd6ba6bca28d21f0051730db2365e774f6cac468f0fa7ca77e2bd3ac5cace64992979a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-heap-l1-1-0.dll

Filesize
23KB

MD5
f4669a5e62c2cbdcb2ec53e117cb81b9

SHA1
f86843d53ece07d1847b5e64638bd3823832e5b0

SHA256
6781669609378301d5dce01d8c9187ce9cc50d160fa4022042403f3ad4e55145

SHA512
4ebb9fd49e8cdfbc7b23d0b2961a097b98d351b678e1be0196487972014db13ed2bebfc361eb9e5d51bcf6886df3f9313073f99949559c499c4277a22c4c3385

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-locale-l1-1-0.dll

Filesize
23KB

MD5
942062f614fc18a4fde240b6c430ba97

SHA1
fcbb4afa9a0eb45d1e3e1509137a6af5e0d51e8e

SHA256
43d1f6551c2e6c74f148831956938524bef57ad8d9c1c092ee1fb592797410d9

SHA512
861a7c2a3f22759df2d9f0f6c8f602e930b478cb65c93de583f84e3ac507d57a211057c812faad07539fe4b3bfdf96734024af1c81606dfdf6238effef0e3f1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-math-l1-1-0.dll

Filesize
31KB

MD5
1d65c5490dd8f1caebdde1f5b0466e23

SHA1
d9478b035a98e16467cca63fd3366e3e3bbcb783

SHA256
c7ff94b866b7dd4089ce1c6fd7881aa52f3ea98c10ba643107c66c54a989a982

SHA512
c99537c463629ec575519993f311d3cc2463648a2f20fea84e7023ae2d3b21e51842124406fabcf5d6b7433e7746771ab68b18c2615d21a1d0170df2eb81ec0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-multibyte-l1-1-0.dll

Filesize
31KB

MD5
69c4dfe1858bd882de30689f7cb49b7c

SHA1
3189383adbb657cf498405f6497b4525c1946014

SHA256
2a4826347187214023d66c1e393b2caf1cdf6be8fde7c01b13021fc1932932d0

SHA512
084caeac9cee8e5b014533348f3df4384f7f8ad6df3220934db84eb988b6b168611767e0fb354085f6bc5aef321620d810c37f0c7179e269b794582ebd4ce713

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-private-l1-1-0.dll

Filesize
75KB

MD5
acdf763c0486219bd9b53b33ac3913dc

SHA1
0df77372450308b264218a27f8f9d209d06b887a

SHA256
6132664b27d0a2ad946e3bd889a413a0ff944570ec2c54e409b60f89c6d6717f

SHA512
258cf73c6b0840813155dd1beead36fb78b3b346de869f12f2dd1c70b4e238d296122e8543a6fd32eeba2fb80b0776640d47edfb589423b6eecc4c0b149a5550

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-process-l1-1-0.dll

Filesize
23KB

MD5
557b2ea4b05d51ed2292eff830663ca8

SHA1
8b1b70006661b897913c10875d61b74110117248

SHA256
d8d9acbc53fed08518cce07c807f692dbf60237a5e28c392532a81775273c8ac

SHA512
cb491ce5406d2b0794cd44ca4c800640349fceb554cd29a0e290a9b12cdd99109bca00c7dde95f8abf970b4d588967f34c1cad3461383c09c2cee84cd42d7868

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
27KB

MD5
b455090bfe194e7f5a921c559640533c

SHA1
2d03a96fd2cacf6c27a4377f8fd96d5fc857bccd

SHA256
424506add7d1e719e260fe7cddf5715c28001e30a0263bb3a6471570ffb80d6c

SHA512
0f830530e02e1e8af3aae472dde6ff9b3fff69c97f98ce0f699e19327020bd5ed9e46aab841f6d85dc2c3df8674724a8246a6f1d2e6338ea0691ff06ec782c1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
27KB

MD5
58924fdca4cd1348d9596666bd4afe13

SHA1
dd637743697a69c2223bc4f1414eb3fd1d28bad6

SHA256
9a953bfd49474a64f047615f8bd1d88e85c28cdb8de8b13aac666ba46a38ef67

SHA512
5b0468c92e8779ff51842ad4075b6eccb9cbb1da5b3b57af0f314756ad6d58924e992fa71f5ab430aa5861947855eff82dcdbd3bcdc0fc3e5004752a4533e350

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-string-l1-1-0.dll

Filesize
27KB

MD5
2813873c58376d67e3a62cd8a8ef4aed

SHA1
e7bcbfa33d24700bcc1ed983416e995b7c0777ac

SHA256
83a32cbd5789db3593e6a082deb7f779ce80521ecf25dd658abb9f47d78520bc

SHA512
b8ae51929a450ed205096f2c93eb6be7309ae36fe4f88fed13883bf8d7005d86d822de891a379cbed8a4b44450dcde88310cc10cfa539ba421b0625c95ee4a21

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-time-l1-1-0.dll

Filesize
23KB

MD5
f06dd1ab509cc25e89d4c27c6ba38a00

SHA1
0675d0bf206a720e6f97976f0b7c71f142f24db2

SHA256
d3efd5b3f5ee0871f5e9eaffc09351acd12e8dc34bdfad4380b3a4f33ca3f36c

SHA512
899d1ca42315acf87e26b7ad9f3a94a7a771a7274ba463cab424d96523dfef690e5691330faeb3b9f74ce1d2b7c59acb05a31fef12991446e387cfd91261888d

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-utility-l1-1-0.dll

Filesize
23KB

MD5
04a189d8e5d81b5adbf49a41c002c3c9

SHA1
8583800456dec8e1abb9289ec69d7bd7ec3e5582

SHA256
12d5fbf88ff7237ba8ac8f464407931670852b8e5bf53b8b323ffdda74a76246

SHA512
ea3b3927a1441aa2f811cd193f58621d7fbd5842a27a726bb13e04c87b44759168113ee5dd6d8dc7355c7acf70d20c6cc83e8cae80ad3ec0c91bbbd5b060ffe1

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-downlevel-kernel32-l2-1-0.dll

Filesize
27KB

MD5
6702bb7db237d299da2820a6825833dd

SHA1
14e252b123257c28c51e6f8a8d0356e44318a379

SHA256
55217cf8c263a8edf1f53457ef4c33fecbe9839790ee574d66f2651e81e4ed45

SHA512
f1daa09b84bd5d3cb7f53675a54bc8db5079932cc141fe7ad91e7073e6532dcca7fefe6ac6daa3012e66ac7c9e89c0472c90d7c0b39148c200b7c069ec2c7125

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-eventing-provider-l1-1-0.dll

Filesize
23KB

MD5
cdc98428d40f78aac93a496295204cc9

SHA1
17d4048de696ebd600ab66be2e64a96079db6163

SHA256
4d50d8ecc545712937f6aa043614c92d2478e97f61323426cd54aee57c8f3020

SHA512
f3d9fc1825856ed66271b5eea6536258b215ba9fda619f6e8d3a26e71a411b803d52ef0bdc712ff5e578ec0cd8210dcdf885de9754eab5f356e36b05374e8a2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\chrome_elf.dll

Filesize
1.4MB

MD5
7eeafccf8085f5165d62323b74e749d5

SHA1
cccdd90707566168154b4f3767720dcf21c0d33b

SHA256
58b28a65e8cfd98aff76fe1f16c524b10cc7ffb2da6efc3d849fd2c2c8e99756

SHA512
01f5478a0444e481f75d98fb9123b2d93b7b6482b306fa6b533f125732630643cf16580916ca7d9b1f27ea5b3b7b11d7f44ce5a3a1ee6cf9fc9cabcb68d38224

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\d3dcompiler_47.dll

Filesize
4.7MB

MD5
02a2119aca2560ee6e0c68fcea6283b5

SHA1
792a8be1019c4199bc87c18e0497315d979d6978

SHA256
5e975f4ec2928ace98eb1494abed0db80e3969315843bac579ba25d9b5e90383

SHA512
a2647dac5632edc3e7e6bbe2200aa9b938c738cd47f40cde39c029b7f07fbcde4034bf4f25e01925d0ea6eeba2e09e509120b329d6f29314f62c6c2d3df59164

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\libEGL.dll

Filesize
469KB

MD5
34472baa3b47dc579984ab3a337aff6e

SHA1
aeaf3a0af26f2c7c63358c84b0d00c18e2765783

SHA256
0de3083bd1d8754418dda6bafc4b7966ca83f8a8c6394f227d987977dd349867

SHA512
9f1d900ac48d6a90891c639f1a94356a77b3e50ce6e8e257419a1f68d3cb1973c986cc5d7ef2271864fa072d0896e9d349a72053a12cda38faf8febfcd00d933

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\libGLESv2.dll

Filesize
7.1MB

MD5
1101bd027df0c007f3cc9aa28fa7b8df

SHA1
3e02e65f60be2711bb59af18c4f2c568b56bbece

SHA256
f6586969d373d8d1729b4aaac4e0a6880d631b72dbd68728094588b62276a1eb

SHA512
091fdd8cb0df15359a0e39f950851ef0754e5c4d7684613396085d978483b527b2a45c627510fa7249b5710be0d533289766da20c42c8051c8ad60df73a8a61d

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\msvcp140.dll

Filesize
555KB

MD5
8c17c57f1b00350acae7806413c81580

SHA1
c84587b5f1fd5268d93cedb5e3ec1e52aa54fe6f

SHA256
3be2becb55f1cdb6a33d3ec489553e181efa201017bc47c65dc8c4bf434a9b75

SHA512
4f17570905c1b85f1df746a5414a6d0cb29f6a4a5055150af4e1ff96fe903477c382e9e6fb117596aff1398433add2d214c983ccbaa29cd692464dda5c3cdd6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\openvr_api.dll

Filesize
806KB

MD5
4398179b668c70f4464ce9448fa0bac3

SHA1
a12848d2488fbd31a2481922664a2875f162bbdd

SHA256
0ba4d3049449403e1966cf8922ac5c2e6130fabe72c0cc6b3218da82f9110ac9

SHA512
98db440b4c220a9e71b60104c819c402bd88b6c10b9ed518660e8550884fa518e165bf20ec2d85a4bb5c379a28e9524d4b69dd25dc599e062498670fe8f28bc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe

Filesize
6.9MB

MD5
3f50565f679455826293c9ba0ae13afe

SHA1
e0685d0128724c41f7a9c7a8cd616bf9e9a94d9c

SHA256
0a545f7a9c75d89e626e61d04d008aba3e66cba7474df43fc7648805dffe446b

SHA512
076ca17b1098efc2fcb44547af33ff991d5fffc3f288c39828eed0a5bb0fe36edb1bdf465dc5d599626d6050a2b985c65068503898cb79ad11d9e7376304508b

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\ucrtbase.dll

Filesize
994KB

MD5
7d1ae656bda38ff35d63bd5b2e93c33e

SHA1
e68f675b329a31513fdb491d197e1599ff9c8df0

SHA256
eec733d6b9d485fff5bf6aa2ada0a417b42e2b47b6ee5adea58d57cd19f9849b

SHA512
49f6287678f6992cab10ffffb90d5b02a590ac1123f5f528583e7a9c013bedb9cc76ff11c000450bc8ae7d3769e3836132825019d187ff420fc0c835cb46e420

Download Submit
C:\Users\Admin\AppData\Local\Temp\crashhandler.dll

Filesize
346KB

MD5
8b0b8be2a990e84f4c9aac90e17e9c79

SHA1
cad7fddfe6421c00c005aebe1267f1354e7980e3

SHA256
1e0a3e673d126c8407c3501c6f5910974a9a2604dc13efb92cd09accddf26eb6

SHA512
0c3962e8ed5f5192bd06b604c791865c3179fe5cf71685598e46f0db71b46158f6d124fed8a33c120609419e9d179991a0250db33d12f1b230d6a850402625e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\logs\bootstrap_log.txt

Filesize
13KB

MD5
d054230e3320d52c23bdc4d1edbf24c5

SHA1
24ee9414fc3bb4dc10cd2b174b4420993535ab06

SHA256
183f9bf23e3107ec92642eddf25ad531e1e0e409ea3b32a1f7e8190e9813e43d

SHA512
73b6d5aad8cd2bf4a4f754e398cd152e961e788bba8df55650e8af4f1113b2639fbb332d91ba799e0dedceb62e23c4521bfcc77ca384237cffc68a188473a3dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\steam_client_metrics.bin

Filesize
3KB

MD5
e731d111e79912676613ed4101a4913c

SHA1
bc955aa4d73a4cb336b77f04c4c30721e50879a3

SHA256
6effdbd739f3f0238eef2180236b01cdb07228b158a523b0eccf872f172c7bec

SHA512
d580abb4a2f4a230beb995a93ba675331123a699cea6a4232e93bcd2212f1eaf91b932c551f1bd443edecfd700077bdead4af73d25f6833b1ac16fa7f5e024de

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\steam_client_win32.installed

Filesize
477KB

MD5
22c65e6d49597a6470808bbe7065f52d

SHA1
010b610e363f815820208e22e6fc0d787283dc1a

SHA256
15b791b3caeb5a28033cfb0bed5799e57c8f37f15f410673477356cb62715346

SHA512
f8784d0bc20c9bdc9fa2168bd554882602f08305649f9910bfca9add9136c5b83f0099fc2983af2726c9f1e39ae464c26a31bc82f7f0005d0fff63c51abc7768

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\steam_client_win32.manifest

Filesize
8KB

MD5
02b5961bd0e56bc64b88ddcf903fc42a

SHA1
6b38e72dfc69a1df2eabfbff33d8c8ba41fcf6b2

SHA256
bd6016432b150c897af0e8ea6a7ae8df353b67a5e6293359b79dde002cabd8e0

SHA512
1539f90f4822b34ec8a841e8482144625738173e2eef5ef33bac75cd4666a20a449b7009ddc4fa04cd53197a2e6cd35075bea65f8583d9eea36813bd964807cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\tmp\graphics\[email protected]_

Filesize
15KB

MD5
577b7286c7b05cecde9bea0a0d39740e

SHA1
144d97afe83738177a2dbe43994f14ec11e44b53

SHA256
983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824

SHA512
8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\tmp\graphics\icon_button_news_mousedown.tga_

Filesize
20KB

MD5
00bf35778a90f9dfa68ce0d1a032d9b5

SHA1
de6a3d102de9a186e1585be14b49390dcb9605d6

SHA256
cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2

SHA512
342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\tmp\resource\filter_clean_bulgarian.txt.gz_

Filesize
23B

MD5
836dd6b25a8902af48cd52738b675e4b

SHA1
449347c06a872bedf311046bca8d316bfba3830b

SHA256
6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64

SHA512
6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

Download Submit
C:\Users\Admin\AppData\Local\Temp\public\steambootstrapper_english.txt

Filesize
4KB

MD5
555f3a1a3e2ba4f9a31c0e1c7906f238

SHA1
b0d8b147b34f4812aa5df61fe3b5cf227b4ada7f

SHA256
38c292abd86eb2a50eb4ea1a74efc7dff017f9183e0252892e9adef5f577119c

SHA512
bed445e47f14625063683cb7635500e91632bd7f19f78eb566f8d7ea376ebdcb3994eb4e9d68b7e33acac17dec86c58652f73cb1b85251dde274f2b51741c765

Download Submit
C:\Users\Admin\AppData\Local\Temp\steam.exe

Filesize
4.2MB

MD5
b52c89b709394038e3ab592831dd5e35

SHA1
e32eded6e6d6f4c846a25119dda83afb751898c1

SHA256
7d0ca9b7dee8c4b3d0ea55d5dd60ab7343bfafb4019d8b33578ede69d6f6ad92

SHA512
288bb968dd7f96f463801da6a11904cc140ebc97f62d72185682549901bfe43863cf4203435d3221e72de1975ad1edb4bfc154fa48f40a45ef0e126c8aec9ac9

Download Submit
memory/2868-12465-0x0000000000A40000-0x0000000000EF2000-memory.dmp

Filesize
4.7MB

Download
memory/15532-12628-0x000000006FB90000-0x0000000070F7B000-memory.dmp

Filesize
19.9MB

Download
memory/15532-12764-0x000000006FB90000-0x0000000070F7B000-memory.dmp

Filesize
19.9MB

Download
memory/15532-12637-0x000000006FB90000-0x0000000070F7B000-memory.dmp

Filesize
19.9MB

Download
memory/15532-12641-0x000000006FB90000-0x0000000070F7B000-memory.dmp

Filesize
19.9MB

Download
memory/15532-12662-0x000000006FB90000-0x0000000070F7B000-memory.dmp

Filesize
19.9MB

Download
memory/15532-12616-0x000000006FB90000-0x0000000070F7B000-memory.dmp

Filesize
19.9MB

Download
memory/15532-12634-0x000000006FB90000-0x0000000070F7B000-memory.dmp

Filesize
19.9MB

Download
memory/15532-12732-0x000000006FB90000-0x0000000070F7B000-memory.dmp

Filesize
19.9MB

Download
memory/15532-12631-0x000000006FB90000-0x0000000070F7B000-memory.dmp

Filesize
19.9MB

Download
memory/15532-12603-0x000000006FB90000-0x0000000070F7B000-memory.dmp

Filesize
19.9MB

Download
memory/15532-12759-0x000000006FB90000-0x0000000070F7B000-memory.dmp

Filesize
19.9MB

Download
memory/15532-12756-0x000000006FB90000-0x0000000070F7B000-memory.dmp

Filesize
19.9MB

Download
memory/15532-12714-0x000000006FB90000-0x0000000070F7B000-memory.dmp

Filesize
19.9MB

Download
memory/15532-12753-0x000000006FB90000-0x0000000070F7B000-memory.dmp

Filesize
19.9MB

Download
memory/15532-12726-0x000000006FB90000-0x0000000070F7B000-memory.dmp

Filesize
19.9MB

Download
memory/15532-12729-0x000000006FB90000-0x0000000070F7B000-memory.dmp

Filesize
19.9MB

Download
memory/18332-12612-0x0000020D53470000-0x0000020D53C1E000-memory.dmp

Filesize
7.7MB

Download
memory/18332-12548-0x00007FFB56C90000-0x00007FFB56C91000-memory.dmp

Filesize
4KB

Download
memory/18332-12547-0x00007FFB54EB0000-0x00007FFB54EB1000-memory.dmp

Filesize
4KB

Download
memory/18400-12613-0x000001E66AF30000-0x000001E66B6DE000-memory.dmp

Filesize
7.7MB

Download
memory/23196-12696-0x000001FB4B2A0000-0x000001FB4BA4E000-memory.dmp

Filesize
7.7MB

Download
memory/25124-12743-0x000001611D690000-0x000001611D691000-memory.dmp

Filesize
4KB

Download
memory/25124-12744-0x000001611D690000-0x000001611D691000-memory.dmp

Filesize
4KB

Download
memory/25124-12733-0x000001611D690000-0x000001611D691000-memory.dmp

Filesize
4KB

Download
memory/25124-12742-0x000001611D690000-0x000001611D691000-memory.dmp

Filesize
4KB

Download
memory/25124-12741-0x000001611D690000-0x000001611D691000-memory.dmp

Filesize
4KB

Download
memory/25124-12740-0x000001611D690000-0x000001611D691000-memory.dmp

Filesize
4KB

Download
memory/25124-12745-0x000001611D690000-0x000001611D691000-memory.dmp

Filesize
4KB

Download
memory/25124-12739-0x000001611D690000-0x000001611D691000-memory.dmp

Filesize
4KB

Download
memory/25124-12734-0x000001611D690000-0x000001611D691000-memory.dmp

Filesize
4KB

Download
memory/25124-12735-0x000001611D690000-0x000001611D691000-memory.dmp

Filesize
4KB

Download