5d8d697707c89466cfe203bde7e242680d020646bd5e49edaabd67fc6a7d6321

Analysis

max time kernel
613s
max time network
614s
platform
windows10-2004_x64
resource
win10v2004-20240419-de
resource tags

arch:x64arch:x86image:win10v2004-20240419-delocale:de-deos:windows10-2004-x64systemwindows
submitted
03-05-2024 16:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SteamSetup.exe
Size

2.3MB
MD5

b1f4bc644f535c745341de0303631d9c
SHA1

8d66e30416004cc2e98334a276c181ae1e67be55
SHA256

5d8d697707c89466cfe203bde7e242680d020646bd5e49edaabd67fc6a7d6321
SHA512

e3fc8eed9061dd8c555a26c29436c7c5218c6409096e37d11b34edcab448d5c3e9f7dff5e5c5ab2a0e3ee96da666b3be7f2b3f028fc122f35f74c51518aa0d44
SSDEEP

49152:GDJvIRwCA97eXdXY1/aq95f9zRsBON2VGabSV9MbHv2XR3fHuc7ZEG5:vWC2KX5Y1X95VzvwpWVKrJW

Score

6^/10

discovery persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

SteamSetup.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Steam = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent"	SteamSetup.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

steamwebhelper.exesteamwebhelper.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

Processes:

steam.exe

description	ioc	process
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps4_l2_soft_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_button_logo.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_trackpad_r_ring_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps_button_mute_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\xbox360_button_start.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\offline_koreana.html_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\btnOvrOnTop.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\scrEnds.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\chatroom_speaking.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps_color_button_square.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_rstick_left_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\sounds\deck_ui_navigation.wav_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_010_wpn_0413.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_010_wpn_0526.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_080_input_0080.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_rtrackpad_swipe.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sd_l2_half_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\filter_profanity_norwegian.txt.gz_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\SubChangePasswordChangePassword.res_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps5_trackpad_r_left_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_dpad_left_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_r3_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps_dpad_up_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_button_steam_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_finnish.txt.gz_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_045_move_0406.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\localization\shared_koreana-json.js_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\dualshock_4_portuguese.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_r2_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_rtrackpad_right_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_touchpad_edge_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_dpad_up_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_040_act_0333.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\chk_menu_item@2x.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\steam_controller_thai.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_r4_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\xbox360_button_select.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\filter_profanity_dutch.txt.gz_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\public\steambootstrapper_italian.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_trackpad_click.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_trackpad_r_ring_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps_color_outlined_button_x_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sc_dpad_down_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_l2_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_trackpad_l_swipe.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\bin\cef\cef.win7x64\vcruntime140_1.dll_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_010_wpn_0508.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps5_trackpad_l_down_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_gyro_yaw_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\broadcast\icon_viewers.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\chkSomeSelStd.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\public\c15.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\fav_remove_ovr.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_dpad_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_l2_soft.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_trackpad_l_swipe_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_trackpad_left_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\layout\gamespage_details_screenshots.layout_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\bin\cef\cef.win7x64\libEGL.dll_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_030_inv_0317.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_trackpad_l_click.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_button_logo_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\layout\cloud_pending_sessions_dialog.layout_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\VkLayer_steam_fossilize.dll_	steam.exe

Drops file in Windows directory 1 IoCs

Processes:

steam.exe

description ioc process

File opened for modification C:\Windows\INF\msmouse.PNF steam.exe

description	ioc	process
File opened for modification	C:\Windows\INF\msmouse.PNF	steam.exe

Executes dropped EXE 32 IoCs

Processes:

steamservice.exesteam.exeSteam.exesteam.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exegldriverquery64.exesteamwebhelper.exesteamwebhelper.exegldriverquery.exevulkandriverquery64.exevulkandriverquery.exesteamwebhelper.exesteamwebhelper.exe

pid	process
1012	steamservice.exe
5100	steam.exe
3628	Steam.exe
4960	steam.exe
2680	steamwebhelper.exe
2204	steamwebhelper.exe
4952	steamwebhelper.exe
5036	steamwebhelper.exe
2136	gldriverquery64.exe
4104	steamwebhelper.exe
2768	steamwebhelper.exe
2860	gldriverquery.exe
3536	vulkandriverquery64.exe
4536	vulkandriverquery.exe
3824	steamwebhelper.exe
4536	steamwebhelper.exe
1012	steamservice.exe
5100	steam.exe
3628	Steam.exe
4960	steam.exe
2680	steamwebhelper.exe
2204	steamwebhelper.exe
4952	steamwebhelper.exe
5036	steamwebhelper.exe
2136	gldriverquery64.exe
4104	steamwebhelper.exe
2768	steamwebhelper.exe
2860	gldriverquery.exe
3536	vulkandriverquery64.exe
4536	vulkandriverquery.exe
3824	steamwebhelper.exe
4536	steamwebhelper.exe

Loads dropped DLL 64 IoCs

Processes:

SteamSetup.exesteam.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exe

pid	process
3604	SteamSetup.exe
3604	SteamSetup.exe
3604	SteamSetup.exe
3604	SteamSetup.exe
3604	SteamSetup.exe
3604	SteamSetup.exe
3604	SteamSetup.exe
3604	SteamSetup.exe
4960	steam.exe
4960	steam.exe
4960	steam.exe
4960	steam.exe
4960	steam.exe
4960	steam.exe
4960	steam.exe
4960	steam.exe
4960	steam.exe
4960	steam.exe
4960	steam.exe
4960	steam.exe
4960	steam.exe
4960	steam.exe
4960	steam.exe
2680	steamwebhelper.exe
2680	steamwebhelper.exe
2680	steamwebhelper.exe
2680	steamwebhelper.exe
2204	steamwebhelper.exe
2204	steamwebhelper.exe
2204	steamwebhelper.exe
4960	steam.exe
4960	steam.exe
4952	steamwebhelper.exe
4952	steamwebhelper.exe
4952	steamwebhelper.exe
4952	steamwebhelper.exe
4952	steamwebhelper.exe
4952	steamwebhelper.exe
4952	steamwebhelper.exe
5036	steamwebhelper.exe
5036	steamwebhelper.exe
5036	steamwebhelper.exe
4960	steam.exe
4104	steamwebhelper.exe
4104	steamwebhelper.exe
2768	steamwebhelper.exe
2768	steamwebhelper.exe
4104	steamwebhelper.exe
2768	steamwebhelper.exe
2768	steamwebhelper.exe
3824	steamwebhelper.exe
3824	steamwebhelper.exe
3824	steamwebhelper.exe
4536	steamwebhelper.exe
4536	steamwebhelper.exe
4536	steamwebhelper.exe
4536	steamwebhelper.exe
3604	SteamSetup.exe
3604	SteamSetup.exe
3604	SteamSetup.exe
3604	SteamSetup.exe
3604	SteamSetup.exe
3604	SteamSetup.exe
3604	SteamSetup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

steam.exesteam.exesteamwebhelper.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe

Modifies registry class 40 IoCs

Processes:

steamservice.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\steamlink\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\steamlink\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\steamlink\Shell	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol"	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol"	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\steamlink	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\steam	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\steam\URL Protocol	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\steam\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\steam\Shell	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\steam\Shell\Open	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\steamlink\ = "URL:steamlink protocol"	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\steamlink\URL Protocol	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\steam\ = "URL:steam protocol"	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\steam\DefaultIcon	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\steam\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\steamlink\DefaultIcon	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\steamlink\Shell\Open	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

steam.exesteam.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	steam.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

SteamSetup.exesteam.exe

pid	process
3604	SteamSetup.exe
3604	SteamSetup.exe
3604	SteamSetup.exe
3604	SteamSetup.exe
3604	SteamSetup.exe
3604	SteamSetup.exe
3604	SteamSetup.exe
3604	SteamSetup.exe
3604	SteamSetup.exe
3604	SteamSetup.exe
3604	SteamSetup.exe
3604	SteamSetup.exe
3604	SteamSetup.exe
3604	SteamSetup.exe
3604	SteamSetup.exe
3604	SteamSetup.exe
4960	steam.exe
4960	steam.exe
4960	steam.exe
4960	steam.exe
4960	steam.exe
4960	steam.exe
4960	steam.exe
4960	steam.exe
4960	steam.exe
4960	steam.exe
4960	steam.exe
4960	steam.exe
4960	steam.exe
4960	steam.exe
4960	steam.exe
4960	steam.exe
4960	steam.exe
4960	steam.exe
4960	steam.exe
4960	steam.exe
4960	steam.exe
4960	steam.exe
4960	steam.exe
4960	steam.exe
4960	steam.exe
4960	steam.exe
4960	steam.exe
4960	steam.exe
4960	steam.exe
4960	steam.exe
4960	steam.exe
4960	steam.exe
4960	steam.exe
4960	steam.exe
4960	steam.exe
4960	steam.exe
4960	steam.exe
4960	steam.exe
4960	steam.exe
4960	steam.exe
4960	steam.exe
4960	steam.exe
4960	steam.exe
4960	steam.exe
4960	steam.exe
4960	steam.exe
4960	steam.exe
4960	steam.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

Processes:

steam.exe

pid process

4960 steam.exe
4960 steam.exe

pid	process
4960	steam.exe
4960	steam.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

steamservice.exesteamwebhelper.exe

description	pid	process
Token: SeSecurityPrivilege	1012	steamservice.exe
Token: SeSecurityPrivilege	1012	steamservice.exe
Token: SeShutdownPrivilege	2680	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2680	steamwebhelper.exe
Token: SeShutdownPrivilege	2680	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2680	steamwebhelper.exe
Token: SeShutdownPrivilege	2680	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2680	steamwebhelper.exe
Token: SeShutdownPrivilege	2680	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2680	steamwebhelper.exe
Token: SeShutdownPrivilege	2680	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2680	steamwebhelper.exe
Token: SeShutdownPrivilege	2680	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2680	steamwebhelper.exe
Token: SeShutdownPrivilege	2680	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2680	steamwebhelper.exe
Token: SeShutdownPrivilege	2680	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2680	steamwebhelper.exe
Token: SeShutdownPrivilege	2680	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2680	steamwebhelper.exe
Token: SeShutdownPrivilege	2680	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2680	steamwebhelper.exe
Token: SeShutdownPrivilege	2680	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2680	steamwebhelper.exe
Token: SeShutdownPrivilege	2680	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2680	steamwebhelper.exe
Token: SeShutdownPrivilege	2680	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2680	steamwebhelper.exe
Token: SeShutdownPrivilege	2680	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2680	steamwebhelper.exe
Token: SeShutdownPrivilege	2680	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2680	steamwebhelper.exe
Token: SeShutdownPrivilege	2680	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2680	steamwebhelper.exe
Token: SeShutdownPrivilege	2680	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2680	steamwebhelper.exe
Token: SeShutdownPrivilege	2680	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2680	steamwebhelper.exe
Token: SeShutdownPrivilege	2680	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2680	steamwebhelper.exe
Token: SeShutdownPrivilege	2680	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2680	steamwebhelper.exe
Token: SeShutdownPrivilege	2680	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2680	steamwebhelper.exe
Token: SeShutdownPrivilege	2680	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2680	steamwebhelper.exe
Token: SeShutdownPrivilege	2680	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2680	steamwebhelper.exe
Token: SeShutdownPrivilege	2680	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2680	steamwebhelper.exe
Token: SeShutdownPrivilege	2680	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2680	steamwebhelper.exe
Token: SeShutdownPrivilege	2680	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2680	steamwebhelper.exe
Token: SeShutdownPrivilege	2680	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2680	steamwebhelper.exe
Token: SeShutdownPrivilege	2680	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2680	steamwebhelper.exe
Token: SeShutdownPrivilege	2680	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2680	steamwebhelper.exe
Token: SeShutdownPrivilege	2680	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2680	steamwebhelper.exe
Token: SeShutdownPrivilege	2680	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	2680	steamwebhelper.exe

Suspicious use of FindShellTrayWindow 32 IoCs

Processes:

steamwebhelper.exe

pid	process
2680	steamwebhelper.exe
2680	steamwebhelper.exe
2680	steamwebhelper.exe
2680	steamwebhelper.exe
2680	steamwebhelper.exe
2680	steamwebhelper.exe
2680	steamwebhelper.exe
2680	steamwebhelper.exe
2680	steamwebhelper.exe
2680	steamwebhelper.exe
2680	steamwebhelper.exe
2680	steamwebhelper.exe
2680	steamwebhelper.exe
2680	steamwebhelper.exe
2680	steamwebhelper.exe
2680	steamwebhelper.exe
2680	steamwebhelper.exe
2680	steamwebhelper.exe
2680	steamwebhelper.exe
2680	steamwebhelper.exe
2680	steamwebhelper.exe
2680	steamwebhelper.exe
2680	steamwebhelper.exe
2680	steamwebhelper.exe
2680	steamwebhelper.exe
2680	steamwebhelper.exe
2680	steamwebhelper.exe
2680	steamwebhelper.exe
2680	steamwebhelper.exe
2680	steamwebhelper.exe
2680	steamwebhelper.exe
2680	steamwebhelper.exe

Suspicious use of SendNotifyMessage 30 IoCs

Processes:

steamwebhelper.exe

pid	process
2680	steamwebhelper.exe
2680	steamwebhelper.exe
2680	steamwebhelper.exe
2680	steamwebhelper.exe
2680	steamwebhelper.exe
2680	steamwebhelper.exe
2680	steamwebhelper.exe
2680	steamwebhelper.exe
2680	steamwebhelper.exe
2680	steamwebhelper.exe
2680	steamwebhelper.exe
2680	steamwebhelper.exe
2680	steamwebhelper.exe
2680	steamwebhelper.exe
2680	steamwebhelper.exe
2680	steamwebhelper.exe
2680	steamwebhelper.exe
2680	steamwebhelper.exe
2680	steamwebhelper.exe
2680	steamwebhelper.exe
2680	steamwebhelper.exe
2680	steamwebhelper.exe
2680	steamwebhelper.exe
2680	steamwebhelper.exe
2680	steamwebhelper.exe
2680	steamwebhelper.exe
2680	steamwebhelper.exe
2680	steamwebhelper.exe
2680	steamwebhelper.exe
2680	steamwebhelper.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

steam.exe

pid process

4960 steam.exe
4960 steam.exe

pid	process
4960	steam.exe
4960	steam.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

SteamSetup.exesteam.exesteam.exesteamwebhelper.exe

description	pid	process	target process
PID 3604 wrote to memory of 1012	3604	SteamSetup.exe	steamservice.exe
PID 3604 wrote to memory of 1012	3604	SteamSetup.exe	steamservice.exe
PID 3604 wrote to memory of 1012	3604	SteamSetup.exe	steamservice.exe
PID 5100 wrote to memory of 4960	5100	steam.exe	steam.exe
PID 5100 wrote to memory of 4960	5100	steam.exe	steam.exe
PID 5100 wrote to memory of 4960	5100	steam.exe	steam.exe
PID 4960 wrote to memory of 2680	4960	steam.exe	steamwebhelper.exe
PID 4960 wrote to memory of 2680	4960	steam.exe	steamwebhelper.exe
PID 2680 wrote to memory of 2204	2680	steamwebhelper.exe	steamwebhelper.exe
PID 2680 wrote to memory of 2204	2680	steamwebhelper.exe	steamwebhelper.exe
PID 2680 wrote to memory of 4952	2680	steamwebhelper.exe	steamwebhelper.exe
PID 2680 wrote to memory of 4952	2680	steamwebhelper.exe	steamwebhelper.exe
PID 2680 wrote to memory of 4952	2680	steamwebhelper.exe	steamwebhelper.exe
PID 2680 wrote to memory of 4952	2680	steamwebhelper.exe	steamwebhelper.exe
PID 2680 wrote to memory of 4952	2680	steamwebhelper.exe	steamwebhelper.exe
PID 2680 wrote to memory of 4952	2680	steamwebhelper.exe	steamwebhelper.exe
PID 2680 wrote to memory of 4952	2680	steamwebhelper.exe	steamwebhelper.exe
PID 2680 wrote to memory of 4952	2680	steamwebhelper.exe	steamwebhelper.exe
PID 2680 wrote to memory of 4952	2680	steamwebhelper.exe	steamwebhelper.exe
PID 2680 wrote to memory of 4952	2680	steamwebhelper.exe	steamwebhelper.exe
PID 2680 wrote to memory of 4952	2680	steamwebhelper.exe	steamwebhelper.exe
PID 2680 wrote to memory of 4952	2680	steamwebhelper.exe	steamwebhelper.exe
PID 2680 wrote to memory of 4952	2680	steamwebhelper.exe	steamwebhelper.exe
PID 2680 wrote to memory of 4952	2680	steamwebhelper.exe	steamwebhelper.exe
PID 2680 wrote to memory of 4952	2680	steamwebhelper.exe	steamwebhelper.exe
PID 2680 wrote to memory of 4952	2680	steamwebhelper.exe	steamwebhelper.exe
PID 2680 wrote to memory of 4952	2680	steamwebhelper.exe	steamwebhelper.exe
PID 2680 wrote to memory of 4952	2680	steamwebhelper.exe	steamwebhelper.exe
PID 2680 wrote to memory of 4952	2680	steamwebhelper.exe	steamwebhelper.exe
PID 2680 wrote to memory of 4952	2680	steamwebhelper.exe	steamwebhelper.exe
PID 2680 wrote to memory of 4952	2680	steamwebhelper.exe	steamwebhelper.exe
PID 2680 wrote to memory of 4952	2680	steamwebhelper.exe	steamwebhelper.exe
PID 2680 wrote to memory of 4952	2680	steamwebhelper.exe	steamwebhelper.exe
PID 2680 wrote to memory of 4952	2680	steamwebhelper.exe	steamwebhelper.exe
PID 2680 wrote to memory of 4952	2680	steamwebhelper.exe	steamwebhelper.exe
PID 2680 wrote to memory of 4952	2680	steamwebhelper.exe	steamwebhelper.exe
PID 2680 wrote to memory of 4952	2680	steamwebhelper.exe	steamwebhelper.exe
PID 2680 wrote to memory of 4952	2680	steamwebhelper.exe	steamwebhelper.exe
PID 2680 wrote to memory of 4952	2680	steamwebhelper.exe	steamwebhelper.exe
PID 2680 wrote to memory of 4952	2680	steamwebhelper.exe	steamwebhelper.exe
PID 2680 wrote to memory of 4952	2680	steamwebhelper.exe	steamwebhelper.exe
PID 2680 wrote to memory of 4952	2680	steamwebhelper.exe	steamwebhelper.exe
PID 2680 wrote to memory of 4952	2680	steamwebhelper.exe	steamwebhelper.exe
PID 2680 wrote to memory of 4952	2680	steamwebhelper.exe	steamwebhelper.exe
PID 2680 wrote to memory of 4952	2680	steamwebhelper.exe	steamwebhelper.exe
PID 2680 wrote to memory of 4952	2680	steamwebhelper.exe	steamwebhelper.exe
PID 2680 wrote to memory of 4952	2680	steamwebhelper.exe	steamwebhelper.exe
PID 2680 wrote to memory of 4952	2680	steamwebhelper.exe	steamwebhelper.exe
PID 2680 wrote to memory of 4952	2680	steamwebhelper.exe	steamwebhelper.exe
PID 2680 wrote to memory of 4952	2680	steamwebhelper.exe	steamwebhelper.exe
PID 2680 wrote to memory of 4952	2680	steamwebhelper.exe	steamwebhelper.exe
PID 2680 wrote to memory of 5036	2680	steamwebhelper.exe	steamwebhelper.exe
PID 2680 wrote to memory of 5036	2680	steamwebhelper.exe	steamwebhelper.exe
PID 4960 wrote to memory of 2136	4960	steam.exe	gldriverquery64.exe
PID 4960 wrote to memory of 2136	4960	steam.exe	gldriverquery64.exe
PID 2680 wrote to memory of 4104	2680	steamwebhelper.exe	steamwebhelper.exe
PID 2680 wrote to memory of 4104	2680	steamwebhelper.exe	steamwebhelper.exe
PID 2680 wrote to memory of 4104	2680	steamwebhelper.exe	steamwebhelper.exe
PID 2680 wrote to memory of 4104	2680	steamwebhelper.exe	steamwebhelper.exe
PID 2680 wrote to memory of 4104	2680	steamwebhelper.exe	steamwebhelper.exe
PID 2680 wrote to memory of 4104	2680	steamwebhelper.exe	steamwebhelper.exe
PID 2680 wrote to memory of 4104	2680	steamwebhelper.exe	steamwebhelper.exe
PID 2680 wrote to memory of 4104	2680	steamwebhelper.exe	steamwebhelper.exe
PID 2680 wrote to memory of 4104	2680	steamwebhelper.exe	steamwebhelper.exe

C:\Users\Admin\AppData\Local\Temp\SteamSetup.exe
"C:\Users\Admin\AppData\Local\Temp\SteamSetup.exe"
1⤵
- Adds Run key to start application
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3604

C:\Program Files (x86)\Steam\bin\steamservice.exe
"C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install
2⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:1012

C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
1⤵
- Drops file in Program Files directory
- Executes dropped EXE
- Checks processor information in registry
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:5100

C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
2⤵
- Drops file in Windows directory
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4960

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=de_DE" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=4960" "-buildid=1709846872" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" "-launcher=0" --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--disable-features=DcheckIsFatal"
3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2680

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1709846872 --initial-client-data=0x368,0x36c,0x370,0x344,0x374,0x7ffab464ee28,0x7ffab464ee38,0x7ffab464ee48
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2204

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=de-DE --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --buildid=1709846872 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=1668 --field-trial-handle=1468,i,1718787012079750824,14933209272264024282,131072 --disable-features=BackForwardCache,DcheckIsFatal,WinUseBrowserSpellChecker /prefetch:2
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4952

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=de --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=de-DE --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --buildid=1709846872 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=2140 --field-trial-handle=1468,i,1718787012079750824,14933209272264024282,131072 --disable-features=BackForwardCache,DcheckIsFatal,WinUseBrowserSpellChecker /prefetch:8
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5036

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=de --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=de-DE --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --buildid=1709846872 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=2496 --field-trial-handle=1468,i,1718787012079750824,14933209272264024282,131072 --disable-features=BackForwardCache,DcheckIsFatal,WinUseBrowserSpellChecker /prefetch:8
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4104

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --buildid=1709846872 --steamid=0 --first-renderer-process --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2984 --field-trial-handle=1468,i,1718787012079750824,14933209272264024282,131072 --disable-features=BackForwardCache,DcheckIsFatal,WinUseBrowserSpellChecker /prefetch:1
4⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:2768

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=de --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=de-DE --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --buildid=1709846872 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=2600 --field-trial-handle=1468,i,1718787012079750824,14933209272264024282,131072 --disable-features=BackForwardCache,DcheckIsFatal,WinUseBrowserSpellChecker /prefetch:8
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3824

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-agent-product="Valve Steam Client" --lang=de-DE --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --buildid=1709846872 --steamid=0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=1684 --field-trial-handle=1468,i,1718787012079750824,14933209272264024282,131072 --disable-features=BackForwardCache,DcheckIsFatal,WinUseBrowserSpellChecker /prefetch:2
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4536

C:\Program Files (x86)\Steam\bin\gldriverquery64.exe
.\bin\gldriverquery64.exe
3⤵
- Executes dropped EXE
PID:2136

C:\Program Files (x86)\Steam\bin\gldriverquery.exe
.\bin\gldriverquery.exe
3⤵
- Executes dropped EXE
PID:2860

C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe
.\bin\vulkandriverquery64.exe
3⤵
- Executes dropped EXE
PID:3536

C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe
.\bin\vulkandriverquery.exe
3⤵
- Executes dropped EXE
PID:4536

C:\Program Files (x86)\Steam\Steam.exe
"C:\Program Files (x86)\Steam\Steam.exe"
1⤵
- Executes dropped EXE
PID:3628

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x500 0x4f4
1⤵
PID:932

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Steam\Steam.exe
Filesize
4.2MB

MD5
7c2056e7337a5f29d2e5d3c67830745f

SHA1
d502f5c22895a859056930a5489192873cd04673

SHA256
3f321dbbc60371a585d60b17e3f67386bf1792b430d20071ca0e3efd9dbae99d

SHA512
c729dbee4d528d05d2a6d25ea105d8f34bb9087b9151c0b31a59337e444e4bccb1f3e49fce122fb3dd7b65132a15a0c8b5618c853287fecbe5427376200b2495

Download Submit
C:\Program Files (x86)\Steam\aom.dll
Filesize
7.1MB

MD5
d764264518e77cc546a5876c3bcebad4

SHA1
ea17d45b396fa193a851bfd345e2b2c20ad60e12

SHA256
e78492de0ab575add50b925bfd44216d224d09904a9b14c17087a92fdcbc15cd

SHA512
7cf132ea5254a55c08186ffcf5e47360ef5ddd57d03d7051171f6753b22e3925304d183c2037bfd320ad56c08e079f9b2c4640db8cb3dbd38ff500c7a39e997f

Download Submit
C:\Program Files (x86)\Steam\avif-16.dll
Filesize
226KB

MD5
a09c5fa842fa4456a0b53b46f1050225

SHA1
9e4677f19e77bf55e7d0e2e82d8c27f79dbbd78e

SHA256
3d7ba6fedfdfd6e751693d718a21438304690b754d1c5d13c847a829b2423b8b

SHA512
71c962da6ed6894209891513bf9f0132a5eab6c65a5d9ba334efcaf73463be5625665a060863a106d59fad1949f6191f641aa4c59ddb0e825701bef08ef9b5a5

Download Submit
C:\Program Files (x86)\Steam\bin\SteamService.exe
Filesize
2.5MB

MD5
18dd1c62ef5597389d599f4d671be388

SHA1
43e0e7e1ad31dc0bfa9b93e50013dc0cf8cdbb66

SHA256
320b33ae48dbbbfbe4f93cf1509702e6a90880688a0557b2f6ad7f5c47d94c21

SHA512
a8d8aaf823b665edbb8f7490ae232bb292a8349f77fafbffc9600934abb71a763b52f2d99b9ec73a0e2c5a62a3dc57631bfb19a5e931c4bbd2d3e17ef22f2d98

Download Submit
C:\Program Files (x86)\Steam\bin\audio.dll
Filesize
175KB

MD5
91389bfcf323f9cbab45c0e652d0eec6

SHA1
030330d7f3e3db4224e441f3bb8fdbc9a87f45c6

SHA256
cf363c45ccf407eb405529ddc0e70569adcb82373fa51f8078660c0cbc78acc1

SHA512
8a963d677185a6b35e9534961d28a501c9021268a0a9980d2947727565a35d3793f97baf90d9d8f5afc6086655e4f7683be7aae274a280555f6632a76648f038

Download Submit
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\api-ms-win-core-console-l1-1-0.dll
Filesize
23KB

MD5
5d341bc73b1e54509a5ad1cf242ee223

SHA1
c99d28dd1bf7df8f7560b39115ea193a0bb3b322

SHA256
e13c9c03c459682822eb5734e1f184e80dbae5fed2421cb5dc3e238946f3edf0

SHA512
39a3cd6c02b3ac42dbbe62b2a08ef1858f368163cd194d9d09fa2097b357e0540e0bf1a93b169dd93cf83bc08aeb6247d8a93a82ae72b418c1af128c9fc7e695

Download Submit
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\api-ms-win-core-console-l1-2-0.dll
Filesize
23KB

MD5
fe49ecd88cb1b0b9a5cf88e01f4075a6

SHA1
4d47900af773a09056157336cd4a0373e9996c5f

SHA256
a82e6229869a90d19310f4247d6b3027309ee4ea49bc9c127e532b46bf95e78b

SHA512
d610e3e17bf2c082f6c52c8a9194e9f1f5d2d1c7bcb30a7fe7cdc0dfad5851b2d2d46368d964753235a892ea716fcb2694584d78580286b28b31393b85dc09b9

Download Submit
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\api-ms-win-core-datetime-l1-1-0.dll
Filesize
23KB

MD5
587181061a8482dd8eefa8c1cbdd23b1

SHA1
6fdab708bc8b50cb9422b089c240275d478c59b2

SHA256
a4f49dfff349a4f12dc473650a57f52f6d9c2df50a12a7fe21e829ffcb2409e0

SHA512
3ae7c4a29f56dd482c9f442935f527e3bd0b902268f1d39c15fd909a4157e5f67c696136ed69cb14bb85abd08e2bbb14c3fa12e5f0dd6c75c6f4737a0873461d

Download Submit
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\api-ms-win-core-debug-l1-1-0.dll
Filesize
23KB

MD5
227e0e0e8f61f433eba82d2b6e388415

SHA1
c76f5c4ca826b4bd63bbd1c75b5549a7b1d8307b

SHA256
872cf90b7f7ae3187e1abe1e60923736d3b85c12db32f413f42dec5b3aaeffbb

SHA512
c355b0e902ff8abbadd8499fe4b075b6045876f8c6f8797a189adeea0437d1dc1df385bd65ae379913dc8cfefc46145c291e74aa8f34cf0949a2cf0d7a615618

Download Submit
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\api-ms-win-core-errorhandling-l1-1-0.dll
Filesize
23KB

MD5
b2ebcf3c67f1722852b1061a7d6fa641

SHA1
02caf1c965f01aacdc0913be07766c6e48c07cc5

SHA256
68d7c802b9fd6f30be824965e61f02982eb43628379511fe46f1b93df0e4a6a5

SHA512
d7350120554855cb1712594e0c5cf25b956b8411a309bc6fd3837aec91364c10f9c98bf67914ee780b223bb3ebae0b41708a5d1993dbb800a544427f58dd2995

Download Submit
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\api-ms-win-core-fibers-l1-1-0.dll
Filesize
23KB

MD5
55b7fde967d55a7de2f3e36179a0c049

SHA1
c0ceffcd7c8a335b44220f4fb9fdad45262fb174

SHA256
a70fa9a015aa316ec0e25ca507114c05a3dbb680e700c6e4c9bf8ddda2abd499

SHA512
ad3ef67b240bc53d8d0a21013b8207b6fecd74f810ff9fbca97a0493f0bfba0c5c60acff9b1bb5b1678cef4ec41f73cc47222c70b991e7dc39ac17e7620c3e83

Download Submit
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\api-ms-win-core-file-l1-1-0.dll
Filesize
27KB

MD5
3fc486b956727fd86b0d94d796b9c5c8

SHA1
779ba40fde8778dddc85b11c1ec492aed6ae2278

SHA256
e81b5784920db490038e1057d821bb5699dd2d2f319294b9939661f4cbfc94f9

SHA512
3c6b11fb4322da667886bdcb0511638fde6a563292f62f1040eb2eb314d1f282bc0efb9c20ce8f7518fc4da90eebb769bfe4b4e30180a7219c6f7e61fad2c3e6

Download Submit
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\api-ms-win-core-file-l1-2-0.dll
Filesize
23KB

MD5
7fad4ed5b9192c9e412da8eb032acdaf

SHA1
2a04c0e7be7e16eb7bd62198e3a868fe0d87a985

SHA256
10b141aaa2abf16276b69ac0773843884a47eb08fae0008ee647a15bcd7deff7

SHA512
fe611d421a53db561f02f484b9441cccfb21a2502b40a4189c5fb339ed828972352a6b0672d758f9641fc37168d9c6b100e478736342531359286918a7be4ea0

Download Submit
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\api-ms-win-core-file-l2-1-0.dll
Filesize
23KB

MD5
7d54304abfe17b8c3bf3451e32a5d0fe

SHA1
203f3143e122f1fa8162b6afcf53aacab90e3299

SHA256
7dcc29037927fcd5dba11ba4aacafd1de4ef643cf0f6b09fbdd0e58816fb7150

SHA512
32b407d65f9d29d21b7671dbed07dc61057a8adef81b4342879255b8a34e3ddf8aaaf80f368c983611ac9eeaa72f7ef801ed421b65433c3c4521fa7171b1bf9e

Download Submit
C:\Program Files (x86)\Steam\crashhandler.dll
Filesize
361KB

MD5
921ecaa849aa3eebea83cc117f057bbc

SHA1
b7eac57ca1e82b1011379893c88c76906b8c6833

SHA256
956264d928cc41776196b6a8162bf5895e0f093cc8049842fc90ad55e8c2f198

SHA512
2ea60ab1c5119254c38e136c3f1a88450fc0256fe5dcc621dd42235c72f50ef5ae2cf8fd481ee0cd663ee8173c09522fc7e11d72101072617d40ad193af9b3a7

Download Submit
C:\Program Files (x86)\Steam\logs\bootstrap_log.txt
Filesize
12KB

MD5
d42583971a078d2d0e467c0a8f651f74

SHA1
52543029213578a99e9a6fb0e6d7925d83e0b9e1

SHA256
82acb1843da0d3431f173ce334d2c1e9bf5768e9e975475bc78243c233dbeb70

SHA512
175428030df2c73131d7490ca9e8ec64d7346a8be04e8aada7118d17fbf0e076ac95a16a4864d7d83658e0a485fc087e905aac608dd96c5d34fdaf4f1c24e92c

Download Submit
C:\Program Files (x86)\Steam\package\steam_client_metrics.bin
Filesize
2KB

MD5
ccf49c90728dfd94883fb8a12512ea9a

SHA1
51cef12ae3ac05c2d0a561fc578b6652f47b9cdd

SHA256
65212d503ecae6af6d39f0583e7523d7025a54909a8f5f4a8592cad1fa30aeb5

SHA512
ba597bc3cd89f309eeaaa87829e8b09d81f61096f65f22729ad1feae32ab7034b99b497788fbf14d8a17d81e5834214af2b8ef666667f7ccd98efa1a892bb59e

Download Submit
C:\Program Files (x86)\Steam\package\steam_client_win32.installed
Filesize
460KB

MD5
5e21102fe5ae32653cfa3445539d23b0

SHA1
01feccac0e15f4fa21dbd0d1de5702c8a934d60d

SHA256
de521055b9e6d487bcbd91ec06428dee35384cc8a0d00d2b738760187b3c390a

SHA512
773e8198f3da8ba49beff3750416377d311877c54fe7c0a8324c4748d62b43745ecbeab6acdaec76af66d76a95a395f10339b61fe792026463012ad582ae4d3f

Download Submit
C:\Program Files (x86)\Steam\package\steam_client_win32.manifest
Filesize
9KB

MD5
efb6e815a83a9222a7263e78209285f1

SHA1
e178c8468d4e2ac9e66e7cd597813e6d85b30044

SHA256
9d0a3df457493d2ac1dba90a89ad6b35d309951142c793bef247ce462a631a2a

SHA512
36b1ec5f4b045b026f80983f769fa20d9e301c6ed92a036629f768c13515393522123d6436f438fe4f24f9116c0c7908c4d8093fcca36972e12ec763a06e3c72

Download Submit
C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_forward@2x.tga_
Filesize
15KB

MD5
577b7286c7b05cecde9bea0a0d39740e

SHA1
144d97afe83738177a2dbe43994f14ec11e44b53

SHA256
983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824

SHA512
8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

Download Submit
C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_news_mousedown.tga_
Filesize
20KB

MD5
00bf35778a90f9dfa68ce0d1a032d9b5

SHA1
de6a3d102de9a186e1585be14b49390dcb9605d6

SHA256
cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2

SHA512
342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

Download Submit
C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_bulgarian.txt.gz_
Filesize
23B

MD5
836dd6b25a8902af48cd52738b675e4b

SHA1
449347c06a872bedf311046bca8d316bfba3830b

SHA256
6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64

SHA512
6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_brazilian.txt
Filesize
4KB

MD5
0340d1a0bbdb8f3017d2326f4e351e0a

SHA1
90d078e9f732794db5b0ffeb781a1f2ed2966139

SHA256
0fcd7ae491b467858f2a8745c5ecdd55451399778c2119517ee686d1f264b544

SHA512
9d23e020875ed35825169a6542512ec2ffdb349472a12eb1e59ddc635e57c8fd65fa919873821e35c755aa7d027c9a62d3d0fa617340449d7b2c4cf8dd707e93

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_bulgarian.txt
Filesize
6KB

MD5
4c81277a127e3d65fb5065f518ffe9c2

SHA1
253264b9b56e5bac0714d5be6cade09ae74c2a3a

SHA256
76a6bd74194efd819d33802decdfddaae893069d7000e44944dda05022cfa6d9

SHA512
be077b61f3b6d56a1f4d24957deaf18d2dff699bda6569604aac4f1edb57c3cfd0abc5e2a67809f72e31a90b4aed0813536c153886da2099376964c60e56001a

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_czech.txt
Filesize
4KB

MD5
2158881817b9163bf0fd4724d549aed4

SHA1
c500f2e8f47a11129114ee4f19524aee8fecc502

SHA256
650a265dffdc5dc50200bb82d56f416a3a423eecc08c962cfd1ba2d40a1ff3f7

SHA512
f3594aad9d6c50254f690c903f078a5b7a58c33bd418abdad711ebb74cfbdb5564679593e08fb2d4378faaf4160d45e3d276ba1aa8a174ed77a5791bcac46f28

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_danish.txt
Filesize
4KB

MD5
03b664bd98485425c21cdf83bc358703

SHA1
0a31dcfeb1957e0b00b87c2305400d004a9a5bdb

SHA256
fdf7b42b3b027a12e1b79cb10ab9e6e34c668b04eb9e8a907d8611ba46473115

SHA512
4a8cdd4b98432ba9d9b36bc64aab9a2eab31a074d1cbdfab3d35a14216c60752b5580c41bbb70104993420043685d3bd47eb6637b8fcbb3f42f76a15e4be041d

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_dutch.txt
Filesize
4KB

MD5
31a29061e51e245f74bb26d103c666ad

SHA1
271e26240db3ba0dcffc10866ccfcfa1c33cf1cc

SHA256
56c8a86fa95eab0d8f34f498e079b5516b96d2a2f1ad9c2a888555e50e47f192

SHA512
f85865c1e9ab45e5586d3dd2b45d15265193e8a3c34b6bb1ac7e415a1ea878cfb044e8e01012e917e4f00bb9e0a422f56253f328df1bac99a145e19433354cf8

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_english.txt
Filesize
4KB

MD5
da6cd2483ad8a21e8356e63d036df55b

SHA1
0e808a400facec559e6fbab960a7bdfaab4c6b04

SHA256
ebececd3f691ac20e5b73e5c81861a01531203df3cf2baa9e1b6d004733a42a6

SHA512
06145861eb4803c9813a88cd715769a4baa0bab0e87b28f59aa242d4369817789f4c85114e8d0ceb502e080ec3ec03400385924ec7537e7b04f724ba7f17b925

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_finnish.txt
Filesize
4KB

MD5
594be5b10d9f551e551cf20eae0e6dfc

SHA1
191c20f5cb0c27ecc5a055fa2379694f5e27a610

SHA256
e350ca62e777da4da6d25885be96d48e7ce3acf021a74f2a4902354a1bf03fbb

SHA512
e27bf6593a177c22e16ddf5a44d82b34b02063645a7fd63943b936028d9c433c89628038768a300c296c2d3bcab2ef6b8532a19f7283952d041865c704f62b0b

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_french.txt
Filesize
4KB

MD5
972187ca96118637052c2c39b32a6277

SHA1
7cd71d6f0c00f75c441393f46a17f4fa765bb5dd

SHA256
12e4d3ba658994fa3065018cec6a9ae333d8ff7cd5a2bc6a45c1c495739b0de6

SHA512
e0c66541a9a57698aea201fad5a75cee18be24959a705c2c8fe1f089c4504ecd24ea1dbefee2241b7207734b68529d8908869eb9afda0c1dc2ec355c1c99cb1d

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_german.txt
Filesize
4KB

MD5
5c026fd6072a7c5cf31c75818cddedec

SHA1
341aa1df1d034e6f0a7dff88d37c9f11a716cae6

SHA256
0828572e4fa00c186dbf1d9072a6154d65cb499c6a37e338f3305f77a2fee382

SHA512
f9d28714b2a05f8d9025f1692e4d7e8baa6daf6176353f65646a38814a242ef2adededa44419edd69f10cf96ffba506dab7cb6e52111457bf69cffef12174b12

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_greek.txt
Filesize
6KB

MD5
189ba063d1481528cbd6e0c4afc3abaa

SHA1
40bdd169fcc59928c69eea74fd7e057096b33092

SHA256
c0a7a1df442ac080668762df795c72aa322e9d415c41bd0a4c676a4dc0551695

SHA512
ce59ad9b17bab4de1254e92ce4fe7d8c8242832f62ab382e8f54199a9932cd11b5800cc33895441426373d5210cc74104e0271b721a7e26ed400b716ae4d5903

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_hungarian.txt
Filesize
4KB

MD5
18aaaf5ffcdd21b1b34291e812d83063

SHA1
aa9c7ae8d51e947582db493f0fd1d9941880429f

SHA256
1f45bb7bdfa01424f9237eec60eba35dc7f0dc4e8c2e193fe768fe96d3ff76d5

SHA512
4f3e56d1abe26b56d3f805dc85baaca450c0c7bec57ebcf8a6bb6ebb8588307dad130c83bf792bac76694909a14fd6a4d7d1e9b31e32fba11256343b9fc18154

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_indonesian.txt
Filesize
4KB

MD5
1514d082b672b372cdfb8dd85c3437f1

SHA1
336a01192edb76ae6501d6974b3b6f0c05ea223a

SHA256
3b3c5c615fd82070cc951ab482d3de8cb12df0b3df59fbd11f9d3271fa2fbca4

SHA512
4d41c945ce7c94746875b0dbceb14811d4966de4e97fe047406a304162fde7e1e2a16367fc2e43978e2e5aa66749f036b4444aa2312673c2cc3af296e8b77f55

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_italian.txt
Filesize
4KB

MD5
8958371646901eac40807eeb2f346382

SHA1
55fb07b48a3e354f7556d7edb75144635a850903

SHA256
b01ec64d75fd1fbd00fbeb45a3fb39244911a8b22bb43de4e0c03f205184f585

SHA512
14c5dbb017822336f22bf6779ccd4a66604ddc5f2c3caa24271e96f739fef007754d96844efa422d6682cbcd2d3bc902c36f0f6acb3eb87ed8d7b3f885973554

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_japanese.txt
Filesize
5KB

MD5
7e1d15fc9ba66a868c5c6cb1c2822f83

SHA1
bfe9a25fdc8721d7b76cecb9527a9ba7823dc3d7

SHA256
fc74e26a8baabbe4851109512d85173b75dbf7293d41eb3b92a1957a773c8265

SHA512
0892be14a858cc860766afb1c996b2c355108a7e50971ea3ec00d15069e919a6eb05a61fa839bea3938492c391e274144c5e248f4c204a602bf36adf27e5b406

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_koreana.txt
Filesize
4KB

MD5
202b825d0ef72096b82db255c4e747fa

SHA1
3a3265e5bbaa1d1b774195a3858f29cea75c9e75

SHA256
3d1399f5323a3ece1b1a8b3b31f8fd7f50c3bd319ab3f1c38c6e347452c95314

SHA512
e8fc7cc09f431301d22a07b238179ee053505090e3c4db30ead061513fe7159f1fe8b80efc93f4597fe00f01087bbe0bb2231e13693d72c8def138657cb91566

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_latam.txt
Filesize
4KB

MD5
7913f3f33839e3af9e10455df69866c2

SHA1
15fa957d0a6a2717027f5b35f4dbe5e0ab8ece25

SHA256
05bc1f4973c6d36002ac1b37ce46b1f941fcb4338282e0ec1ec83fb558d1a88c

SHA512
534e541757d19ee157a268bf7ea358b48015f400542fcfa49cdb547cd652926160f015fe2cf026d9c4996e56ab90ca3899dfd457997d915bf6bc9d7bb00ba804

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_norwegian.txt
Filesize
4KB

MD5
58e0fcbee3cca4ef61b97928cfe89535

SHA1
1297e3af3ca9e4fe3cc5db78ebbfa642e8a2c57b

SHA256
c084a68b65d507eb831831aa2ab9afb9536cb99a840d248cc155ff87fad18425

SHA512
99aff0c481e34cd0e4fcbb2af471afb56d91aa11be664462b08e17ae169ca03ef77e7063b4ecd0f38ca7b2f6dc0bf2e316c7b31dffbbcfc763cd8fae27dc78d2

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_polish.txt
Filesize
4KB

MD5
9b0b0e82f753cc115d87c7199885ad1b

SHA1
5743a4ab58684c1f154f84895d87f000b4e98021

SHA256
0bdeee9fa28d54d384e06ea646fbcfe3f06698a31dfdc1a50703ffe83ad78d32

SHA512
b7780b82fbe705bc8e5a527c011eb685c99ef0b2eb810617b9f82b891341af95ef1c2f46dce9e458c0c4dcc3e7a0d21db6c77f03419cd1c4b521a9b72f9017df

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_portuguese.txt
Filesize
4KB

MD5
eb8926608c5933f05a3f0090e551b15d

SHA1
a1012904d440c0e74dad336eac8793ac110f78f8

SHA256
2ed2b0d654d60e0a82b0968a91d568b775144e9d92f2b077b6da75f85ad12d04

SHA512
9113c42c38836f71ff0cc7019aff8c873845f47fbf1ab97e981cb038f4d8495b6df784402b1ee9666e8e567ae866b0284c81e6a16efb47131d5ef88569c4843a

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_romanian.txt
Filesize
4KB

MD5
6367f43ea3780c4ee166454f5936b1a8

SHA1
027a2c24c8320458c49cd78053f586cb4d94ee6f

SHA256
f8d1972e75a320344e3c834ba0a3a6a86edb39e20ef706bda9b7965d440d1998

SHA512
31aab33e0d272cb43a8c160b3d37256716a683e5052192fd0e4d3cdaf30a10a9afa9d26d5d14ad216ee455627c32892a711d2bc137ee7a7df9a297f001a19e32

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_russian.txt
Filesize
6KB

MD5
e04ad6c236b6c61fc53e2cb57ced87e8

SHA1
e9d4846b7e6cc755ee14a5d3fa45ee7d3bf425a4

SHA256
08c775efa77c2a92d369f794882e467b6e2526e61bc7aa7724f48e174524502e

SHA512
0dfb7e6d811d649103499018f3d115c542fcaba420ceb69124a4d837fe162ce514e7be2040860c5ef5f9c01c961fa6eea8730606b73ec107d87597989b6fd331

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_schinese.txt
Filesize
4KB

MD5
56dcf7b68f70826262a6ffaffe6b1c49

SHA1
12e4272ba0e4eabc610670cdc6941f942da1eb6a

SHA256
948cad1bb27109e008f2457248880c759d3fa98b92c5b4033b94f455cb8ac43f

SHA512
c3fd9caf0bd4c303a7cc300faada9cfe6dd752e82d67625b31f4c0c2c091596508bb477fe19f758fdf79b25b8ac3f5320a8785d2b6705b9bcc28a054a59454e2

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_spanish.txt
Filesize
4KB

MD5
66456d2b1085446a9f2dbd9e4632754b

SHA1
8da6248b57e5c2970d853b8d21373772a34b1c28

SHA256
c4f821a4903c4e7faea2931c7fb1cf261eba06a9840c78fdca689f5c784c06c4

SHA512
196c2282ba13715709ece706c9219fe70c05dd295840082e7d901b9e5592e74b1bb556782181cdbe35bd1ab0d6197fef67258b09491fabc6f27606dbed667d49

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_swedish.txt
Filesize
4KB

MD5
b2248784049e1af0c690be2af13a4ef3

SHA1
aec7461fa46b7f6d00ff308aa9d19c39b934c595

SHA256
4bf6b25bf5b18e13b04db6ed2e5ed635eb844fc52baa892f530194d9471f5690

SHA512
f5cee6bba20a4d05473971f7f87a36990e88a44b2855c7655b77f48f223219978d91bcd02d320c7e6c2ec368234e1d0201be85b5626ef4909e047e416e1a066c

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_tchinese.txt
Filesize
4KB

MD5
194a73f900a3283da4caa6c09fefcb08

SHA1
a7a8005ca77b9f5d9791cb66fcdf6579763b2abb

SHA256
5e4f2de5ee98d5d76f5d76fb925417d6668fba08e89f7240f923f3378e3e66f6

SHA512
25842535c165d48f4cf4fa7fd06818ec5585cc3719eff933f5776a842713d7adb5667c3b9b1a122a1152450e797535fc7a8e97ebdd31c14b4d4900a33ede01f3

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_thai.txt
Filesize
7KB

MD5
53f7e8ac1affb04bf132c2ca818eb01e

SHA1
bffc3e111761e4dc514c6398a07ffce8555697f6

SHA256
488294b7faff720dc3ab5a72e0607761484c678b96d6bcd6aad9ee2388356a83

SHA512
c2e79c2505a6fd075df113ffce92ad42c146424ca39087601daa4ed15a2b5528d478a093921d9d8a738c7b6b963275a0693ebe526b6e2135d14ced03639d0e70

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_turkish.txt
Filesize
4KB

MD5
29f9a5ab4adfae371bf980b82de2cb57

SHA1
6f7ef52a09b99868dd7230f513630ffe473eddf8

SHA256
711675edb20b3cb70acf6cf75f2eea8e0d87c8ace3e11c8df362b4517427a34f

SHA512
543fe63f791250e05e8fda24fd2ceadebb4c8925e8927de49ae490895c87eed3e61a9ad50237532649f99fe3165836261de215ee3f66ffbfc6d677ddeea7732a

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_ukrainian.txt
Filesize
6KB

MD5
cadd7a2f359b22580bdd6281ea23744d

SHA1
e82e790a7561d0908aee8e3b1af97823e147f88b

SHA256
3dd0edfbe68236e668fb308f92fe7c6493dbb05bfca85a48de93588f479ccc99

SHA512
53672dd13e6ccbe96f6d4a61297c595b6d6cba8de92caa51ccf8ab1d8a82eea5a425eab348f295b9ec27de0026ef849d9230f751a46e040be8863923f91b8519

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_vietnamese.txt
Filesize
4KB

MD5
f350c8747d77777f456037184af9212c

SHA1
753d8c260b852a299df76c4f215b0d2215f6a723

SHA256
15b6a564e05857a3d2fd6eec85a5a30c491a7553d15ffc025156b3665b919185

SHA512
efb86809a0b357b4fcd3ba2770c97d225d0f4d9fb7430c515e847c3dd77ee109def4bef11b650b9773c17050e618008fc03377638c1db3393ac780b5b0bc31b2

Download Submit
C:\Program Files (x86)\Steam\steam.exe
Filesize
4.2MB

MD5
0f433ee9a006400416679cf6e5a510c5

SHA1
558403043f0288aba3d9a43e9dfa7e109bc0b31a

SHA256
88eb0e145502e84cfb242b4733eeecbda53f78e33fe748f3c0e1fb14edbd7cd4

SHA512
82048118e7b816ffe9dd0ce114b0fda049345e9d27ab64b1c7a2efb4edb2d08775379ad6678c5a6a77fbfa91d8969e8642460f62b5cded32a704ab238a010ba3

Download Submit
C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping2680_936434464\LICENSE
Filesize
473B

MD5
f6719687bed7403612eaed0b191eb4a9

SHA1
dd03919750e45507743bd089a659e8efcefa7af1

SHA256
afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59

SHA512
dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56

Download Submit
C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping2680_936434464\manifest.json
Filesize
1001B

MD5
2648d437c53db54b3ebd00e64852687e

SHA1
66cfe157f4c8e17bfda15325abfef40ec6d49608

SHA256
68a3d7cb10f3001f40bc583b7fff0183895a61d3bd1b7a1c34e602df6f0f8806

SHA512
86d5c3129bec156b17b8ebd5dec5a6258e10cb426b84dd3e4af85c9c2cd7ebf4faea01fd10dd906a18ea1042394c3f41a835eae2d83dc8146dfe4b6d71147828

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index
Filesize
48B

MD5
0ff58274ace2abdb75b03df558bb5754

SHA1
6f038612c5bc30d05552b982cf07115cade3b6ae

SHA256
4b2cc7e32c3af7b7eadc0b44ec409576e713f1e67f685579b7f042eeff0bcfce

SHA512
56933ea50404aa5423b166b396da1052eef8b48c94aee5f2a38a4b76011c476cb42a83469d06e6032c3c8c2528ce06eb78aa7d503ac730262375575f9e19419d

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index
Filesize
264B

MD5
2a35b848e694f8a67c5197bbd73c41ac

SHA1
419c0573b126e3c8f62dfdbb6edfed36482b9218

SHA256
8b2069b341a63bd00369526e4f60b90818bd423c5c139eb390551cfeeb0427a9

SHA512
4223fdcd6d6a93b705f6ad6782d19523e7d7368ed36ddbe1d38d2f3ea79f616bf6a41479cebb685685752068eefbc9d6f03868a12453350b591a7f38d445100b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Local Storage\leveldb\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json
Filesize
786B

MD5
589b7ee848bfa8de4897023423608a0f

SHA1
4ff2854b9d83da55dd22849c4e8a4695138d9d83

SHA256
5a5ae78cd0d4e12166abed30b6950cde5457c335dada2bb2c4c4aa21798efeb6

SHA512
1c770996c2d637de35170ddf5cdc671a639bbe982952ee2d01e10fd2e272f506e78841ac00ecc09c89985b8e730ceae4a71967786ec739ec1aa97bcab39dc2a3

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json
Filesize
693B

MD5
914fa23af3f77d67c7baa9922a9c932c

SHA1
18e74d7236646d155bb2747e2dc5e1bafc989a3e

SHA256
80ead117e0f71f4375bb1451cc0d84e84f1f3767b8e575ea8c6473866be93c3e

SHA512
b0ea18163edf724015cc906a3e5754c9b2a7bb4305fbf36b382913f6a95c5e4cd2dfa18188ad2147473268416b5c3b9c747e569f08d82f3d64d48e1836cdcb0a

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json~RFe5905e2.TMP
Filesize
484B

MD5
a250e8b6b444dac3909f0238656d4195

SHA1
9c9fb09d6c0a458a5ea7a83789d747cce877a41d

SHA256
d81421e988e70377a9ea9b6dc2e7276ed5f8165553b478a4253fd6f33ef83ebd

SHA512
e837c3cf5a152a953e8a36f2b6fff6d85cd1c8c83ddf7de63fbb96f11faa86683c03b7b23895a516bc0e574a7d7cb15ba6cec30b5beccc6e85a152f03b5e9ea5

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State
Filesize
300B

MD5
c3338b1161a0fc492aaf016c8965c149

SHA1
93b50be0611a123f266ead76955fad46934bf8be

SHA256
b39ec84e14d19df6edb4767d4fe5a8647c202f5023f6482754592ea6d941949e

SHA512
4971e848557bc479691df89f760fc3beb4d9a2cfcc3c208b2a487146f3cfad7830b14fcacb5cf3cf4db87ed967c9aec155af1489129528f6b38b9a6fbf23255a

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State~RFe59192b.TMP
Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Session Storage\000001.dbtmp
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu38A6.tmp\StdUtils.dll
Filesize
110KB

MD5
db11ab4828b429a987e7682e495c1810

SHA1
29c2c2069c4975c90789dc6d3677b4b650196561

SHA256
c602c44a4d4088dbf5a659f36ba1c3a9d81f8367577de0cb940c0b8afee5c376

SHA512
460d1ccfc0d7180eae4e6f1a326d175fec78a7d6014447a9a79b6df501fa05cd4bd90f8f7a85b7b6a4610e2fa7059e30ae6e17bc828d370e5750de9b40b9ae88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu38A6.tmp\System.dll
Filesize
22KB

MD5
a36fbe922ffac9cd85a845d7a813f391

SHA1
f656a613a723cc1b449034d73551b4fcdf0dcf1a

SHA256
fa367ae36bfbe7c989c24c7abbb13482fc20bc35e7812dc377aa1c281ee14cc0

SHA512
1d1b95a285536ddc2a89a9b3be4bb5151b1d4c018ea8e521de838498f62e8f29bb7b3b0250df73e327e8e65e2c80b4a2d9a781276bf2a51d10e7099bacb2e50b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu38A6.tmp\modern-wizard.bmp
Filesize
150KB

MD5
3614a4be6b610f1daf6c801574f161fe

SHA1
6edee98c0084a94caa1fe0124b4c19f42b4e7de6

SHA256
16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b

SHA512
06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu38A6.tmp\nsDialogs.dll
Filesize
20KB

MD5
4e5bc4458afa770636f2806ee0a1e999

SHA1
76dcc64af867526f776ab9225e7f4fe076487765

SHA256
91a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0

SHA512
b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu38A6.tmp\nsExec.dll
Filesize
17KB

MD5
2095af18c696968208315d4328a2b7fe

SHA1
b1b0e70c03724b2941e92c5098cc1fc0f2b51568

SHA256
3e2399ae5ce16dd69f7e2c71d928cf54a1024afced8155f1fd663a3e123d9226

SHA512
60105dfb1cd60b4048bd7b367969f36ed6bd29f92488ba8cfa862e31942fd529cbc58e8b0c738d91d8bef07c5902ce334e36c66eae1bfe104b44a159b5615ae5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu38A6.tmp\nsProcess.dll
Filesize
15KB

MD5
08072dc900ca0626e8c079b2c5bcfcf3

SHA1
35f2bfa0b1b2a65b9475fb91af31f7b02aee4e37

SHA256
bb6ce83ddaad4f530a66a1048fac868dfc3b86f5e7b8e240d84d1633e385aee8

SHA512
8981da7f225eb78c414e9fb3c63af0c4daae4a78b4f3033df11cce43c3a22fdbf3853425fe3024f68c73d57ffb128cba4d0db63eda1402212d1c7e0ac022353c

Download Submit
memory/2768-12241-0x00000193BD6B0000-0x00000193BD7DA000-memory.dmp

Filesize
1.2MB

Download
memory/2768-12241-0x00000193BD6B0000-0x00000193BD7DA000-memory.dmp

Filesize
1.2MB

Download
memory/3824-12310-0x0000017A686F0000-0x0000017A6881A000-memory.dmp

Filesize
1.2MB

Download
memory/3824-12310-0x0000017A686F0000-0x0000017A6881A000-memory.dmp

Filesize
1.2MB

Download
memory/4104-12176-0x00007FFAD2EE0000-0x00007FFAD2EE1000-memory.dmp

Filesize
4KB

Download
memory/4104-12176-0x00007FFAD2EE0000-0x00007FFAD2EE1000-memory.dmp

Filesize
4KB

Download
memory/4104-12240-0x0000021AC0B80000-0x0000021AC0CAA000-memory.dmp

Filesize
1.2MB

Download
memory/4104-12175-0x00007FFAD1C80000-0x00007FFAD1C81000-memory.dmp

Filesize
4KB

Download
memory/4104-12240-0x0000021AC0B80000-0x0000021AC0CAA000-memory.dmp

Filesize
1.2MB

Download
memory/4104-12175-0x00007FFAD1C80000-0x00007FFAD1C81000-memory.dmp

Filesize
4KB

Download
memory/4536-12352-0x000001B52E540000-0x000001B52E541000-memory.dmp

Filesize
4KB

Download
memory/4536-12353-0x000001B52E540000-0x000001B52E541000-memory.dmp

Filesize
4KB

Download
memory/4536-12360-0x000001B52E540000-0x000001B52E541000-memory.dmp

Filesize
4KB

Download
memory/4536-12353-0x000001B52E540000-0x000001B52E541000-memory.dmp

Filesize
4KB

Download
memory/4536-12354-0x000001B52E540000-0x000001B52E541000-memory.dmp

Filesize
4KB

Download
memory/4536-12364-0x000001B52E540000-0x000001B52E541000-memory.dmp

Filesize
4KB

Download
memory/4536-12363-0x000001B52E540000-0x000001B52E541000-memory.dmp

Filesize
4KB

Download
memory/4536-12352-0x000001B52E540000-0x000001B52E541000-memory.dmp

Filesize
4KB

Download
memory/4536-12354-0x000001B52E540000-0x000001B52E541000-memory.dmp

Filesize
4KB

Download
memory/4536-12358-0x000001B52E540000-0x000001B52E541000-memory.dmp

Filesize
4KB

Download
memory/4536-12358-0x000001B52E540000-0x000001B52E541000-memory.dmp

Filesize
4KB

Download
memory/4536-12360-0x000001B52E540000-0x000001B52E541000-memory.dmp

Filesize
4KB

Download
memory/4536-12364-0x000001B52E540000-0x000001B52E541000-memory.dmp

Filesize
4KB

Download
memory/4536-12363-0x000001B52E540000-0x000001B52E541000-memory.dmp

Filesize
4KB

Download
memory/4536-12362-0x000001B52E540000-0x000001B52E541000-memory.dmp

Filesize
4KB

Download
memory/4536-12361-0x000001B52E540000-0x000001B52E541000-memory.dmp

Filesize
4KB

Download
memory/4536-12359-0x000001B52E540000-0x000001B52E541000-memory.dmp

Filesize
4KB

Download
memory/4536-12362-0x000001B52E540000-0x000001B52E541000-memory.dmp

Filesize
4KB

Download
memory/4536-12361-0x000001B52E540000-0x000001B52E541000-memory.dmp

Filesize
4KB

Download
memory/4536-12359-0x000001B52E540000-0x000001B52E541000-memory.dmp

Filesize
4KB

Download
memory/4960-12379-0x000000006FB10000-0x0000000070E0E000-memory.dmp

Filesize
19.0MB

Download
memory/4960-12345-0x000000006FB10000-0x0000000070E0E000-memory.dmp

Filesize
19.0MB

Download
memory/4960-12379-0x000000006FB10000-0x0000000070E0E000-memory.dmp

Filesize
19.0MB

Download
memory/4960-12376-0x000000006FB10000-0x0000000070E0E000-memory.dmp

Filesize
19.0MB

Download
memory/4960-12373-0x000000006FB10000-0x0000000070E0E000-memory.dmp

Filesize
19.0MB

Download
memory/4960-12233-0x000000006FB10000-0x0000000070E0E000-memory.dmp

Filesize
19.0MB

Download
memory/4960-12370-0x000000006FB10000-0x0000000070E0E000-memory.dmp

Filesize
19.0MB

Download
memory/4960-12367-0x000000006FB10000-0x0000000070E0E000-memory.dmp

Filesize
19.0MB

Download
memory/4960-12244-0x000000006FB10000-0x0000000070E0E000-memory.dmp

Filesize
19.0MB

Download
memory/4960-12256-0x000000006FB10000-0x0000000070E0E000-memory.dmp

Filesize
19.0MB

Download
memory/4960-12259-0x000000006FB10000-0x0000000070E0E000-memory.dmp

Filesize
19.0MB

Download
memory/4960-12262-0x000000006FB10000-0x0000000070E0E000-memory.dmp

Filesize
19.0MB

Download
memory/4960-12266-0x000000006FB10000-0x0000000070E0E000-memory.dmp

Filesize
19.0MB

Download
memory/4960-12269-0x000000006FB10000-0x0000000070E0E000-memory.dmp

Filesize
19.0MB

Download
memory/4960-12292-0x000000006FB10000-0x0000000070E0E000-memory.dmp

Filesize
19.0MB

Download
memory/4960-12348-0x000000006FB10000-0x0000000070E0E000-memory.dmp

Filesize
19.0MB

Download
memory/4960-12333-0x000000006FB10000-0x0000000070E0E000-memory.dmp

Filesize
19.0MB

Download
memory/4960-12259-0x000000006FB10000-0x0000000070E0E000-memory.dmp

Filesize
19.0MB

Download
memory/4960-12348-0x000000006FB10000-0x0000000070E0E000-memory.dmp

Filesize
19.0MB

Download
memory/4960-12345-0x000000006FB10000-0x0000000070E0E000-memory.dmp

Filesize
19.0MB

Download
memory/4960-12376-0x000000006FB10000-0x0000000070E0E000-memory.dmp

Filesize
19.0MB

Download
memory/4960-12333-0x000000006FB10000-0x0000000070E0E000-memory.dmp

Filesize
19.0MB

Download
memory/4960-12292-0x000000006FB10000-0x0000000070E0E000-memory.dmp

Filesize
19.0MB

Download
memory/4960-12233-0x000000006FB10000-0x0000000070E0E000-memory.dmp

Filesize
19.0MB

Download
memory/4960-12244-0x000000006FB10000-0x0000000070E0E000-memory.dmp

Filesize
19.0MB

Download
memory/4960-12256-0x000000006FB10000-0x0000000070E0E000-memory.dmp

Filesize
19.0MB

Download
memory/4960-12269-0x000000006FB10000-0x0000000070E0E000-memory.dmp

Filesize
19.0MB

Download
memory/4960-12266-0x000000006FB10000-0x0000000070E0E000-memory.dmp

Filesize
19.0MB

Download
memory/4960-12262-0x000000006FB10000-0x0000000070E0E000-memory.dmp

Filesize
19.0MB

Download
memory/4960-12367-0x000000006FB10000-0x0000000070E0E000-memory.dmp

Filesize
19.0MB

Download
memory/4960-12370-0x000000006FB10000-0x0000000070E0E000-memory.dmp

Filesize
19.0MB

Download
memory/4960-12373-0x000000006FB10000-0x0000000070E0E000-memory.dmp

Filesize
19.0MB

Download
memory/5100-12132-0x00000000003E0000-0x0000000000894000-memory.dmp

Filesize
4.7MB

Download
memory/5100-12132-0x00000000003E0000-0x0000000000894000-memory.dmp

Filesize
4.7MB

Download