e8af3b1da50eaf205a850b609433908755cb6f35e1c0d1245b538e3dc8c5c785

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21-11-2024 11:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
Size

4.7MB
MD5

ee3890b41f9ecd3eff71b8e4b5ac35fd
SHA1

bb3760f6214413987b35be1e3fa5b72e75df0647
SHA256

e8af3b1da50eaf205a850b609433908755cb6f35e1c0d1245b538e3dc8c5c785
SHA512

af3628b8de1a52b7f2fb52ae7c1e57e8fa77fc69d47b41157ea4bf39a38ceb185cd4b966f1fe34063aa22155b016a60b9147fdb39e992bf5edea9df468e03d68
SSDEEP

98304:EPQEh5Wx9bqsQX+rE5Wlskps9xj9GMxE+vIwhMIQbm69CEN6rV:wxh0qsQOoJlhJhpkmIm

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe

Executes dropped EXE 10 IoCs

pid	Process
2272	steamwebhelper.exe
5088	steamwebhelper.exe
1816	steamwebhelper.exe
9444	steamwebhelper.exe
7808	gldriverquery64.exe
9664	steamwebhelper.exe
9784	steamwebhelper.exe
9912	gldriverquery.exe
10092	vulkandriverquery64.exe
10132	vulkandriverquery.exe

Loads dropped DLL 46 IoCs

pid	Process
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
2272	steamwebhelper.exe
2272	steamwebhelper.exe
2272	steamwebhelper.exe
2272	steamwebhelper.exe
5088	steamwebhelper.exe
5088	steamwebhelper.exe
5088	steamwebhelper.exe
1816	steamwebhelper.exe
1816	steamwebhelper.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
1816	steamwebhelper.exe
1816	steamwebhelper.exe
1816	steamwebhelper.exe
1816	steamwebhelper.exe
1816	steamwebhelper.exe
1816	steamwebhelper.exe
1816	steamwebhelper.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
9444	steamwebhelper.exe
9444	steamwebhelper.exe
9444	steamwebhelper.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
9664	steamwebhelper.exe
9664	steamwebhelper.exe
9664	steamwebhelper.exe
9784	steamwebhelper.exe
9784	steamwebhelper.exe
9784	steamwebhelper.exe
9784	steamwebhelper.exe

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	gldriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vulkandriverquery.exe

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe

Suspicious use of AdjustPrivilegeToken 60 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2272	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2272	steamwebhelper.exe
Token: SeShutdownPrivilege	2272	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2272	steamwebhelper.exe
Token: SeShutdownPrivilege	2272	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2272	steamwebhelper.exe
Token: SeShutdownPrivilege	2272	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2272	steamwebhelper.exe
Token: SeShutdownPrivilege	2272	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2272	steamwebhelper.exe
Token: SeShutdownPrivilege	2272	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2272	steamwebhelper.exe
Token: SeShutdownPrivilege	2272	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2272	steamwebhelper.exe
Token: SeShutdownPrivilege	2272	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2272	steamwebhelper.exe
Token: SeShutdownPrivilege	2272	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2272	steamwebhelper.exe
Token: SeShutdownPrivilege	2272	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2272	steamwebhelper.exe
Token: SeShutdownPrivilege	2272	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2272	steamwebhelper.exe
Token: SeShutdownPrivilege	2272	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2272	steamwebhelper.exe
Token: SeShutdownPrivilege	2272	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2272	steamwebhelper.exe
Token: SeShutdownPrivilege	2272	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2272	steamwebhelper.exe
Token: SeShutdownPrivilege	2272	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2272	steamwebhelper.exe
Token: SeShutdownPrivilege	2272	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2272	steamwebhelper.exe
Token: SeShutdownPrivilege	2272	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2272	steamwebhelper.exe
Token: SeShutdownPrivilege	2272	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2272	steamwebhelper.exe
Token: SeShutdownPrivilege	2272	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2272	steamwebhelper.exe
Token: SeShutdownPrivilege	2272	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2272	steamwebhelper.exe
Token: SeShutdownPrivilege	2272	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2272	steamwebhelper.exe
Token: SeShutdownPrivilege	2272	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2272	steamwebhelper.exe
Token: SeShutdownPrivilege	2272	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2272	steamwebhelper.exe
Token: SeShutdownPrivilege	2272	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2272	steamwebhelper.exe
Token: SeShutdownPrivilege	2272	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2272	steamwebhelper.exe
Token: SeShutdownPrivilege	2272	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2272	steamwebhelper.exe
Token: SeShutdownPrivilege	2272	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2272	steamwebhelper.exe
Token: SeShutdownPrivilege	2272	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2272	steamwebhelper.exe
Token: SeShutdownPrivilege	2272	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2272	steamwebhelper.exe
Token: SeShutdownPrivilege	2272	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2272	steamwebhelper.exe

Suspicious use of FindShellTrayWindow 16 IoCs

pid	Process
2272	steamwebhelper.exe
2272	steamwebhelper.exe
2272	steamwebhelper.exe
2272	steamwebhelper.exe
2272	steamwebhelper.exe
2272	steamwebhelper.exe
2272	steamwebhelper.exe
2272	steamwebhelper.exe
2272	steamwebhelper.exe
2272	steamwebhelper.exe
2272	steamwebhelper.exe
2272	steamwebhelper.exe
2272	steamwebhelper.exe
2272	steamwebhelper.exe
2272	steamwebhelper.exe
2272	steamwebhelper.exe

Suspicious use of SendNotifyMessage 15 IoCs

pid	Process
2272	steamwebhelper.exe
2272	steamwebhelper.exe
2272	steamwebhelper.exe
2272	steamwebhelper.exe
2272	steamwebhelper.exe
2272	steamwebhelper.exe
2272	steamwebhelper.exe
2272	steamwebhelper.exe
2272	steamwebhelper.exe
2272	steamwebhelper.exe
2272	steamwebhelper.exe
2272	steamwebhelper.exe
2272	steamwebhelper.exe
2272	steamwebhelper.exe
2272	steamwebhelper.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4460 wrote to memory of 8896	4460	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe	99
PID 4460 wrote to memory of 8896	4460	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe	99
PID 4460 wrote to memory of 8896	4460	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe	99
PID 8896 wrote to memory of 2272	8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe	100
PID 8896 wrote to memory of 2272	8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe	100
PID 2272 wrote to memory of 5088	2272	steamwebhelper.exe	101
PID 2272 wrote to memory of 5088	2272	steamwebhelper.exe	101
PID 2272 wrote to memory of 1816	2272	steamwebhelper.exe	102
PID 2272 wrote to memory of 1816	2272	steamwebhelper.exe	102
PID 2272 wrote to memory of 1816	2272	steamwebhelper.exe	102
PID 2272 wrote to memory of 1816	2272	steamwebhelper.exe	102
PID 2272 wrote to memory of 1816	2272	steamwebhelper.exe	102
PID 2272 wrote to memory of 1816	2272	steamwebhelper.exe	102
PID 2272 wrote to memory of 1816	2272	steamwebhelper.exe	102
PID 2272 wrote to memory of 1816	2272	steamwebhelper.exe	102
PID 2272 wrote to memory of 1816	2272	steamwebhelper.exe	102
PID 2272 wrote to memory of 1816	2272	steamwebhelper.exe	102
PID 2272 wrote to memory of 1816	2272	steamwebhelper.exe	102
PID 2272 wrote to memory of 1816	2272	steamwebhelper.exe	102
PID 2272 wrote to memory of 1816	2272	steamwebhelper.exe	102
PID 2272 wrote to memory of 1816	2272	steamwebhelper.exe	102
PID 2272 wrote to memory of 1816	2272	steamwebhelper.exe	102
PID 2272 wrote to memory of 1816	2272	steamwebhelper.exe	102
PID 2272 wrote to memory of 1816	2272	steamwebhelper.exe	102
PID 2272 wrote to memory of 1816	2272	steamwebhelper.exe	102
PID 2272 wrote to memory of 1816	2272	steamwebhelper.exe	102
PID 2272 wrote to memory of 1816	2272	steamwebhelper.exe	102
PID 2272 wrote to memory of 1816	2272	steamwebhelper.exe	102
PID 2272 wrote to memory of 1816	2272	steamwebhelper.exe	102
PID 2272 wrote to memory of 1816	2272	steamwebhelper.exe	102
PID 2272 wrote to memory of 1816	2272	steamwebhelper.exe	102
PID 2272 wrote to memory of 1816	2272	steamwebhelper.exe	102
PID 2272 wrote to memory of 1816	2272	steamwebhelper.exe	102
PID 2272 wrote to memory of 1816	2272	steamwebhelper.exe	102
PID 2272 wrote to memory of 1816	2272	steamwebhelper.exe	102
PID 2272 wrote to memory of 1816	2272	steamwebhelper.exe	102
PID 2272 wrote to memory of 1816	2272	steamwebhelper.exe	102
PID 2272 wrote to memory of 9444	2272	steamwebhelper.exe	103
PID 2272 wrote to memory of 9444	2272	steamwebhelper.exe	103
PID 8896 wrote to memory of 7808	8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe	107
PID 8896 wrote to memory of 7808	8896	2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe	107
PID 2272 wrote to memory of 9664	2272	steamwebhelper.exe	108
PID 2272 wrote to memory of 9664	2272	steamwebhelper.exe	108
PID 2272 wrote to memory of 9664	2272	steamwebhelper.exe	108
PID 2272 wrote to memory of 9664	2272	steamwebhelper.exe	108
PID 2272 wrote to memory of 9664	2272	steamwebhelper.exe	108
PID 2272 wrote to memory of 9664	2272	steamwebhelper.exe	108
PID 2272 wrote to memory of 9664	2272	steamwebhelper.exe	108
PID 2272 wrote to memory of 9664	2272	steamwebhelper.exe	108
PID 2272 wrote to memory of 9664	2272	steamwebhelper.exe	108
PID 2272 wrote to memory of 9664	2272	steamwebhelper.exe	108
PID 2272 wrote to memory of 9664	2272	steamwebhelper.exe	108
PID 2272 wrote to memory of 9664	2272	steamwebhelper.exe	108
PID 2272 wrote to memory of 9664	2272	steamwebhelper.exe	108
PID 2272 wrote to memory of 9664	2272	steamwebhelper.exe	108
PID 2272 wrote to memory of 9664	2272	steamwebhelper.exe	108
PID 2272 wrote to memory of 9664	2272	steamwebhelper.exe	108
PID 2272 wrote to memory of 9664	2272	steamwebhelper.exe	108
PID 2272 wrote to memory of 9664	2272	steamwebhelper.exe	108
PID 2272 wrote to memory of 9664	2272	steamwebhelper.exe	108
PID 2272 wrote to memory of 9664	2272	steamwebhelper.exe	108
PID 2272 wrote to memory of 9664	2272	steamwebhelper.exe	108
PID 2272 wrote to memory of 9664	2272	steamwebhelper.exe	108
PID 2272 wrote to memory of 9664	2272	steamwebhelper.exe	108

C:\Users\Admin\AppData\Local\Temp\2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe"
1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:4460
- C:\Users\Admin\AppData\Local\Temp\2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
  C:\Users\Admin\AppData\Local\Temp\2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:8896
- - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
    C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=8896" "-buildid=1731433018" "-steamid=0" "-logdir=C:\Users\Admin\AppData\Local\Temp\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Users\Admin\AppData\Local\Temp\clientui" "-steampath=C:\Users\Admin\AppData\Local\Temp\2024-11-21_ee3890b41f9ecd3eff71b8e4b5ac35fd_luca-stealer_magniber_qakbot.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:2272
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\dumps "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1731433018 --initial-client-data=0x280,0x284,0x288,0x27c,0x28c,0x7ff993afaf00,0x7ff993afaf0c,0x7ff993afaf18
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5088
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1584,i,8855425727485370293,3305077497993339370,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1588 --mojo-platform-channel-handle=1576 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1816
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=2168,i,8855425727485370293,3305077497993339370,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2020 --mojo-platform-channel-handle=2164 /prefetch:3
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:9444
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=2748,i,8855425727485370293,3305077497993339370,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2752 --mojo-platform-channel-handle=2744 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:9664
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3088,i,8855425727485370293,3305077497993339370,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3092 --mojo-platform-channel-handle=3084 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:9784
- - C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery64.exe
    .\bin\gldriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:7808
- - C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery.exe
    .\bin\gldriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:9912
- - C:\Users\Admin\AppData\Local\Temp\bin\vulkandriverquery64.exe
    .\bin\vulkandriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:10092
- - C:\Users\Admin\AppData\Local\Temp\bin\vulkandriverquery.exe
    .\bin\vulkandriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:10132

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f8 0x244
1⤵
PID:3040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
1349160cd4198aca5ec3381d4fdf068b

SHA1
5db3b38e08d066a161b9694215873cdb6b6cf4f4

SHA256
a9189f0e6cca637aa7039ebf32f69270b918719744d18e031e4352a952b75baa

SHA512
45c0b52cf85b57747203f0e415a7e08781542b7f975c4dc13af72f932363bb8650e2b95829d23e6dccf1e93990d02fe57b00d2c0cc149f5d1d4c9f2809f1cb30

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
50006ab609917907bbb4610f45e6d04e

SHA1
2f173b9811aca3363afcc77dcbce09e9839f85c0

SHA256
c2e5eda2191b40b3f4bc14ec7d401fc12cb43cfcaec19c21eab6eea823bedf02

SHA512
1145834d4d66c87b0a8d36140c146bf462b390cc82ca1adc65d6c5a0577553271a8644e772d7810f54021256ec77f37335cf44ccb1e56b8b7230e32756793947

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Local Storage\leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Local Storage\leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\CSERHelper.dll

Filesize
121KB

MD5
833d30fa5bd04e2011cb6b9d7081dded

SHA1
4c8a9cccbecb4d06ec76cc38a9c850f05a020057

SHA256
09d4c2067217b1900d4d7a936969f809821649b10ed8afd0f49de2871f7a3784

SHA512
649d2c1f9cf34a220e3bb67b1a656dcb290be0a3522f87fd4e948121a25153f73bc53c06d8997744cf8cdc82486a4a902d6b0c9da87ec190abe624edbb9c04ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\GameOverlayRenderer.dll

Filesize
1.2MB

MD5
314d35c4296117456c3faf8818ecaf08

SHA1
63248c426438b41f5c326bfb67aa5c769ff685ef

SHA256
e3cbd619f3e7d96ca7cbefc6b485bd119bccf32dd11767c612112491e98ae7dd

SHA512
7f12b8321f397852ff665993528337bc52517741d1ccb6f6a6693188924f490b812571a433a86123615e9623ee9239e120e75116ad768647c3170fd4f3e8a0d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\GameOverlayRenderer64.dll

Filesize
1.4MB

MD5
685583d40d5e344fe0d436e2acce6fce

SHA1
3a73373eabfc81a463d39bf0d00801f64af77c29

SHA256
42aa5d63bbab3953a5c280048688f6c3e1402b8786c4c69005c5e8a1e165abfe

SHA512
2a7528d1e0792bea5731a07355a1d3991057085536106c68d96fc9d1b41313fb63c4ee2d85029b55299b4c19fb5d9091f78cfc8bfab0dcd15bd82090bbefd40c

Download Submit
C:\Users\Admin\AppData\Local\Temp\GameOverlayUI.exe

Filesize
379KB

MD5
74610dc932ef2f977c1b250cdbd75a3a

SHA1
4555a3a2365cfb0f7e8df228aee0fd14c4da785c

SHA256
828e2af8dc9c20c79fed02bca397d984095e6c01b91816cf0810e3f209641878

SHA512
937ae494c68c34d379be8b51ec68f682852c2dca863a30dfa6c27cce82b4162bacb5742fd38b5ef80a17d3000bb578c8a2271b9dad8a4ae80dac8451518b7ecb

Download Submit
C:\Users\Admin\AppData\Local\Temp\GfnRuntimeSdk.dll

Filesize
2.5MB

MD5
2295e64498c97512de4f006eed191d31

SHA1
51f8f969d65d5611b9f16e13b48f4a246af26899

SHA256
78fc4bce302745a4851ce32f33e81c17d09c679a291fc4b4d7862c7b15f56e33

SHA512
b9525b2125330111d0b463125ee702adc79e8b027858a2bd4233697ecc9d6b80ec80433afc46d97f61bf0e4490273b0e86908d2d78587397d862923a3d9cff83

Download Submit
C:\Users\Admin\AppData\Local\Temp\aom.dll

Filesize
7.1MB

MD5
d764264518e77cc546a5876c3bcebad4

SHA1
ea17d45b396fa193a851bfd345e2b2c20ad60e12

SHA256
e78492de0ab575add50b925bfd44216d224d09904a9b14c17087a92fdcbc15cd

SHA512
7cf132ea5254a55c08186ffcf5e47360ef5ddd57d03d7051171f6753b22e3925304d183c2037bfd320ad56c08e079f9b2c4640db8cb3dbd38ff500c7a39e997f

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\audio.dll

Filesize
183KB

MD5
bc83f9686398c71c4c574a408aae7dc9

SHA1
f11656e4faaad6d5c3a3c9d9f282352cee63d4e0

SHA256
7115452974e926c0358b04d24ddf061ad39bba4fe97287fdaec836fb9fdad297

SHA512
432cc5ed06a906c753b94e85033b8b4d7d0ef7277c58659df7a504d9bf2644c6a284ef75748d24f66dd515d19156c0212e9afb3dea7554a9e8ecb7e2288192e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\SDL3.dll

Filesize
2.4MB

MD5
089ce60c3acbf2ad2d971276f0ea2dec

SHA1
619a2cd9eea4f4697b9159705a0a4ba2d39268a7

SHA256
dcfc8feac23438692d09b558ddc2483e623399ec168459629bfa049074c2546d

SHA512
6347ac38099946af8472a6a9786528b19f4e4955c015c6be4b112053f82d55608cafdbdb140fa4d9bb0df9f8db9343d63f32dca83fcb063c5b4b303695c7e05e

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\VkICD_mock_icd.dll

Filesize
622KB

MD5
56bed9df1102c56ab16dfa18d6566a45

SHA1
676dfcb7ba46efc3553233c200aa6411708d7da4

SHA256
a62e04ccbea51ab7b2b7de180e39568b8bc2ac12815c8a41723a4895a96f0e9d

SHA512
2ec7f70da3f98c38963506bc32f52f7b3ecc884f4d45c3939cca0ae6058a5a7868a4486ffbae0b022b1d5f34246655116c255074b48bf27bfe5e377796b1eb0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\VkLayer_khronos_validation.dll

Filesize
15.9MB

MD5
6e5c6cf34346186e3e04827e3f32a06a

SHA1
7e86d14ac69a988cee670fbdcba013a15aa9a100

SHA256
77d8078e35d232b31fd706bdb3d3e9c12b32faf7e51090f417638230b6449808

SHA512
f519e9c9b01406bf8cbb10322e73e5195abd5a39941854efea35b80641da36fbece2ca11d51d28b49f80a5099dee3825f5eed770850c338cdeeea231b3c6db41

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\chrome_elf.dll

Filesize
1.3MB

MD5
1d7c12f54a1c26b49b287ec08da3430d

SHA1
4ae1c3281c61780293340104aeaff1533eb1c59a

SHA256
22abe408da4703c068ef3b4419e09d270b4961096f16ff86d1bac752cab44abe

SHA512
0e2dd6cfafc5f151dcc92d343b64e5ecb1ab31de8913212985a86416f0d623047c5a65fe6211c7cdeff30bb6740e14b99adac3496fa0d799fc3a4115e2ced21f

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\d3dcompiler_47.dll

Filesize
4.7MB

MD5
25c6a5ff6eef9dbeb199aa695d0bac52

SHA1
ebeeebc3f40b161328454119558f06c23bef5524

SHA256
3a70b65777fe52b0871aa6f593a0248f6b886f17c60c2cda09b7e4dc42a91a63

SHA512
8e6bc58a3d73826a17418eb95664a9d98c5c65e67e0f9a4f163bb04750e22ac771e522a63a26798eeb53ed2f9d9e72e22e1158fe06d9c45056722a8fab472296

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\dbgcore.dll

Filesize
211KB

MD5
067f141b175624d7a88a3558484e9d02

SHA1
b314045f58c45484646960463c37b85eea163ed0

SHA256
7a8cbb3ba129bc3a41ffd8315ccce023f4626ec341b35c79c8c84add8bfb7f27

SHA512
344d9990da1460ffa8e19a511a4e975c6c2c7dd21d73dfcc3849729ef33678fbe688f0282fdff799b81c41b2200772f5b36ea488506b6acf11d649f81b653a7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\dxcompiler.dll

Filesize
21.0MB

MD5
e42ccd57a524076ddd278038619c3861

SHA1
331eaed6c9d6e97bd58b76e346a10bcf54ec2a14

SHA256
2077446491af4a4a92e69c249d6b79a8b7a090ae5d3f6b525cb59dbfde9baace

SHA512
5e74839aadbbd492e482281e199f76c498a93ab62b533b7275ecf30f6df34db22dfc9daaa1e41a7c91a7e50a2699d5cdf50a7165384c0ad1b5068ad1ccda1ffa

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\dxil.dll

Filesize
1.4MB

MD5
d2a3821ff8201eb0f095b805db0fb4d7

SHA1
550576dca8bf7ee81f175d5eb65631a507ff0cbe

SHA256
9137f402f2687d5c2d83dfa7e15180ceb9ae29d741b16506aefef18f94d4768a

SHA512
f4aabeecff7a5579c41dd65a2c408383ff164224e30a5d81ca39f4aa31db8b42efcf7bffe4303fec87541d90a0c38354c44028c6dfdcb9c060f24c065e03ecb2

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\eventlog_provider.dll

Filesize
17KB

MD5
2d35374fd25759e50c61f42a07bbb861

SHA1
09a5932bb4add6414c896992bc3c8c272d927cd2

SHA256
7b7576bfcc2173557713ea9a5c9b0a2ec816e956a90b4e2194709764ed337cb3

SHA512
fcb1d30f0b4518eb68579d6cf156bd5e1454d08b92714c5fe3544c8ca07f2764f6a9fc5caa1ed9beca5b3a8b5d10d28e9660a4115e1d9fd6d0162aa01953b9d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\libEGL.dll

Filesize
472KB

MD5
3a304c8e873f8dd2bc6e24f90bf9fccd

SHA1
26f44bc752f99780af4ad4971a99f27204bc3381

SHA256
591623ae0702765d55580edd0a5c0add25dfda32d4d5c41767588626175316bf

SHA512
5fa50ea4a1028f47187021bc50cb2d63730d024e7d3bd048100f836e45bf364d8f69ac01f142254ef52a8517dff4d58ded548e0c524d366c49c3fad86d11f518

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\libGLESv2.dll

Filesize
7.7MB

MD5
3cd37ca91216ed0b7fcd78beb2cc15c9

SHA1
7ab7ebd83fc094a64a1d3fb68fb90912e1447a90

SHA256
7ed85c93fca522e485cfa4a9688bfe5c5ccf1b3dc3ad4a518fba7582f2208061

SHA512
810b7bb12e6ee24fbde119923b4db804a3aa410850c587d94ad232162b962b9a0e179c2857511b16aa2c3a257443202fc8320c5237be4daef435e6acc8907f96

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\msdia140.dll

Filesize
2.2MB

MD5
02229c4846fcdea33d8afa6c5027a8d0

SHA1
1ceaea09a8efec2a26c3c557cfc988af21739db8

SHA256
f430f70c0aaef9ac63b6c8119dc2e4b946d2f11254be094bb023e785a7d984cd

SHA512
44d58947d3496ed254cf1ab378b3341c5ca6d082f338b0523fff7ca529904e28c83d41a553aac24738e62b1666489f4e4a6efb26ee3d8879244449c538bc1df0

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\msvcp140.dll

Filesize
552KB

MD5
f63106b5dfee9ce783c48e18c7946d23

SHA1
641b1f1d0126923a8863f269348425b8519aa9b6

SHA256
5d112ddf70fb8f538e6584f735e3d39ea4033bfea3cc31de376718cc612d78b3

SHA512
91126343191bd4b3004d1bbe12c9dbd08861bc8529d9200ccc845e745b23cd6810bd2a7e69ba8b196f2e43873f74a7b9d208e7dfa1744418a5ac7894d33e4a9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\openvr_api.dll

Filesize
806KB

MD5
4398179b668c70f4464ce9448fa0bac3

SHA1
a12848d2488fbd31a2481922664a2875f162bbdd

SHA256
0ba4d3049449403e1966cf8922ac5c2e6130fabe72c0cc6b3218da82f9110ac9

SHA512
98db440b4c220a9e71b60104c819c402bd88b6c10b9ed518660e8550884fa518e165bf20ec2d85a4bb5c379a28e9524d4b69dd25dc599e062498670fe8f28bc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe

Filesize
7.1MB

MD5
5dc04fc2fb7a50a2f279767157ccecff

SHA1
67591c7f1437711d192dcb068766793b46829ffe

SHA256
f0369878cea2ca95d2e5e00ec3147c013288a5738472b19dd4c249bf8c41df3c

SHA512
153e6ae192bfd1bb05dae26dc376486927bdbe2091b6891d21c59368a213a71e5dd8ec2a634ae84921dbe0d87541d17df05d87b5cc7f85e0483e033e6c0e6852

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\vccorlib140.dll

Filesize
334KB

MD5
6672493b9344f8b778b1b7479b891acc

SHA1
970bb9b5171ff54bbedbcfb786b36f526cdd3e75

SHA256
eb476ca01260fb15f5aec9224ca98fd377c3054428261039215bd9c5cb131e6e

SHA512
0204754bd999e49c17c7f998957cde9f83f709a7135c0a37c8e0a851dc30ba589f74ee56f2b4d3ffccc1ff1ee3ab4d353718a6832916f87dbe6253cfc3ebd53e

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\vcruntime140.dll

Filesize
108KB

MD5
c222a309ccc76458e178bb9b222c7b80

SHA1
2d422417691c7af551549ea66144e9e32636e9e3

SHA256
bd7155d139347f53663311ffcf0818450061738ae77274499c751686803196e0

SHA512
e8355e04aca341ebdb9bc803ff009e7dfc649ccd77351f2afe58131342eeaee1c23b0a143d61f8779627abd30f253d6972c66ad46a201c961294a35637a0b890

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\vcruntime140_1.dll

Filesize
39KB

MD5
1bfd347f502ae7aad8479e2f181bbb17

SHA1
97246413d67afbfdf5a3d1fcdfaf634fb6ce6860

SHA256
ea1c838839e3a25ebf638e5ea38fd0c5cb7fb5ee3d5516a161875218df5b5f42

SHA512
755bd706415809bafbe276cf33823fa571be74b5a4a309343dc4238b08ed06f5598cc4392bd8cb348d8d537b1036fe94a03d7119b45ae0d326d181f7a58183c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\vk_swiftshader.dll

Filesize
5.1MB

MD5
cf500acba505f5e8aa149f7f2fd1e7d6

SHA1
2d0891a8795589df739ab14eea6daffefa60aa9f

SHA256
2cc5eeb19c548fe12a98c5fa3af2db4fbfc9d532876882d932a53b8ea70607a7

SHA512
72cc837c995964314731179c92c78ad0341960d43c279a549ea5b42c782904906587d61dcd037f7f4ab08860088923437fb4c690d3aa524d9fdb11dd1577f667

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\vulkan-1.dll

Filesize
940KB

MD5
21a1de954341a4f0aeffc96597aae998

SHA1
43f03e0deb26b2881cccbe697f423b4ddf268ab8

SHA256
5f199e6aae466d014af27c3a26776ad19509e1f62fa33d9dfcd6d4fb864543cb

SHA512
0766a6c838b44be7872c7f302ef9632ea08a696921c26f4f7941db2dcad572ef7c394d2bbf6cbea0b7e2bc7219b3da815bb949ed053b6c5cfee91b737306a381

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\winh264.dll

Filesize
169KB

MD5
a269bc8562b7e02c5d08d4744be28b1c

SHA1
9facc69bc62804caeb3b7caa5e0b4551c582a5c0

SHA256
80ce8eec4c5ced50cc51766909302f274b7f846965103f20a5c1e31a59d53d23

SHA512
8cfbd769ac075151958d89cbcc4eaebb1833e33398b20e5c5c3b8840a339c7fe2888f1a04b49fc60bc5df05c43bd2df1aa09b2eb2b1fdc4e97a46eb5da40081f

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\chromehtml.dll

Filesize
1.4MB

MD5
402b256302979c23697675744d0d9928

SHA1
a9b9af0efb89ec55cf9993226acd69daa557fcca

SHA256
ed5c3bc27b61cecbb55a7a71bbdd8d22c55c3da1102af1ea0af9de0444c77bf7

SHA512
a5131fdef028cfa76d517b4d9fb4cade0e2226693f5ca4c93ed75b24064492ec87a65f091e617a4d333cff44d68406bee75edda4947d5cabe502267b54e9c54e

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\drivers.exe

Filesize
7.2MB

MD5
ef801f4408581f653cfbebc626497efd

SHA1
dd5567e76186cb3ee562326da4a948724b49ba77

SHA256
ab5830db258a4857abca8c999ddc8562ac1a1f1a1d27af758be1d11c08e9dce3

SHA512
c152af5fd8b3b243d68f3db69711e03238fa96f3152095b985d47ab5da1d751eefbf45649dde4b52fb64788a2b29452a1ad5eb26268ec4f617e4cbbc0ea4e067

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\filesystem_stdio.dll

Filesize
193KB

MD5
c651fe4cb63fa2ab73ff1640014c41ab

SHA1
a50583f00ffc33e2cac11fc4aa14f091e5511bc7

SHA256
c8ac320513414f0d3a670d8f7abbdb120346b37882507f88c661ba9981d758a7

SHA512
663c878f46ae17ac5ff3fd8591a50b13fa447a3e234527cd180474bed0a5b9625b1ba98f24c59fb91e8029eb441d876dd2b21538ef9bdea4e6bf9fbbc2ab9bbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\fossilize-replay.exe

Filesize
1.9MB

MD5
f001bf414c50bf600133219a87c92899

SHA1
12eba3b76fd8668739b1cbb295a81eb68e5cecc7

SHA256
929f1f57e08acd21ad28de078578ef5a22803aec207b0e98dabb4140770fc538

SHA512
c8d275f572531177ab5ac1fbe680c0c59403afd273a58deb6ad52fe828349920bdd94852454265172c336cd1de78d023d669d98334e9fb1e678e2a98a806fc04

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\fossilize-replay64.exe

Filesize
2.2MB

MD5
1640cd21b59890eec06dbaa901c79a2e

SHA1
d7212941689dd8d7b4888c0d431fdd3fc3396091

SHA256
174f1656744f83060f0ce4b72039e67dd53b515feaf4ae8f6102657398e14150

SHA512
f3c2ea93f9d895efcafc39f310d7cf24c8350a0001fd4a6b0827bf400418e56abe6b8cacf5b4ad74a601fa6ffd2bc2d5332c41235f9d1fbb4889fe211cd1a3fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\friendsui.dll

Filesize
2.7MB

MD5
41d3daeacbff89447b88e4d513aab07d

SHA1
4c8629c8df0bff2c62ef31a7000782522b23416a

SHA256
4bd421e8110c10c461028ce79bfe21342a4a1840166f616d1ef965e9270bbbe4

SHA512
956bec8a88476312936a1dd25f253044d58fa0b6867477c5968f05f7cc619fc0f98e4ff6db0fd626dfd78d424835794fb83e7555b7fd323b2dcabcb12b70cfce

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\gameoverlayui.dll

Filesize
4.1MB

MD5
32654f8d701709885c6aeac747943798

SHA1
8767e95ec51b953b637f85e21d0fa05e2687c670

SHA256
a55096495d813151bc201811f32deb6f2c59794db972b8968105ec624d0841fd

SHA512
6570a689bcd8f513200a794f847038fc33b42b28353dc4fdfa9a59bb63872f23651c05a30cda6856d1bf6d8274acdf18241c26b670a898e8234d3d72ef18a2ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery.exe

Filesize
45KB

MD5
d6d6ddf71c2a46b4735c20ec16270ab6

SHA1
2e6d36d000a498c6811fcdc49dcf316bfbafa5ce

SHA256
0d422efdfa17dc6e1ebf0ed9e2902fd7c0eaa2f77b8a5a8f1df1478453a37ab8

SHA512
4b422c55cfca42f3f4ec441d7c01bf1ce6943ca00beb3919cc86bbd63a850bb859090b9f16cd0d0ad0723b662afaa2a994f4e319a7c5801af1fc57ad54708047

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery64.exe

Filesize
941KB

MD5
519ccd21fc4a0f26debd33320c50df57

SHA1
416c1d65e0dbae21b6f7c43e32c194581bd8488b

SHA256
23b4063251315814e188d64afe08ea49979f5fb2b74b86860e655a1a4d8fe4e3

SHA512
6e8b5d54b928ddf8ad33da84b7a38cc1b971ec9aaff95ac9c5ff73d5646d2044d99c69ec137b1acd86a9ceead2626bfac08281186452349890c11e302c58255e

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\mss32.dll

Filesize
430KB

MD5
d6d952c03fb8b6f9c63761213ec4d4af

SHA1
e12800f2bf9e09e6ae9dda5ac2f4b775781993f2

SHA256
9c832318a05290ebef3bd809cbbc7df70a08cbd86745899eaeb169d5a42bf99d

SHA512
587db5b9a224550ebb5a52f185824daae6ec2a60f457b7276c80bcd8d4bf4eb4bf36e2efff9280ebca7cb339836b50e338482a05e107a7192c51ad8b93c21f90

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\nattypeprobe.dll

Filesize
159KB

MD5
4708efb8944ea8678acb8dde84ae222b

SHA1
0e60ea0ca643048501ae7009caf92aec52f468b8

SHA256
4896d22d8d901d77b97bd88272fcfef0fd2df9abf69422bf7d9c454c1ed52549

SHA512
1d64d2dd0400a0ac634c049e7bfae1878c1e361a5d45b4809040e4390161c38a113e2ed6de03cc3a17abae0341d226d57bcbb158e617bc014f3cf8cb3bb1abd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\secure_desktop_capture.exe

Filesize
2.9MB

MD5
689fe340a9f4d9409003aa736b44f0bb

SHA1
8e1b945e49fb7cc963779d40188de993542ab524

SHA256
c8614f71d5060c25694ec7b0e80b0127b333ccc41d4e2bf438ada318d6b72492

SHA512
834f66a0e266809536cdd14cf471ee888509cbd4f81a38f2e489b545b68070cf7cbae1d5fac976ac8735b32eb99dd0cb0bb46e0a53fcab75feccf868a0998af6

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\steam_monitor.exe

Filesize
575KB

MD5
db795f90cbdc4d29da404aecb603cd6e

SHA1
34939eedb30a18d663b77b9a331a6282682d1cff

SHA256
ef4456e686664257167d8f2a1724664e3e7c8b49966b9397facdcf632899bdd6

SHA512
8364d2222450d1e9076d0056567d610e4348f3d3f8743bb8c328fcf4c73f640f9b10c1997d67d6b7b4b0d3ca4dc75a18fefb2fef9920d001a515af09cb797f88

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\steamservice.dll

Filesize
3.2MB

MD5
707f328992e7628202984074716c01b4

SHA1
e2257b4d70235ea7a81f13c4a610b13653122865

SHA256
639532314bf3d56355ad8d35d158d5f216ae335ebc8d6a40ec1050a8b0236870

SHA512
8e7e35f2b82edea04fa37809927ce8f7ae389a95eb8cbd9b2894c3c9d1ddfa3bafdcc8b57646779d96029ae74c2442543aeff021c1da05731c11be8f81b60aff

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\steamservice.exe

Filesize
2.5MB

MD5
49d1cfb4e4cf6350f1dfa1a493227381

SHA1
b9a159f46a15f2823338cf0a4c974c8e056d57c5

SHA256
1904d4df10dd5aed32d968b0c6675f913e3503ac0e4e16f300834283c79802fc

SHA512
b6c178ca0c61920aed8c2f0b8ca05339dabe3c3e66234367f97e467809d7d1524a39efbe20a68d747a5b2e816bc0a39ad31f51f5733d485d941c38e240c69d63

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\steamxboxutil.exe

Filesize
622KB

MD5
33d7955809a940d4162d165991b2a12a

SHA1
f8907a5612214e78556e093d39ea79f566c95aee

SHA256
83baeded517d83b5f4c3fbb498536787f070d436942284a4f619f6114a56f280

SHA512
2a979ea4ce9bd240acf341c5c52c0bab4dbe97ab9f1dddf2a08f81d62c85da95b61d012575bd7564b91233ad5e72ca5edd4bfdb815f1d184ab663822c1cae86a

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\steamxboxutil64.exe

Filesize
753KB

MD5
cb04b45abd514b12e5dd82982102dd2e

SHA1
e62359285eb5aa22556ec4b728ed524deff1d1cf

SHA256
a17a06da731bf3ef02542fc0fb9ceceae4025366872a7793fe4beb8bfa906579

SHA512
09a307f5b1fda8c195fb5bab10f9bf97700440862eab8bf93b7be633f2089ba843a333465be78edeafc069cdceeeb1bf092e77613b56b2c409914cfe083c07cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\vgui2_s.dll

Filesize
849KB

MD5
d476e5c698ff4a2a8f25e4bdb97006cb

SHA1
e2dc89198c0911e2c94d0ed1b47d696ae1325079

SHA256
aaa8e48deead4d39e0d44b2a3c71100c6c20e9b6b54f7121adc4c29eca4ec00a

SHA512
9e16f2502bb65b16e4306acee72fb978d1077e3d47aa5ed80dd06cc68158f79e42b6c5d908942bc79034b6e2ebddbe4441b8f9c42e45f7f46b4ecdac4324c32e

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\vulkandriverquery.exe

Filesize
159KB

MD5
2eaa85bb2dd42c3d2fad0dd0694a5366

SHA1
77b6bd4bf75ea0a4c39b956ef53cba933d2b8d13

SHA256
b1c81dcc0bdabe3d19df925672830740963361fe3f67cc4332ec1f3520d2d8da

SHA512
8357a18349544058dc091b98cc18183ec8359e1f0a2fa4f401bdbbccd128fd02648fc0e1e9e4eb683502d2e70bdd64e9bc6402b1400bd249d082ccda546318b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\vulkandriverquery64.exe

Filesize
205KB

MD5
dee06d4ba8f34297b8ac1c75c2588a7b

SHA1
85ddac85d4112457904286ac4f337c887be26a3a

SHA256
fd6729f9d896d816f94bcb7d0f9a9b153794e468f8d7ffa5ef1f7eaf2c28664c

SHA512
a82d8e1436722028e7c54aca1ec905eed073c8d668619a98f174d3ccd93a066e453a56197cf7fd8b84b263e0c861b1554c788eb2ae39334cc447e9d2fd1a2a1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\x64launcher.exe

Filesize
417KB

MD5
6446bde1a8847a671546aed468db14c1

SHA1
f8f2cd027a8226e79233fb3e1ae3079a0881126f

SHA256
4fcb04e0f766b4a43f4e71da97c6211e7a013dfea39cfe26cedff69100dd67be

SHA512
14b664f39257654ece1fbc2fba9b500b060dc77c8286af17361743c611307e52ad9214d41d4c6443b99b66c4e9b395f7d1f959bc525399445d75f730f9afa4fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\x86launcher.exe

Filesize
384KB

MD5
eb36015c73cb830021597277044430d5

SHA1
e9f179609c5ae399228ae5b6a7e5594b1c1e7c17

SHA256
90453b0e949408d7f83b557170ddb00bc63ad4d99a73e1bffb82d41958384b35

SHA512
58cfe8718fdcbf051a808fefb9717ce38c078a7d465da7d5d86d89c2e8e8a7310482ad950a0644445b71ff9de38ac692e633a1c774c0404df93b5436b6af8b93

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\xpad.dll

Filesize
67KB

MD5
da9506e800e13da0abba32bb0c105382

SHA1
78447c8fc4633b86d3cea374fb619fb53e9f9ad7

SHA256
cc42da948da5be1186ed92265f2b5dd895795ac9ed264efe822b242946ad9f39

SHA512
e9161d557fb306f460251ed49fa056e5f7220e4fac859caafaf59db8a1cef0d52c320dbf97238bd73f54362afc232f9ee2c4e0fc79faeecfe382a00b12b11c90

Download Submit
C:\Users\Admin\AppData\Local\Temp\config\config.vdf

Filesize
1KB

MD5
6e6a2b18264504cc084caa3ad0bfc6ae

SHA1
b177d719bd3c1bc547d5c97937a584b8b7d57196

SHA256
f3847b5e4a40d9cf76df35398bb555117dfe3626c00a91f2babdedb619d6ad53

SHA512
74199ff275400b451642cde0a13b56709735676959d65da11ac76dd645ab11dac5de048ff7ede0cb8adb3a3056b3ecbeb3dc7481bac3768d02051e564c74b679

Download Submit
C:\Users\Admin\AppData\Local\Temp\config\config.vdf

Filesize
11KB

MD5
27afac792bf57e99893e882224129d02

SHA1
e96c01ef40024ecfd4971786ebfe96be821c08e1

SHA256
bc0730ea6f323659c0dfc41bec62d336072b1f42c0bf6e9c78b8fd730e4f6c94

SHA512
77be97d88308bf9f49356653534d521e17d231b844a3e5b133d108f8567d8d35dc52fca35d386fc8cd03c87313d31341183a5ba5eaaf8e63362a01c32ef8adeb

Download Submit
C:\Users\Admin\AppData\Local\Temp\config\config.vdf

Filesize
1KB

MD5
a2ec2e91c3ef8c42e22c4887d032b333

SHA1
e2c738a2e9400535b74e2263c7e7d1ecefe575f2

SHA256
8f9f970835f133258a7f740126012439385bbaa5a1d6a9d0d967a390977441c3

SHA512
b069d241efb19e09ec8b5e60ef6c43e00d5cc0f774b9340127c2180356dd1964ac625c1afdfaee5f99e72b26f56046fc329aadbbc365b403af765a55e9c9aab3

Download Submit
C:\Users\Admin\AppData\Local\Temp\config\config.vdf~RFe594397.TMP

Filesize
184B

MD5
3cdebc58a05cdd75f14e64fb0d971370

SHA1
edf2d4a8a5fc017e29bf9fb218db7dd8b2be84fe

SHA256
661f122934bbc692266940a1fe2e5e51d4d460efb29d75695b8d5241c6e11da7

SHA512
289c40fae5ec1d3dd8b5b00dd93cf9cada2cb5c12bcfefea8c862ddf0a16dced15d6814dad771af9103b3a5d3016d301ee40058edde3fdea30d9767146d11cd6

Download Submit
C:\Users\Admin\AppData\Local\Temp\crashhandler.dll

Filesize
347KB

MD5
8a181eb1ea07abb3919d7c3d90393410

SHA1
8a21841c78c2402339570b79d8fed8f1dc600633

SHA256
468f40c0e25b884584ccb97deddf4d519ff519e6c02d41de11f98733772bf62d

SHA512
59bdb6d023b4a3d196644b46eb6ab303851c5a647c3b8e0c7ad4373f6154f36fd5762cdf843fc7bd6e970515cbf53b828be9b85521dc8c736426d0d1c89e98ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\crashhandler64.dll

Filesize
464KB

MD5
78e01e843700dfef7eca9fca3c8d6a71

SHA1
f5203adba71cb908549d738d678c9f2185cacbdb

SHA256
0c0cd7247a3e3bbeb19d2b7666640bfa255c14d5c2d9330b9c6cc311e6121b2d

SHA512
b60b7c9ee8cddde914804a8a32e70873c336cb72f1ea4df5ecc380c4c9eadabd223bcf8ff1144770df0ab3cadc9ffaefdfad8605b5a9a162e7e4db7e1c06a460

Download Submit
C:\Users\Admin\AppData\Local\Temp\d3dcompiler_46.dll

Filesize
3.1MB

MD5
c18caa9ba4f06a5d226a892df6dc1d72

SHA1
ed5d55e13cbe6912f3230ad1914777023bc7e188

SHA256
996e5b57c06b5614ee7b26936b29bace62218fb3cad3a28dba9e72bcc66d2698

SHA512
5e2ff504b285c7d48ac97f997a49ee668f407317fdc4d8b73587414e5830a43146c965b2c7d452422576530ac925293f5bdfafd9bfc507ce1a1a4ba824e915bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\d3dcompiler_46_64.dll

Filesize
3.7MB

MD5
52a41f0e49b2208df75609699fc7254c

SHA1
767a92ffbfd726ab4d09c17981caf448c6adedbf

SHA256
9614de7bac24091e2abaf70b3c852ddf9b92a48157c557c3c63d81d88d4d5ceb

SHA512
5b8ce62d69b9057e11091b48170dd805a913b87b25fc4fc343f9002e88c2331e040621c490e09f1eb9e1db61b08c3ee99c8598f78e033775a3e94b2d431505f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\dav1d.dll

Filesize
1.0MB

MD5
27e7b2632474ab74ffc0fae4ad68ef90

SHA1
81d61337044e198433f6b9105f8ee5baa7dd30b9

SHA256
41a835fcd9d66a69544d5a953ccbb9bb88310f3e3f2a0563cf3090aaff1e744a

SHA512
f276d0b59e9297bbf5d500ac98309b883f267ff12a3f1aec74e7fa23055c0cc7a4d309a68da827e33f752a9cb3e8f61eb231b9a7da3b4abb342fe1a15fc7b78d

Download Submit
C:\Users\Admin\AppData\Local\Temp\logs\bootstrap_log.txt

Filesize
28KB

MD5
f320c4ea5e5a0717879fd533a8a69e02

SHA1
1d0f53f8821a7dd3d86e71159eb3ebf574844e7d

SHA256
8da817fada4667247c04f47ea8f01e86e5f46134f7327fe8e992b484b49020dc

SHA512
ee887102493704ffed531ea60c06a07f2193f4c06c7c8eb771221c527ae44009e3d3111eee640dc69c72cf7253e8fc722943b303609e0cfe18bf0d1941a1a4c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\steam_client_metrics.bin

Filesize
3KB

MD5
e427ff544588122004f6191136d7c036

SHA1
a1129f43a1c4663953ab0990c59c5aa7142d5fab

SHA256
dbc724c23b3243c51e4cdf2486cb4f09e84f012cdc6bc7edabc6db6336faa930

SHA512
8278755eaaac54bc300bc661dae3f1933e96bd0bce7195bd83f3ee5f400d6571ec95c8856da79c581c3848dc32d5aec50bae649ac5281009e857dc424b3494e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\steam_client_win32.installed

Filesize
462KB

MD5
543d630a6937b75b65856373080bd116

SHA1
fbb596d8d4e4a82c7b59b37de6258ba038b9a860

SHA256
9daeeed648eb68af509ba4d5d3c6ef5b52c0e6ba89e487e0c0f05c23421d97a1

SHA512
519ae4e0499a75633eb628758a9625c16e4dc50d5bb9676521c89b53e7217ce69730042443387e357d12d22bca1f07d86e3257b14776869a06389245b2f8090f

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\steam_client_win32.manifest

Filesize
8KB

MD5
fe5170d0df394c0f68f44b56c5dd9954

SHA1
bd8b3761e204f4190120a2d0ba8111fa6d4b8007

SHA256
d9128bf6e56002320a8fde94681a3a4614b44a960d4b2578571deeac0b6a9aeb

SHA512
a91b3bc4d2dc3b258c5e12f946fcc2a1fb3f5d55d720c4b000c2c1a78c0f6497611ccc8c5d0d3ef2c6f96a933b0fb09c85acdc46acb47af31d143081811a4ce7

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\tmp\graphics\[email protected]_

Filesize
15KB

MD5
577b7286c7b05cecde9bea0a0d39740e

SHA1
144d97afe83738177a2dbe43994f14ec11e44b53

SHA256
983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824

SHA512
8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\tmp\graphics\icon_button_news_mousedown.tga_

Filesize
20KB

MD5
00bf35778a90f9dfa68ce0d1a032d9b5

SHA1
de6a3d102de9a186e1585be14b49390dcb9605d6

SHA256
cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2

SHA512
342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\tmp\resource\filter_clean_bulgarian.txt.gz_

Filesize
23B

MD5
836dd6b25a8902af48cd52738b675e4b

SHA1
449347c06a872bedf311046bca8d316bfba3830b

SHA256
6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64

SHA512
6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

Download Submit
C:\Users\Admin\AppData\Local\Temp\public\steambootstrapper_english.txt

Filesize
4KB

MD5
27993eb75894ca4894db266ad9b5e61b

SHA1
4def653ee04b0514822b690052598435ec25e686

SHA256
fbc09c1b9a55d04b57be8fb2ad5ab58b38f76054ecd3d1b70440a2d08191b05b

SHA512
eaebeee5b1a7dfb9bdf661623554793d7ef7e15d9f9cf01f94da1eb0b84b88c8f24176463d15c407ebf670c5b7fd4052daea33ba43e75c1de2979487c4987bab

Download Submit
memory/1816-12256-0x000001F30D0B0000-0x000001F30D1C5000-memory.dmp

Filesize
1.1MB

Download
memory/2272-12254-0x0000027972510000-0x0000027972625000-memory.dmp

Filesize
1.1MB

Download
memory/4460-18-0x0000000000400000-0x0000000000948000-memory.dmp

Filesize
5.3MB

Download
memory/4460-12027-0x0000000000400000-0x0000000000948000-memory.dmp

Filesize
5.3MB

Download
memory/4460-0-0x0000000000400000-0x0000000000948000-memory.dmp

Filesize
5.3MB

Download
memory/5088-12255-0x000001F510380000-0x000001F510495000-memory.dmp

Filesize
1.1MB

Download
memory/8896-12259-0x000000006DD70000-0x000000006F0B0000-memory.dmp

Filesize
19.2MB

Download
memory/8896-12213-0x0000000000400000-0x0000000000948000-memory.dmp

Filesize
5.3MB

Download
memory/8896-12191-0x000000006DD70000-0x000000006F0B0000-memory.dmp

Filesize
19.2MB

Download
memory/8896-12265-0x000000006DD70000-0x000000006F0B0000-memory.dmp

Filesize
19.2MB

Download
memory/9664-12131-0x00007FF9A7890000-0x00007FF9A7891000-memory.dmp

Filesize
4KB

Download
memory/9664-12132-0x00007FF9A6C50000-0x00007FF9A6C51000-memory.dmp

Filesize
4KB

Download