URL:

https://cdn.cloudflare.steamstatic.com/client/installer/SteamSetup.exe

Full analysis: https://app.any.run/tasks/10596209-142a-41d3-95eb-4f4b6bc7e2d4
Verdict: Malicious activity
Analysis date: March 23, 2021, 18:38:14
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

4279146F7BDD09496B586D5149C7A4C4

SHA1:

8C1880223A8965F418C12F24CE340F86CD50A18F

SHA256:

126FEB6846AD77BFC472091E62384DC6520162E88769409A3C5B2E04F11ABB24

SSDEEP:

3:N8cmKUSiqGLduMu5VOXKngA2aA:2c9UnpduMKOX8F2aA

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • SteamSetup.exe (PID: 3224)
      • SteamSetup.exe (PID: 1200)
      • steamservice.exe (PID: 2200)
      • nsB881.tmp (PID: 2840)
      • steam.exe (PID: 3904)
      • steamservice.exe (PID: 4004)
      • SteamServiceTmp.exe (PID: 3888)
      • steamservice.exe (PID: 2084)
      • steamwebhelper.exe (PID: 3296)
      • steamwebhelper.exe (PID: 984)
      • steamwebhelper.exe (PID: 3452)
      • steamwebhelper.exe (PID: 2612)
      • steamwebhelper.exe (PID: 1896)
      • steam.exe (PID: 272)

    • Loads dropped or rewritten executable

      • SteamSetup.exe (PID: 3224)
      • steamwebhelper.exe (PID: 3296)
      • steamwebhelper.exe (PID: 1896)
      • steam.exe (PID: 272)
      • steamwebhelper.exe (PID: 3452)
      • steamwebhelper.exe (PID: 984)
      • steamwebhelper.exe (PID: 2612)
      • steamservice.exe (PID: 2084)

    • Drops executable file immediately after starts

      • steamservice.exe (PID: 2200)
      • steamservice.exe (PID: 2084)

    • Changes the autorun value in the registry

      • SteamSetup.exe (PID: 3224)

    • Changes settings of System certificates

      • steamservice.exe (PID: 4004)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • chrome.exe (PID: 2432)
      • SteamSetup.exe (PID: 3224)
      • steamservice.exe (PID: 2200)
      • steam.exe (PID: 3904)
      • steamservice.exe (PID: 4004)
      • SteamServiceTmp.exe (PID: 3888)
      • steamservice.exe (PID: 2084)
      • steam.exe (PID: 272)

    • Creates a directory in Program Files

      • SteamSetup.exe (PID: 3224)
      • steamservice.exe (PID: 2200)
      • steamwebhelper.exe (PID: 1896)
      • steam.exe (PID: 272)
      • steam.exe (PID: 3904)
      • steamservice.exe (PID: 2084)

    • Creates files in the program directory

      • SteamSetup.exe (PID: 3224)
      • steamservice.exe (PID: 2200)
      • steam.exe (PID: 272)
      • steamservice.exe (PID: 4004)
      • steamwebhelper.exe (PID: 1896)
      • steamwebhelper.exe (PID: 3296)
      • SteamServiceTmp.exe (PID: 3888)
      • steamservice.exe (PID: 2084)
      • steam.exe (PID: 3904)

    • Drops a file that was compiled in debug mode

      • SteamSetup.exe (PID: 3224)
      • steamservice.exe (PID: 2200)
      • steam.exe (PID: 3904)
      • SteamServiceTmp.exe (PID: 3888)
      • steamservice.exe (PID: 2084)
      • steamservice.exe (PID: 4004)
      • steam.exe (PID: 272)

    • Starts application with an unusual extension

      • SteamSetup.exe (PID: 3224)

    • Creates a software uninstall entry

      • SteamSetup.exe (PID: 3224)

    • Changes default file association

      • steamservice.exe (PID: 2200)

    • Drops a file with too old compile date

      • steam.exe (PID: 3904)
      • steamservice.exe (PID: 2084)

    • Executed as Windows Service

      • steamservice.exe (PID: 4004)
      • steamservice.exe (PID: 2084)

    • Adds / modifies Windows certificates

      • steamservice.exe (PID: 4004)

    • Application launched itself

      • steamwebhelper.exe (PID: 3296)

    • Creates files in the Windows directory

      • steamservice.exe (PID: 4004)
      • steamservice.exe (PID: 2084)

    • Drops a file with a compile date too recent

      • steam.exe (PID: 3904)
      • steamservice.exe (PID: 4004)
      • SteamServiceTmp.exe (PID: 3888)
      • steamservice.exe (PID: 2084)

    • Removes files from Windows directory

      • steamservice.exe (PID: 4004)
      • steamservice.exe (PID: 2084)

  • INFO

    • Reads the hosts file

      • chrome.exe (PID: 2432)
      • chrome.exe (PID: 2156)
      • steamwebhelper.exe (PID: 3296)
      • steamwebhelper.exe (PID: 2612)

    • Application launched itself

      • chrome.exe (PID: 2432)

    • Manual execution by user

      • steam.exe (PID: 3904)

    • Dropped object may contain Bitcoin addresses

      • steam.exe (PID: 3904)

    • Reads settings of System Certificates

      • steam.exe (PID: 272)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
65
Monitored processes
22
Malicious processes
11
Suspicious processes
3

Behavior graph

Click at the process to see the details
drop and start drop and start start drop and start drop and start drop and start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs steamsetup.exe no specs steamsetup.exe nsb881.tmp no specs steamservice.exe steam.exe steam.exe steamwebhelper.exe steamservice.exe steamwebhelper.exe no specs steamwebhelper.exe no specs steamwebhelper.exe no specs steamwebhelper.exe steamservicetmp.exe steamservice.exe

Process information

PID
CMD
Path
Indicators
Parent process
272"C:\Program Files\Steam\steam.exe"C:\Program Files\Steam\steam.exe
steam.exe
User:
admin
Company:
Valve Corporation
Integrity Level:
MEDIUM
Description:
Steam
Exit code:
0
Version:
06.43.25.69
Modules
Images
c:\program files\steam\steam.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
984"C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe" --type=gpu-process --field-trial-handle=1100,1343907531752514821,9871757669861537060,131072 --disable-features=CalculateNativeWinOcclusion,MimeHandlerViewInCrossProcessFrame --log-file="C:\Program Files\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --lang=en-US --force-device-scale-factor=1 --disablehighdpi --disablehighdpi --buildid=1616449816 --steamid=0 --gpu-preferences=KAAAAAAAAADgAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --log-file="C:\Program Files\Steam\logs\cef_log.txt" --service-request-channel-token=3824502148666278737 --mojo-platform-channel-handle=1096 --ignored=" --type=renderer " /prefetch:2C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exesteamwebhelper.exe
User:
admin
Company:
Valve Corporation
Integrity Level:
LOW
Description:
Steam Client WebHelper
Exit code:
4
Version:
06.43.25.69
Modules
Images
c:\program files\steam\bin\cef\cef.win7\steamwebhelper.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
1016"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=988,6410555547498351048,17270968199740018012,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=9485802641933307598 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1900 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
1200"C:\Users\admin\Downloads\SteamSetup.exe" C:\Users\admin\Downloads\SteamSetup.exechrome.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Steam
Exit code:
3221226540
Version:
2.10.91.91
Modules
Images
c:\users\admin\downloads\steamsetup.exe
c:\systemroot\system32\ntdll.dll
1520"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=988,6410555547498351048,17270968199740018012,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAADgACAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=5426517525837117716 --mojo-platform-channel-handle=1012 --ignored=" --type=renderer " /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
1896"C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe" --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Steam\dumps" "--metrics-dir=C:\Users\admin\AppData\Local\CEF\User Data" --url=http://crash.steampowered.com/submit --annotation=platform=win32 --annotation=product=cefwebhelper --annotation=version=1616449816 --initial-client-data=0x1a8,0x1ac,0x1b0,0x1a4,0x1b4,0x688377e0,0x688377f0,0x688377fcC:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exesteamwebhelper.exe
User:
admin
Company:
Valve Corporation
Integrity Level:
MEDIUM
Description:
Steam Client WebHelper
Exit code:
0
Version:
06.43.25.69
Modules
Images
c:\program files\steam\bin\cef\cef.win7\steamwebhelper.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
2084"C:\Program Files\Common Files\Steam\steamservice.exe" /RunAsServiceC:\Program Files\Common Files\Steam\steamservice.exe
services.exe
User:
SYSTEM
Company:
Valve Corporation
Integrity Level:
SYSTEM
Description:
Steam Client Service
Exit code:
0
Version:
06.43.25.69
Modules
Images
c:\program files\common files\steam\steamservice.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
2156"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=988,6410555547498351048,17270968199740018012,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --service-request-channel-token=11357685475752486603 --mojo-platform-channel-handle=1540 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
2200"C:\Program Files\Steam\bin\steamservice.exe" /InstallC:\Program Files\Steam\bin\steamservice.exe
nsB881.tmp
User:
admin
Company:
Valve Corporation
Integrity Level:
HIGH
Description:
Steam Client Service
Exit code:
0
Version:
06.35.19.37
Modules
Images
c:\program files\steam\bin\steamservice.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
2380"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=988,6410555547498351048,17270968199740018012,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=7663480213530116565 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2176 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
Total events
1 139
Read events
979
Write events
157
Delete events
3

Modification events

(PID) Process:(2432) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(2432) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(2432) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
Operation:writeName:StatusCodes
Value:
(PID) Process:(2432) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
Operation:writeName:StatusCodes
Value:
01000000
(PID) Process:(2432) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(2608) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
Operation:writeName:2432-13260998315178250
Value:
259
(PID) Process:(2432) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:writeName:dr
Value:
1
(PID) Process:(2432) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome
Operation:writeName:UsageStatsInSample
Value:
0
(PID) Process:(2432) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
Operation:delete valueName:3252-13245750958665039
Value:
0
(PID) Process:(2432) chrome.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
Operation:writeName:usagestats
Value:
0
Executable files
300
Suspicious files
263
Text files
8 343
Unknown types
299

Dropped files

PID
Process
Filename
Type
2432chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-605A35AB-980.pma
MD5:
SHA256:
2432chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\45ab8e8f-2d59-4869-a007-3638e1e61345.tmp
MD5:
SHA256:
2432chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000048.dbtmp
MD5:
SHA256:
2432chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT~RFe81ed.TMPtext
MD5:
SHA256:
2432chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old~RFe821c.TMPtext
MD5:
SHA256:
2432chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENTtext
MD5:
SHA256:
2432chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.oldtext
MD5:
SHA256:
2432chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Last Tabsbinary
MD5:
SHA256:
2432chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG.old
MD5:
SHA256:
2432chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG.old~RFe83d2.TMP
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
31
TCP/UDP connections
24
DNS requests
14
Threats
25

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3904
steam.exe
GET
200
2.16.186.40:80
http://media.steampowered.com/client/strings_en_all.zip.b14a88d7eb9e0808f094798e2e773045b7b93f48
unknown
binary
109 Kb
whitelisted
3904
steam.exe
GET
200
2.16.186.40:80
http://media.steampowered.com/client/resources_all.zip.vz.1007fd2145b770678230d2011e2c501f9284b891_1308684
unknown
binary
1.25 Mb
whitelisted
3904
steam.exe
GET
200
2.16.186.40:80
http://media.steampowered.com/client/bins_codecs_win32.zip.vz.f6a1aabd5f94c8e5753f26f016be330e82632a4b_2547822
unknown
binary
2.43 Mb
whitelisted
3904
steam.exe
GET
200
2.16.186.40:80
http://media.steampowered.com/client/public_all.zip.vz.038874e230f3088aff83fa11ddac3b79b59decec_4856931
unknown
binary
4.63 Mb
whitelisted
3904
steam.exe
GET
200
2.16.186.40:80
http://media.steampowered.com/client/tenfoot_dicts_all.zip.33245b7d523f68418283e93b0572508fa127ee8f
unknown
binary
11.7 Mb
whitelisted
3904
steam.exe
GET
200
2.16.186.40:80
http://media.steampowered.com/client/steam_client_win32
unknown
text
4.40 Kb
whitelisted
3904
steam.exe
GET
200
2.16.186.40:80
http://media.steampowered.com/client/strings_all.zip.vz.0edb1e356cf31319fa59ba8e2b4757a312f1cae0_1946499
unknown
binary
1.86 Mb
whitelisted
3904
steam.exe
GET
200
2.16.186.40:80
http://media.steampowered.com/client/tenfoot_ambientsounds_all.zip.89b80bcfdd11b2b99257ddbbdc374e2df54e2738
unknown
ini
7.60 Mb
whitelisted
3904
steam.exe
GET
200
2.16.186.40:80
http://media.steampowered.com/client/tenfoot_misc_all.zip.1ca83d76835b4613170f5cead778b176b11f2b0c
unknown
binary
12.5 Mb
whitelisted
3904
steam.exe
GET
200
2.16.186.40:80
http://media.steampowered.com/client/tenfoot_fonts_all.zip.vz.7673e4cd32b6752bc621d8bc1a7118a9af19b64a_12077027
unknown
binary
11.5 Mb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2156
chrome.exe
104.18.25.217:443
cdn.cloudflare.steamstatic.com
Cloudflare Inc
US
suspicious
2156
chrome.exe
172.217.18.109:443
accounts.google.com
Google Inc.
US
suspicious
2156
chrome.exe
142.250.185.78:443
sb-ssl.google.com
Google Inc.
US
whitelisted
3904
steam.exe
2.16.186.40:80
media.steampowered.com
Akamai International B.V.
whitelisted
4004
steamservice.exe
72.21.91.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
272
steam.exe
2.23.6.198:80
media.steampowered.com
Telecom Italia
suspicious
272
steam.exe
172.217.20.14:443
redirector.gvt1.com
Google Inc.
US
whitelisted
84.15.64.13:443
r2---sn-cpux-8ovs.gvt1.com
UAB Bite Lietuva
LT
whitelisted
272
steam.exe
184.24.4.13:443
api.steampowered.com
Bharti Airtel Ltd., Telemedia Services
US
unknown
272
steam.exe
72.21.91.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted

DNS requests

Domain
IP
Reputation
cdn.cloudflare.steamstatic.com
  • 104.18.25.217
  • 104.18.24.217
suspicious
accounts.google.com
  • 172.217.18.109
shared
sb-ssl.google.com
  • 142.250.185.78
whitelisted
media.steampowered.com
  • 2.16.186.40
  • 2.16.186.35
  • 2.23.6.198
  • 2.23.6.217
whitelisted
ocsp.digicert.com
  • 72.21.91.29
whitelisted
api.steampowered.com
  • 184.24.4.13
suspicious
ipv6check-udp.steamcontent.com
unknown
ipv6check-http.steamcontent.com
unknown
redirector.gvt1.com
  • 172.217.20.14
whitelisted
ocsp.pki.goog
  • 172.217.16.99
whitelisted

Threats

PID
Process
Class
Message
3904
steam.exe
Potential Corporate Privacy Violation
ET USER_AGENTS Steam HTTP Client User-Agent
24 ETPRO signatures available at the full report
Process
Message
steam.exe
Loaded SDL version 2.0.15-
steam.exe
C:\Program Files\Steam\crashhandler.dll
steam.exe
steam.exe
C:\Program Files\Steam\steamerrorreporter.exe
steam.exe
steam.exe
C:\Program Files\Steam\steamerrorreporter.exe
steam.exe
steamwebhelper.exe
[0323/184149.225:INFO:crash_reporting.cc(247)] Crash reporting enabled for process: browser
steamwebhelper.exe
[0323/184150.678:WARNING:gpu_process_host.cc(1213)] The GPU process has crashed 1 time(s)
steamwebhelper.exe
[0323/184150.990:WARNING:gpu_process_host.cc(982)] Reinitialized the GPU process after a crash. The reported initialization time was 78 ms
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://cdn.cloudflare.steamstatic.com/client/installer/SteamSetup.exe