Edit tour

Windows Analysis Report
SteamSetup.exe

Overview

General Information

Sample name:	SteamSetup.exe
Analysis ID:	1558928
MD5:	1b34108b77b984e227bbad718d89594a
SHA1:	a75f5432e2ce39dc6c3f190d8d35ee2475a0ae6b
SHA256:	3f27a1a005beb7b1032bf9aef9fe5128ee1cccc332de862717b42d0b7f9c1f34
Tags:	exeuser-J_Jancelewicz
Infos:

Detection

Score:	24
Range:	0 - 100
Whitelisted:	false
Confidence:	20%

Signatures

Connects to many ports of the same IP (likely port scanning)

Yara detected Generic Downloader

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Detected TCP or UDP traffic on non-standard ports

Drops PE files

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

HTTP GET or POST without a user agent

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file contains executable resources (Code or Archives)

PE file contains sections with non-standard names

PE file does not import any functions

Queries disk information (often used to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Stores files to the Windows start menu directory

Uses 32bit PE files

Classification

Process Tree

System is w10x64

SteamSetup.exe (PID: 7340 cmdline: "C:\Users\user\Desktop\SteamSetup.exe" MD5: 1B34108B77B984E227BBAD718D89594A)

SteamSetup.tmp (PID: 7360 cmdline: "C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp" /SL5="$10472,49358704,796160,C:\Users\user\Desktop\SteamSetup.exe" MD5: 5338593C8A3654FEF48E3EFD7FBBE890)

Steam2.exe (PID: 7640 cmdline: "C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe" MD5: 24579F75EE35BDD8E4CCC5351295BD9D)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

Dropped Files

Source	Rule	Description	Author
C:\Users\user\AppData\Local\Programs\SteamClient\is-0A2IM.tmp	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
C:\Users\user\AppData\Local\Programs\SteamClient\is-H6DF9.tmp	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
C:\Users\user\AppData\Local\Programs\SteamClient\is-EL3N4.tmp	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Source: SteamSetup.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{97C23183-77ED-457C-90C7-3FA73E699316}_is1

Jump to behavior

Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:52303 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.254.199.184:443 -> 192.168.2.4:52571 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.254.199.184:443 -> 192.168.2.4:52572 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 155.133.253.36:443 -> 192.168.2.4:52573 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.254.192.98:443 -> 192.168.2.4:52574 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.254.192.99:443 -> 192.168.2.4:52575 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 155.133.253.52:443 -> 192.168.2.4:52576 version: TLS 1.2

Source: SteamSetup.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: /_/artifacts/obj/WindowsFormsIntegration/x64/Release/net8.0/WindowsFormsIntegration.pdbRSDS source: SteamSetup.tmp, 00000001.00000003.1880994045.0000000005B6D000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: /_/artifacts/obj/System.Resources.Reader/Release/net8.0-windows/System.Resources.Reader.pdbSHA256 source: is-JT9R1.tmp.1.dr
Source:	Binary string: /_/artifacts/obj/System.Security.Cryptography.ProtectedData/Release/net8.0/System.Security.Cryptography.ProtectedData.pdb source: is-OL3NB.tmp.1.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\debug\createdump\createdump.pdb source: is-M7PK8.tmp.1.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Text.Json\Release\net8.0\System.Text.Json.pdb source: is-LFOPB.tmp.1.dr
Source:	Binary string: System.ComponentModel.ni.pdb source: is-RT9LP.tmp.1.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.XmlSerializer\Release\net8.0\System.Xml.XmlSerializer.pdb source: SteamSetup.tmp, 00000001.00000003.1880994045.000000000576D000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.Compression.ZipFile\Release\net8.0-windows\System.IO.Compression.ZipFile.pdb source: is-G8384.tmp.1.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Metadata\Release\net8.0\System.Reflection.Metadata.pdb source: is-SELO9.tmp.1.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Emit.Lightweight\Release\net8.0\System.Reflection.Emit.Lightweight.pdb source: is-8Q6ES.tmp.1.dr
Source:	Binary string: PresentationFramework.Luna.ni.pdb source: is-0QI8B.tmp.1.dr
Source:	Binary string: System.Threading.AccessControl.ni.pdb source: is-6E0AB.tmp.1.dr
Source:	Binary string: /_/artifacts/obj/UIAutomationClientSideProviders/x64/Release/net8.0/UIAutomationClientSideProviders.pdbRSDS source: SteamSetup.tmp, 00000001.00000003.1880994045.00000000057A6000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime\Release\net8.0\System.Runtime.pdbSHA256 source: is-E704A.tmp.1.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.XDocument\Release\net8.0\System.Xml.XDocument.pdbSHA256 source: SteamSetup.tmp, 00000001.00000003.1880994045.000000000576D000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: /_/artifacts/obj/System.Globalization/Release/net8.0-windows/System.Globalization.pdbSHA256& source: is-J5Q53.tmp.1.dr
Source:	Binary string: System.Reflection.Metadata.ni.pdb source: is-SELO9.tmp.1.dr
Source:	Binary string: /_/artifacts/obj/System.Xml.Linq/Release/net8.0-windows/System.Xml.Linq.pdbSHA256 source: SteamSetup.tmp, 00000001.00000003.1880994045.000000000576D000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: /_/artifacts/obj/System.Windows.Input.Manipulations/x64/Release/net8.0/System.Windows.Input.Manipulations.pdb source: SteamSetup.tmp, 00000001.00000003.1880994045.00000000055F0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: /_/artifacts/obj/System.Data/Release/net8.0-windows/System.Data.pdbSHA256> source: is-C8Q0I.tmp.1.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Linq\Release\net8.0\System.Linq.pdb source: is-9VBVU.tmp.1.dr
Source:	Binary string: System.Windows.Input.Manipulations.ni.pdb source: SteamSetup.tmp, 00000001.00000003.1880994045.00000000055F0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.XDocument\Release\net8.0\System.Xml.XDocument.pdb source: SteamSetup.tmp, 00000001.00000003.1880994045.000000000576D000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: /_/artifacts/obj/System.Xml.XmlDocument/Release/net8.0-windows/System.Xml.XmlDocument.pdbSHA256 source: SteamSetup.tmp, 00000001.00000003.1880994045.000000000576D000.00000004.00001000.00020000.00000000.sdmp, is-2TVF9.tmp.1.dr
Source:	Binary string: System.Xaml.ni.pdb source: SteamSetup.tmp, 00000001.00000003.1880994045.0000000005620000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: /_/artifacts/obj/System.Web/Release/net8.0-windows/System.Web.pdb source: is-8SOAE.tmp.1.dr
Source:	Binary string: System.Text.Json.ni.pdb source: is-LFOPB.tmp.1.dr
Source:	Binary string: System.Linq.ni.pdb source: is-9VBVU.tmp.1.dr
Source:	Binary string: System.Formats.Tar.ni.pdb source: is-URA97.tmp.1.dr
Source:	Binary string: /_/artifacts/obj/UIAutomationProvider/x64/Release/net8.0/UIAutomationProvider.pdb source: SteamSetup.tmp, 00000001.00000003.1880994045.00000000057A6000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: /_/artifacts/obj/System.Threading.AccessControl/Release/net8.0-windows/System.Threading.AccessControl.pdb source: is-6E0AB.tmp.1.dr
Source:	Binary string: System.Xml.XPath.XDocument.ni.pdb source: SteamSetup.tmp, 00000001.00000003.1880994045.000000000576D000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: /_/artifacts/obj/System.Xml/Release/net8.0-windows/System.Xml.pdb source: SteamSetup.tmp, 00000001.00000003.1880994045.000000000576D000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.ReaderWriter\Release\net8.0\System.Xml.ReaderWriter.pdb source: SteamSetup.tmp, 00000001.00000003.1880994045.000000000576D000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: WindowsBase.ni.pdb source: SteamSetup.tmp, 00000001.00000003.1880994045.00000000057A6000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\Microsoft.CSharp\Release\net8.0-windows\Microsoft.CSharp.pdb source: is-U5CAB.tmp.1.dr
Source:	Binary string: System.Windows.Presentation.ni.pdb source: SteamSetup.tmp, 00000001.00000003.1880994045.00000000055F0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: System.Text.RegularExpressions.ni.pdb source: is-SNOP4.tmp.1.dr
Source:	Binary string: /_/artifacts/obj/System.Resources.Reader/Release/net8.0-windows/System.Resources.Reader.pdb source: is-JT9R1.tmp.1.dr
Source:	Binary string: /_/artifacts/obj/System.Windows/Release/net8.0-windows/System.Windows.pdbSHA256 source: is-7D57R.tmp.1.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Requests\Release\net8.0-windows\System.Net.Requests.pdbSHA256@ source: is-IU0LQ.tmp.1.dr
Source:	Binary string: /_/artifacts/obj/System.Data/Release/net8.0-windows/System.Data.pdb source: is-C8Q0I.tmp.1.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.ReaderWriter\Release\net8.0\System.Xml.ReaderWriter.pdbSHA256 source: SteamSetup.tmp, 00000001.00000003.1880994045.000000000576D000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.ComponentModel\Release\net8.0\System.ComponentModel.pdb source: is-RT9LP.tmp.1.dr
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: SteamSetup.tmp, 00000001.00000003.1880994045.00000000057A6000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Memory\Release\net8.0\System.Memory.pdb source: is-219L9.tmp.1.dr
Source:	Binary string: /_/artifacts/obj/System.Data.DataSetExtensions/Release/net8.0-windows/System.Data.DataSetExtensions.pdbSHA256 source: is-5A8TQ.tmp.1.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Emit.Lightweight\Release\net8.0\System.Reflection.Emit.Lightweight.pdbSHA256 source: is-8Q6ES.tmp.1.dr
Source:	Binary string: /_/artifacts/obj/System.Configuration.ConfigurationManager/Release/net8.0/System.Configuration.ConfigurationManager.pdb source: is-EVMTH.tmp.1.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\win-x64.Release\corehost\fxr\standalone\hostfxr.pdb source: is-21558.tmp.1.dr
Source:	Binary string: /_/artifacts/obj/System.Data.DataSetExtensions/Release/net8.0-windows/System.Data.DataSetExtensions.pdb source: is-5A8TQ.tmp.1.dr
Source:	Binary string: /_/artifacts/obj/WindowsBase/x64/Release/net8.0/WindowsBase.pdbRSDS#F source: SteamSetup.tmp, 00000001.00000003.1880994045.00000000057A6000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: UIAutomationProvider.ni.pdb source: SteamSetup.tmp, 00000001.00000003.1880994045.00000000057A6000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: /_/artifacts/obj/System.Xml.Serialization/Release/net8.0-windows/System.Xml.Serialization.pdb source: SteamSetup.tmp, 00000001.00000003.1880994045.000000000576D000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Requests\Release\net8.0-windows\System.Net.Requests.pdb source: is-IU0LQ.tmp.1.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.InteropServices\Release\net8.0\System.Runtime.InteropServices.pdb source: is-3DQQ4.tmp.1.dr
Source:	Binary string: /_/artifacts/obj/System.Numerics/Release/net8.0-windows/System.Numerics.pdb source: is-G9TVR.tmp.1.dr
Source:	Binary string: /_/artifacts/obj/System.Windows/Release/net8.0-windows/System.Windows.pdb source: is-7D57R.tmp.1.dr
Source:	Binary string: /_/artifacts/obj/System.Xml/Release/net8.0-windows/System.Xml.pdbSHA256 source: SteamSetup.tmp, 00000001.00000003.1880994045.000000000576D000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: /_/artifacts/obj/PresentationFramework.Luna/x64/Release/net8.0/PresentationFramework.Luna.pdb source: is-0QI8B.tmp.1.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\debug\createdump\createdump.pdb===GCTL source: is-M7PK8.tmp.1.dr
Source:	Binary string: Microsoft.CSharp.ni.pdb source: is-U5CAB.tmp.1.dr
Source:	Binary string: /_/artifacts/obj/System.Windows.Presentation/x64/Release/net8.0/System.Windows.Presentation.pdbRSDS source: SteamSetup.tmp, 00000001.00000003.1880994045.00000000055F0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: System.Net.WebProxy.ni.pdb source: is-3U4SF.tmp.1.dr
Source:	Binary string: /_/artifacts/obj/System.Globalization/Release/net8.0-windows/System.Globalization.pdb source: is-J5Q53.tmp.1.dr
Source:	Binary string: UIAutomationClient.ni.pdb source: SteamSetup.tmp, 00000001.00000003.1880994045.00000000057A6000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Formats.Tar\Release\net8.0-windows\System.Formats.Tar.pdb source: is-URA97.tmp.1.dr
Source:	Binary string: /_/artifacts/obj/WindowsBase/x64/Release/net8.0/WindowsBase.pdb source: SteamSetup.tmp, 00000001.00000003.1880994045.00000000057A6000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: System.IO.Compression.ZipFile.ni.pdb source: is-G8384.tmp.1.dr
Source:	Binary string: /_/artifacts/obj/System.Numerics/Release/net8.0-windows/System.Numerics.pdbSHA256s# source: is-G9TVR.tmp.1.dr
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: SteamSetup.tmp, 00000001.00000003.1880994045.00000000057A6000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: /_/artifacts/obj/System.Configuration/Release/net8.0-windows/System.Configuration.pdb source: is-KSMQT.tmp.1.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Console\Release\net8.0-windows\System.Console.pdb source: is-QLJJ1.tmp.1.dr
Source:	Binary string: /_/artifacts/obj/System.Design.Facade/Release/net8.0/System.Design.pdb source: is-7IP4F.tmp.1.dr
Source:	Binary string: /_/artifacts/obj/System.Xml.Linq/Release/net8.0-windows/System.Xml.Linq.pdb source: SteamSetup.tmp, 00000001.00000003.1880994045.000000000576D000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.XmlSerializer\Release\net8.0\System.Xml.XmlSerializer.pdbSHA256 source: SteamSetup.tmp, 00000001.00000003.1880994045.000000000576D000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: /_/artifacts/obj/System.Configuration.ConfigurationManager/Release/net8.0/System.Configuration.ConfigurationManager.pdbSHA256 source: is-EVMTH.tmp.1.dr
Source:	Binary string: /_/artifacts/obj/WindowsFormsIntegration/x64/Release/net8.0/WindowsFormsIntegration.pdb source: SteamSetup.tmp, 00000001.00000003.1880994045.0000000005B6D000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\win-x64.Release\corehost\apphost\standalone\apphost.pdb source: Steam2.exe, 00000003.00000000.1879341006.00007FF69F827000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: UIAutomationClientSideProviders.ni.pdb source: SteamSetup.tmp, 00000001.00000003.1880994045.00000000057A6000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\dlls\mscorrc\mscorrc.pdb source: is-G721R.tmp.1.dr
Source:	Binary string: /_/artifacts/obj/System.Xaml/x64/Release/net8.0/System.Xaml.pdbRSDS source: SteamSetup.tmp, 00000001.00000003.1880994045.0000000005620000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: System.Memory.ni.pdb source: is-219L9.tmp.1.dr
Source:	Binary string: /_/artifacts/obj/System.Core/Release/net8.0-windows/System.Core.pdb source: is-N6T5R.tmp.1.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.XPath.XDocument\Release\net8.0\System.Xml.XPath.XDocument.pdb source: SteamSetup.tmp, 00000001.00000003.1880994045.000000000576D000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.XPath\Release\net8.0\System.Xml.XPath.pdbSHA256] source: SteamSetup.tmp, 00000001.00000003.1880994045.000000000576D000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\bin\wpfgfx\x64\Release\wpfgfx_cor3.pdb source: SteamSetup.tmp, 00000001.00000003.1880994045.0000000005B6D000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: /_/artifacts/obj/System.Web/Release/net8.0-windows/System.Web.pdbSHA256 source: is-8SOAE.tmp.1.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.WebProxy\Release\net8.0\System.Net.WebProxy.pdb source: is-3U4SF.tmp.1.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Data.Common\Release\net8.0\System.Data.Common.pdb source: is-S7M74.tmp.1.dr
Source:	Binary string: System.Net.Requests.ni.pdb source: is-IU0LQ.tmp.1.dr
Source:	Binary string: /_/artifacts/obj/System.Xml.Serialization/Release/net8.0-windows/System.Xml.Serialization.pdbSHA256 source: SteamSetup.tmp, 00000001.00000003.1880994045.000000000576D000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: /_/artifacts/obj/System.Xaml/x64/Release/net8.0/System.Xaml.pdb source: SteamSetup.tmp, 00000001.00000003.1880994045.0000000005620000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: System.Runtime.InteropServices.ni.pdb source: is-3DQQ4.tmp.1.dr
Source:	Binary string: /_/artifacts/obj/UIAutomationTypes/x64/Release/net8.0/UIAutomationTypes.pdb source: SteamSetup.tmp, 00000001.00000003.1880994045.00000000057A6000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\win-x64.Release\corehost\fxr\standalone\hostfxr.pdbxxxGCTL source: is-21558.tmp.1.dr
Source:	Binary string: /_/artifacts/obj/System.Xml.XmlDocument/Release/net8.0-windows/System.Xml.XmlDocument.pdb source: SteamSetup.tmp, 00000001.00000003.1880994045.000000000576D000.00000004.00001000.00020000.00000000.sdmp, is-2TVF9.tmp.1.dr
Source:	Binary string: /_/artifacts/obj/System.Configuration/Release/net8.0-windows/System.Configuration.pdbSHA256l8 source: is-KSMQT.tmp.1.dr
Source:	Binary string: /_/artifacts/obj/System.IO.Packaging/Release/net8.0/System.IO.Packaging.pdb source: is-O2VS5.tmp.1.dr
Source:	Binary string: /_/artifacts/obj/UIAutomationClientSideProviders/x64/Release/net8.0/UIAutomationClientSideProviders.pdb source: SteamSetup.tmp, 00000001.00000003.1880994045.00000000057A6000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Linq\Release\net8.0\System.Linq.pdbSHA256 source: is-9VBVU.tmp.1.dr
Source:	Binary string: UIAutomationTypes.ni.pdb source: SteamSetup.tmp, 00000001.00000003.1880994045.00000000057A6000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: System.Configuration.ConfigurationManager.ni.pdb source: is-EVMTH.tmp.1.dr
Source:	Binary string: System.Console.ni.pdb source: is-QLJJ1.tmp.1.dr
Source:	Binary string: System.Security.Cryptography.ProtectedData.ni.pdb source: is-OL3NB.tmp.1.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.XPath\Release\net8.0\System.Xml.XPath.pdb source: SteamSetup.tmp, 00000001.00000003.1880994045.000000000576D000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: /_/artifacts/obj/System.Core/Release/net8.0-windows/System.Core.pdbSHA2564- source: is-N6T5R.tmp.1.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime\Release\net8.0\System.Runtime.pdb source: is-E704A.tmp.1.dr
Source:	Binary string: WindowsFormsIntegration.ni.pdb source: SteamSetup.tmp, 00000001.00000003.1880994045.0000000005B6D000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\win-x64.Release\corehost\apphost\standalone\apphost.pdbmmmGCTL source: Steam2.exe, 00000003.00000000.1879341006.00007FF69F827000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: System.Data.Common.ni.pdb source: is-S7M74.tmp.1.dr
Source:	Binary string: /_/artifacts/obj/System.Windows.Presentation/x64/Release/net8.0/System.Windows.Presentation.pdb source: SteamSetup.tmp, 00000001.00000003.1880994045.00000000055F0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: /_/artifacts/obj/UIAutomationClient/x64/Release/net8.0/UIAutomationClient.pdb source: SteamSetup.tmp, 00000001.00000003.1880994045.00000000057A6000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Text.RegularExpressions\Release\net8.0\System.Text.RegularExpressions.pdb source: is-SNOP4.tmp.1.dr
Source:	Binary string: System.IO.Packaging.ni.pdb source: is-O2VS5.tmp.1.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.WebProxy\Release\net8.0\System.Net.WebProxy.pdbSHA256 source: is-3U4SF.tmp.1.dr

Networking

Connects to many ports of the same IP (likely port scanning)

Source: global traffic

TCP traffic: 162.254.199.165 ports 27018,0,1,2,7,8

Yara detected Generic Downloader

Source: Yara match	File source: C:\Users\user\AppData\Local\Programs\SteamClient\is-0A2IM.tmp, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Programs\SteamClient\is-H6DF9.tmp, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Programs\SteamClient\is-EL3N4.tmp, type: DROPPED

Source: global traffic

TCP traffic: 192.168.2.4:52304 -> 162.254.199.165:27018

Source: global traffic	HTTP traffic detected: GET /cmsocket/ HTTP/1.1Host: cmp2-atl3.steamserver.netConnection: UpgradeUpgrade: websocketSec-WebSocket-Key: SX1pmJICoUOgvcAEWO04Yg==Sec-WebSocket-Version: 13
Source: global traffic	HTTP traffic detected: GET /cmsocket/ HTTP/1.1Host: cmp1-dfw1.steamserver.netConnection: UpgradeUpgrade: websocketSec-WebSocket-Key: 8pAM8HKoEEa2SDwRfJv7Yw==Sec-WebSocket-Version: 13
Source: global traffic	HTTP traffic detected: GET /cmsocket/ HTTP/1.1Host: cmp1-iad1.steamserver.netConnection: UpgradeUpgrade: websocketSec-WebSocket-Key: 4Mzn+oyKNEOPx/VMky/HWA==Sec-WebSocket-Version: 13
Source: global traffic	HTTP traffic detected: GET /cmsocket/ HTTP/1.1Host: cmp2-iad1.steamserver.netConnection: UpgradeUpgrade: websocketSec-WebSocket-Key: 9SfrCnjzD0+vkNHqMYQEtw==Sec-WebSocket-Version: 13
Source: global traffic	HTTP traffic detected: GET /cmsocket/ HTTP/1.1Host: cmp2-dfw1.steamserver.netConnection: UpgradeUpgrade: websocketSec-WebSocket-Key: gct+FU7dl0WK9aM8K5/MdQ==Sec-WebSocket-Version: 13

Source: Joe Sandbox View

IP Address: 104.102.49.254 104.102.49.254

Source: Joe Sandbox View

JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /ISteamDirectory/GetCMListForConnect/v1/?format=vdf&cellid=0 HTTP/1.1Host: api.steampowered.comUser-Agent: SteamKit/3.0.0
Source: global traffic	HTTP traffic detected: GET /cmsocket/ HTTP/1.1Host: cmp2-atl3.steamserver.netConnection: UpgradeUpgrade: websocketSec-WebSocket-Key: SX1pmJICoUOgvcAEWO04Yg==Sec-WebSocket-Version: 13
Source: global traffic	HTTP traffic detected: GET /cmsocket/ HTTP/1.1Host: cmp1-dfw1.steamserver.netConnection: UpgradeUpgrade: websocketSec-WebSocket-Key: 8pAM8HKoEEa2SDwRfJv7Yw==Sec-WebSocket-Version: 13
Source: global traffic	HTTP traffic detected: GET /cmsocket/ HTTP/1.1Host: cmp1-iad1.steamserver.netConnection: UpgradeUpgrade: websocketSec-WebSocket-Key: 4Mzn+oyKNEOPx/VMky/HWA==Sec-WebSocket-Version: 13
Source: global traffic	HTTP traffic detected: GET /cmsocket/ HTTP/1.1Host: cmp2-iad1.steamserver.netConnection: UpgradeUpgrade: websocketSec-WebSocket-Key: 9SfrCnjzD0+vkNHqMYQEtw==Sec-WebSocket-Version: 13
Source: global traffic	HTTP traffic detected: GET /cmsocket/ HTTP/1.1Host: cmp2-dfw1.steamserver.netConnection: UpgradeUpgrade: websocketSec-WebSocket-Key: gct+FU7dl0WK9aM8K5/MdQ==Sec-WebSocket-Version: 13

Source: global traffic	DNS traffic detected: DNS query: 198.187.3.20.in-addr.arpa
Source: global traffic	DNS traffic detected: DNS query: api.steampowered.com
Source: global traffic	DNS traffic detected: DNS query: cmp1-atl3.steamserver.net
Source: global traffic	DNS traffic detected: DNS query: cmp2-atl3.steamserver.net
Source: global traffic	DNS traffic detected: DNS query: cmp1-dfw1.steamserver.net
Source: global traffic	DNS traffic detected: DNS query: cmp1-iad1.steamserver.net
Source: global traffic	DNS traffic detected: DNS query: cmp2-iad1.steamserver.net
Source: global traffic	DNS traffic detected: DNS query: cmp2-dfw1.steamserver.net

Source: SteamSetup.tmp, 00000001.00000003.1880994045.00000000057A6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://uri.etsi.org/01903/v1.2.2#SSOFTWARE
Source: SteamSetup.tmp, 00000001.00000003.1880994045.00000000057A6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://uri.etsi.org/01903/v1.2.2#SignedProperties
Source: SteamSetup.tmp, 00000001.00000003.1880994045.00000000057A6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://uri.etsi.org/01903/v1.2.2#bhttp://uri.etsi.org/01903/v1.2.2#SignedProperties
Source: is-EVMTH.tmp.1.dr, is-O2VS5.tmp.1.dr, is-SELO9.tmp.1.dr	String found in binary or memory: https://aka.ms/binaryformatter
Source: Steam2.exe, 00000003.00000000.1879341006.00007FF69F827000.00000002.00000001.01000000.00000009.sdmp	String found in binary or memory: https://aka.ms/dotnet-core-applaunch?
Source: Steam2.exe, 00000003.00000000.1879341006.00007FF69F827000.00000002.00000001.01000000.00000009.sdmp	String found in binary or memory: https://aka.ms/dotnet-core-applaunch?Architecture:
Source: is-21558.tmp.1.dr	String found in binary or memory: https://aka.ms/dotnet-core-applaunch?framework=&framework_version=missing_runtime=true&arch=&rid=&os
Source: is-IU0LQ.tmp.1.dr	String found in binary or memory: https://aka.ms/dotnet-warnings/
Source: Steam2.exe, 00000003.00000000.1879341006.00007FF69F827000.00000002.00000001.01000000.00000009.sdmp, is-21558.tmp.1.dr	String found in binary or memory: https://aka.ms/dotnet/app-launch-failed
Source: is-21558.tmp.1.dr	String found in binary or memory: https://aka.ms/dotnet/download
Source: is-21558.tmp.1.dr	String found in binary or memory: https://aka.ms/dotnet/downloadUsage:
Source: is-21558.tmp.1.dr	String found in binary or memory: https://aka.ms/dotnet/info
Source: is-21558.tmp.1.dr	String found in binary or memory: https://aka.ms/dotnet/sdk-not-foundFailed
Source: is-EVMTH.tmp.1.dr, is-O2VS5.tmp.1.dr, is-S7M74.tmp.1.dr, is-SELO9.tmp.1.dr	String found in binary or memory: https://aka.ms/serializationformat-binary-obsolete
Source: is-SNOP4.tmp.1.dr	String found in binary or memory: https://github.com/dotnet/linker/issues/2715.
Source: is-5A8TQ.tmp.1.dr, is-9VBVU.tmp.1.dr, is-3U4SF.tmp.1.dr, is-N6T5R.tmp.1.dr, is-SNOP4.tmp.1.dr, is-3DQQ4.tmp.1.dr, is-EVMTH.tmp.1.dr, is-2TVF9.tmp.1.dr, is-KSMQT.tmp.1.dr, is-LFOPB.tmp.1.dr, is-8Q6ES.tmp.1.dr, is-J5Q53.tmp.1.dr, is-8SOAE.tmp.1.dr, is-O2VS5.tmp.1.dr, is-C8Q0I.tmp.1.dr, is-S7M74.tmp.1.dr, is-7D57R.tmp.1.dr, is-SELO9.tmp.1.dr, is-U5CAB.tmp.1.dr, is-IU0LQ.tmp.1.dr, is-URA97.tmp.1.dr	String found in binary or memory: https://github.com/dotnet/runtime
Source: is-JT9R1.tmp.1.dr	String found in binary or memory: https://github.com/dotnet/runtime0
Source: is-KSMQT.tmp.1.dr	String found in binary or memory: https://github.com/dotnet/runtime;
Source: is-8SOAE.tmp.1.dr	String found in binary or memory: https://github.com/dotnet/runtimeH
Source: is-J5Q53.tmp.1.dr	String found in binary or memory: https://github.com/dotnet/runtimer
Source: SteamSetup.tmp, 00000001.00000003.1880994045.000000000576D000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/dotnet/runtimezX
Source: SteamSetup.tmp, 00000001.00000003.1880994045.0000000005B6D000.00000004.00001000.00020000.00000000.sdmp, is-7IP4F.tmp.1.dr	String found in binary or memory: https://github.com/dotnet/winforms
Source: SteamSetup.tmp, 00000001.00000003.1880994045.0000000005B6D000.00000004.00001000.00020000.00000000.sdmp, SteamSetup.tmp, 00000001.00000003.1880994045.00000000055F0000.00000004.00001000.00020000.00000000.sdmp, SteamSetup.tmp, 00000001.00000003.1880994045.00000000057A6000.00000004.00001000.00020000.00000000.sdmp, SteamSetup.tmp, 00000001.00000003.1880994045.0000000005620000.00000004.00001000.00020000.00000000.sdmp, is-0QI8B.tmp.1.dr	String found in binary or memory: https://github.com/dotnet/wpf
Source: SteamSetup.tmp, 00000001.00000003.1880994045.0000000005B6D000.00000004.00001000.00020000.00000000.sdmp, SteamSetup.tmp, 00000001.00000003.1880994045.00000000055F0000.00000004.00001000.00020000.00000000.sdmp, SteamSetup.tmp, 00000001.00000003.1880994045.00000000057A6000.00000004.00001000.00020000.00000000.sdmp, SteamSetup.tmp, 00000001.00000003.1880994045.0000000005620000.00000004.00001000.00020000.00000000.sdmp, is-0QI8B.tmp.1.dr	String found in binary or memory: https://github.com/dotnet/wpf4
Source: is-S7M74.tmp.1.dr	String found in binary or memory: https://github.com/mono/linker/issues/1187
Source: is-U5CAB.tmp.1.dr	String found in binary or memory: https://github.com/mono/linker/issues/1416.
Source: is-U5CAB.tmp.1.dr	String found in binary or memory: https://github.com/mono/linker/issues/1906.
Source: is-S7M74.tmp.1.dr	String found in binary or memory: https://github.com/mono/linker/issues/1981
Source: SteamSetup.exe	String found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: SteamSetup.exe, 00000000.00000003.1688166005.000000007FB50000.00000004.00001000.00020000.00000000.sdmp, SteamSetup.exe, 00000000.00000003.1687407738.0000000002690000.00000004.00001000.00020000.00000000.sdmp, SteamSetup.tmp, 00000001.00000000.1689708207.0000000000401000.00000020.00000001.01000000.00000004.sdmp, is-46PES.tmp.1.dr	String found in binary or memory: https://www.innosetup.com/
Source: SteamSetup.exe, 00000000.00000003.1688166005.000000007FB50000.00000004.00001000.00020000.00000000.sdmp, SteamSetup.exe, 00000000.00000003.1687407738.0000000002690000.00000004.00001000.00020000.00000000.sdmp, SteamSetup.tmp, 00000001.00000000.1689708207.0000000000401000.00000020.00000001.01000000.00000004.sdmp, is-46PES.tmp.1.dr	String found in binary or memory: https://www.remobjects.com/ps
Source: SteamSetup.tmp, 00000001.00000003.1692507487.00000000035B0000.00000004.00001000.00020000.00000000.sdmp, SteamSetup.tmp, 00000001.00000003.1887946566.000000000250C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.steam.com/
Source: SteamSetup.exe, 00000000.00000003.1903609511.0000000002433000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.steam.com/Q6C
Source: SteamSetup.tmp, 00000001.00000003.1887946566.000000000250C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.steam.com/Q9Q

Source: unknown	Network traffic detected: HTTP traffic on port 52303 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52571 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52572 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52574
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52575
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52572
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52573
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52303
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52576
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52571
Source: unknown	Network traffic detected: HTTP traffic on port 52574 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52573 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52575 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52576 -> 443

Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:52303 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.254.199.184:443 -> 192.168.2.4:52571 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.254.199.184:443 -> 192.168.2.4:52572 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 155.133.253.36:443 -> 192.168.2.4:52573 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.254.192.98:443 -> 192.168.2.4:52574 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.254.192.99:443 -> 192.168.2.4:52575 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 155.133.253.52:443 -> 192.168.2.4:52576 version: TLS 1.2

Source: SteamSetup.tmp.0.dr

Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows

Source: is-HTHBE.tmp.1.dr	Static PE information: No import functions for PE file found
Source: is-UCH6K.tmp.1.dr	Static PE information: No import functions for PE file found
Source: is-9VBVU.tmp.1.dr	Static PE information: No import functions for PE file found
Source: is-BV18A.tmp.1.dr	Static PE information: No import functions for PE file found
Source: is-O2VS5.tmp.1.dr	Static PE information: No import functions for PE file found
Source: is-V92IG.tmp.1.dr	Static PE information: No import functions for PE file found
Source: is-KPNTM.tmp.1.dr	Static PE information: No import functions for PE file found
Source: is-IOHDI.tmp.1.dr	Static PE information: No import functions for PE file found

Source: SteamSetup.exe, 00000000.00000003.1688166005.000000007FE36000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFileName vs SteamSetup.exe
Source: SteamSetup.exe, 00000000.00000003.1903609511.00000000023F8000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamekernel32j% vs SteamSetup.exe
Source: SteamSetup.exe, 00000000.00000003.1687407738.000000000277A000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFileName vs SteamSetup.exe
Source: SteamSetup.exe, 00000000.00000000.1685924822.00000000004C6000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFileName vs SteamSetup.exe
Source: SteamSetup.exe	Binary or memory string: OriginalFileName vs SteamSetup.exe

Source: SteamSetup.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: is-IOHDI.tmp.1.dr, PipeStream.cs

Task registration methods: 'RegisterForCancellation'

Source: is-IOHDI.tmp.1.dr, PipeSecurity.cs	Security API names: System.IO.Pipes.PipeSecurity.GetAccessControlSectionsFromChanges()
Source: is-IOHDI.tmp.1.dr, PipeSecurity.cs	Security API names: ((CommonObjectSecurity)this).AddAccessRule
Source: is-IOHDI.tmp.1.dr, PipeSecurity.cs	Security API names: System.Security.AccessControl.CommonObjectSecurity.GetAccessRules(bool, bool, System.Type)
Source: is-IOHDI.tmp.1.dr, NamedPipeServerStream.cs	Security API names: System.IO.Pipes.PipeSecurity.AddAccessRule(System.IO.Pipes.PipeAccessRule)
Source: is-IOHDI.tmp.1.dr, NamedPipeServerStream.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: is-IOHDI.tmp.1.dr, NamedPipeClientStream.cs	Security API names: System.IO.Pipes.PipeStream.GetAccessControl()
Source: is-IOHDI.tmp.1.dr, NamedPipeClientStream.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: is-UCH6K.tmp.1.dr, Helper.cs	Security API names: System.IO.FileSystemAclExtensions.SetAccessControl(System.IO.DirectoryInfo, System.Security.AccessControl.DirectorySecurity)
Source: is-UCH6K.tmp.1.dr, Helper.cs	Security API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)

Source: classification engine

Classification label: sus24.troj.winEXE@5/496@8/7

Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp

File created: C:\Users\user\AppData\Local\Programs

Jump to behavior

Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe

Mutant created: NULL

Source: C:\Users\user\Desktop\SteamSetup.exe

File created: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp

Jump to behavior

Source: C:\Users\user\Desktop\SteamSetup.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\Desktop\SteamSetup.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\SteamSetup.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization

Jump to behavior

Source: SteamSetup.exe

String found in binary or memory: /LOADINF="filename"

Source: C:\Users\user\Desktop\SteamSetup.exe

File read: C:\Users\user\Desktop\SteamSetup.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\SteamSetup.exe "C:\Users\user\Desktop\SteamSetup.exe"
Source: C:\Users\user\Desktop\SteamSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp "C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp" /SL5="$10472,49358704,796160,C:\Users\user\Desktop\SteamSetup.exe"
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Process created: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe "C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe"
Source: C:\Users\user\Desktop\SteamSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp "C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp" /SL5="$10472,49358704,796160,C:\Users\user\Desktop\SteamSetup.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Process created: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe "C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe"	Jump to behavior

Source: C:\Users\user\Desktop\SteamSetup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\SteamSetup.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SteamSetup.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\SteamSetup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\SteamSetup.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Section loaded: iconcodecservice.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Section loaded: icu.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Section loaded: d3dcompiler_47_cor3.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Section loaded: d3d9.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Section loaded: dxcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Section loaded: msctfui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Section loaded: uiautomationcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Section loaded: wshunix.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Section loaded: gpapi.dll	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp

Window found: window name: TMainForm

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Automated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Automated click: Next

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{97C23183-77ED-457C-90C7-3FA73E699316}_is1

Jump to behavior

Source: SteamSetup.exe

Static file information: File size 50219482 > 1048576

Source: SteamSetup.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: /_/artifacts/obj/WindowsFormsIntegration/x64/Release/net8.0/WindowsFormsIntegration.pdbRSDS source: SteamSetup.tmp, 00000001.00000003.1880994045.0000000005B6D000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: /_/artifacts/obj/System.Resources.Reader/Release/net8.0-windows/System.Resources.Reader.pdbSHA256 source: is-JT9R1.tmp.1.dr
Source:	Binary string: /_/artifacts/obj/System.Security.Cryptography.ProtectedData/Release/net8.0/System.Security.Cryptography.ProtectedData.pdb source: is-OL3NB.tmp.1.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\debug\createdump\createdump.pdb source: is-M7PK8.tmp.1.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Text.Json\Release\net8.0\System.Text.Json.pdb source: is-LFOPB.tmp.1.dr
Source:	Binary string: System.ComponentModel.ni.pdb source: is-RT9LP.tmp.1.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.XmlSerializer\Release\net8.0\System.Xml.XmlSerializer.pdb source: SteamSetup.tmp, 00000001.00000003.1880994045.000000000576D000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.Compression.ZipFile\Release\net8.0-windows\System.IO.Compression.ZipFile.pdb source: is-G8384.tmp.1.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Metadata\Release\net8.0\System.Reflection.Metadata.pdb source: is-SELO9.tmp.1.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Emit.Lightweight\Release\net8.0\System.Reflection.Emit.Lightweight.pdb source: is-8Q6ES.tmp.1.dr
Source:	Binary string: PresentationFramework.Luna.ni.pdb source: is-0QI8B.tmp.1.dr
Source:	Binary string: System.Threading.AccessControl.ni.pdb source: is-6E0AB.tmp.1.dr
Source:	Binary string: /_/artifacts/obj/UIAutomationClientSideProviders/x64/Release/net8.0/UIAutomationClientSideProviders.pdbRSDS source: SteamSetup.tmp, 00000001.00000003.1880994045.00000000057A6000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime\Release\net8.0\System.Runtime.pdbSHA256 source: is-E704A.tmp.1.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.XDocument\Release\net8.0\System.Xml.XDocument.pdbSHA256 source: SteamSetup.tmp, 00000001.00000003.1880994045.000000000576D000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: /_/artifacts/obj/System.Globalization/Release/net8.0-windows/System.Globalization.pdbSHA256& source: is-J5Q53.tmp.1.dr
Source:	Binary string: System.Reflection.Metadata.ni.pdb source: is-SELO9.tmp.1.dr
Source:	Binary string: /_/artifacts/obj/System.Xml.Linq/Release/net8.0-windows/System.Xml.Linq.pdbSHA256 source: SteamSetup.tmp, 00000001.00000003.1880994045.000000000576D000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: /_/artifacts/obj/System.Windows.Input.Manipulations/x64/Release/net8.0/System.Windows.Input.Manipulations.pdb source: SteamSetup.tmp, 00000001.00000003.1880994045.00000000055F0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: /_/artifacts/obj/System.Data/Release/net8.0-windows/System.Data.pdbSHA256> source: is-C8Q0I.tmp.1.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Linq\Release\net8.0\System.Linq.pdb source: is-9VBVU.tmp.1.dr
Source:	Binary string: System.Windows.Input.Manipulations.ni.pdb source: SteamSetup.tmp, 00000001.00000003.1880994045.00000000055F0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.XDocument\Release\net8.0\System.Xml.XDocument.pdb source: SteamSetup.tmp, 00000001.00000003.1880994045.000000000576D000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: /_/artifacts/obj/System.Xml.XmlDocument/Release/net8.0-windows/System.Xml.XmlDocument.pdbSHA256 source: SteamSetup.tmp, 00000001.00000003.1880994045.000000000576D000.00000004.00001000.00020000.00000000.sdmp, is-2TVF9.tmp.1.dr
Source:	Binary string: System.Xaml.ni.pdb source: SteamSetup.tmp, 00000001.00000003.1880994045.0000000005620000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: /_/artifacts/obj/System.Web/Release/net8.0-windows/System.Web.pdb source: is-8SOAE.tmp.1.dr
Source:	Binary string: System.Text.Json.ni.pdb source: is-LFOPB.tmp.1.dr
Source:	Binary string: System.Linq.ni.pdb source: is-9VBVU.tmp.1.dr
Source:	Binary string: System.Formats.Tar.ni.pdb source: is-URA97.tmp.1.dr
Source:	Binary string: /_/artifacts/obj/UIAutomationProvider/x64/Release/net8.0/UIAutomationProvider.pdb source: SteamSetup.tmp, 00000001.00000003.1880994045.00000000057A6000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: /_/artifacts/obj/System.Threading.AccessControl/Release/net8.0-windows/System.Threading.AccessControl.pdb source: is-6E0AB.tmp.1.dr
Source:	Binary string: System.Xml.XPath.XDocument.ni.pdb source: SteamSetup.tmp, 00000001.00000003.1880994045.000000000576D000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: /_/artifacts/obj/System.Xml/Release/net8.0-windows/System.Xml.pdb source: SteamSetup.tmp, 00000001.00000003.1880994045.000000000576D000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.ReaderWriter\Release\net8.0\System.Xml.ReaderWriter.pdb source: SteamSetup.tmp, 00000001.00000003.1880994045.000000000576D000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: WindowsBase.ni.pdb source: SteamSetup.tmp, 00000001.00000003.1880994045.00000000057A6000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\Microsoft.CSharp\Release\net8.0-windows\Microsoft.CSharp.pdb source: is-U5CAB.tmp.1.dr
Source:	Binary string: System.Windows.Presentation.ni.pdb source: SteamSetup.tmp, 00000001.00000003.1880994045.00000000055F0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: System.Text.RegularExpressions.ni.pdb source: is-SNOP4.tmp.1.dr
Source:	Binary string: /_/artifacts/obj/System.Resources.Reader/Release/net8.0-windows/System.Resources.Reader.pdb source: is-JT9R1.tmp.1.dr
Source:	Binary string: /_/artifacts/obj/System.Windows/Release/net8.0-windows/System.Windows.pdbSHA256 source: is-7D57R.tmp.1.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Requests\Release\net8.0-windows\System.Net.Requests.pdbSHA256@ source: is-IU0LQ.tmp.1.dr
Source:	Binary string: /_/artifacts/obj/System.Data/Release/net8.0-windows/System.Data.pdb source: is-C8Q0I.tmp.1.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.ReaderWriter\Release\net8.0\System.Xml.ReaderWriter.pdbSHA256 source: SteamSetup.tmp, 00000001.00000003.1880994045.000000000576D000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.ComponentModel\Release\net8.0\System.ComponentModel.pdb source: is-RT9LP.tmp.1.dr
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: SteamSetup.tmp, 00000001.00000003.1880994045.00000000057A6000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Memory\Release\net8.0\System.Memory.pdb source: is-219L9.tmp.1.dr
Source:	Binary string: /_/artifacts/obj/System.Data.DataSetExtensions/Release/net8.0-windows/System.Data.DataSetExtensions.pdbSHA256 source: is-5A8TQ.tmp.1.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Emit.Lightweight\Release\net8.0\System.Reflection.Emit.Lightweight.pdbSHA256 source: is-8Q6ES.tmp.1.dr
Source:	Binary string: /_/artifacts/obj/System.Configuration.ConfigurationManager/Release/net8.0/System.Configuration.ConfigurationManager.pdb source: is-EVMTH.tmp.1.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\win-x64.Release\corehost\fxr\standalone\hostfxr.pdb source: is-21558.tmp.1.dr
Source:	Binary string: /_/artifacts/obj/System.Data.DataSetExtensions/Release/net8.0-windows/System.Data.DataSetExtensions.pdb source: is-5A8TQ.tmp.1.dr
Source:	Binary string: /_/artifacts/obj/WindowsBase/x64/Release/net8.0/WindowsBase.pdbRSDS#F source: SteamSetup.tmp, 00000001.00000003.1880994045.00000000057A6000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: UIAutomationProvider.ni.pdb source: SteamSetup.tmp, 00000001.00000003.1880994045.00000000057A6000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: /_/artifacts/obj/System.Xml.Serialization/Release/net8.0-windows/System.Xml.Serialization.pdb source: SteamSetup.tmp, 00000001.00000003.1880994045.000000000576D000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Requests\Release\net8.0-windows\System.Net.Requests.pdb source: is-IU0LQ.tmp.1.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.InteropServices\Release\net8.0\System.Runtime.InteropServices.pdb source: is-3DQQ4.tmp.1.dr
Source:	Binary string: /_/artifacts/obj/System.Numerics/Release/net8.0-windows/System.Numerics.pdb source: is-G9TVR.tmp.1.dr
Source:	Binary string: /_/artifacts/obj/System.Windows/Release/net8.0-windows/System.Windows.pdb source: is-7D57R.tmp.1.dr
Source:	Binary string: /_/artifacts/obj/System.Xml/Release/net8.0-windows/System.Xml.pdbSHA256 source: SteamSetup.tmp, 00000001.00000003.1880994045.000000000576D000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: /_/artifacts/obj/PresentationFramework.Luna/x64/Release/net8.0/PresentationFramework.Luna.pdb source: is-0QI8B.tmp.1.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\debug\createdump\createdump.pdb===GCTL source: is-M7PK8.tmp.1.dr
Source:	Binary string: Microsoft.CSharp.ni.pdb source: is-U5CAB.tmp.1.dr
Source:	Binary string: /_/artifacts/obj/System.Windows.Presentation/x64/Release/net8.0/System.Windows.Presentation.pdbRSDS source: SteamSetup.tmp, 00000001.00000003.1880994045.00000000055F0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: System.Net.WebProxy.ni.pdb source: is-3U4SF.tmp.1.dr
Source:	Binary string: /_/artifacts/obj/System.Globalization/Release/net8.0-windows/System.Globalization.pdb source: is-J5Q53.tmp.1.dr
Source:	Binary string: UIAutomationClient.ni.pdb source: SteamSetup.tmp, 00000001.00000003.1880994045.00000000057A6000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Formats.Tar\Release\net8.0-windows\System.Formats.Tar.pdb source: is-URA97.tmp.1.dr
Source:	Binary string: /_/artifacts/obj/WindowsBase/x64/Release/net8.0/WindowsBase.pdb source: SteamSetup.tmp, 00000001.00000003.1880994045.00000000057A6000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: System.IO.Compression.ZipFile.ni.pdb source: is-G8384.tmp.1.dr
Source:	Binary string: /_/artifacts/obj/System.Numerics/Release/net8.0-windows/System.Numerics.pdbSHA256s# source: is-G9TVR.tmp.1.dr
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: SteamSetup.tmp, 00000001.00000003.1880994045.00000000057A6000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: /_/artifacts/obj/System.Configuration/Release/net8.0-windows/System.Configuration.pdb source: is-KSMQT.tmp.1.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Console\Release\net8.0-windows\System.Console.pdb source: is-QLJJ1.tmp.1.dr
Source:	Binary string: /_/artifacts/obj/System.Design.Facade/Release/net8.0/System.Design.pdb source: is-7IP4F.tmp.1.dr
Source:	Binary string: /_/artifacts/obj/System.Xml.Linq/Release/net8.0-windows/System.Xml.Linq.pdb source: SteamSetup.tmp, 00000001.00000003.1880994045.000000000576D000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.XmlSerializer\Release\net8.0\System.Xml.XmlSerializer.pdbSHA256 source: SteamSetup.tmp, 00000001.00000003.1880994045.000000000576D000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: /_/artifacts/obj/System.Configuration.ConfigurationManager/Release/net8.0/System.Configuration.ConfigurationManager.pdbSHA256 source: is-EVMTH.tmp.1.dr
Source:	Binary string: /_/artifacts/obj/WindowsFormsIntegration/x64/Release/net8.0/WindowsFormsIntegration.pdb source: SteamSetup.tmp, 00000001.00000003.1880994045.0000000005B6D000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\win-x64.Release\corehost\apphost\standalone\apphost.pdb source: Steam2.exe, 00000003.00000000.1879341006.00007FF69F827000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: UIAutomationClientSideProviders.ni.pdb source: SteamSetup.tmp, 00000001.00000003.1880994045.00000000057A6000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\dlls\mscorrc\mscorrc.pdb source: is-G721R.tmp.1.dr
Source:	Binary string: /_/artifacts/obj/System.Xaml/x64/Release/net8.0/System.Xaml.pdbRSDS source: SteamSetup.tmp, 00000001.00000003.1880994045.0000000005620000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: System.Memory.ni.pdb source: is-219L9.tmp.1.dr
Source:	Binary string: /_/artifacts/obj/System.Core/Release/net8.0-windows/System.Core.pdb source: is-N6T5R.tmp.1.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.XPath.XDocument\Release\net8.0\System.Xml.XPath.XDocument.pdb source: SteamSetup.tmp, 00000001.00000003.1880994045.000000000576D000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.XPath\Release\net8.0\System.Xml.XPath.pdbSHA256] source: SteamSetup.tmp, 00000001.00000003.1880994045.000000000576D000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\bin\wpfgfx\x64\Release\wpfgfx_cor3.pdb source: SteamSetup.tmp, 00000001.00000003.1880994045.0000000005B6D000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: /_/artifacts/obj/System.Web/Release/net8.0-windows/System.Web.pdbSHA256 source: is-8SOAE.tmp.1.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.WebProxy\Release\net8.0\System.Net.WebProxy.pdb source: is-3U4SF.tmp.1.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Data.Common\Release\net8.0\System.Data.Common.pdb source: is-S7M74.tmp.1.dr
Source:	Binary string: System.Net.Requests.ni.pdb source: is-IU0LQ.tmp.1.dr
Source:	Binary string: /_/artifacts/obj/System.Xml.Serialization/Release/net8.0-windows/System.Xml.Serialization.pdbSHA256 source: SteamSetup.tmp, 00000001.00000003.1880994045.000000000576D000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: /_/artifacts/obj/System.Xaml/x64/Release/net8.0/System.Xaml.pdb source: SteamSetup.tmp, 00000001.00000003.1880994045.0000000005620000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: System.Runtime.InteropServices.ni.pdb source: is-3DQQ4.tmp.1.dr
Source:	Binary string: /_/artifacts/obj/UIAutomationTypes/x64/Release/net8.0/UIAutomationTypes.pdb source: SteamSetup.tmp, 00000001.00000003.1880994045.00000000057A6000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\win-x64.Release\corehost\fxr\standalone\hostfxr.pdbxxxGCTL source: is-21558.tmp.1.dr
Source:	Binary string: /_/artifacts/obj/System.Xml.XmlDocument/Release/net8.0-windows/System.Xml.XmlDocument.pdb source: SteamSetup.tmp, 00000001.00000003.1880994045.000000000576D000.00000004.00001000.00020000.00000000.sdmp, is-2TVF9.tmp.1.dr
Source:	Binary string: /_/artifacts/obj/System.Configuration/Release/net8.0-windows/System.Configuration.pdbSHA256l8 source: is-KSMQT.tmp.1.dr
Source:	Binary string: /_/artifacts/obj/System.IO.Packaging/Release/net8.0/System.IO.Packaging.pdb source: is-O2VS5.tmp.1.dr
Source:	Binary string: /_/artifacts/obj/UIAutomationClientSideProviders/x64/Release/net8.0/UIAutomationClientSideProviders.pdb source: SteamSetup.tmp, 00000001.00000003.1880994045.00000000057A6000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Linq\Release\net8.0\System.Linq.pdbSHA256 source: is-9VBVU.tmp.1.dr
Source:	Binary string: UIAutomationTypes.ni.pdb source: SteamSetup.tmp, 00000001.00000003.1880994045.00000000057A6000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: System.Configuration.ConfigurationManager.ni.pdb source: is-EVMTH.tmp.1.dr
Source:	Binary string: System.Console.ni.pdb source: is-QLJJ1.tmp.1.dr
Source:	Binary string: System.Security.Cryptography.ProtectedData.ni.pdb source: is-OL3NB.tmp.1.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.XPath\Release\net8.0\System.Xml.XPath.pdb source: SteamSetup.tmp, 00000001.00000003.1880994045.000000000576D000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: /_/artifacts/obj/System.Core/Release/net8.0-windows/System.Core.pdbSHA2564- source: is-N6T5R.tmp.1.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime\Release\net8.0\System.Runtime.pdb source: is-E704A.tmp.1.dr
Source:	Binary string: WindowsFormsIntegration.ni.pdb source: SteamSetup.tmp, 00000001.00000003.1880994045.0000000005B6D000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\win-x64.Release\corehost\apphost\standalone\apphost.pdbmmmGCTL source: Steam2.exe, 00000003.00000000.1879341006.00007FF69F827000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: System.Data.Common.ni.pdb source: is-S7M74.tmp.1.dr
Source:	Binary string: /_/artifacts/obj/System.Windows.Presentation/x64/Release/net8.0/System.Windows.Presentation.pdb source: SteamSetup.tmp, 00000001.00000003.1880994045.00000000055F0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: /_/artifacts/obj/UIAutomationClient/x64/Release/net8.0/UIAutomationClient.pdb source: SteamSetup.tmp, 00000001.00000003.1880994045.00000000057A6000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Text.RegularExpressions\Release\net8.0\System.Text.RegularExpressions.pdb source: is-SNOP4.tmp.1.dr
Source:	Binary string: System.IO.Packaging.ni.pdb source: is-O2VS5.tmp.1.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.WebProxy\Release\net8.0\System.Net.WebProxy.pdbSHA256 source: is-3U4SF.tmp.1.dr

Source: is-BV18A.tmp.1.dr

Static PE information: 0x82AF122D [Fri Jun 24 06:58:53 2039 UTC]

Source: SteamSetup.exe	Static PE information: section name: .didata
Source: SteamSetup.tmp.0.dr	Static PE information: section name: .didata

Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Text.Json.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-IU0LQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Security.Cryptography.Primitives.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Reflection.Primitives.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Runtime.InteropServices.RuntimeInformation.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-FFGT1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\PresentationFramework-SystemData.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-J5A62.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-OHS2U.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-5UA7J.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Security.Cryptography.Xml.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-03T8C.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Security.Cryptography.Encoding.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-NMQB8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-P1CEB.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-NI148.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\Microsoft.Win32.Primitives.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-N6T5R.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-9GBK7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\PresentationUI.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-21558.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-3T158.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\Microsoft.Win32.Registry.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Security.Cryptography.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-GOJFJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Diagnostics.PerformanceCounter.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-FER0U.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Windows.Forms.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Threading.Thread.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.IO.Hashing.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Resources.ResourceManager.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\createdump.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-FGBU1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\Microsoft.Win32.Registry.AccessControl.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-E537O.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-FPFGC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-TC3UL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.IO.Compression.Native.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Runtime.Serialization.Formatters.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-B4T90.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Collections.Concurrent.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-393CK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-2ACL7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\protobuf-net.Core.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Net.Security.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\mscordaccore.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Transactions.Local.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Diagnostics.DiagnosticSource.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Xml.Serialization.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-OFR4B.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Xml.XmlDocument.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-RQKJN.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Private.Xml.Linq.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.CodeDom.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Reflection.Emit.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-6FLE2.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Diagnostics.EventLog.Messages.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Web.HttpUtility.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-CB3FM.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-LMELL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-3NS6I.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-3CV6V.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Reflection.DispatchProxy.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-353H2.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-0QI8B.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-D583Q.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-PR1SN.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\Microsoft.DiaSymReader.Native.amd64.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-L7DHN.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-0ED3E.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-4IO64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-4JUH3.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Text.Encodings.Web.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Resources.Writer.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Configuration.ConfigurationManager.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-OL3NB.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\PresentationFramework.Royale.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Windows.Forms.Primitives.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Runtime.InteropServices.JavaScript.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.IO.Compression.Brotli.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-SELO9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-RMN2A.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-S7M74.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-PCJI1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-175RN.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\mscorlib.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\PresentationNative_cor3.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-R29DJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-23N9N.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-0TTDC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Resources.Extensions.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Transactions.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-2E66P.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-NH22G.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-842D2.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Security.Cryptography.Csp.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Private.CoreLib.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-PP8SL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-TAUBR.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\Microsoft.Win32.SystemEvents.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-URA97.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Diagnostics.Tracing.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-K613I.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-V1K2R.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-G5ANC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-0KAJQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-G9TVR.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\PresentationFramework-SystemXmlLinq.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-6E0AB.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-3DQQ4.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-SG76T.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\D3DCompiler_47_cor3.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.IO.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Runtime.Serialization.Json.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Net.NameResolution.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-7V7V0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Dynamic.Runtime.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\PresentationFramework.Aero.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.IO.IsolatedStorage.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-8SOAE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\PresentationFramework-SystemXml.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Net.Sockets.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-O2VS5.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Linq.Queryable.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-U5R7O.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-B0N4M.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Runtime.CompilerServices.VisualC.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-AJ60V.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Security.AccessControl.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Console.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-IBGJR.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-FUODR.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-1P5NQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\WindowsFormsIntegration.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-PJDI3.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\PresentationFramework-SystemCore.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-O5P26.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Text.RegularExpressions.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-OMU5T.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-ISS47.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.IO.Packaging.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Runtime.Serialization.Primitives.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-C1TIS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Security.Cryptography.Pkcs.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Threading.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Windows.Input.Manipulations.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.IO.Pipes.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Runtime.Intrinsics.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Security.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-BRU3O.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Windows.Controls.Ribbon.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-ERNCA.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Net.WebSockets.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-41G2F.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Diagnostics.TextWriterTraceListener.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\PresentationCore.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Windows.Forms.Design.Editors.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-NK6GU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\PenImc_cor3.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-7JPAQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-M7PK8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-GK1S4.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-6KRKJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Security.Cryptography.Cng.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-OD7NK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\hostpolicy.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-V92IG.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Diagnostics.Tools.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Net.Ping.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-VE7BR.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\wpfgfx_cor3.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-7F6KI.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-NGLMS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Threading.AccessControl.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-3II23.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-ICB9T.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-JIDK5.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Web.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-H3VRF.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-1SION.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-5A8TQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-MJMLB.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Security.Principal.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Security.Cryptography.X509Certificates.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Threading.Timer.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-IOHDI.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Data.Common.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Xml.XPath.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.ComponentModel.Annotations.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-V5O72.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Reflection.Metadata.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\UIAutomationProvider.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Formats.Asn1.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Runtime.Numerics.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Collections.Specialized.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-O9S7G.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-SHJIR.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-SA04C.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-1GT60.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Xml.Linq.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Private.Uri.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Reflection.Emit.ILGeneration.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-G721R.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-MT7MH.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Printing.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Net.Quic.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.ServiceProcess.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-EPD79.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-PS2Q9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-NBGUE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-4O1SG.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-KTNL3.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-06ALL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Runtime.Serialization.Xml.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\coreclr.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-7D57R.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\Microsoft.VisualBasic.Forms.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.ValueTuple.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.IO.FileSystem.Watcher.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-KSMQT.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\Microsoft.VisualBasic.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-621DK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-KPNTM.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-3J2EH.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-46PES.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Diagnostics.TraceSource.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Globalization.Extensions.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\vcruntime140_cor3.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\PresentationFramework.Luna.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-QLJJ1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-7PK1K.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-3GH17.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\PresentationFramework.Classic.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-U5CAB.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\SteamKit2.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\PresentationFramework.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Core.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-TK2A2.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\PresentationFramework.AeroLite.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Xml.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.IO.Pipes.AccessControl.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Reflection.TypeExtensions.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Net.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-8Q6ES.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-JS4JU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.AppContext.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-E704A.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Buffers.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\UIAutomationClientSideProviders.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-C4PDK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Net.Http.Json.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Collections.Immutable.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.IO.FileSystem.AccessControl.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-JT9R1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-F7HS6.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-E52FV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-J5Q53.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-RPC5P.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Drawing.Design.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-BPLBO.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-VBC6I.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\DirectWriteForwarder.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-C0NRL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-LFOPB.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Design.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.IO.Compression.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Text.Encoding.Extensions.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Net.WebClient.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Collections.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-IIQJM.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-FVIIK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Net.Http.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-82OGO.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-C6SPK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Runtime.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-FHTIL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\protobuf-net.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\mscordaccore_amd64_amd64_8.0.824.36612.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-KM93B.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Threading.Tasks.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.ComponentModel.TypeConverter.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\clrjit.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-E917C.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-TH0C6.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Reflection.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Text.Encoding.CodePages.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.IO.Compression.FileSystem.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-2UHB1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Threading.Tasks.Dataflow.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-0A2IM.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Security.SecureString.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\msquic.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Windows.Presentation.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Net.Mail.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Numerics.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-OF9H5.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Xaml.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-E88LT.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Runtime.Extensions.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-QQFQ0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\WindowsBase.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-9VBVU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-FQLAJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Threading.Channels.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-S9H2V.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Linq.Parallel.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Net.NetworkInformation.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Private.Xml.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Net.WebHeaderCollection.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Net.HttpListener.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-0BV5K.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-G8384.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\netstandard.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-RH90K.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-BMK4J.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Net.WebProxy.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.DirectoryServices.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-NOPIK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-LKC3R.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-HUU3F.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-DE47S.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-CTNSH.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Xml.XmlSerializer.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.IO.UnmanagedMemoryStream.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-8JNSQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-RT9LP.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-BV18A.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\UIAutomationTypes.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-IKSD2.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-L9IRH.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\clrgc.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-C4VI1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-IDQQK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-HT29O.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Drawing.Primitives.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Xml.ReaderWriter.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Numerics.Vectors.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-UCH6K.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Net.Primitives.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-0R6D5.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Private.DataContractSerialization.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Runtime.InteropServices.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Xml.XPath.XDocument.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-NES76.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Security.Claims.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-D5RPK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Runtime.Loader.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.ServiceModel.Web.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\UIAutomationClient.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-EVMTH.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-BSKQN.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-FUJRK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-I9KME.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-IM89D.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-DN9A9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-8O1SP.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-0I40G.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-EL3N4.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-9A0PH.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Security.Principal.Windows.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-QB0O9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\Microsoft.VisualBasic.Core.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Threading.Tasks.Extensions.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\mscordbi.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-54V5Q.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-QQMQ0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-J5UVU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Formats.Tar.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.IO.FileSystem.Primitives.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Reflection.Extensions.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Threading.ThreadPool.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\PresentationFramework.Aero2.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Data.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-0R4RR.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-IJCCG.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Linq.Expressions.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-9K5SP.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-T2AEF.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Collections.NonGeneric.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Diagnostics.EventLog.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-C1QE8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Configuration.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-OMLDU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-624HU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Runtime.CompilerServices.Unsafe.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-2VB07.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-N0JVU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-6UJNJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\hostfxr.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-LB3BN.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Windows.Extensions.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.IO.Compression.ZipFile.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-07LBE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Memory.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-J4F54.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Runtime.Serialization.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-M1IBB.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.IO.MemoryMappedFiles.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.IO.FileSystem.DriveInfo.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\PresentationFramework-SystemDrawing.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-2TVF9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-5I1AN.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-OEM2B.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Security.Cryptography.ProtectedData.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-MQN3F.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\mscorrc.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\ReachFramework.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Security.Cryptography.OpenSsl.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Net.Requests.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.ComponentModel.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-HKSM3.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Diagnostics.Debug.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-H6DF9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-CG1VF.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SteamSetup.exe	File created: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-S9871.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-83U1I.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Security.Permissions.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-SNOP4.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Diagnostics.Contracts.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Net.WebSockets.Client.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.ObjectModel.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-160D2.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-0CFKI.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Drawing.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-0AA2H.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-6UT8P.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Xml.XDocument.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Globalization.Calendars.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-CDVC3.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Drawing.Common.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-80BQ8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-RUGAU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Windows.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-HQ8MG.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Temp\is-457S0.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Net.ServicePoint.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.IO.FileSystem.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-M0K5L.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-VC35U.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\Accessibility.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Globalization.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Diagnostics.StackTrace.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Runtime.Handles.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\unins000.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Text.Encoding.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-OLKB5.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.ComponentModel.EventBasedAsync.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-MQH5V.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-BGSNO.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-RNA4A.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-5R65M.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-6A3I2.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-OS7F4.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-NMQLB.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-7IP4F.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-C8Q0I.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Diagnostics.Process.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Resources.Reader.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-9H3PC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-HTHBE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-R4HMS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-NA0P8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-219L9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-T8PJ7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-HVE4F.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-CO8N6.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-M4HRH.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Threading.Overlapped.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.ComponentModel.Primitives.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Data.DataSetExtensions.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Linq.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-J1ACH.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\clretwrc.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-85E29.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Security.Cryptography.Algorithms.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-322AN.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Reflection.Emit.Lightweight.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.ComponentModel.DataAnnotations.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-4RNUS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\Microsoft.CSharp.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-3U4SF.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-16F0N.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Diagnostics.FileVersionInfo.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Threading.Tasks.Parallel.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-85LFJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\System.Windows.Forms.Design.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-1274N.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	File created: C:\Users\user\AppData\Local\Programs\SteamClient\is-HF7IL.tmp	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam.lnk

Jump to behavior

Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe

Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot

Jump to behavior

Source: C:\Users\user\Desktop\SteamSetup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe

Memory allocated: 2CD65900000 memory reserve | memory write watch

Jump to behavior

Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Window / User API: threadDelayed 392	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Window / User API: threadDelayed 924	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Window / User API: threadDelayed 457	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Window / User API: threadDelayed 6609	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Text.Json.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Security.Cryptography.Primitives.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-IU0LQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Runtime.InteropServices.RuntimeInformation.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Reflection.Primitives.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-FFGT1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\PresentationFramework-SystemData.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-OHS2U.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-J5A62.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Security.Cryptography.Xml.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-5UA7J.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-03T8C.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Security.Cryptography.Encoding.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-NMQB8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-P1CEB.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-NI148.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\Microsoft.Win32.Primitives.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-N6T5R.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-9GBK7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\PresentationUI.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-21558.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-3T158.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\Microsoft.Win32.Registry.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Security.Cryptography.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-GOJFJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Diagnostics.PerformanceCounter.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-FER0U.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Windows.Forms.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Threading.Thread.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.IO.Hashing.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Resources.ResourceManager.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\createdump.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-FGBU1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\Microsoft.Win32.Registry.AccessControl.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-E537O.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-FPFGC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-TC3UL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Runtime.Serialization.Formatters.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.IO.Compression.Native.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-B4T90.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Collections.Concurrent.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-393CK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-2ACL7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\protobuf-net.Core.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Net.Security.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\mscordaccore.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Transactions.Local.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Diagnostics.DiagnosticSource.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Xml.Serialization.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-OFR4B.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Xml.XmlDocument.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-RQKJN.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Private.Xml.Linq.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.CodeDom.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Reflection.Emit.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-6FLE2.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Diagnostics.EventLog.Messages.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Web.HttpUtility.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-CB3FM.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-LMELL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-3NS6I.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Reflection.DispatchProxy.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-3CV6V.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-353H2.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-0QI8B.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-D583Q.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-PR1SN.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\Microsoft.DiaSymReader.Native.amd64.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-L7DHN.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-0ED3E.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-4IO64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-4JUH3.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Text.Encodings.Web.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Resources.Writer.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Configuration.ConfigurationManager.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\PresentationFramework.Royale.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Windows.Forms.Primitives.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-OL3NB.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Runtime.InteropServices.JavaScript.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.IO.Compression.Brotli.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-SELO9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-RMN2A.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-S7M74.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-PCJI1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\PresentationNative_cor3.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\mscorlib.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-175RN.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-R29DJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-0TTDC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-23N9N.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Transactions.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Resources.Extensions.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-2E66P.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-NH22G.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-842D2.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Security.Cryptography.Csp.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Private.CoreLib.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-PP8SL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-TAUBR.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\Microsoft.Win32.SystemEvents.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-URA97.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Diagnostics.Tracing.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-K613I.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-G5ANC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-V1K2R.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-0KAJQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-G9TVR.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\PresentationFramework-SystemXmlLinq.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-6E0AB.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-3DQQ4.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-SG76T.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.IO.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Runtime.Serialization.Json.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Net.NameResolution.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Dynamic.Runtime.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-7V7V0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\PresentationFramework.Aero.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.IO.IsolatedStorage.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-8SOAE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\PresentationFramework-SystemXml.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Net.Sockets.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-O2VS5.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Linq.Queryable.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-B0N4M.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-U5R7O.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Runtime.CompilerServices.VisualC.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-AJ60V.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Security.AccessControl.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-IBGJR.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Console.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-FUODR.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-1P5NQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\WindowsFormsIntegration.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-PJDI3.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\PresentationFramework-SystemCore.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-O5P26.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Text.RegularExpressions.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-OMU5T.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-ISS47.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.IO.Packaging.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Runtime.Serialization.Primitives.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-C1TIS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Security.Cryptography.Pkcs.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Threading.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Windows.Input.Manipulations.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.IO.Pipes.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Runtime.Intrinsics.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Security.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-BRU3O.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Windows.Controls.Ribbon.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-ERNCA.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Net.WebSockets.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-41G2F.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Diagnostics.TextWriterTraceListener.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\PresentationCore.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Windows.Forms.Design.Editors.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\PenImc_cor3.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-NK6GU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-7JPAQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-M7PK8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-GK1S4.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-6KRKJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Security.Cryptography.Cng.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-OD7NK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\hostpolicy.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-V92IG.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Net.Ping.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Diagnostics.Tools.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\wpfgfx_cor3.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-VE7BR.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-7F6KI.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-NGLMS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Threading.AccessControl.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-3II23.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-ICB9T.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-JIDK5.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Web.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-H3VRF.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-1SION.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-5A8TQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-MJMLB.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Security.Principal.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Security.Cryptography.X509Certificates.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Threading.Timer.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Data.Common.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-IOHDI.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Xml.XPath.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.ComponentModel.Annotations.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Reflection.Metadata.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\UIAutomationProvider.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-V5O72.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Formats.Asn1.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Runtime.Numerics.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Collections.Specialized.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-O9S7G.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-SA04C.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-SHJIR.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-1GT60.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Xml.Linq.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Private.Uri.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Reflection.Emit.ILGeneration.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-G721R.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-MT7MH.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Printing.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Net.Quic.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.ServiceProcess.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-EPD79.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-PS2Q9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-NBGUE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-4O1SG.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-KTNL3.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Runtime.Serialization.Xml.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-06ALL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\coreclr.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-7D57R.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\Microsoft.VisualBasic.Forms.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.ValueTuple.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.IO.FileSystem.Watcher.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-KSMQT.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\Microsoft.VisualBasic.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-621DK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-KPNTM.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-3J2EH.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-46PES.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Diagnostics.TraceSource.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Globalization.Extensions.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\vcruntime140_cor3.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\PresentationFramework.Luna.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-QLJJ1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-7PK1K.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\PresentationFramework.Classic.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-3GH17.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\SteamKit2.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-U5CAB.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\PresentationFramework.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Core.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-TK2A2.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\PresentationFramework.AeroLite.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Xml.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.IO.Pipes.AccessControl.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Reflection.TypeExtensions.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Net.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-8Q6ES.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-JS4JU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.AppContext.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-E704A.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\UIAutomationClientSideProviders.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Buffers.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-C4PDK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Net.Http.Json.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Collections.Immutable.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.IO.FileSystem.AccessControl.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-JT9R1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-F7HS6.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-E52FV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-J5Q53.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-RPC5P.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Drawing.Design.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-BPLBO.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\DirectWriteForwarder.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-VBC6I.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-C0NRL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-LFOPB.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Design.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.IO.Compression.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Text.Encoding.Extensions.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Net.WebClient.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Collections.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-FVIIK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-IIQJM.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Net.Http.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-C6SPK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Runtime.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-82OGO.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-FHTIL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\mscordaccore_amd64_amd64_8.0.824.36612.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\protobuf-net.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-KM93B.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Threading.Tasks.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.ComponentModel.TypeConverter.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\clrjit.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-E917C.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Reflection.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-TH0C6.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Text.Encoding.CodePages.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.IO.Compression.FileSystem.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-2UHB1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Threading.Tasks.Dataflow.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-0A2IM.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Security.SecureString.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Windows.Presentation.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\msquic.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Net.Mail.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Numerics.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-OF9H5.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Xaml.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Runtime.Extensions.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-E88LT.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-QQFQ0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\WindowsBase.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-9VBVU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-FQLAJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Threading.Channels.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-S9H2V.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Linq.Parallel.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Net.NetworkInformation.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Private.Xml.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Net.WebHeaderCollection.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Net.HttpListener.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-0BV5K.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-G8384.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\netstandard.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-RH90K.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-BMK4J.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Net.WebProxy.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.DirectoryServices.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-NOPIK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-LKC3R.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-HUU3F.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-DE47S.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-CTNSH.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Xml.XmlSerializer.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.IO.UnmanagedMemoryStream.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-8JNSQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-RT9LP.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\UIAutomationTypes.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-BV18A.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-IKSD2.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-L9IRH.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\clrgc.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-C4VI1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-IDQQK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-HT29O.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Drawing.Primitives.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Xml.ReaderWriter.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Numerics.Vectors.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-UCH6K.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Net.Primitives.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-0R6D5.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Private.DataContractSerialization.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Runtime.InteropServices.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Xml.XPath.XDocument.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Security.Claims.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-NES76.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-D5RPK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Runtime.Loader.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.ServiceModel.Web.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\UIAutomationClient.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-BSKQN.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-EVMTH.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-FUJRK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-I9KME.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-IM89D.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-DN9A9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-8O1SP.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-0I40G.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-EL3N4.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-9A0PH.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Security.Principal.Windows.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-QB0O9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\Microsoft.VisualBasic.Core.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Threading.Tasks.Extensions.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\mscordbi.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-54V5Q.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-QQMQ0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-J5UVU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Formats.Tar.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.IO.FileSystem.Primitives.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Reflection.Extensions.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Threading.ThreadPool.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Data.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\PresentationFramework.Aero2.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-0R4RR.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Linq.Expressions.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-IJCCG.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-9K5SP.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-T2AEF.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Diagnostics.EventLog.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Collections.NonGeneric.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Configuration.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-C1QE8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-OMLDU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-624HU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Runtime.CompilerServices.Unsafe.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-2VB07.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-N0JVU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-6UJNJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\hostfxr.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-LB3BN.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Windows.Extensions.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.IO.Compression.ZipFile.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Memory.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-07LBE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-J4F54.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Runtime.Serialization.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-M1IBB.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.IO.MemoryMappedFiles.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.IO.FileSystem.DriveInfo.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\PresentationFramework-SystemDrawing.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-2TVF9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Security.Cryptography.ProtectedData.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-5I1AN.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-OEM2B.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-MQN3F.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\mscorrc.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Security.Cryptography.OpenSsl.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\ReachFramework.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Net.Requests.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.ComponentModel.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Diagnostics.Debug.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-HKSM3.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-CG1VF.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-H6DF9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-S9871.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Security.Permissions.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-SNOP4.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Diagnostics.Contracts.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.ObjectModel.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Net.WebSockets.Client.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-160D2.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Drawing.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-0CFKI.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-0AA2H.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-6UT8P.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Xml.XDocument.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Globalization.Calendars.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-CDVC3.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Drawing.Common.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-RUGAU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-80BQ8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Windows.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-HQ8MG.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-457S0.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Net.ServicePoint.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.IO.FileSystem.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-M0K5L.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-VC35U.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\Accessibility.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Globalization.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Diagnostics.StackTrace.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Runtime.Handles.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\unins000.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Text.Encoding.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-OLKB5.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.ComponentModel.EventBasedAsync.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-MQH5V.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-BGSNO.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-5R65M.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-RNA4A.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-6A3I2.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-OS7F4.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-NMQLB.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-7IP4F.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-C8Q0I.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Resources.Reader.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Diagnostics.Process.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-9H3PC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-HTHBE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-R4HMS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-NA0P8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-219L9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-T8PJ7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-HVE4F.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-CO8N6.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-M4HRH.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Threading.Overlapped.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.ComponentModel.Primitives.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Data.DataSetExtensions.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Linq.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-J1ACH.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\clretwrc.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-85E29.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Security.Cryptography.Algorithms.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-322AN.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Reflection.Emit.Lightweight.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.ComponentModel.DataAnnotations.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-4RNUS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\Microsoft.CSharp.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-16F0N.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-3U4SF.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Diagnostics.FileVersionInfo.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Threading.Tasks.Parallel.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\System.Windows.Forms.Design.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-85LFJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-1274N.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SteamClient\is-HF7IL.tmp	Jump to dropped file

Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe

File opened: PhysicalDrive0

Jump to behavior

Source: SteamSetup.tmp, 00000001.00000003.1890591391.0000000000911000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}

Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: SteamSetup.tmp, 00000001.00000003.1880994045.00000000057A6000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: _hwndProgman
Source: SteamSetup.tmp, 00000001.00000003.1880994045.00000000057A6000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: SteamSetup.tmp, 00000001.00000003.1880994045.00000000057A6000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: Progman
Source: SteamSetup.tmp, 00000001.00000003.1880994045.00000000057A6000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: IsProgmanWindow

Source: C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior

Source: C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 Windows Service	1 Windows Service	1 Masquerading	OS Credential Dumping	1 Query Registry	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Scheduled Task/Job	1 Scheduled Task/Job	2 Process Injection	2 Virtualization/Sandbox Evasion	LSASS Memory	11 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	1 Registry Run Keys / Startup Folder	1 Scheduled Task/Job	1 Disable or Modify Tools	Security Account Manager	2 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Ingress Tool Transfer	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	1 DLL Side-Loading	1 Registry Run Keys / Startup Folder	2 Process Injection	NTDS	2 Process Discovery	Distributed Component Object Model	Input Capture	2 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	1 DLL Side-Loading	1 Timestomp	LSA Secrets	1 Application Window Discovery	SSH	Keylogging	3 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	2 System Owner/User Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	Compile After Delivery	DCSync	1 File and Directory Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	Indicator Removal from Tools	Proc Filesystem	22 System Information Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
SteamSetup.exe	0%	ReversingLabs

Dropped Files

Source	Detection	Scanner
C:\Users\user\AppData\Local\Programs\SteamClient\Accessibility.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\D3DCompiler_47_cor3.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\DirectWriteForwarder.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\Microsoft.CSharp.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\Microsoft.DiaSymReader.Native.amd64.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\Microsoft.VisualBasic.Core.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\Microsoft.VisualBasic.Forms.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\Microsoft.VisualBasic.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\Microsoft.Win32.Primitives.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\Microsoft.Win32.Registry.AccessControl.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\Microsoft.Win32.Registry.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\Microsoft.Win32.SystemEvents.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\PenImc_cor3.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\PresentationCore.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\PresentationFramework-SystemCore.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\PresentationFramework-SystemData.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\PresentationFramework-SystemDrawing.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\PresentationFramework-SystemXml.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\PresentationFramework-SystemXmlLinq.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\PresentationFramework.Aero.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\PresentationFramework.Aero2.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\PresentationFramework.AeroLite.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\PresentationFramework.Classic.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\PresentationFramework.Luna.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\PresentationFramework.Royale.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\PresentationFramework.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\PresentationNative_cor3.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\PresentationUI.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\ReachFramework.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\SteamKit2.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\System.AppContext.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\System.Buffers.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\System.CodeDom.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\System.Collections.Concurrent.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\System.Collections.Immutable.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\System.Collections.NonGeneric.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\System.Collections.Specialized.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\System.Collections.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\System.ComponentModel.Annotations.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\System.ComponentModel.DataAnnotations.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\System.ComponentModel.EventBasedAsync.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\System.ComponentModel.Primitives.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\System.ComponentModel.TypeConverter.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\System.ComponentModel.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\System.Configuration.ConfigurationManager.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\System.Configuration.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\System.Console.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\System.Core.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\System.Data.Common.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\System.Data.DataSetExtensions.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\System.Data.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\System.Design.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\System.Diagnostics.Contracts.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\System.Diagnostics.Debug.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\System.Diagnostics.DiagnosticSource.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\System.Diagnostics.EventLog.Messages.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\System.Diagnostics.EventLog.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\System.Diagnostics.FileVersionInfo.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\System.Diagnostics.PerformanceCounter.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\System.Diagnostics.Process.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\System.Diagnostics.StackTrace.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\System.Diagnostics.TextWriterTraceListener.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\System.Diagnostics.Tools.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\System.Diagnostics.TraceSource.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\System.Diagnostics.Tracing.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\System.DirectoryServices.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\System.Drawing.Common.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\System.Drawing.Design.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\System.Drawing.Primitives.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\System.Drawing.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\System.Dynamic.Runtime.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\System.Formats.Asn1.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\System.Formats.Tar.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\System.Globalization.Calendars.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\System.Globalization.Extensions.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\System.Globalization.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\System.IO.Compression.Brotli.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\System.IO.Compression.FileSystem.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\System.IO.Compression.Native.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\System.IO.Compression.ZipFile.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\System.IO.Compression.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\System.IO.FileSystem.AccessControl.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\System.IO.FileSystem.DriveInfo.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\System.IO.FileSystem.Primitives.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\System.IO.FileSystem.Watcher.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\System.IO.FileSystem.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\System.IO.Hashing.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\System.IO.IsolatedStorage.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\System.IO.MemoryMappedFiles.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\System.IO.Packaging.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\SteamClient\System.IO.Pipes.AccessControl.dll (copy)	0%	ReversingLabs

Source	Detection	Scanner	Label
http://uri.etsi.org/01903/v1.2.2#SSOFTWARE	0%	Avira URL Cloud	safe
https://www.steam.com/Q6C	0%	Avira URL Cloud	safe
https://www.steam.com/Q9Q	0%	Avira URL Cloud	safe
http://uri.etsi.org/01903/v1.2.2#bhttp://uri.etsi.org/01903/v1.2.2#SignedProperties	0%	Avira URL Cloud	safe
https://www.steam.com/	0%	Avira URL Cloud	safe
http://uri.etsi.org/01903/v1.2.2#SignedProperties	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
cmp1-atl3.steamserver.net	162.254.199.165	true	false	high
api.steampowered.com	104.102.49.254	true	false	high
cmp2-iad1.steamserver.net	162.254.192.99	true	false	high
cmp1-dfw1.steamserver.net	155.133.253.36	true	false	high
cmp2-atl3.steamserver.net	162.254.199.184	true	false	high
cmp2-dfw1.steamserver.net	155.133.253.52	true	false	high
cmp1-iad1.steamserver.net	162.254.192.98	true	false	high
198.187.3.20.in-addr.arpa	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
https://cmp1-iad1.steamserver.net/cmsocket/	false	high
https://cmp2-dfw1.steamserver.net/cmsocket/	false	high
https://cmp2-iad1.steamserver.net/cmsocket/	false	high
https://cmp2-atl3.steamserver.net/cmsocket/	false	high
https://api.steampowered.com/ISteamDirectory/GetCMListForConnect/v1/?format=vdf&cellid=0	false	high
https://cmp1-dfw1.steamserver.net/cmsocket/	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://github.com/dotnet/runtime;	is-KSMQT.tmp.1.dr	false		high
https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU	SteamSetup.exe	false		high
https://www.steam.com/Q6C	SteamSetup.exe, 00000000.00000003.1903609511.0000000002433000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://aka.ms/dotnet/info	is-21558.tmp.1.dr	false		high
https://github.com/dotnet/wpf	SteamSetup.tmp, 00000001.00000003.1880994045.0000000005B6D000.00000004.00001000.00020000.00000000.sdmp, SteamSetup.tmp, 00000001.00000003.1880994045.00000000055F0000.00000004.00001000.00020000.00000000.sdmp, SteamSetup.tmp, 00000001.00000003.1880994045.00000000057A6000.00000004.00001000.00020000.00000000.sdmp, SteamSetup.tmp, 00000001.00000003.1880994045.0000000005620000.00000004.00001000.00020000.00000000.sdmp, is-0QI8B.tmp.1.dr	false		high
https://github.com/mono/linker/issues/1416.	is-U5CAB.tmp.1.dr	false		high
https://aka.ms/dotnet-core-applaunch?Architecture:	Steam2.exe, 00000003.00000000.1879341006.00007FF69F827000.00000002.00000001.01000000.00000009.sdmp	false		high
https://aka.ms/dotnet/app-launch-failed	Steam2.exe, 00000003.00000000.1879341006.00007FF69F827000.00000002.00000001.01000000.00000009.sdmp, is-21558.tmp.1.dr	false		high
http://uri.etsi.org/01903/v1.2.2#bhttp://uri.etsi.org/01903/v1.2.2#SignedProperties	SteamSetup.tmp, 00000001.00000003.1880994045.00000000057A6000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://aka.ms/dotnet/sdk-not-foundFailed	is-21558.tmp.1.dr	false		high
https://aka.ms/dotnet-core-applaunch?	Steam2.exe, 00000003.00000000.1879341006.00007FF69F827000.00000002.00000001.01000000.00000009.sdmp	false		high
https://github.com/dotnet/runtime0	is-JT9R1.tmp.1.dr	false		high
https://aka.ms/dotnet/downloadUsage:	is-21558.tmp.1.dr	false		high
https://github.com/dotnet/runtime	is-5A8TQ.tmp.1.dr, is-9VBVU.tmp.1.dr, is-3U4SF.tmp.1.dr, is-N6T5R.tmp.1.dr, is-SNOP4.tmp.1.dr, is-3DQQ4.tmp.1.dr, is-EVMTH.tmp.1.dr, is-2TVF9.tmp.1.dr, is-KSMQT.tmp.1.dr, is-LFOPB.tmp.1.dr, is-8Q6ES.tmp.1.dr, is-J5Q53.tmp.1.dr, is-8SOAE.tmp.1.dr, is-O2VS5.tmp.1.dr, is-C8Q0I.tmp.1.dr, is-S7M74.tmp.1.dr, is-7D57R.tmp.1.dr, is-SELO9.tmp.1.dr, is-U5CAB.tmp.1.dr, is-IU0LQ.tmp.1.dr, is-URA97.tmp.1.dr	false		high
https://github.com/dotnet/runtimer	is-J5Q53.tmp.1.dr	false		high
http://uri.etsi.org/01903/v1.2.2#SignedProperties	SteamSetup.tmp, 00000001.00000003.1880994045.00000000057A6000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/dotnet/runtimezX	SteamSetup.tmp, 00000001.00000003.1880994045.000000000576D000.00000004.00001000.00020000.00000000.sdmp	false		high
https://github.com/mono/linker/issues/1981	is-S7M74.tmp.1.dr	false		high
https://aka.ms/dotnet-core-applaunch?framework=&framework_version=missing_runtime=true&arch=&rid=&os	is-21558.tmp.1.dr	false		high
http://uri.etsi.org/01903/v1.2.2#SSOFTWARE	SteamSetup.tmp, 00000001.00000003.1880994045.00000000057A6000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://aka.ms/dotnet-warnings/	is-IU0LQ.tmp.1.dr	false		high
https://github.com/dotnet/winforms	SteamSetup.tmp, 00000001.00000003.1880994045.0000000005B6D000.00000004.00001000.00020000.00000000.sdmp, is-7IP4F.tmp.1.dr	false		high
https://github.com/dotnet/wpf4	SteamSetup.tmp, 00000001.00000003.1880994045.0000000005B6D000.00000004.00001000.00020000.00000000.sdmp, SteamSetup.tmp, 00000001.00000003.1880994045.00000000055F0000.00000004.00001000.00020000.00000000.sdmp, SteamSetup.tmp, 00000001.00000003.1880994045.00000000057A6000.00000004.00001000.00020000.00000000.sdmp, SteamSetup.tmp, 00000001.00000003.1880994045.0000000005620000.00000004.00001000.00020000.00000000.sdmp, is-0QI8B.tmp.1.dr	false		high
https://www.remobjects.com/ps	SteamSetup.exe, 00000000.00000003.1688166005.000000007FB50000.00000004.00001000.00020000.00000000.sdmp, SteamSetup.exe, 00000000.00000003.1687407738.0000000002690000.00000004.00001000.00020000.00000000.sdmp, SteamSetup.tmp, 00000001.00000000.1689708207.0000000000401000.00000020.00000001.01000000.00000004.sdmp, is-46PES.tmp.1.dr	false		high
https://github.com/mono/linker/issues/1906.	is-U5CAB.tmp.1.dr	false		high
https://aka.ms/serializationformat-binary-obsolete	is-EVMTH.tmp.1.dr, is-O2VS5.tmp.1.dr, is-S7M74.tmp.1.dr, is-SELO9.tmp.1.dr	false		high
https://www.innosetup.com/	SteamSetup.exe, 00000000.00000003.1688166005.000000007FB50000.00000004.00001000.00020000.00000000.sdmp, SteamSetup.exe, 00000000.00000003.1687407738.0000000002690000.00000004.00001000.00020000.00000000.sdmp, SteamSetup.tmp, 00000001.00000000.1689708207.0000000000401000.00000020.00000001.01000000.00000004.sdmp, is-46PES.tmp.1.dr	false		high
https://aka.ms/binaryformatter	is-EVMTH.tmp.1.dr, is-O2VS5.tmp.1.dr, is-SELO9.tmp.1.dr	false		high
https://github.com/dotnet/linker/issues/2715.	is-SNOP4.tmp.1.dr	false		high
https://github.com/dotnet/runtimeH	is-8SOAE.tmp.1.dr	false		high
https://aka.ms/dotnet/download	is-21558.tmp.1.dr	false		high
https://github.com/mono/linker/issues/1187	is-S7M74.tmp.1.dr	false		high
https://www.steam.com/	SteamSetup.tmp, 00000001.00000003.1692507487.00000000035B0000.00000004.00001000.00020000.00000000.sdmp, SteamSetup.tmp, 00000001.00000003.1887946566.000000000250C000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.steam.com/Q9Q	SteamSetup.tmp, 00000001.00000003.1887946566.000000000250C000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
162.254.199.165	cmp1-atl3.steamserver.net	United States	32590	VALVE-CORPORATIONUS	false
155.133.253.52	cmp2-dfw1.steamserver.net	Germany	32590	VALVE-CORPORATIONUS	false
162.254.199.184	cmp2-atl3.steamserver.net	United States	32590	VALVE-CORPORATIONUS	false
104.102.49.254	api.steampowered.com	United States	16625	AKAMAI-ASUS	false
155.133.253.36	cmp1-dfw1.steamserver.net	Germany	32590	VALVE-CORPORATIONUS	false
162.254.192.98	cmp1-iad1.steamserver.net	United States	32590	VALVE-CORPORATIONUS	false
162.254.192.99	cmp2-iad1.steamserver.net	United States	32590	VALVE-CORPORATIONUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1558928
Start date and time:	2024-11-19 23:59:11 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 8m 9s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	SteamSetup.exe
Detection:	SUS
Classification:	sus24.troj.winEXE@5/496@8/7
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: SteamSetup.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.102.49.254	http://gtm-cn-j4g3qqvf603.steamproxy1.com/	Get hash	malicious	Unknown	Browse	www.valvesoftware.com/legal.htm

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
api.steampowered.com	https://steamcommunlty-gifts.com/s/HRAB	Get hash	malicious	Unknown	Browse	104.102.49.254
	https://steamcommunity-success.com/gift-card/9376695162	Get hash	malicious	Unknown	Browse	104.102.49.254
	https://steamcommunlty-gifts.com/s/HRAB	Get hash	malicious	Unknown	Browse	104.102.49.254
	https://steamcommunlty-gifts.com/s/HRAB	Get hash	malicious	Unknown	Browse	104.102.49.254
	https://sneamcomnnumnlty.com/h474823487284/geting/active	Get hash	malicious	Unknown	Browse	104.102.49.254
	https://sneamcomnnumnlty.com/f78493482943/geting/game	Get hash	malicious	Unknown	Browse	104.102.49.254
	https://sneamcomnnumnlty.com/hfjf748934924/geting/put	Get hash	malicious	Unknown	Browse	104.102.49.254
	https://sneamcomnnumnlty.com/jfh8893040282949023/here/put	Get hash	malicious	Unknown	Browse	104.102.49.254
	https://steamcommunrutty.com/gift/actlvation=Mor85Fhn6w4	Get hash	malicious	Unknown	Browse	104.102.49.254
	http://sneamcomnnumnlty.com/fact/actual/get	Get hash	malicious	Unknown	Browse	92.122.104.90

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
VALVE-CORPORATIONUS	IWnUKXop2x.elf	Get hash	malicious	Mirai, Okiru	Browse	103.28.54.20
	mirai.arm7.elf	Get hash	malicious	Mirai	Browse	162.254.195.132
	SecuriteInfo.com.Linux.Siggen.9999.16484.11734	Get hash	malicious	Unknown	Browse	155.133.238.98
	zZMmONZWnO.dll	Get hash	malicious	Wannacry	Browse	155.133.248.7
	SteamSetup.exe	Get hash	malicious	Unknown	Browse	205.196.6.229
	steam.exe	Get hash	malicious	Unknown	Browse	205.196.6.226
VALVE-CORPORATIONUS	IWnUKXop2x.elf	Get hash	malicious	Mirai, Okiru	Browse	103.28.54.20
	mirai.arm7.elf	Get hash	malicious	Mirai	Browse	162.254.195.132
	SecuriteInfo.com.Linux.Siggen.9999.16484.11734	Get hash	malicious	Unknown	Browse	155.133.238.98
	zZMmONZWnO.dll	Get hash	malicious	Wannacry	Browse	155.133.248.7
	SteamSetup.exe	Get hash	malicious	Unknown	Browse	205.196.6.229
	steam.exe	Get hash	malicious	Unknown	Browse	205.196.6.226
AKAMAI-ASUS	QuarantineMessage.zip	Get hash	malicious	Unknown	Browse	23.217.172.185
	Benefit Enrollment -wZ5nusm.pdf	Get hash	malicious	Unknown	Browse	23.203.104.175
	Customer forms.pdf	Get hash	malicious	Unknown	Browse	104.78.188.188
	Benefit Enrollment -eGz8VNb.pdf	Get hash	malicious	Unknown	Browse	23.203.104.175
	Integration.pdf www.skype.com.lnk	Get hash	malicious	Unknown	Browse	96.17.64.171
	b.pdf	Get hash	malicious	Unknown	Browse	23.217.172.185
	https://www.bing.com/ck/a?!&&p=5ceef533778c3decJmltdHM9MTcyMzQyMDgwMCZpZ3VpZD0zNjRmNjVlOC1lNTZjLTYxOWQtMTI1Ny03MTNlZTQyYTYwMTImaW5zaWQ9NTE0MA&ptn=3&ver=2&hsh=3&fclid=364f65e8-e56c-619d-1257-713ee42a6012&u=a1aHR0cHM6Ly9sZXhpbnZhcmlhbnQuY29tLw#aHR0cHM6Ly9HMTAuZHpwdndvYnIucnUvdkd5c2dQdC8=	Get hash	malicious	Unknown	Browse	92.122.18.57
	file.exe	Get hash	malicious	LummaC, Amadey, Stealc, Vidar	Browse	23.200.88.15
	https://nam.dcv.ms/WLtyQ3priB	Get hash	malicious	HTMLPhisher	Browse	2.18.121.138
	V6QED2Q1WBYVOPE	Get hash	malicious	Unknown	Browse	23.195.93.152
VALVE-CORPORATIONUS	IWnUKXop2x.elf	Get hash	malicious	Mirai, Okiru	Browse	103.28.54.20
	mirai.arm7.elf	Get hash	malicious	Mirai	Browse	162.254.195.132
	SecuriteInfo.com.Linux.Siggen.9999.16484.11734	Get hash	malicious	Unknown	Browse	155.133.238.98
	zZMmONZWnO.dll	Get hash	malicious	Wannacry	Browse	155.133.248.7
	SteamSetup.exe	Get hash	malicious	Unknown	Browse	205.196.6.229
	steam.exe	Get hash	malicious	Unknown	Browse	205.196.6.226

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
3b5074b1b5d032e5620f69f9f700ff0e	https://s.id/sharedocument	Get hash	malicious	Unknown	Browse	155.133.253.52 162.254.199.184 104.102.49.254 155.133.253.36 162.254.192.98 162.254.192.99
	https://trackru.top/us	Get hash	malicious	Unknown	Browse	155.133.253.52 162.254.199.184 104.102.49.254 155.133.253.36 162.254.192.98 162.254.192.99
	https://www.google.ie/url?q=queryy8px(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3D&sa=t&url=amp%2ftranscabrera.com%2fyaya%2f37w6telbuncxaji5ywvxeooxd1ok88ou67nhi/bWFyay5tY2tlbnppZUBtYWdlbGxhbmxwLmNvbQ==$?	Get hash	malicious	HTMLPhisher	Browse	155.133.253.52 162.254.199.184 104.102.49.254 155.133.253.36 162.254.192.98 162.254.192.99
	https://s.id/nelsi	Get hash	malicious	HTMLPhisher	Browse	155.133.253.52 162.254.199.184 104.102.49.254 155.133.253.36 162.254.192.98 162.254.192.99
	https://www.google.ie/url?q=querymmjx(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3D&sa=t&url=amp%2fsafrareal.com.br%2fyoya%2fgrcbea7q6lbvpmruhnx3bojhvb2k6ojxdnvuw/Y3doaXRlQHdvcmxkZHJ5ZXIuY29t$?	Get hash	malicious	Unknown	Browse	155.133.253.52 162.254.199.184 104.102.49.254 155.133.253.36 162.254.192.98 162.254.192.99
	https://ledger-checks.s3.us-east-1.amazonaws.com/index.html	Get hash	malicious	Unknown	Browse	155.133.253.52 162.254.199.184 104.102.49.254 155.133.253.36 162.254.192.98 162.254.192.99
	https://t.ly/9nPyg	Get hash	malicious	Unknown	Browse	155.133.253.52 162.254.199.184 104.102.49.254 155.133.253.36 162.254.192.98 162.254.192.99
	Nota1893.exe	Get hash	malicious	Unknown	Browse	155.133.253.52 162.254.199.184 104.102.49.254 155.133.253.36 162.254.192.98 162.254.192.99
	Requerimento.exe	Get hash	malicious	Unknown	Browse	155.133.253.52 162.254.199.184 104.102.49.254 155.133.253.36 162.254.192.98 162.254.192.99
	Nota1893.exe	Get hash	malicious	Unknown	Browse	155.133.253.52 162.254.199.184 104.102.49.254 155.133.253.36 162.254.192.98 162.254.192.99

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Local\Programs\SteamClient\D3DCompiler_47_cor3.dll (copy)	https://investors.spotify.com.sg.misteri.us.kg/	Get hash	malicious	Unknown	Browse
	SecuriteInfo.com.FileRepMalware.32268.950.exe	Get hash	malicious	Unknown	Browse
	https://wavebrowser.co/	Get hash	malicious	Unknown	Browse
	https://github.com/GPSBabel/gpsbabel/releases/download/Continuous-Windows/GPSBabel-20240815T1150Z-e9b2084-Setup.exe	Get hash	malicious	Unknown	Browse
	https://viture.com/windows	Get hash	malicious	Unknown	Browse
	https://www.plexim.com/sites/default/files/packages/plecs-standalone-4-8-4_win64.exe	Get hash	malicious	Unknown	Browse
	YoutubePlaylistDownloader.exe	Get hash	malicious	Unknown	Browse
	https://developers.yubico.com/yubikey-manager-qt/Releases/yubikey-manager-qt-1.2.6-win64.exe	Get hash	malicious	Unknown	Browse

Process:	C:\Users\user\AppData\Local\Temp\is-CVTB5.tmp\SteamSetup.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	21168
Entropy (8bit):	6.542009642868284
Encrypted:	false
SSDEEP:	384:KBmy0h6gSGR5OcHivWt/WbX6HRN7KtHNsAR9zF0H:bSyOcHLgWwts89zmH
MD5:	3A293D421E4A853F569C2E7B5BF27775
SHA1:	64BE26396D3569E2A32FFE25A3A5B3F30D8EB67C
SHA-256:	F59C6ACF3ABA059DAD7414BA0046E0EA0646FA54036827C2A611CE8843232463
SHA-512:	8D9636E69105DCF5B3A5A07191E7C993A5A49B64869A9D2E8801FA31ACC1778C53E850E1286B0CD45F1111D8CC54CC8409C4C493B0601C68B92C980661AF4C30
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f...........!..... ...........?... ...@....... ..............................ld....@..................................>..O....@..................(...`....................................................... ............... ..H............text........ ... .................. ..`.rsrc........@......."..............@..@.reloc.......`.......(..............@..B.................>......H........ ......................P ......................................H!j.......8M..{.c....BD.l.....EVt.RL..*.8.c...Q...w....2..E..W...U..c..m..d&GA.,..rND...I>.v.......Ea...r..2..]..&.Fk.!...sTBSJB............v4.0.30319......l...,...#~..........#Strings............#US. .......#GUID...0.......#Blob...........W.........%3........!...........7...................t...3..................................... ...............^.?...y.r...........?...............-.....D.....d.....

Process:	C:\Users\user\Desktop\SteamSetup.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3132416
Entropy (8bit):	6.38838830778387
Encrypted:	false
SSDEEP:	49152:9WGtLBcXqFpBR6SVb8kq4pgquLMMji4NYxtJpkxhGjIHTbd333sr:ntLutqgwh4NYxtJpkxhGq333Q
MD5:	5338593C8A3654FEF48E3EFD7FBBE890
SHA1:	6B301281F7ED992E22FEDBF962314EDCEE4560CD
SHA-256:	A29E2A4B87D32A4949C359D321B3B3EBB9D471AE5380500A5725BCE414158760
SHA-512:	56CB89B9C51010C5EE73A4DA935FDBD75EE93AFACB5681CD9648F9523339D3D2E151DE35976974FDA58874A0C5247A3251A5BD8428FD2435B07BF8E45D4035E4
Malicious:	false
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......c.................L,..\|......hf,......p,...@...........................0...........@......@....................-.......-..9...................................................................................-.......-......................text.... ,......",................. ..`.itext...(...@,.....&,............. ..`.data...X....p,......P,.............@....bss.....y....-..........................idata...9....-..:....,.............@....didata.......-.......-.............@....edata........-......-.............@..@.tls....L.....-..........................rdata..]............,-.............@..@.rsrc.................-.............@..@..............1.......0.............@..@........................................................

Entrypoint:	0x4b5eec
Entrypoint Section:	.itext
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x63ECF218 [Wed Feb 15 14:54:16 2023 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	1
File Version Major:	6
File Version Minor:	1
Subsystem Version Major:	6
Subsystem Version Minor:	1
Import Hash:	e569e6f445d32ba23766ad67d1e3787f

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0xc4000	0x9a	.edata
IMAGE_DIRECTORY_ENTRY_IMPORT	0xc2000	0xfdc	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xc7000	0x8110	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0xc6000	0x18	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0xc22f4	0x254	.idata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0xc3000	0x1a4	.didata
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0xb39e4	0xb3a00	43af0a9476ca224d8e8461f1e22c94da	False	0.34525867693110646	data	6.357635049994181	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.itext	0xb5000	0x1688	0x1800	185e04b9a1f554e31f7f848515dc890c	False	0.54443359375	data	5.971425428435973	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.data	0xb7000	0x37a4	0x3800	cab2107c933b696aa5cf0cc6c3fd3980	False	0.36097935267857145	data	5.048648594372454	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.bss	0xbb000	0x6de8	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0xc2000	0xfdc	0x1000	e7d1635e2624b124cfdce6c360ac21cd	False	0.3798828125	data	5.029087481102678	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.didata	0xc3000	0x1a4	0x200	8ced971d8a7705c98b173e255d8c9aa7	False	0.345703125	data	2.7509822285969876	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.edata	0xc4000	0x9a	0x200	8d4e1e508031afe235bf121c80fd7d5f	False	0.2578125	data	1.877162954504408	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.tls	0xc5000	0x18	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rdata	0xc6000	0x5d	0x200	8f2f090acd9622c88a6a852e72f94e96	False	0.189453125	data	1.3838943752217987	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0xc7000	0x8110	0x8200	525899abf62de326bf7945b6f12f7e0e	False	0.7301081730769231	data	7.001913398079108	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0xc7438	0x4d2e	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	English	United States	1.0008097985626077
RT_STRING	0xcc168	0x360	data			0.34375
RT_STRING	0xcc4c8	0x260	data			0.3256578947368421
RT_STRING	0xcc728	0x45c	data			0.4068100358422939
RT_STRING	0xccb84	0x40c	data			0.3754826254826255
RT_STRING	0xccf90	0x2d4	data			0.39226519337016574
RT_STRING	0xcd264	0xb8	data			0.6467391304347826
RT_STRING	0xcd31c	0x9c	data			0.6410256410256411
RT_STRING	0xcd3b8	0x374	data			0.4230769230769231
RT_STRING	0xcd72c	0x398	data			0.3358695652173913
RT_STRING	0xcdac4	0x368	data			0.3795871559633027
RT_STRING	0xcde2c	0x2a4	data			0.4275147928994083
RT_RCDATA	0xce0d0	0x10	data			1.5
RT_RCDATA	0xce0e0	0x2c4	data			0.6384180790960452
RT_RCDATA	0xce3a4	0x2c	data			1.1818181818181819
RT_GROUP_ICON	0xce3d0	0x14	data	English	United States	1.2
RT_VERSION	0xce3e4	0x584	data	English	United States	0.2563739376770538
RT_MANIFEST	0xce968	0x7a8	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.3377551020408163

DLL	Import
kernel32.dll	GetACP, GetExitCodeProcess, LocalFree, CloseHandle, SizeofResource, VirtualProtect, VirtualFree, GetFullPathNameW, ExitProcess, HeapAlloc, GetCPInfoExW, RtlUnwind, GetCPInfo, GetStdHandle, GetModuleHandleW, FreeLibrary, HeapDestroy, ReadFile, CreateProcessW, GetLastError, GetModuleFileNameW, SetLastError, FindResourceW, CreateThread, CompareStringW, LoadLibraryA, ResetEvent, GetVersion, RaiseException, FormatMessageW, SwitchToThread, GetExitCodeThread, GetCurrentThread, LoadLibraryExW, LockResource, GetCurrentThreadId, UnhandledExceptionFilter, VirtualQuery, VirtualQueryEx, Sleep, EnterCriticalSection, SetFilePointer, LoadResource, SuspendThread, GetTickCount, GetFileSize, GetStartupInfoW, GetFileAttributesW, InitializeCriticalSection, GetSystemWindowsDirectoryW, GetThreadPriority, SetThreadPriority, GetCurrentProcess, VirtualAlloc, GetSystemInfo, GetCommandLineW, LeaveCriticalSection, GetProcAddress, ResumeThread, GetVersionExW, VerifyVersionInfoW, HeapCreate, GetWindowsDirectoryW, VerSetConditionMask, GetDiskFreeSpaceW, FindFirstFileW, GetUserDefaultUILanguage, lstrlenW, QueryPerformanceCounter, SetEndOfFile, HeapFree, WideCharToMultiByte, FindClose, MultiByteToWideChar, LoadLibraryW, SetEvent, CreateFileW, GetLocaleInfoW, GetSystemDirectoryW, DeleteFileW, GetLocalTime, GetEnvironmentVariableW, WaitForSingleObject, WriteFile, ExitThread, DeleteCriticalSection, TlsGetValue, GetDateFormatW, SetErrorMode, IsValidLocale, TlsSetValue, CreateDirectoryW, GetSystemDefaultUILanguage, EnumCalendarInfoW, LocalAlloc, GetUserDefaultLangID, RemoveDirectoryW, CreateEventW, SetThreadLocale, GetThreadLocale
comctl32.dll	InitCommonControls
version.dll	GetFileVersionInfoSizeW, VerQueryValueW, GetFileVersionInfoW
user32.dll	CreateWindowExW, TranslateMessage, CharLowerBuffW, CallWindowProcW, CharUpperW, PeekMessageW, GetSystemMetrics, SetWindowLongW, MessageBoxW, DestroyWindow, CharUpperBuffW, CharNextW, MsgWaitForMultipleObjects, LoadStringW, ExitWindowsEx, DispatchMessageW
oleaut32.dll	SysAllocStringLen, SafeArrayPtrOfIndex, VariantCopy, SafeArrayGetLBound, SafeArrayGetUBound, VariantInit, VariantClear, SysFreeString, SysReAllocStringLen, VariantChangeType, SafeArrayCreate
netapi32.dll	NetWkstaGetInfo, NetApiBufferFree
advapi32.dll	ConvertStringSecurityDescriptorToSecurityDescriptorW, RegQueryValueExW, AdjustTokenPrivileges, GetTokenInformation, ConvertSidToStringSidW, LookupPrivilegeValueW, RegCloseKey, OpenProcessToken, RegOpenKeyExW

Name	Ordinal	Address
TMethodImplementationIntercept	3	0x4541a8
__dbk_fcall_wrapper	2	0x40d0a0
dbkFCallWrapperAddr	1	0x4be63c

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 20, 2024 00:00:47.131558895 CET	52303	443	192.168.2.4	104.102.49.254
Nov 20, 2024 00:00:47.131654978 CET	443	52303	104.102.49.254	192.168.2.4
Nov 20, 2024 00:00:47.131746054 CET	52303	443	192.168.2.4	104.102.49.254
Nov 20, 2024 00:00:47.147532940 CET	52303	443	192.168.2.4	104.102.49.254
Nov 20, 2024 00:00:47.147573948 CET	443	52303	104.102.49.254	192.168.2.4
Nov 20, 2024 00:00:48.118535995 CET	443	52303	104.102.49.254	192.168.2.4
Nov 20, 2024 00:00:48.118649006 CET	52303	443	192.168.2.4	104.102.49.254
Nov 20, 2024 00:00:48.121434927 CET	52303	443	192.168.2.4	104.102.49.254
Nov 20, 2024 00:00:48.121463060 CET	443	52303	104.102.49.254	192.168.2.4
Nov 20, 2024 00:00:48.121809959 CET	443	52303	104.102.49.254	192.168.2.4
Nov 20, 2024 00:00:48.170052052 CET	52303	443	192.168.2.4	104.102.49.254
Nov 20, 2024 00:00:48.173839092 CET	52303	443	192.168.2.4	104.102.49.254
Nov 20, 2024 00:00:48.215329885 CET	443	52303	104.102.49.254	192.168.2.4
Nov 20, 2024 00:00:48.672684908 CET	443	52303	104.102.49.254	192.168.2.4
Nov 20, 2024 00:00:48.672741890 CET	443	52303	104.102.49.254	192.168.2.4
Nov 20, 2024 00:00:48.672764063 CET	443	52303	104.102.49.254	192.168.2.4
Nov 20, 2024 00:00:48.672802925 CET	443	52303	104.102.49.254	192.168.2.4
Nov 20, 2024 00:00:48.672822952 CET	52303	443	192.168.2.4	104.102.49.254
Nov 20, 2024 00:00:48.672851086 CET	443	52303	104.102.49.254	192.168.2.4
Nov 20, 2024 00:00:48.672926903 CET	443	52303	104.102.49.254	192.168.2.4
Nov 20, 2024 00:00:48.672992945 CET	52303	443	192.168.2.4	104.102.49.254
Nov 20, 2024 00:00:48.672992945 CET	52303	443	192.168.2.4	104.102.49.254
Nov 20, 2024 00:00:48.672992945 CET	52303	443	192.168.2.4	104.102.49.254
Nov 20, 2024 00:00:48.672992945 CET	52303	443	192.168.2.4	104.102.49.254
Nov 20, 2024 00:00:48.808943987 CET	443	52303	104.102.49.254	192.168.2.4
Nov 20, 2024 00:00:48.808993101 CET	443	52303	104.102.49.254	192.168.2.4
Nov 20, 2024 00:00:48.809056997 CET	52303	443	192.168.2.4	104.102.49.254
Nov 20, 2024 00:00:48.809092045 CET	443	52303	104.102.49.254	192.168.2.4
Nov 20, 2024 00:00:48.809122086 CET	443	52303	104.102.49.254	192.168.2.4
Nov 20, 2024 00:00:48.809123993 CET	52303	443	192.168.2.4	104.102.49.254
Nov 20, 2024 00:00:48.809144020 CET	52303	443	192.168.2.4	104.102.49.254
Nov 20, 2024 00:00:48.809159040 CET	443	52303	104.102.49.254	192.168.2.4
Nov 20, 2024 00:00:48.809189081 CET	52303	443	192.168.2.4	104.102.49.254
Nov 20, 2024 00:00:48.809346914 CET	443	52303	104.102.49.254	192.168.2.4
Nov 20, 2024 00:00:48.809407949 CET	52303	443	192.168.2.4	104.102.49.254
Nov 20, 2024 00:00:48.810534000 CET	52303	443	192.168.2.4	104.102.49.254
Nov 20, 2024 00:00:48.810563087 CET	443	52303	104.102.49.254	192.168.2.4
Nov 20, 2024 00:00:48.847487926 CET	52304	27018	192.168.2.4	162.254.199.165
Nov 20, 2024 00:00:48.852912903 CET	27018	52304	162.254.199.165	192.168.2.4
Nov 20, 2024 00:00:48.853033066 CET	52304	27018	192.168.2.4	162.254.199.165
Nov 20, 2024 00:00:48.853681087 CET	52304	27018	192.168.2.4	162.254.199.165
Nov 20, 2024 00:00:48.858644962 CET	27018	52304	162.254.199.165	192.168.2.4
Nov 20, 2024 00:00:49.374578953 CET	27018	52304	162.254.199.165	192.168.2.4
Nov 20, 2024 00:00:49.374643087 CET	27018	52304	162.254.199.165	192.168.2.4
Nov 20, 2024 00:00:49.374705076 CET	52304	27018	192.168.2.4	162.254.199.165
Nov 20, 2024 00:00:49.403095007 CET	52304	27018	192.168.2.4	162.254.199.165
Nov 20, 2024 00:00:49.408312082 CET	27018	52304	162.254.199.165	192.168.2.4
Nov 20, 2024 00:00:49.522701025 CET	27018	52304	162.254.199.165	192.168.2.4
Nov 20, 2024 00:00:49.525916100 CET	52304	27018	192.168.2.4	162.254.199.165
Nov 20, 2024 00:00:49.530992031 CET	27018	52304	162.254.199.165	192.168.2.4
Nov 20, 2024 00:00:49.646600962 CET	27018	52304	162.254.199.165	192.168.2.4
Nov 20, 2024 00:00:49.701189041 CET	52304	27018	192.168.2.4	162.254.199.165
Nov 20, 2024 00:00:49.808345079 CET	52304	27018	192.168.2.4	162.254.199.165
Nov 20, 2024 00:00:49.813353062 CET	27018	52304	162.254.199.165	192.168.2.4
Nov 20, 2024 00:01:19.655226946 CET	52304	27018	192.168.2.4	162.254.199.165
Nov 20, 2024 00:01:19.660191059 CET	27018	52304	162.254.199.165	192.168.2.4
Nov 20, 2024 00:01:49.654841900 CET	52304	27018	192.168.2.4	162.254.199.165
Nov 20, 2024 00:01:49.659823895 CET	27018	52304	162.254.199.165	192.168.2.4
Nov 20, 2024 00:01:56.929836035 CET	27018	52304	162.254.199.165	192.168.2.4
Nov 20, 2024 00:01:56.982707977 CET	52304	27018	192.168.2.4	162.254.199.165
Nov 20, 2024 00:01:57.025258064 CET	27018	52304	162.254.199.165	192.168.2.4
Nov 20, 2024 00:01:57.026236057 CET	52304	27018	192.168.2.4	162.254.199.165
Nov 20, 2024 00:01:57.031572104 CET	27018	52304	162.254.199.165	192.168.2.4
Nov 20, 2024 00:01:57.031666040 CET	52304	27018	192.168.2.4	162.254.199.165
Nov 20, 2024 00:01:57.634166002 CET	52571	443	192.168.2.4	162.254.199.184
Nov 20, 2024 00:01:57.634243011 CET	52572	443	192.168.2.4	162.254.199.184
Nov 20, 2024 00:01:57.634259939 CET	443	52571	162.254.199.184	192.168.2.4
Nov 20, 2024 00:01:57.634330034 CET	443	52572	162.254.199.184	192.168.2.4
Nov 20, 2024 00:01:57.634345055 CET	52571	443	192.168.2.4	162.254.199.184
Nov 20, 2024 00:01:57.634404898 CET	52572	443	192.168.2.4	162.254.199.184
Nov 20, 2024 00:01:57.634759903 CET	52571	443	192.168.2.4	162.254.199.184
Nov 20, 2024 00:01:57.634795904 CET	443	52571	162.254.199.184	192.168.2.4
Nov 20, 2024 00:01:57.634906054 CET	52572	443	192.168.2.4	162.254.199.184
Nov 20, 2024 00:01:57.634990931 CET	443	52572	162.254.199.184	192.168.2.4
Nov 20, 2024 00:01:58.168752909 CET	443	52571	162.254.199.184	192.168.2.4
Nov 20, 2024 00:01:58.168864965 CET	52571	443	192.168.2.4	162.254.199.184
Nov 20, 2024 00:01:58.169686079 CET	443	52572	162.254.199.184	192.168.2.4
Nov 20, 2024 00:01:58.169780970 CET	52572	443	192.168.2.4	162.254.199.184
Nov 20, 2024 00:01:58.171658039 CET	52572	443	192.168.2.4	162.254.199.184
Nov 20, 2024 00:01:58.171685934 CET	443	52572	162.254.199.184	192.168.2.4
Nov 20, 2024 00:01:58.172102928 CET	443	52572	162.254.199.184	192.168.2.4
Nov 20, 2024 00:01:58.172655106 CET	52571	443	192.168.2.4	162.254.199.184
Nov 20, 2024 00:01:58.172678947 CET	443	52571	162.254.199.184	192.168.2.4
Nov 20, 2024 00:01:58.173089027 CET	443	52571	162.254.199.184	192.168.2.4
Nov 20, 2024 00:01:58.180280924 CET	52572	443	192.168.2.4	162.254.199.184
Nov 20, 2024 00:01:58.223407030 CET	443	52572	162.254.199.184	192.168.2.4
Nov 20, 2024 00:01:58.225435019 CET	52571	443	192.168.2.4	162.254.199.184
Nov 20, 2024 00:01:58.298475981 CET	443	52572	162.254.199.184	192.168.2.4
Nov 20, 2024 00:01:58.298755884 CET	443	52572	162.254.199.184	192.168.2.4
Nov 20, 2024 00:01:58.298851013 CET	52572	443	192.168.2.4	162.254.199.184
Nov 20, 2024 00:01:58.303662062 CET	52572	443	192.168.2.4	162.254.199.184
Nov 20, 2024 00:01:58.303726912 CET	443	52572	162.254.199.184	192.168.2.4
Nov 20, 2024 00:01:58.811469078 CET	52573	443	192.168.2.4	155.133.253.36
Nov 20, 2024 00:01:58.811553955 CET	443	52573	155.133.253.36	192.168.2.4
Nov 20, 2024 00:01:58.811650991 CET	52573	443	192.168.2.4	155.133.253.36
Nov 20, 2024 00:01:58.874392033 CET	52573	443	192.168.2.4	155.133.253.36
Nov 20, 2024 00:01:58.874465942 CET	443	52573	155.133.253.36	192.168.2.4
Nov 20, 2024 00:01:59.458574057 CET	443	52573	155.133.253.36	192.168.2.4
Nov 20, 2024 00:01:59.458803892 CET	52573	443	192.168.2.4	155.133.253.36
Nov 20, 2024 00:01:59.463901043 CET	52573	443	192.168.2.4	155.133.253.36
Nov 20, 2024 00:01:59.463984013 CET	443	52573	155.133.253.36	192.168.2.4
Nov 20, 2024 00:01:59.464386940 CET	443	52573	155.133.253.36	192.168.2.4
Nov 20, 2024 00:01:59.466114998 CET	52573	443	192.168.2.4	155.133.253.36
Nov 20, 2024 00:01:59.511328936 CET	443	52573	155.133.253.36	192.168.2.4
Nov 20, 2024 00:01:59.625757933 CET	443	52573	155.133.253.36	192.168.2.4
Nov 20, 2024 00:01:59.625942945 CET	443	52573	155.133.253.36	192.168.2.4
Nov 20, 2024 00:01:59.626013041 CET	52573	443	192.168.2.4	155.133.253.36
Nov 20, 2024 00:01:59.626540899 CET	52573	443	192.168.2.4	155.133.253.36
Nov 20, 2024 00:01:59.626605988 CET	443	52573	155.133.253.36	192.168.2.4
Nov 20, 2024 00:02:06.148220062 CET	52574	443	192.168.2.4	162.254.192.98
Nov 20, 2024 00:02:06.148293972 CET	443	52574	162.254.192.98	192.168.2.4
Nov 20, 2024 00:02:06.148390055 CET	52574	443	192.168.2.4	162.254.192.98
Nov 20, 2024 00:02:06.148798943 CET	52574	443	192.168.2.4	162.254.192.98
Nov 20, 2024 00:02:06.148832083 CET	443	52574	162.254.192.98	192.168.2.4
Nov 20, 2024 00:02:06.645148993 CET	443	52574	162.254.192.98	192.168.2.4
Nov 20, 2024 00:02:06.645236969 CET	52574	443	192.168.2.4	162.254.192.98
Nov 20, 2024 00:02:06.646812916 CET	52574	443	192.168.2.4	162.254.192.98
Nov 20, 2024 00:02:06.646842003 CET	443	52574	162.254.192.98	192.168.2.4
Nov 20, 2024 00:02:06.647370100 CET	443	52574	162.254.192.98	192.168.2.4
Nov 20, 2024 00:02:06.648904085 CET	52574	443	192.168.2.4	162.254.192.98
Nov 20, 2024 00:02:06.695427895 CET	443	52574	162.254.192.98	192.168.2.4
Nov 20, 2024 00:02:06.754694939 CET	443	52574	162.254.192.98	192.168.2.4
Nov 20, 2024 00:02:06.754762888 CET	443	52574	162.254.192.98	192.168.2.4
Nov 20, 2024 00:02:06.754882097 CET	52574	443	192.168.2.4	162.254.192.98
Nov 20, 2024 00:02:06.755441904 CET	52574	443	192.168.2.4	162.254.192.98
Nov 20, 2024 00:02:06.755502939 CET	443	52574	162.254.192.98	192.168.2.4
Nov 20, 2024 00:02:07.164402008 CET	52575	443	192.168.2.4	162.254.192.99
Nov 20, 2024 00:02:07.164488077 CET	443	52575	162.254.192.99	192.168.2.4
Nov 20, 2024 00:02:07.164578915 CET	52575	443	192.168.2.4	162.254.192.99
Nov 20, 2024 00:02:07.164943933 CET	52575	443	192.168.2.4	162.254.192.99
Nov 20, 2024 00:02:07.164974928 CET	443	52575	162.254.192.99	192.168.2.4
Nov 20, 2024 00:02:07.668412924 CET	443	52575	162.254.192.99	192.168.2.4
Nov 20, 2024 00:02:07.668500900 CET	52575	443	192.168.2.4	162.254.192.99
Nov 20, 2024 00:02:07.670002937 CET	52575	443	192.168.2.4	162.254.192.99
Nov 20, 2024 00:02:07.670047045 CET	443	52575	162.254.192.99	192.168.2.4
Nov 20, 2024 00:02:07.670543909 CET	443	52575	162.254.192.99	192.168.2.4
Nov 20, 2024 00:02:07.673654079 CET	52575	443	192.168.2.4	162.254.192.99
Nov 20, 2024 00:02:07.719322920 CET	443	52575	162.254.192.99	192.168.2.4
Nov 20, 2024 00:02:07.780056953 CET	443	52575	162.254.192.99	192.168.2.4
Nov 20, 2024 00:02:07.780200005 CET	443	52575	162.254.192.99	192.168.2.4
Nov 20, 2024 00:02:07.780497074 CET	52575	443	192.168.2.4	162.254.192.99
Nov 20, 2024 00:02:07.780916929 CET	52575	443	192.168.2.4	162.254.192.99
Nov 20, 2024 00:02:07.780952930 CET	443	52575	162.254.192.99	192.168.2.4
Nov 20, 2024 00:02:10.212136984 CET	52576	443	192.168.2.4	155.133.253.52
Nov 20, 2024 00:02:10.212224007 CET	443	52576	155.133.253.52	192.168.2.4
Nov 20, 2024 00:02:10.212318897 CET	52576	443	192.168.2.4	155.133.253.52
Nov 20, 2024 00:02:10.212764978 CET	52576	443	192.168.2.4	155.133.253.52
Nov 20, 2024 00:02:10.212846041 CET	443	52576	155.133.253.52	192.168.2.4
Nov 20, 2024 00:02:10.768913031 CET	443	52576	155.133.253.52	192.168.2.4
Nov 20, 2024 00:02:10.769073009 CET	52576	443	192.168.2.4	155.133.253.52
Nov 20, 2024 00:02:10.770371914 CET	52576	443	192.168.2.4	155.133.253.52
Nov 20, 2024 00:02:10.770426989 CET	443	52576	155.133.253.52	192.168.2.4
Nov 20, 2024 00:02:10.770973921 CET	443	52576	155.133.253.52	192.168.2.4
Nov 20, 2024 00:02:10.771823883 CET	52576	443	192.168.2.4	155.133.253.52
Nov 20, 2024 00:02:10.815408945 CET	443	52576	155.133.253.52	192.168.2.4
Nov 20, 2024 00:02:10.932045937 CET	443	52576	155.133.253.52	192.168.2.4
Nov 20, 2024 00:02:10.932267904 CET	443	52576	155.133.253.52	192.168.2.4
Nov 20, 2024 00:02:10.932465076 CET	52576	443	192.168.2.4	155.133.253.52
Nov 20, 2024 00:02:10.932548046 CET	52576	443	192.168.2.4	155.133.253.52
Nov 20, 2024 00:02:10.932585955 CET	443	52576	155.133.253.52	192.168.2.4

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 20, 2024 00:00:37.443185091 CET	53	61292	162.159.36.2	192.168.2.4
Nov 20, 2024 00:00:37.919338942 CET	65049	53	192.168.2.4	1.1.1.1
Nov 20, 2024 00:00:37.926680088 CET	53	65049	1.1.1.1	192.168.2.4
Nov 20, 2024 00:00:47.118854046 CET	58043	53	192.168.2.4	1.1.1.1
Nov 20, 2024 00:00:47.126313925 CET	53	58043	1.1.1.1	192.168.2.4
Nov 20, 2024 00:00:48.837941885 CET	50383	53	192.168.2.4	1.1.1.1
Nov 20, 2024 00:00:48.846267939 CET	53	50383	1.1.1.1	192.168.2.4
Nov 20, 2024 00:01:57.625673056 CET	60246	53	192.168.2.4	1.1.1.1
Nov 20, 2024 00:01:57.633006096 CET	53	60246	1.1.1.1	192.168.2.4
Nov 20, 2024 00:01:58.744932890 CET	60048	53	192.168.2.4	1.1.1.1
Nov 20, 2024 00:01:58.752301931 CET	53	60048	1.1.1.1	192.168.2.4
Nov 20, 2024 00:02:06.140228033 CET	55888	53	192.168.2.4	1.1.1.1
Nov 20, 2024 00:02:06.147452116 CET	53	55888	1.1.1.1	192.168.2.4
Nov 20, 2024 00:02:07.156227112 CET	56559	53	192.168.2.4	1.1.1.1
Nov 20, 2024 00:02:07.163667917 CET	53	56559	1.1.1.1	192.168.2.4
Nov 20, 2024 00:02:10.203949928 CET	65209	53	192.168.2.4	1.1.1.1
Nov 20, 2024 00:02:10.211467028 CET	53	65209	1.1.1.1	192.168.2.4

Timestamp	Bytes transferred	Direction	Data
2024-11-19 23:00:48 UTC	133	OUT	GET /ISteamDirectory/GetCMListForConnect/v1/?format=vdf&cellid=0 HTTP/1.1 Host: api.steampowered.com User-Agent: SteamKit/3.0.0
2024-11-19 23:00:48 UTC	226	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/vdf; charset=UTF-8 Cache-Control: public, max-age=5 Expires: Tue, 19 Nov 2024 23:00:53 GMT Date: Tue, 19 Nov 2024 23:00:48 GMT Content-Length: 36792 Connection: close
2024-11-19 23:00:48 UTC	16158	IN	Data Raw: 22 72 65 73 70 6f 6e 73 65 22 0a 7b 0a 09 22 73 65 72 76 65 72 6c 69 73 74 22 0a 09 7b 0a 09 09 22 30 22 0a 09 09 7b 0a 09 09 09 22 65 6e 64 70 6f 69 6e 74 22 09 22 63 6d 70 31 2d 61 74 6c 33 2e 73 74 65 61 6d 73 65 72 76 65 72 2e 6e 65 74 3a 32 37 30 31 38 22 0a 09 09 09 22 6c 65 67 61 63 79 5f 65 6e 64 70 6f 69 6e 74 22 09 22 63 6d 70 31 2d 61 74 6c 33 2e 73 74 65 61 6d 73 65 72 76 65 72 2e 6e 65 74 3a 32 37 30 31 38 22 0a 09 09 09 22 74 79 70 65 22 09 22 77 65 62 73 6f 63 6b 65 74 73 22 0a 09 09 09 22 64 63 22 09 22 61 74 6c 33 22 0a 09 09 09 22 72 65 61 6c 6d 22 09 22 73 74 65 61 6d 67 6c 6f 62 61 6c 22 0a 09 09 09 22 6c 6f 61 64 22 09 22 32 36 22 0a 09 09 09 22 77 74 64 5f 6c 6f 61 64 22 09 22 31 34 2e 33 36 32 32 31 35 30 34 32 31 31 34 32 35 37 38 Data Ascii: "response"{"serverlist"{"0"{"endpoint""cmp1-atl3.steamserver.net:27018""legacy_endpoint""cmp1-atl3.steamserver.net:27018""type""websockets""dc""atl3""realm""steamglobal""load""26""wtd_load""14.3622150421142578
2024-11-19 23:00:48 UTC	16384	IN	Data Raw: 73 65 72 76 65 72 2e 6e 65 74 3a 32 37 30 31 38 22 0a 09 09 09 22 74 79 70 65 22 09 22 77 65 62 73 6f 63 6b 65 74 73 22 0a 09 09 09 22 64 63 22 09 22 6f 72 64 31 22 0a 09 09 09 22 72 65 61 6c 6d 22 09 22 73 74 65 61 6d 67 6c 6f 62 61 6c 22 0a 09 09 09 22 6c 6f 61 64 22 09 22 34 33 22 0a 09 09 09 22 77 74 64 5f 6c 6f 61 64 22 09 22 37 37 2e 37 30 33 30 35 37 32 38 39 31 32 33 35 33 35 32 22 0a 09 09 7d 0a 09 09 22 37 31 22 0a 09 09 7b 0a 09 09 09 22 65 6e 64 70 6f 69 6e 74 22 09 22 63 6d 70 31 2d 6f 72 64 31 2e 73 74 65 61 6d 73 65 72 76 65 72 2e 6e 65 74 3a 32 37 30 31 38 22 0a 09 09 09 22 6c 65 67 61 63 79 5f 65 6e 64 70 6f 69 6e 74 22 09 22 63 6d 70 31 2d 6f 72 64 31 2e 73 74 65 61 6d 73 65 72 76 65 72 2e 6e 65 74 3a 32 37 30 31 38 22 0a 09 09 09 22 74 Data Ascii: server.net:27018""type""websockets""dc""ord1""realm""steamglobal""load""43""wtd_load""77.7030572891235352"}"71"{"endpoint""cmp1-ord1.steamserver.net:27018""legacy_endpoint""cmp1-ord1.steamserver.net:27018""t
2024-11-19 23:00:48 UTC	3448	IN	Data Raw: 0a 09 09 09 22 6c 6f 61 64 22 09 22 31 33 22 0a 09 09 09 22 77 74 64 5f 6c 6f 61 64 22 09 22 32 35 30 2e 38 32 30 30 32 38 33 30 35 30 35 33 37 31 31 22 0a 09 09 7d 0a 09 09 22 31 34 32 22 0a 09 09 7b 0a 09 09 09 22 65 6e 64 70 6f 69 6e 74 22 09 22 63 6d 70 31 2d 6c 68 72 31 2e 73 74 65 61 6d 73 65 72 76 65 72 2e 6e 65 74 3a 32 37 30 32 30 22 0a 09 09 09 22 6c 65 67 61 63 79 5f 65 6e 64 70 6f 69 6e 74 22 09 22 63 6d 70 31 2d 6c 68 72 31 2e 73 74 65 61 6d 73 65 72 76 65 72 2e 6e 65 74 3a 32 37 30 32 30 22 0a 09 09 09 22 74 79 70 65 22 09 22 77 65 62 73 6f 63 6b 65 74 73 22 0a 09 09 09 22 64 63 22 09 22 6c 68 72 31 22 0a 09 09 09 22 72 65 61 6c 6d 22 09 22 73 74 65 61 6d 67 6c 6f 62 61 6c 22 0a 09 09 09 22 6c 6f 61 64 22 09 22 31 33 22 0a 09 09 09 22 77 74 Data Ascii: "load""13""wtd_load""250.820028305053711"}"142"{"endpoint""cmp1-lhr1.steamserver.net:27020""legacy_endpoint""cmp1-lhr1.steamserver.net:27020""type""websockets""dc""lhr1""realm""steamglobal""load""13""wt
2024-11-19 23:00:48 UTC	802	IN	Data Raw: 09 09 09 22 64 63 22 09 22 70 61 72 31 22 0a 09 09 09 22 72 65 61 6c 6d 22 09 22 73 74 65 61 6d 67 6c 6f 62 61 6c 22 0a 09 09 09 22 6c 6f 61 64 22 09 22 32 32 22 0a 09 09 09 22 77 74 64 5f 6c 6f 61 64 22 09 22 33 31 36 2e 34 33 31 33 32 37 38 31 39 38 32 34 32 31 39 22 0a 09 09 7d 0a 09 09 22 31 35 37 22 0a 09 09 7b 0a 09 09 09 22 65 6e 64 70 6f 69 6e 74 22 09 22 31 38 35 2e 32 35 2e 31 38 32 2e 32 30 3a 32 37 30 31 37 22 0a 09 09 09 22 6c 65 67 61 63 79 5f 65 6e 64 70 6f 69 6e 74 22 09 22 31 38 35 2e 32 35 2e 31 38 32 2e 32 30 3a 32 37 30 31 37 22 0a 09 09 09 22 74 79 70 65 22 09 22 6e 65 74 66 69 6c 74 65 72 22 0a 09 09 09 22 64 63 22 09 22 70 61 72 31 22 0a 09 09 09 22 72 65 61 6c 6d 22 09 22 73 74 65 61 6d 67 6c 6f 62 61 6c 22 0a 09 09 09 22 6c 6f 61 Data Ascii: "dc""par1""realm""steamglobal""load""22""wtd_load""316.431327819824219"}"157"{"endpoint""185.25.182.20:27017""legacy_endpoint""185.25.182.20:27017""type""netfilter""dc""par1""realm""steamglobal""loa

Timestamp	Bytes transferred	Direction	Data
2024-11-19 23:01:58 UTC	173	OUT	GET /cmsocket/ HTTP/1.1 Host: cmp2-atl3.steamserver.net Connection: Upgrade Upgrade: websocket Sec-WebSocket-Key: SX1pmJICoUOgvcAEWO04Yg== Sec-WebSocket-Version: 13
2024-11-19 23:01:58 UTC	265	IN	HTTP/1.1 400 Bad Request Server: nginx/1.25.5 Date: Tue, 19 Nov 2024 23:01:58 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 96 Connection: close Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache,must-revalidate Pragma: no-cache
2024-11-19 23:01:58 UTC	96	IN	Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1></body></html>

Timestamp	Bytes transferred	Direction	Data
2024-11-19 23:01:59 UTC	173	OUT	GET /cmsocket/ HTTP/1.1 Host: cmp1-dfw1.steamserver.net Connection: Upgrade Upgrade: websocket Sec-WebSocket-Key: 8pAM8HKoEEa2SDwRfJv7Yw== Sec-WebSocket-Version: 13
2024-11-19 23:01:59 UTC	265	IN	HTTP/1.1 400 Bad Request Server: nginx/1.25.5 Date: Tue, 19 Nov 2024 23:01:59 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 96 Connection: close Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache,must-revalidate Pragma: no-cache
2024-11-19 23:01:59 UTC	96	IN	Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1></body></html>

Timestamp	Bytes transferred	Direction	Data
2024-11-19 23:02:06 UTC	173	OUT	GET /cmsocket/ HTTP/1.1 Host: cmp1-iad1.steamserver.net Connection: Upgrade Upgrade: websocket Sec-WebSocket-Key: 4Mzn+oyKNEOPx/VMky/HWA== Sec-WebSocket-Version: 13
2024-11-19 23:02:06 UTC	265	IN	HTTP/1.1 400 Bad Request Server: nginx/1.25.5 Date: Tue, 19 Nov 2024 23:02:06 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 96 Connection: close Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache,must-revalidate Pragma: no-cache
2024-11-19 23:02:06 UTC	96	IN	Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1></body></html>

Timestamp	Bytes transferred	Direction	Data
2024-11-19 23:02:07 UTC	173	OUT	GET /cmsocket/ HTTP/1.1 Host: cmp2-iad1.steamserver.net Connection: Upgrade Upgrade: websocket Sec-WebSocket-Key: 9SfrCnjzD0+vkNHqMYQEtw== Sec-WebSocket-Version: 13
2024-11-19 23:02:07 UTC	265	IN	HTTP/1.1 400 Bad Request Server: nginx/1.25.5 Date: Tue, 19 Nov 2024 23:02:07 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 96 Connection: close Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache,must-revalidate Pragma: no-cache
2024-11-19 23:02:07 UTC	96	IN	Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1></body></html>

Timestamp	Bytes transferred	Direction	Data
2024-11-19 23:02:10 UTC	173	OUT	GET /cmsocket/ HTTP/1.1 Host: cmp2-dfw1.steamserver.net Connection: Upgrade Upgrade: websocket Sec-WebSocket-Key: gct+FU7dl0WK9aM8K5/MdQ== Sec-WebSocket-Version: 13
2024-11-19 23:02:10 UTC	265	IN	HTTP/1.1 400 Bad Request Server: nginx/1.25.5 Date: Tue, 19 Nov 2024 23:02:10 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 96 Connection: close Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache,must-revalidate Pragma: no-cache
2024-11-19 23:02:10 UTC	96	IN	Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1></body></html>

Target ID:	0
Start time:	18:00:04
Start date:	19/11/2024
Path:	C:\Users\user\Desktop\SteamSetup.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\SteamSetup.exe"
Imagebase:	0x400000
File size:	50'219'482 bytes
MD5 hash:	1B34108B77B984E227BBAD718D89594A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Reputation:	low
Has exited:	true

Target ID:	3
Start time:	18:00:23
Start date:	19/11/2024
Path:	C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Programs\SteamClient\Steam2.exe"
Imagebase:	0x7ff69f810000
File size:	158'720 bytes
MD5 hash:	24579F75EE35BDD8E4CCC5351295BD9D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report SteamSetup.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Programs\SteamClient\Accessibility.dll (copy)

C:\Users\user\AppData\Local\Programs\SteamClient\D3DCompiler_47_cor3.dll (copy)

C:\Users\user\AppData\Local\Programs\SteamClient\DirectWriteForwarder.dll (copy)

C:\Users\user\AppData\Local\Programs\SteamClient\Microsoft.CSharp.dll (copy)

C:\Users\user\AppData\Local\Programs\SteamClient\Microsoft.DiaSymReader.Native.amd64.dll (copy)

C:\Users\user\AppData\Local\Programs\SteamClient\Microsoft.VisualBasic.Core.dll (copy)

C:\Users\user\AppData\Local\Programs\SteamClient\Microsoft.VisualBasic.Forms.dll (copy)

C:\Users\user\AppData\Local\Programs\SteamClient\Microsoft.VisualBasic.dll (copy)

C:\Users\user\AppData\Local\Programs\SteamClient\Microsoft.Win32.Primitives.dll (copy)

C:\Users\user\AppData\Local\Programs\SteamClient\Microsoft.Win32.Registry.AccessControl.dll (copy)

C:\Users\user\AppData\Local\Programs\SteamClient\Microsoft.Win32.Registry.dll (copy)

C:\Users\user\AppData\Local\Programs\SteamClient\Microsoft.Win32.SystemEvents.dll (copy)

C:\Users\user\AppData\Local\Programs\SteamClient\PenImc_cor3.dll (copy)

C:\Users\user\AppData\Local\Programs\SteamClient\PresentationCore.dll (copy)

C:\Users\user\AppData\Local\Programs\SteamClient\PresentationFramework-SystemCore.dll (copy)

C:\Users\user\AppData\Local\Programs\SteamClient\PresentationFramework-SystemData.dll (copy)

C:\Users\user\AppData\Local\Programs\SteamClient\PresentationFramework-SystemDrawing.dll (copy)

C:\Users\user\AppData\Local\Programs\SteamClient\PresentationFramework-SystemXml.dll (copy)

C:\Users\user\AppData\Local\Programs\SteamClient\PresentationFramework-SystemXmlLinq.dll (copy)

C:\Users\user\AppData\Local\Programs\SteamClient\PresentationFramework.Aero.dll (copy)

C:\Users\user\AppData\Local\Programs\SteamClient\PresentationFramework.Aero2.dll (copy)

C:\Users\user\AppData\Local\Programs\SteamClient\PresentationFramework.AeroLite.dll (copy)

Windows Analysis Report
SteamSetup.exe

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Driver: Driver Load, File: File Metadata, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Service: Service Creation, Service: Service Modification, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre