5d8d697707c89466cfe203bde7e242680d020646bd5e49edaabd67fc6a7d6321

Analysis

max time kernel
880s
max time network
881s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
27/03/2024, 14:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SteamSetup.exe
Size

2.3MB
MD5

b1f4bc644f535c745341de0303631d9c
SHA1

8d66e30416004cc2e98334a276c181ae1e67be55
SHA256

5d8d697707c89466cfe203bde7e242680d020646bd5e49edaabd67fc6a7d6321
SHA512

e3fc8eed9061dd8c555a26c29436c7c5218c6409096e37d11b34edcab448d5c3e9f7dff5e5c5ab2a0e3ee96da666b3be7f2b3f028fc122f35f74c51518aa0d44
SSDEEP

49152:GDJvIRwCA97eXdXY1/aq95f9zRsBON2VGabSV9MbHv2XR3fHuc7ZEG5:vWC2KX5Y1X95VzvwpWVKrJW

Score

6^/10

discovery persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000\Software\Microsoft\Windows\CurrentVersion\Run\Steam = "\"F:\\Steam\\steam.exe\" -silent"	SteamSetup.exe

Enumerates connected drives 3 TTPs 1 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	steam.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 8 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping8336_635054991\_platform_specific\win_x64\widevinecdm.dll.sig	steamwebhelper.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping8336_635054991\_platform_specific\win_x64\widevinecdm.dll	steamwebhelper.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping8336_635054991\LICENSE	steamwebhelper.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping8336_635054991\manifest.json	steamwebhelper.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping8336_635054991\_metadata\verified_contents.json	steamwebhelper.exe
File created	C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping8336_635054991\manifest.fingerprint	steamwebhelper.exe
File created	C:\Program Files (x86)\Common Files\Steam\steamservice.exe	steamservice.exe
File opened for modification	C:\Program Files (x86)\Common Files\Steam\steamservice.exe	steamservice.exe

Executes dropped EXE 17 IoCs

pid	Process
3228	steamservice.exe
900	steam.exe
7612	steam.exe
8336	steamwebhelper.exe
8372	steamwebhelper.exe
8504	steamwebhelper.exe
8604	steamwebhelper.exe
9888	gldriverquery64.exe
9996	steamwebhelper.exe
10044	steamwebhelper.exe
1840	gldriverquery.exe
13020	vulkandriverquery64.exe
13144	vulkandriverquery.exe
4864	steamerrorreporter.exe
3212	steamwebhelper.exe
2160	steamwebhelper.exe
5140	steamwebhelper.exe

Loads dropped DLL 63 IoCs

pid	Process
4756	SteamSetup.exe
4756	SteamSetup.exe
4756	SteamSetup.exe
4756	SteamSetup.exe
4756	SteamSetup.exe
4756	SteamSetup.exe
4756	SteamSetup.exe
4756	SteamSetup.exe
7612	steam.exe
7612	steam.exe
7612	steam.exe
7612	steam.exe
7612	steam.exe
7612	steam.exe
7612	steam.exe
7612	steam.exe
7612	steam.exe
7612	steam.exe
7612	steam.exe
7612	steam.exe
7612	steam.exe
7612	steam.exe
7612	steam.exe
8336	steamwebhelper.exe
8336	steamwebhelper.exe
8336	steamwebhelper.exe
8336	steamwebhelper.exe
8372	steamwebhelper.exe
8372	steamwebhelper.exe
8372	steamwebhelper.exe
7612	steam.exe
8504	steamwebhelper.exe
8504	steamwebhelper.exe
8504	steamwebhelper.exe
8504	steamwebhelper.exe
8504	steamwebhelper.exe
8504	steamwebhelper.exe
8504	steamwebhelper.exe
8604	steamwebhelper.exe
8604	steamwebhelper.exe
8604	steamwebhelper.exe
7612	steam.exe
7612	steam.exe
9996	steamwebhelper.exe
9996	steamwebhelper.exe
9996	steamwebhelper.exe
10044	steamwebhelper.exe
10044	steamwebhelper.exe
10044	steamwebhelper.exe
10044	steamwebhelper.exe
4864	steamerrorreporter.exe
4864	steamerrorreporter.exe
3212	steamwebhelper.exe
3212	steamwebhelper.exe
3212	steamwebhelper.exe
2160	steamwebhelper.exe
2160	steamwebhelper.exe
2160	steamwebhelper.exe
2160	steamwebhelper.exe
5140	steamwebhelper.exe
5140	steamwebhelper.exe
5140	steamwebhelper.exe
5140	steamwebhelper.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe

Modifies registry class 43 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe"	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"F:\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\steam\URL Protocol	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\steamlink	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\steamlink\ = "URL:steamlink protocol"	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\steamlink\Shell\Open\Command	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\steamlink\Shell\Open\Command\ = "\"F:\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\steamlink\URL Protocol	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	SteamSetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\steam\Shell\Open\Command	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol"	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol"	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\steam\ = "URL:steam protocol"	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\steam\Shell\Open	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\steam	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\steam\DefaultIcon	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\steam\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\steam\Shell	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\steamlink\Shell\Open	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\steamlink\DefaultIcon	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\steamlink\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\steamlink\Shell	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	SteamSetup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"F:\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\steam\Shell\Open\Command\ = "\"F:\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe

Modifies system certificate store 2 TTPs 11 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 5c0000000100000004000000000800001900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1368000000010000000800000000409120d035d9017e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d040000000100000010000000410352dc0ff7501b16f0028eba6f45c520000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1368000000010000000800000000409120d035d9017e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	steam.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4756	SteamSetup.exe
4756	SteamSetup.exe
4756	SteamSetup.exe
4756	SteamSetup.exe
4756	SteamSetup.exe
4756	SteamSetup.exe
4756	SteamSetup.exe
4756	SteamSetup.exe
4756	SteamSetup.exe
4756	SteamSetup.exe
4756	SteamSetup.exe
4756	SteamSetup.exe
4756	SteamSetup.exe
4756	SteamSetup.exe
4756	SteamSetup.exe
4756	SteamSetup.exe
7612	steam.exe
7612	steam.exe
7612	steam.exe
7612	steam.exe
7612	steam.exe
7612	steam.exe
7612	steam.exe
7612	steam.exe
7612	steam.exe
7612	steam.exe
7612	steam.exe
7612	steam.exe
7612	steam.exe
7612	steam.exe
7612	steam.exe
7612	steam.exe
7612	steam.exe
7612	steam.exe
7612	steam.exe
7612	steam.exe
7612	steam.exe
7612	steam.exe
7612	steam.exe
7612	steam.exe
7612	steam.exe
7612	steam.exe
7612	steam.exe
7612	steam.exe
7612	steam.exe
7612	steam.exe
7612	steam.exe
7612	steam.exe
7612	steam.exe
7612	steam.exe
7612	steam.exe
7612	steam.exe
7612	steam.exe
7612	steam.exe
7612	steam.exe
7612	steam.exe
7612	steam.exe
7612	steam.exe
7612	steam.exe
7612	steam.exe
7612	steam.exe
7612	steam.exe
7612	steam.exe
7612	steam.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
4756	SteamSetup.exe
7612	steam.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeSecurityPrivilege	3228	steamservice.exe
Token: SeSecurityPrivilege	3228	steamservice.exe
Token: SeShutdownPrivilege	8336	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8336	steamwebhelper.exe
Token: SeShutdownPrivilege	8336	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8336	steamwebhelper.exe
Token: SeShutdownPrivilege	8336	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8336	steamwebhelper.exe
Token: SeShutdownPrivilege	8336	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8336	steamwebhelper.exe
Token: SeShutdownPrivilege	8336	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8336	steamwebhelper.exe
Token: SeShutdownPrivilege	8336	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8336	steamwebhelper.exe
Token: SeShutdownPrivilege	8336	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8336	steamwebhelper.exe
Token: SeShutdownPrivilege	8336	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8336	steamwebhelper.exe
Token: SeShutdownPrivilege	8336	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8336	steamwebhelper.exe
Token: SeShutdownPrivilege	8336	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8336	steamwebhelper.exe
Token: SeShutdownPrivilege	8336	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8336	steamwebhelper.exe
Token: SeShutdownPrivilege	8336	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8336	steamwebhelper.exe
Token: SeShutdownPrivilege	8336	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8336	steamwebhelper.exe
Token: SeShutdownPrivilege	8336	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8336	steamwebhelper.exe
Token: SeShutdownPrivilege	8336	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8336	steamwebhelper.exe
Token: SeShutdownPrivilege	8336	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8336	steamwebhelper.exe
Token: SeShutdownPrivilege	8336	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8336	steamwebhelper.exe
Token: SeShutdownPrivilege	8336	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8336	steamwebhelper.exe
Token: SeShutdownPrivilege	8336	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8336	steamwebhelper.exe
Token: SeShutdownPrivilege	8336	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8336	steamwebhelper.exe
Token: SeShutdownPrivilege	8336	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8336	steamwebhelper.exe
Token: SeShutdownPrivilege	8336	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8336	steamwebhelper.exe
Token: SeShutdownPrivilege	8336	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8336	steamwebhelper.exe
Token: SeShutdownPrivilege	8336	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8336	steamwebhelper.exe
Token: SeShutdownPrivilege	8336	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8336	steamwebhelper.exe
Token: SeShutdownPrivilege	8336	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8336	steamwebhelper.exe
Token: SeShutdownPrivilege	8336	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8336	steamwebhelper.exe
Token: SeShutdownPrivilege	8336	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8336	steamwebhelper.exe
Token: SeShutdownPrivilege	8336	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8336	steamwebhelper.exe
Token: SeShutdownPrivilege	8336	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8336	steamwebhelper.exe
Token: SeShutdownPrivilege	8336	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8336	steamwebhelper.exe

Suspicious use of FindShellTrayWindow 44 IoCs

pid	Process
8336	steamwebhelper.exe
8336	steamwebhelper.exe
8336	steamwebhelper.exe
8336	steamwebhelper.exe
8336	steamwebhelper.exe
8336	steamwebhelper.exe
8336	steamwebhelper.exe
8336	steamwebhelper.exe
8336	steamwebhelper.exe
8336	steamwebhelper.exe
8336	steamwebhelper.exe
8336	steamwebhelper.exe
8336	steamwebhelper.exe
8336	steamwebhelper.exe
8336	steamwebhelper.exe
8336	steamwebhelper.exe
8336	steamwebhelper.exe
8336	steamwebhelper.exe
8336	steamwebhelper.exe
8336	steamwebhelper.exe
8336	steamwebhelper.exe
8336	steamwebhelper.exe
8336	steamwebhelper.exe
8336	steamwebhelper.exe
8336	steamwebhelper.exe
8336	steamwebhelper.exe
8336	steamwebhelper.exe
8336	steamwebhelper.exe
8336	steamwebhelper.exe
8336	steamwebhelper.exe
8336	steamwebhelper.exe
8336	steamwebhelper.exe
8336	steamwebhelper.exe
8336	steamwebhelper.exe
8336	steamwebhelper.exe
8336	steamwebhelper.exe
8336	steamwebhelper.exe
8336	steamwebhelper.exe
8336	steamwebhelper.exe
8336	steamwebhelper.exe
8336	steamwebhelper.exe
8336	steamwebhelper.exe
8336	steamwebhelper.exe
8336	steamwebhelper.exe

Suspicious use of SendNotifyMessage 8 IoCs

pid	Process
8336	steamwebhelper.exe
8336	steamwebhelper.exe
8336	steamwebhelper.exe
8336	steamwebhelper.exe
8336	steamwebhelper.exe
8336	steamwebhelper.exe
8336	steamwebhelper.exe
8336	steamwebhelper.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
7612	steam.exe
11408	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4756 wrote to memory of 3228	4756	SteamSetup.exe	76
PID 4756 wrote to memory of 3228	4756	SteamSetup.exe	76
PID 4756 wrote to memory of 3228	4756	SteamSetup.exe	76
PID 900 wrote to memory of 7612	900	steam.exe	82
PID 900 wrote to memory of 7612	900	steam.exe	82
PID 900 wrote to memory of 7612	900	steam.exe	82
PID 7612 wrote to memory of 8336	7612	steam.exe	83
PID 7612 wrote to memory of 8336	7612	steam.exe	83
PID 8336 wrote to memory of 8372	8336	steamwebhelper.exe	84
PID 8336 wrote to memory of 8372	8336	steamwebhelper.exe	84
PID 8336 wrote to memory of 8504	8336	steamwebhelper.exe	85
PID 8336 wrote to memory of 8504	8336	steamwebhelper.exe	85
PID 8336 wrote to memory of 8504	8336	steamwebhelper.exe	85
PID 8336 wrote to memory of 8504	8336	steamwebhelper.exe	85
PID 8336 wrote to memory of 8504	8336	steamwebhelper.exe	85
PID 8336 wrote to memory of 8504	8336	steamwebhelper.exe	85
PID 8336 wrote to memory of 8504	8336	steamwebhelper.exe	85
PID 8336 wrote to memory of 8504	8336	steamwebhelper.exe	85
PID 8336 wrote to memory of 8504	8336	steamwebhelper.exe	85
PID 8336 wrote to memory of 8504	8336	steamwebhelper.exe	85
PID 8336 wrote to memory of 8504	8336	steamwebhelper.exe	85
PID 8336 wrote to memory of 8504	8336	steamwebhelper.exe	85
PID 8336 wrote to memory of 8504	8336	steamwebhelper.exe	85
PID 8336 wrote to memory of 8504	8336	steamwebhelper.exe	85
PID 8336 wrote to memory of 8504	8336	steamwebhelper.exe	85
PID 8336 wrote to memory of 8504	8336	steamwebhelper.exe	85
PID 8336 wrote to memory of 8504	8336	steamwebhelper.exe	85
PID 8336 wrote to memory of 8504	8336	steamwebhelper.exe	85
PID 8336 wrote to memory of 8504	8336	steamwebhelper.exe	85
PID 8336 wrote to memory of 8504	8336	steamwebhelper.exe	85
PID 8336 wrote to memory of 8504	8336	steamwebhelper.exe	85
PID 8336 wrote to memory of 8504	8336	steamwebhelper.exe	85
PID 8336 wrote to memory of 8504	8336	steamwebhelper.exe	85
PID 8336 wrote to memory of 8504	8336	steamwebhelper.exe	85
PID 8336 wrote to memory of 8504	8336	steamwebhelper.exe	85
PID 8336 wrote to memory of 8504	8336	steamwebhelper.exe	85
PID 8336 wrote to memory of 8504	8336	steamwebhelper.exe	85
PID 8336 wrote to memory of 8504	8336	steamwebhelper.exe	85
PID 8336 wrote to memory of 8504	8336	steamwebhelper.exe	85
PID 8336 wrote to memory of 8504	8336	steamwebhelper.exe	85
PID 8336 wrote to memory of 8504	8336	steamwebhelper.exe	85
PID 8336 wrote to memory of 8504	8336	steamwebhelper.exe	85
PID 8336 wrote to memory of 8504	8336	steamwebhelper.exe	85
PID 8336 wrote to memory of 8504	8336	steamwebhelper.exe	85
PID 8336 wrote to memory of 8504	8336	steamwebhelper.exe	85
PID 8336 wrote to memory of 8504	8336	steamwebhelper.exe	85
PID 8336 wrote to memory of 8504	8336	steamwebhelper.exe	85
PID 8336 wrote to memory of 8504	8336	steamwebhelper.exe	85
PID 8336 wrote to memory of 8504	8336	steamwebhelper.exe	85
PID 8336 wrote to memory of 8504	8336	steamwebhelper.exe	85
PID 8336 wrote to memory of 8504	8336	steamwebhelper.exe	85
PID 8336 wrote to memory of 8604	8336	steamwebhelper.exe	86
PID 8336 wrote to memory of 8604	8336	steamwebhelper.exe	86
PID 7612 wrote to memory of 9888	7612	steam.exe	89
PID 7612 wrote to memory of 9888	7612	steam.exe	89
PID 8336 wrote to memory of 9996	8336	steamwebhelper.exe	91
PID 8336 wrote to memory of 9996	8336	steamwebhelper.exe	91
PID 8336 wrote to memory of 9996	8336	steamwebhelper.exe	91
PID 8336 wrote to memory of 9996	8336	steamwebhelper.exe	91
PID 8336 wrote to memory of 9996	8336	steamwebhelper.exe	91
PID 8336 wrote to memory of 9996	8336	steamwebhelper.exe	91
PID 8336 wrote to memory of 9996	8336	steamwebhelper.exe	91
PID 8336 wrote to memory of 9996	8336	steamwebhelper.exe	91
PID 8336 wrote to memory of 9996	8336	steamwebhelper.exe	91

C:\Users\Admin\AppData\Local\Temp\SteamSetup.exe
"C:\Users\Admin\AppData\Local\Temp\SteamSetup.exe"
1⤵
- Adds Run key to start application
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
PID:4756
- F:\Steam\bin\steamservice.exe
  "F:\Steam\bin\steamservice.exe" /Install
  2⤵
  - Drops file in Program Files directory
  - Executes dropped EXE
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  PID:3228

F:\Steam\steam.exe
"F:\Steam\steam.exe"
1⤵
- Executes dropped EXE
- Checks processor information in registry
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:900
- F:\Steam\steam.exe
  F:\Steam\steam.exe
  2⤵
  - Enumerates connected drives
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks processor information in registry
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:7612
- - F:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
    F:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=7612" "-buildid=1709846872" "-steamid=0" "-logdir=F:\Steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=F:\Steam\clientui" "-steampath=F:\Steam\steam.exe" "-launcher=0" --enable-smooth-scrolling --enable-direct-write "--log-file=F:\Steam\logs\cef_log.txt" --disable-quick-menu "--disable-features=DcheckIsFatal"
    3⤵
    - Drops file in Program Files directory
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:8336
  - - F:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      F:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler --database=F:\Steam\dumps "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1709846872 --initial-client-data=0x354,0x358,0x35c,0x330,0x360,0x7fff193bee28,0x7fff193bee38,0x7fff193bee48
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:8372
  - - F:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "F:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --buildid=1709846872 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="F:\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=1656 --field-trial-handle=1728,i,10517499744447008323,3211225312864214961,131072 --disable-features=BackForwardCache,DcheckIsFatal,WinUseBrowserSpellChecker /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:8504
  - - F:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "F:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --buildid=1709846872 --steamid=0 --log-file="F:\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=2168 --field-trial-handle=1728,i,10517499744447008323,3211225312864214961,131072 --disable-features=BackForwardCache,DcheckIsFatal,WinUseBrowserSpellChecker /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:8604
  - - F:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "F:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --buildid=1709846872 --steamid=0 --log-file="F:\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=2496 --field-trial-handle=1728,i,10517499744447008323,3211225312864214961,131072 --disable-features=BackForwardCache,DcheckIsFatal,WinUseBrowserSpellChecker /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:9996
  - - F:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "F:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --buildid=1709846872 --steamid=0 --first-renderer-process --log-file="F:\Steam\logs\cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2928 --field-trial-handle=1728,i,10517499744447008323,3211225312864214961,131072 --disable-features=BackForwardCache,DcheckIsFatal,WinUseBrowserSpellChecker /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:10044
  - - F:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "F:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --buildid=1709846872 --steamid=0 --log-file="F:\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=1640 --field-trial-handle=1728,i,10517499744447008323,3211225312864214961,131072 --disable-features=BackForwardCache,DcheckIsFatal,WinUseBrowserSpellChecker /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3212
  - - F:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "F:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --buildid=1709846872 --steamid=0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="F:\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=2588 --field-trial-handle=1728,i,10517499744447008323,3211225312864214961,131072 --disable-features=BackForwardCache,DcheckIsFatal,WinUseBrowserSpellChecker /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2160
  - - F:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "F:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --buildid=1709846872 --steamid=0 --log-file="F:\Steam\logs\cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3580 --field-trial-handle=1728,i,10517499744447008323,3211225312864214961,131072 --disable-features=BackForwardCache,DcheckIsFatal,WinUseBrowserSpellChecker /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5140
- - F:\Steam\bin\gldriverquery64.exe
    .\bin\gldriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:9888
- - F:\Steam\bin\gldriverquery.exe
    .\bin\gldriverquery.exe
    3⤵
    - Executes dropped EXE
    PID:1840
- - F:\Steam\bin\vulkandriverquery64.exe
    .\bin\vulkandriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:13020
- - F:\Steam\bin\vulkandriverquery.exe
    .\bin\vulkandriverquery.exe
    3⤵
    - Executes dropped EXE
    PID:13144
- - F:\Steam\steamerrorreporter.exe
    F:\Steam\steamerrorrepor
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4864

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004EC 0x00000000000004E0
1⤵
PID:9772

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:11408

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\CEF\User Data\Dictionaries\en-US-10-1.bdic

Filesize
441KB

MD5
4604e676a0a7d18770853919e24ec465

SHA1
415ef3b2ca0851e00ebaf0d6c9f6213c561ac98f

SHA256
a075b01d9b015c616511a9e87da77da3d9881621db32f584e4606ddabf1c1100

SHA512
3d89c21f20772a8bebdb70b29c42fca2f6bffcda49dff9d5644f3f3910b7c710a5c20154a7af5134c9c7a8624a1251b5e56ced9351d87463f31bed8188eb0774

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
df2f418ec750f212f2d07cfdaa55d0d5

SHA1
45e030119fc858527aeba41f6ecaea21721790d5

SHA256
6db14b5722265bd609a438e0f3d25b21fbe336c0ca28d5e82427d8abcc94dc9a

SHA512
985e2767bfd1b2b51c73ec4c204c020e9d1a06b66d92db880ab29fb525765cd42b230fea9257a83a5abb36018c8364b7d8034655ed81381560d6abc9d9cc9dd8

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000007

Filesize
198KB

MD5
cda68ffa26095220a82ae0a7eaea5f57

SHA1
e892d887688790ddd8f0594607b539fc6baa9e40

SHA256
f9db7dd5930be2a5c8b4f545a361d51ed9c38e56bd3957650a3f8dbdf9c547fb

SHA512
84c8b0a4f78d8f3797dedf13e833280e6b968b7aeb2c5479211f1ff0b0ba8d3c12e8ab71a89ed128387818e05e335e8b9280a49f1dc775bd090a6114644aaf62

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\bdf6ad77d7bb3f8e_0

Filesize
261B

MD5
2c85f72b6c158c0eb1a2a113aebdf274

SHA1
b725ba049508c8b4debb8cc58b0cda4ee2075ae8

SHA256
e9dfb2c49324820a009ffcb5d4f27dde09638e43cd47c98901b7a1067f470bf0

SHA512
281e39511e0a81df82e0a50237fe81206f4a906cef4fddb5fa596fa0466081635de61ac6d40a9c0ce730f15759147fab3d4ef1a64ccde29e105f028e719d2128

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\eb5774d8a2fb8237_0

Filesize
18KB

MD5
77dced4893c62160e2e0ed72a93b9ddd

SHA1
e6cbebb6ac79bc90995127ce4d4f96931620d359

SHA256
6d0a5d5611bc918bce1a589c0d3528f79bda9c90c324ae6076ab6b1094ec54f1

SHA512
57ad2932a692a905c6712e6ed853328162f22927435ba90c79ae01794175f360a9fb5ac1f9029c2a8a96cd64c32fcb123fb56824681472c30b8ae64dc1016c57

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
3be97b80adf2f805489eec1b6e6c2a23

SHA1
00819b191bc61a939f9e208418ba7d0d07b519de

SHA256
4148260a82ca26a5749939621c3f2a9fbfd676846c33247d5564fee0bdaf4ce2

SHA512
ededf1fd4a9b0efb998cefdc40c88317c99c84949b3940885cc5d1b49c994f31f2eca49d0354ef584e32d9531002d05b2407a10789b44fc6c2cfc2239201134d

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
f24a3f954d33b1863d53551515219471

SHA1
e1c14344309b0bcab872c194316a2fd34daf97e2

SHA256
1afcac72ac4de3db386c6622fd7ae62a025e4f5627a038d063b1d3565529c2ff

SHA512
7364ee8679056ff24e65265ca019509ae553cc6dc575b7be95913f040b88a3fb0b39bd7902212b521394a0fe025101b40653b98a61db987f1bd655954f0070cd

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
2f393e549f1a55b90f5bc9bc2eceb469

SHA1
278c9600f8fb524f70447b0c7a67e1bf5b03dfbb

SHA256
1fab15d60b0c1fc662f353114326f6b2bc83600e551b3b84e05769969eed064b

SHA512
6fcf58c4317044955e6dfc64fcfed6393c7f607497c30987472c4d4b2d7fc450476adc32db3df5d30f1af716ae9a7b51302a8a97e3c76a07e0a63d351bac2424

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
37036de3bd162bd95f05bf05dc09ce72

SHA1
acb5653bdd87df5fd2c1b8dad8f9107523fb5122

SHA256
7880f9fe4affbd1cd89f221f948d1ffe6b9e76ffcfd811ae822881fae5a24b4a

SHA512
e89a1a5c6e37c8079e4c318031a30ef48c73b79710bc5939dce63163ac00792b5328904cdfe195dea4a7a46c53b5536c2539b5c8ac3af30bd48745b975bf3266

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
08ca173915daaf6232aeabcf97957372

SHA1
e21dc2397dec88cf6cd158b348374671324b1178

SHA256
1f4b6816db5b78d99e8f600ea59c060d2d82b40b1a8af167e40ec270db0beb9a

SHA512
fecbb0ffd3f440b99efffa3de721501e05f2a376f1ad82594aa209cd762a580eda868eea608378eda7221f6a5751cb17947f33df51f9feb58c469ababad18e22

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
35bd6821b3dbc15bb5176f582313649c

SHA1
773636ba5fe7ce8ef47c7871add3cd388f284a08

SHA256
745b0a59b7383865f8f1388e556e11e2703d345d3f7858a8404a32c01fc8d837

SHA512
8b910be58811ff6791b2817d015ec1bf87ab9b559d3f1dfaaabda52ab6e00ac0b70dd5e68454103a1f36dd41d1b6cea48a6a2a97ffa70477c8f79a07f5846b25

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
a33b9f1548ecd0248b9db64af7a460ef

SHA1
a988d09bdbc022c2071589edff8c0f21b58ad141

SHA256
cea96c3f1395c69e747c7446e7f3491e8590082f8e895159a549e2d9779e7161

SHA512
3d086e4396c97ee7f0cc79327336f9811e31b1903514e10e34733b656f72b04d33589066fb2ce462324a44417c863ae38a954bf816005bad1a66df126bf59077

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
7bed0ad95c1cfe1e88d779426d3fed83

SHA1
bb88383da4b4fef15f9e960739a1818e5f440550

SHA256
a6d51dac3ae7deaa29d55b79d5e621b37d435ba81bc73fe05a3ff07dfe12f86c

SHA512
08f6d6251d535cd20d20a92da6ea7a9808274c0855fb7d1a1569e8e9839eac4c655db29a926c00f14043a8fd93ad6a14472fb85756f965064b392bbbd7dd6581

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
376cfc94be942c69ebcbf78a18a76f0b

SHA1
91ce726b0785548881939b549922bec206fec5e6

SHA256
e1f0338164c37b10f5086d0a706a588dea5752b4591ebb4b9859345954df79ae

SHA512
8691b76ce53419c08b9f21323ba35d02135e579275224b5b5cb1320113c3f66a5f70b7eb2467e67474fb79ffbb088e62f03bf9d1b4a88e68fe68a0121ae7a2bd

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
5a653d2424631e2ce9035e61c4476f7d

SHA1
284d0a2e2d16c8271b2558baaf762cb6c1d887a5

SHA256
75d58efaa3bf8b821c467fec55b518157d2308dfcb534262dc202f6cda62762f

SHA512
b4460ea1dd6a9b95d5f93996078a8e4eb21ae42bf5a925e5b3d4b30dbbca1503c9f4391e4f7aa44c0522c6a98d03c4f8e36d2b6543f8604966071b4d84ce379e

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnCache\data_1

Filesize
264KB

MD5
d157ef2401620ad77d99770029b4051f

SHA1
e83706f03a88d23ee9f6008f0858d79cf3955bc0

SHA256
7dbe4032a9db12cf15024d13e6549de79ddd107a6e1920150da446c95e50ab12

SHA512
d10bb52ed7aa927d6f19251aa455f8301d96b1a9352469e5823999b49510818ea0dd283b6c7707db0e6d84bcc7671da1edf3794d6e9f2f5fb262c5e0265dbdf4

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Local Storage\leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
693B

MD5
cbb3d1eb0d0887c9e3ef4c95fae75bba

SHA1
a23b97d7390559d010d519ad9914a61567235229

SHA256
30a1371e53ed7593eda6501aa38bbd5e3956bc2b1b6b162fb093170bd234787b

SHA512
d9f731d8ef2deb691277e974894a9c061f01ed34a2e8be4e4d56c3f802f84f14cece5f8b116daf53ddcd99b80469be86e6d57b75712d467b2e2dea41431107af

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json~RFe5c077a.TMP

Filesize
484B

MD5
a7b31b1e719d2c1c9db6f10ad88c93e4

SHA1
13c580e6a0d2e0c22261b53ba4c85390c0e5f38c

SHA256
b41066191dc2f5e03d167510b7f8b4443e5a984b8e0c105957f879402ee89556

SHA512
23986b4ae74f7f48eba262f724ad7a2eff9f23a7443b703d62db78ab0e6bae94bd14e4a5b6a7f4320d133b02cb7a88556d02855526dd0a17daeddf8ded9de67d

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
59B

MD5
78bfcecb05ed1904edce3b60cb5c7e62

SHA1
bf77a7461de9d41d12aa88fba056ba758793d9ce

SHA256
c257f929cff0e4380bf08d9f36f310753f7b1ccb5cb2ab811b52760dd8cb9572

SHA512
2420dff6eb853f5e1856cdab99561a896ea0743fcff3e04b37cb87eddf063770608a30c6ffb0319e5d353b0132c5f8135b7082488e425666b2c22b753a6a4d73

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
1KB

MD5
7219472aace7b278ad9790d92313e62d

SHA1
73b9ffed8b9fcf27d56ede2ae3752d9dcc2c47d5

SHA256
05a3f0343bc2582dc4d930a8a25b2157f5110588d0ede724edad5f747eb99115

SHA512
b733f1cecb11fc89e002a35f9a515a3b0687c3c431c2e601e138e89f41660ea46b894c46d8a2bc6688a778431b9d972eb1ac67b5cd3f957f3e2637f96206bb8f

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
1KB

MD5
4e1c3d1de17d98c65f5860285bde9967

SHA1
06c6c787555f83232aa6c89d61fd3327ec8a3b90

SHA256
a031a43cd11c24de01b548bbdfed8c13bcd2449165ecced65bd044d0a3a29083

SHA512
d9073957223d4f782f3af646d623bc576184e8b79f2a14c28230183f85bf841fe4b83932c06866303264f04b33635754274e2ba003b8b5ad4865db2889d4e608

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
1KB

MD5
1a120d5c77b95b1c35418ec29755d037

SHA1
1c1f91f959c4a0e30705b99d4dc884ee2d684303

SHA256
873baee1cbde3c9cb03897b8fd5ad8d8da2cbcac36dd3eb7d262373b13284ac5

SHA512
fa0aeaf8e5400a64ff135583be55fbc906bed544fadc92f60a5b33d2af6f80eec71bdbdaefbcaf467c56f143240b9366abaec909573f301808287518ceec6f8a

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
300B

MD5
7489a381ac81674c92a545e6bfd368b8

SHA1
0bc80ef42db032226413ed042ca16b51149ca53e

SHA256
f969675889796126aaca6155f67327aee4b885d22b03a03d88d0dad246b46cca

SHA512
821540384646db0aa2bec4971c8687656fc6e3572a82402b47c5764738734824abef99df31dea94e5c5c2284b2ec4c6ff143aa348133d101fda9f855f9b57981

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
1KB

MD5
7e0ca2d2eb777d6a53c88d7b36ae6035

SHA1
661735eea8fc077864473112d5f4f707520c52ce

SHA256
d305d0f8cfa38fd617c5ad82a2e209e0997488ae818865c78854e7bd5b819fc6

SHA512
d97946a74dad4734e302ffceb4378e43dbc0a98def70a2214632e8680fb0be98ce52beebde9fb32eed200755050e854f481b46e91c29fba6f08716d40669b27f

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
1KB

MD5
a1a5da0df7763ee2c6bd1ee47990c361

SHA1
3191394bc882dcb2c47018e8922f9ca13a48266c

SHA256
105ea3b43ca85d9f9812260020c8c23b079c900aed6ff1a88c3ceefc3f9ef80f

SHA512
755cec31624f0b426df628f5d513d9e9fb28988fe3806817feadeabe913fcf01ca6250aa63ce37bd9db349b64c523c889abfd99f27ab9f11e6f3d6309bc1887c

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
1KB

MD5
2957190d9a10324945d49d0405528b22

SHA1
7b0f5a2534c0ad145417841ac3eac91900654124

SHA256
d18bafc2bf165c72d5daf1c6fe0d7c6f3b9b796625006cbfd2604dc2bfdb2763

SHA512
224c4b123ce003b780ed336f6238bf1dd43094f146335a9919334683f4f0cc152a6ed0fa9350e7a359e5a0d6bdbb5db4fd5b1e8888d274d83d043f990a955270

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
370B

MD5
a96c914926c223c7baf09a23764714d0

SHA1
1743bb7ce0aae09e0adda57c30e3778aae0558fe

SHA256
e1cd89fcc80b5adfe7a7633497520db4941c8699528d34ca72f42ecdeed49aef

SHA512
cb673b021add72c14f2a81760bdc833949866b3d95dacc73978cc8dc491751d2a0a7dab7dd858e3fd247831c15e7fdca8b82f26611ba88063fa7cf2c705c635f

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
370B

MD5
9f22065edd20d6d4c789414f21de0b2f

SHA1
1140c7db7a14f8f69524f938754ba18b8e1110ce

SHA256
7ac1848e139e165c919f9fa3d8daa6703fe1833d989a369bb4102ba89128fc02

SHA512
bfb8b112d52fc2950dfab9fd9aa4058c50fa0915e5aae4e63379656e5162947c7c27fa89a53dd86a9b10c3b456a56c6a1f262a1a2b27aeb71bf51b1e0cb28b39

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
370B

MD5
c686845a8e0b615bd5d88a3e2adc7cf3

SHA1
c5674b2c832b7260dd224364f82c89c1f3c47da8

SHA256
b477937988b77f69d787bc14b35d09464bcebb6a4f0ac96a1e226cedc52d9af8

SHA512
95b7a3d03b6f8b3082ae08ae0d4edf36d2538ec47ad8c49fb82148b05b3caacbf7b2b73ea1bacf526be39522333537502a82c273cc8426670e5027da3a8dcf60

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
370B

MD5
d311582231be7294a8429896bf0d3ff3

SHA1
03cbcdad11ceab45cf1bbd7f7e912cc053ee8552

SHA256
94171de7536d057d108b33b5dd391b3885f56bc8646ae0f0a4470f506e08a617

SHA512
425b559068114468e297178480f932c77e8b8af257b8e1b7a8de3a9b9c0b348b74053bf748cd8e3bd8584bb2d62cba7a271ea71a52eccba1e40c8867f0d63c5d

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
203B

MD5
0a9aa817cf5f75155860ae54993da9aa

SHA1
150a8b5d01707b70570b331712551e021a1fcc59

SHA256
f252c511759ac2e23ca80bd9ff5d95e60e8b116265ce02f29aa4d72ace05e683

SHA512
4144b6e72b0ab520210f8a1bd4c09589ef19a80b9af87b08c71c460ded93f822a380767e9792e1540913b0196c147e39e9bcb31e2e34cfff0a48a50d50757f68

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
370B

MD5
590e097b041ad41d1c1f71bde9f7f0a0

SHA1
cd6e32db70e482af12f17b17bf7b78fd1a2a848b

SHA256
a7659f80eceb7b500271106351640b3000d47e552e78249daa51d4429f294550

SHA512
97c81e19155254a918fc9ad0db83cbdc437281ebba0b596ace494e2c2a3040c05daf4aae4fec3a0b6579a4e479700d608235420d98b21a2221eed722c6246dc1

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity~RFe5c8303.TMP

Filesize
203B

MD5
133baae4558affac745a77c6d4ed01cd

SHA1
b675c8825a077162bc1cf5076f73373e0bca8037

SHA256
e9683a5b201675bfc20860f0ec4126edf10c6c24d8f0d60b054b059a836667f3

SHA512
1c6660030b455c78360bcb7b7c80f510a8e44e874be069936b6b0a1498ed13d3a634cdbff2bca23cd73be81e42fb031a707dd8a9db4933155f3bcdf12d280553

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json

Filesize
1KB

MD5
1160a5e1b12225c5bed47af34fa2170e

SHA1
38c8038a5372bbdc4f01c035f7d122f4daaf982c

SHA256
923e6b3e7f8d4d4b76bc4ed86bba45ca2056d35fa49a9724b3b33367ce6a31f5

SHA512
f01235a154d33857726bce62a54c08658a1432de3de56d761b6c8c5e298bae8c016281105b49c35a473f3977f6003246cfb458e8440125a14d95868b734e2694

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json~RFe5c81ba.TMP

Filesize
1KB

MD5
17673b0758a32fa56aa10ac11c4f0107

SHA1
974c034f7999f7e397096e24a74745e049522ec6

SHA256
3b6b6dbb21b40bc421e9da6fd64e14ccdb77e551b12944f867443bfe32c883c5

SHA512
2b9f7576ad1dd04964a0348a5fcf8a7e42e8adb60f1b158510c778be7cde5f46b8a118532bc43adc5c5ce457b09be4da27353b9089c89159edfe93a9638dad97

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\d26f93e2-d87b-4fff-8ee4-2bfde897d140.tmp

Filesize
786B

MD5
7c1426dba741b605c3507df05aed4858

SHA1
ed47f9f17bbda13a6c1d58db954ec2f8235f3638

SHA256
b11664321f106bff6000861f677809f7cc701edd75c423dfd2beb2193e96f39e

SHA512
383192dfc4869a66f759c2d4bddd3389adaefe3c5ce78de97c5bb56f1ed7e54dddc0035a23b218248a32f9b009cdb02ba5a41db2800373246b5115a26e421787

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg568E.tmp\StdUtils.dll

Filesize
110KB

MD5
db11ab4828b429a987e7682e495c1810

SHA1
29c2c2069c4975c90789dc6d3677b4b650196561

SHA256
c602c44a4d4088dbf5a659f36ba1c3a9d81f8367577de0cb940c0b8afee5c376

SHA512
460d1ccfc0d7180eae4e6f1a326d175fec78a7d6014447a9a79b6df501fa05cd4bd90f8f7a85b7b6a4610e2fa7059e30ae6e17bc828d370e5750de9b40b9ae88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg568E.tmp\System.dll

Filesize
22KB

MD5
a36fbe922ffac9cd85a845d7a813f391

SHA1
f656a613a723cc1b449034d73551b4fcdf0dcf1a

SHA256
fa367ae36bfbe7c989c24c7abbb13482fc20bc35e7812dc377aa1c281ee14cc0

SHA512
1d1b95a285536ddc2a89a9b3be4bb5151b1d4c018ea8e521de838498f62e8f29bb7b3b0250df73e327e8e65e2c80b4a2d9a781276bf2a51d10e7099bacb2e50b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg568E.tmp\modern-wizard.bmp

Filesize
150KB

MD5
3614a4be6b610f1daf6c801574f161fe

SHA1
6edee98c0084a94caa1fe0124b4c19f42b4e7de6

SHA256
16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b

SHA512
06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg568E.tmp\nsDialogs.dll

Filesize
20KB

MD5
4e5bc4458afa770636f2806ee0a1e999

SHA1
76dcc64af867526f776ab9225e7f4fe076487765

SHA256
91a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0

SHA512
b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg568E.tmp\nsExec.dll

Filesize
17KB

MD5
2095af18c696968208315d4328a2b7fe

SHA1
b1b0e70c03724b2941e92c5098cc1fc0f2b51568

SHA256
3e2399ae5ce16dd69f7e2c71d928cf54a1024afced8155f1fd663a3e123d9226

SHA512
60105dfb1cd60b4048bd7b367969f36ed6bd29f92488ba8cfa862e31942fd529cbc58e8b0c738d91d8bef07c5902ce334e36c66eae1bfe104b44a159b5615ae5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg568E.tmp\nsProcess.dll

Filesize
15KB

MD5
08072dc900ca0626e8c079b2c5bcfcf3

SHA1
35f2bfa0b1b2a65b9475fb91af31f7b02aee4e37

SHA256
bb6ce83ddaad4f530a66a1048fac868dfc3b86f5e7b8e240d84d1633e385aee8

SHA512
8981da7f225eb78c414e9fb3c63af0c4daae4a78b4f3033df11cce43c3a22fdbf3853425fe3024f68c73d57ffb128cba4d0db63eda1402212d1c7e0ac022353c

Download Submit
F:\Steam\Steam.exe

Filesize
4.2MB

MD5
7c2056e7337a5f29d2e5d3c67830745f

SHA1
d502f5c22895a859056930a5489192873cd04673

SHA256
3f321dbbc60371a585d60b17e3f67386bf1792b430d20071ca0e3efd9dbae99d

SHA512
c729dbee4d528d05d2a6d25ea105d8f34bb9087b9151c0b31a59337e444e4bccb1f3e49fce122fb3dd7b65132a15a0c8b5618c853287fecbe5427376200b2495

Download Submit
F:\Steam\aom.dll

Filesize
7.1MB

MD5
d764264518e77cc546a5876c3bcebad4

SHA1
ea17d45b396fa193a851bfd345e2b2c20ad60e12

SHA256
e78492de0ab575add50b925bfd44216d224d09904a9b14c17087a92fdcbc15cd

SHA512
7cf132ea5254a55c08186ffcf5e47360ef5ddd57d03d7051171f6753b22e3925304d183c2037bfd320ad56c08e079f9b2c4640db8cb3dbd38ff500c7a39e997f

Download Submit
F:\Steam\avif-16.dll

Filesize
226KB

MD5
a09c5fa842fa4456a0b53b46f1050225

SHA1
9e4677f19e77bf55e7d0e2e82d8c27f79dbbd78e

SHA256
3d7ba6fedfdfd6e751693d718a21438304690b754d1c5d13c847a829b2423b8b

SHA512
71c962da6ed6894209891513bf9f0132a5eab6c65a5d9ba334efcaf73463be5625665a060863a106d59fad1949f6191f641aa4c59ddb0e825701bef08ef9b5a5

Download Submit
F:\Steam\bin\SteamService.exe

Filesize
2.5MB

MD5
18dd1c62ef5597389d599f4d671be388

SHA1
43e0e7e1ad31dc0bfa9b93e50013dc0cf8cdbb66

SHA256
320b33ae48dbbbfbe4f93cf1509702e6a90880688a0557b2f6ad7f5c47d94c21

SHA512
a8d8aaf823b665edbb8f7490ae232bb292a8349f77fafbffc9600934abb71a763b52f2d99b9ec73a0e2c5a62a3dc57631bfb19a5e931c4bbd2d3e17ef22f2d98

Download Submit
F:\Steam\bin\audio.dll

Filesize
175KB

MD5
91389bfcf323f9cbab45c0e652d0eec6

SHA1
030330d7f3e3db4224e441f3bb8fdbc9a87f45c6

SHA256
cf363c45ccf407eb405529ddc0e70569adcb82373fa51f8078660c0cbc78acc1

SHA512
8a963d677185a6b35e9534961d28a501c9021268a0a9980d2947727565a35d3793f97baf90d9d8f5afc6086655e4f7683be7aae274a280555f6632a76648f038

Download Submit
F:\Steam\bin\cef\cef.win7x64\api-ms-win-core-console-l1-1-0.dll

Filesize
23KB

MD5
5d341bc73b1e54509a5ad1cf242ee223

SHA1
c99d28dd1bf7df8f7560b39115ea193a0bb3b322

SHA256
e13c9c03c459682822eb5734e1f184e80dbae5fed2421cb5dc3e238946f3edf0

SHA512
39a3cd6c02b3ac42dbbe62b2a08ef1858f368163cd194d9d09fa2097b357e0540e0bf1a93b169dd93cf83bc08aeb6247d8a93a82ae72b418c1af128c9fc7e695

Download Submit
F:\Steam\bin\cef\cef.win7x64\api-ms-win-core-console-l1-2-0.dll

Filesize
23KB

MD5
fe49ecd88cb1b0b9a5cf88e01f4075a6

SHA1
4d47900af773a09056157336cd4a0373e9996c5f

SHA256
a82e6229869a90d19310f4247d6b3027309ee4ea49bc9c127e532b46bf95e78b

SHA512
d610e3e17bf2c082f6c52c8a9194e9f1f5d2d1c7bcb30a7fe7cdc0dfad5851b2d2d46368d964753235a892ea716fcb2694584d78580286b28b31393b85dc09b9

Download Submit
F:\Steam\bin\cef\cef.win7x64\api-ms-win-core-datetime-l1-1-0.dll

Filesize
23KB

MD5
587181061a8482dd8eefa8c1cbdd23b1

SHA1
6fdab708bc8b50cb9422b089c240275d478c59b2

SHA256
a4f49dfff349a4f12dc473650a57f52f6d9c2df50a12a7fe21e829ffcb2409e0

SHA512
3ae7c4a29f56dd482c9f442935f527e3bd0b902268f1d39c15fd909a4157e5f67c696136ed69cb14bb85abd08e2bbb14c3fa12e5f0dd6c75c6f4737a0873461d

Download Submit
F:\Steam\bin\cef\cef.win7x64\api-ms-win-core-debug-l1-1-0.dll

Filesize
23KB

MD5
227e0e0e8f61f433eba82d2b6e388415

SHA1
c76f5c4ca826b4bd63bbd1c75b5549a7b1d8307b

SHA256
872cf90b7f7ae3187e1abe1e60923736d3b85c12db32f413f42dec5b3aaeffbb

SHA512
c355b0e902ff8abbadd8499fe4b075b6045876f8c6f8797a189adeea0437d1dc1df385bd65ae379913dc8cfefc46145c291e74aa8f34cf0949a2cf0d7a615618

Download Submit
F:\Steam\bin\cef\cef.win7x64\api-ms-win-core-errorhandling-l1-1-0.dll

Filesize
23KB

MD5
b2ebcf3c67f1722852b1061a7d6fa641

SHA1
02caf1c965f01aacdc0913be07766c6e48c07cc5

SHA256
68d7c802b9fd6f30be824965e61f02982eb43628379511fe46f1b93df0e4a6a5

SHA512
d7350120554855cb1712594e0c5cf25b956b8411a309bc6fd3837aec91364c10f9c98bf67914ee780b223bb3ebae0b41708a5d1993dbb800a544427f58dd2995

Download Submit
F:\Steam\bin\cef\cef.win7x64\api-ms-win-core-fibers-l1-1-0.dll

Filesize
23KB

MD5
55b7fde967d55a7de2f3e36179a0c049

SHA1
c0ceffcd7c8a335b44220f4fb9fdad45262fb174

SHA256
a70fa9a015aa316ec0e25ca507114c05a3dbb680e700c6e4c9bf8ddda2abd499

SHA512
ad3ef67b240bc53d8d0a21013b8207b6fecd74f810ff9fbca97a0493f0bfba0c5c60acff9b1bb5b1678cef4ec41f73cc47222c70b991e7dc39ac17e7620c3e83

Download Submit
F:\Steam\bin\cef\cef.win7x64\api-ms-win-core-file-l1-1-0.dll

Filesize
27KB

MD5
3fc486b956727fd86b0d94d796b9c5c8

SHA1
779ba40fde8778dddc85b11c1ec492aed6ae2278

SHA256
e81b5784920db490038e1057d821bb5699dd2d2f319294b9939661f4cbfc94f9

SHA512
3c6b11fb4322da667886bdcb0511638fde6a563292f62f1040eb2eb314d1f282bc0efb9c20ce8f7518fc4da90eebb769bfe4b4e30180a7219c6f7e61fad2c3e6

Download Submit
F:\Steam\bin\cef\cef.win7x64\api-ms-win-core-file-l1-2-0.dll

Filesize
23KB

MD5
7fad4ed5b9192c9e412da8eb032acdaf

SHA1
2a04c0e7be7e16eb7bd62198e3a868fe0d87a985

SHA256
10b141aaa2abf16276b69ac0773843884a47eb08fae0008ee647a15bcd7deff7

SHA512
fe611d421a53db561f02f484b9441cccfb21a2502b40a4189c5fb339ed828972352a6b0672d758f9641fc37168d9c6b100e478736342531359286918a7be4ea0

Download Submit
F:\Steam\bin\cef\cef.win7x64\api-ms-win-core-file-l2-1-0.dll

Filesize
23KB

MD5
7d54304abfe17b8c3bf3451e32a5d0fe

SHA1
203f3143e122f1fa8162b6afcf53aacab90e3299

SHA256
7dcc29037927fcd5dba11ba4aacafd1de4ef643cf0f6b09fbdd0e58816fb7150

SHA512
32b407d65f9d29d21b7671dbed07dc61057a8adef81b4342879255b8a34e3ddf8aaaf80f368c983611ac9eeaa72f7ef801ed421b65433c3c4521fa7171b1bf9e

Download Submit
F:\Steam\bin\cef\cef.win7x64\api-ms-win-core-handle-l1-1-0.dll

Filesize
23KB

MD5
1b9aeb2a9d8b2e3af4ac1b63a0a3b653

SHA1
e308dca394e7598592606c202d85828c51deef38

SHA256
ce35d8a2c907ed6e7c26e4f99e8eff116358f2944026808df00c403a5ee4c939

SHA512
92b6d6560f78b88842d52a809bbbc303b934ea32f20134df1065a5d4ac045401af0c861c2ef176216e915cff2bd3c609b2addf64498da2fbfae66624ed350610

Download Submit
F:\Steam\crashhandler.dll

Filesize
361KB

MD5
921ecaa849aa3eebea83cc117f057bbc

SHA1
b7eac57ca1e82b1011379893c88c76906b8c6833

SHA256
956264d928cc41776196b6a8162bf5895e0f093cc8049842fc90ad55e8c2f198

SHA512
2ea60ab1c5119254c38e136c3f1a88450fc0256fe5dcc621dd42235c72f50ef5ae2cf8fd481ee0cd663ee8173c09522fc7e11d72101072617d40ad193af9b3a7

Download Submit
F:\Steam\logs\bootstrap_log.txt

Filesize
14KB

MD5
2c55b770700a6dfb0a9d5a7e7471d2dd

SHA1
296a141e4586e45be50a15cd369126f252848beb

SHA256
8cc53d110876749bbb114858c518a08e0562f043a88607f7a9790026d21d88f2

SHA512
27beb096672ef717b7ad6b095ff2fb442782846e9dd56506d2faab900a7004ade65b575a0a409c6c1bc15e8cecc62c061004408dfa91debe709976b4b51dd6ee

Download Submit
F:\Steam\package\steam_client_metrics.bin

Filesize
3KB

MD5
659f5187d0bede3bed0a01fdc377663c

SHA1
354e8a18fb26a432dc3ca7fc493ed03abf829b5c

SHA256
f412543226bd4b8795f30517fdd5494888e39963465377e45768d359eec3706a

SHA512
9d3441ca501994a17c0fa3dcf48790c3cf3d24054e7b7b5c4d723de89da7fe12ac09534ae60d9ca942bf466bb226c07c4102d945a5855f21ec1e41db98d1c409

Download Submit
F:\Steam\package\steam_client_win32.installed

Filesize
468KB

MD5
8bd4c10719e4dcbebbbd21b759980cf9

SHA1
02e05c80d97879c54e6bc066d8beec1e5e1e5d86

SHA256
9257febbcf3920cd66cd7b00c1d06853d3c923506b11b25c8eb6fd1f4312ebd0

SHA512
a35bdfd14b8b925d28f3def22661270736d631569b830ba6d182a32d2ab49d6da80dd2b1e269457736278dfa434906cb62e1defe5c75e25895ef17790e84e844

Download Submit
F:\Steam\package\steam_client_win32.manifest

Filesize
9KB

MD5
efb6e815a83a9222a7263e78209285f1

SHA1
e178c8468d4e2ac9e66e7cd597813e6d85b30044

SHA256
9d0a3df457493d2ac1dba90a89ad6b35d309951142c793bef247ce462a631a2a

SHA512
36b1ec5f4b045b026f80983f769fa20d9e301c6ed92a036629f768c13515393522123d6436f438fe4f24f9116c0c7908c4d8093fcca36972e12ec763a06e3c72

Download Submit
F:\Steam\package\tmp\graphics\icon_button_news_mousedown.tga_

Filesize
20KB

MD5
00bf35778a90f9dfa68ce0d1a032d9b5

SHA1
de6a3d102de9a186e1585be14b49390dcb9605d6

SHA256
cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2

SHA512
342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

Download Submit
F:\Steam\package\tmp\resource\filter_clean_bulgarian.txt.gz_

Filesize
23B

MD5
836dd6b25a8902af48cd52738b675e4b

SHA1
449347c06a872bedf311046bca8d316bfba3830b

SHA256
6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64

SHA512
6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

Download Submit
F:\Steam\public\steambootstrapper_brazilian.txt

Filesize
4KB

MD5
0340d1a0bbdb8f3017d2326f4e351e0a

SHA1
90d078e9f732794db5b0ffeb781a1f2ed2966139

SHA256
0fcd7ae491b467858f2a8745c5ecdd55451399778c2119517ee686d1f264b544

SHA512
9d23e020875ed35825169a6542512ec2ffdb349472a12eb1e59ddc635e57c8fd65fa919873821e35c755aa7d027c9a62d3d0fa617340449d7b2c4cf8dd707e93

Download Submit
F:\Steam\public\steambootstrapper_bulgarian.txt

Filesize
6KB

MD5
4c81277a127e3d65fb5065f518ffe9c2

SHA1
253264b9b56e5bac0714d5be6cade09ae74c2a3a

SHA256
76a6bd74194efd819d33802decdfddaae893069d7000e44944dda05022cfa6d9

SHA512
be077b61f3b6d56a1f4d24957deaf18d2dff699bda6569604aac4f1edb57c3cfd0abc5e2a67809f72e31a90b4aed0813536c153886da2099376964c60e56001a

Download Submit
F:\Steam\public\steambootstrapper_czech.txt

Filesize
4KB

MD5
2158881817b9163bf0fd4724d549aed4

SHA1
c500f2e8f47a11129114ee4f19524aee8fecc502

SHA256
650a265dffdc5dc50200bb82d56f416a3a423eecc08c962cfd1ba2d40a1ff3f7

SHA512
f3594aad9d6c50254f690c903f078a5b7a58c33bd418abdad711ebb74cfbdb5564679593e08fb2d4378faaf4160d45e3d276ba1aa8a174ed77a5791bcac46f28

Download Submit
F:\Steam\public\steambootstrapper_danish.txt

Filesize
4KB

MD5
03b664bd98485425c21cdf83bc358703

SHA1
0a31dcfeb1957e0b00b87c2305400d004a9a5bdb

SHA256
fdf7b42b3b027a12e1b79cb10ab9e6e34c668b04eb9e8a907d8611ba46473115

SHA512
4a8cdd4b98432ba9d9b36bc64aab9a2eab31a074d1cbdfab3d35a14216c60752b5580c41bbb70104993420043685d3bd47eb6637b8fcbb3f42f76a15e4be041d

Download Submit
F:\Steam\public\steambootstrapper_dutch.txt

Filesize
4KB

MD5
31a29061e51e245f74bb26d103c666ad

SHA1
271e26240db3ba0dcffc10866ccfcfa1c33cf1cc

SHA256
56c8a86fa95eab0d8f34f498e079b5516b96d2a2f1ad9c2a888555e50e47f192

SHA512
f85865c1e9ab45e5586d3dd2b45d15265193e8a3c34b6bb1ac7e415a1ea878cfb044e8e01012e917e4f00bb9e0a422f56253f328df1bac99a145e19433354cf8

Download Submit
F:\Steam\public\steambootstrapper_english.txt

Filesize
4KB

MD5
da6cd2483ad8a21e8356e63d036df55b

SHA1
0e808a400facec559e6fbab960a7bdfaab4c6b04

SHA256
ebececd3f691ac20e5b73e5c81861a01531203df3cf2baa9e1b6d004733a42a6

SHA512
06145861eb4803c9813a88cd715769a4baa0bab0e87b28f59aa242d4369817789f4c85114e8d0ceb502e080ec3ec03400385924ec7537e7b04f724ba7f17b925

Download Submit
F:\Steam\public\steambootstrapper_finnish.txt

Filesize
4KB

MD5
594be5b10d9f551e551cf20eae0e6dfc

SHA1
191c20f5cb0c27ecc5a055fa2379694f5e27a610

SHA256
e350ca62e777da4da6d25885be96d48e7ce3acf021a74f2a4902354a1bf03fbb

SHA512
e27bf6593a177c22e16ddf5a44d82b34b02063645a7fd63943b936028d9c433c89628038768a300c296c2d3bcab2ef6b8532a19f7283952d041865c704f62b0b

Download Submit
F:\Steam\public\steambootstrapper_french.txt

Filesize
4KB

MD5
972187ca96118637052c2c39b32a6277

SHA1
7cd71d6f0c00f75c441393f46a17f4fa765bb5dd

SHA256
12e4d3ba658994fa3065018cec6a9ae333d8ff7cd5a2bc6a45c1c495739b0de6

SHA512
e0c66541a9a57698aea201fad5a75cee18be24959a705c2c8fe1f089c4504ecd24ea1dbefee2241b7207734b68529d8908869eb9afda0c1dc2ec355c1c99cb1d

Download Submit
F:\Steam\public\steambootstrapper_german.txt

Filesize
4KB

MD5
5c026fd6072a7c5cf31c75818cddedec

SHA1
341aa1df1d034e6f0a7dff88d37c9f11a716cae6

SHA256
0828572e4fa00c186dbf1d9072a6154d65cb499c6a37e338f3305f77a2fee382

SHA512
f9d28714b2a05f8d9025f1692e4d7e8baa6daf6176353f65646a38814a242ef2adededa44419edd69f10cf96ffba506dab7cb6e52111457bf69cffef12174b12

Download Submit
F:\Steam\public\steambootstrapper_greek.txt

Filesize
6KB

MD5
189ba063d1481528cbd6e0c4afc3abaa

SHA1
40bdd169fcc59928c69eea74fd7e057096b33092

SHA256
c0a7a1df442ac080668762df795c72aa322e9d415c41bd0a4c676a4dc0551695

SHA512
ce59ad9b17bab4de1254e92ce4fe7d8c8242832f62ab382e8f54199a9932cd11b5800cc33895441426373d5210cc74104e0271b721a7e26ed400b716ae4d5903

Download Submit
F:\Steam\public\steambootstrapper_hungarian.txt

Filesize
4KB

MD5
18aaaf5ffcdd21b1b34291e812d83063

SHA1
aa9c7ae8d51e947582db493f0fd1d9941880429f

SHA256
1f45bb7bdfa01424f9237eec60eba35dc7f0dc4e8c2e193fe768fe96d3ff76d5

SHA512
4f3e56d1abe26b56d3f805dc85baaca450c0c7bec57ebcf8a6bb6ebb8588307dad130c83bf792bac76694909a14fd6a4d7d1e9b31e32fba11256343b9fc18154

Download Submit
F:\Steam\public\steambootstrapper_indonesian.txt

Filesize
4KB

MD5
1514d082b672b372cdfb8dd85c3437f1

SHA1
336a01192edb76ae6501d6974b3b6f0c05ea223a

SHA256
3b3c5c615fd82070cc951ab482d3de8cb12df0b3df59fbd11f9d3271fa2fbca4

SHA512
4d41c945ce7c94746875b0dbceb14811d4966de4e97fe047406a304162fde7e1e2a16367fc2e43978e2e5aa66749f036b4444aa2312673c2cc3af296e8b77f55

Download Submit
F:\Steam\public\steambootstrapper_italian.txt

Filesize
4KB

MD5
8958371646901eac40807eeb2f346382

SHA1
55fb07b48a3e354f7556d7edb75144635a850903

SHA256
b01ec64d75fd1fbd00fbeb45a3fb39244911a8b22bb43de4e0c03f205184f585

SHA512
14c5dbb017822336f22bf6779ccd4a66604ddc5f2c3caa24271e96f739fef007754d96844efa422d6682cbcd2d3bc902c36f0f6acb3eb87ed8d7b3f885973554

Download Submit
F:\Steam\public\steambootstrapper_japanese.txt

Filesize
5KB

MD5
7e1d15fc9ba66a868c5c6cb1c2822f83

SHA1
bfe9a25fdc8721d7b76cecb9527a9ba7823dc3d7

SHA256
fc74e26a8baabbe4851109512d85173b75dbf7293d41eb3b92a1957a773c8265

SHA512
0892be14a858cc860766afb1c996b2c355108a7e50971ea3ec00d15069e919a6eb05a61fa839bea3938492c391e274144c5e248f4c204a602bf36adf27e5b406

Download Submit
F:\Steam\public\steambootstrapper_koreana.txt

Filesize
4KB

MD5
202b825d0ef72096b82db255c4e747fa

SHA1
3a3265e5bbaa1d1b774195a3858f29cea75c9e75

SHA256
3d1399f5323a3ece1b1a8b3b31f8fd7f50c3bd319ab3f1c38c6e347452c95314

SHA512
e8fc7cc09f431301d22a07b238179ee053505090e3c4db30ead061513fe7159f1fe8b80efc93f4597fe00f01087bbe0bb2231e13693d72c8def138657cb91566

Download Submit
F:\Steam\public\steambootstrapper_latam.txt

Filesize
4KB

MD5
7913f3f33839e3af9e10455df69866c2

SHA1
15fa957d0a6a2717027f5b35f4dbe5e0ab8ece25

SHA256
05bc1f4973c6d36002ac1b37ce46b1f941fcb4338282e0ec1ec83fb558d1a88c

SHA512
534e541757d19ee157a268bf7ea358b48015f400542fcfa49cdb547cd652926160f015fe2cf026d9c4996e56ab90ca3899dfd457997d915bf6bc9d7bb00ba804

Download Submit
F:\Steam\public\steambootstrapper_norwegian.txt

Filesize
4KB

MD5
58e0fcbee3cca4ef61b97928cfe89535

SHA1
1297e3af3ca9e4fe3cc5db78ebbfa642e8a2c57b

SHA256
c084a68b65d507eb831831aa2ab9afb9536cb99a840d248cc155ff87fad18425

SHA512
99aff0c481e34cd0e4fcbb2af471afb56d91aa11be664462b08e17ae169ca03ef77e7063b4ecd0f38ca7b2f6dc0bf2e316c7b31dffbbcfc763cd8fae27dc78d2

Download Submit
F:\Steam\public\steambootstrapper_polish.txt

Filesize
4KB

MD5
9b0b0e82f753cc115d87c7199885ad1b

SHA1
5743a4ab58684c1f154f84895d87f000b4e98021

SHA256
0bdeee9fa28d54d384e06ea646fbcfe3f06698a31dfdc1a50703ffe83ad78d32

SHA512
b7780b82fbe705bc8e5a527c011eb685c99ef0b2eb810617b9f82b891341af95ef1c2f46dce9e458c0c4dcc3e7a0d21db6c77f03419cd1c4b521a9b72f9017df

Download Submit
F:\Steam\public\steambootstrapper_portuguese.txt

Filesize
4KB

MD5
eb8926608c5933f05a3f0090e551b15d

SHA1
a1012904d440c0e74dad336eac8793ac110f78f8

SHA256
2ed2b0d654d60e0a82b0968a91d568b775144e9d92f2b077b6da75f85ad12d04

SHA512
9113c42c38836f71ff0cc7019aff8c873845f47fbf1ab97e981cb038f4d8495b6df784402b1ee9666e8e567ae866b0284c81e6a16efb47131d5ef88569c4843a

Download Submit
F:\Steam\public\steambootstrapper_romanian.txt

Filesize
4KB

MD5
6367f43ea3780c4ee166454f5936b1a8

SHA1
027a2c24c8320458c49cd78053f586cb4d94ee6f

SHA256
f8d1972e75a320344e3c834ba0a3a6a86edb39e20ef706bda9b7965d440d1998

SHA512
31aab33e0d272cb43a8c160b3d37256716a683e5052192fd0e4d3cdaf30a10a9afa9d26d5d14ad216ee455627c32892a711d2bc137ee7a7df9a297f001a19e32

Download Submit
F:\Steam\public\steambootstrapper_russian.txt

Filesize
6KB

MD5
e04ad6c236b6c61fc53e2cb57ced87e8

SHA1
e9d4846b7e6cc755ee14a5d3fa45ee7d3bf425a4

SHA256
08c775efa77c2a92d369f794882e467b6e2526e61bc7aa7724f48e174524502e

SHA512
0dfb7e6d811d649103499018f3d115c542fcaba420ceb69124a4d837fe162ce514e7be2040860c5ef5f9c01c961fa6eea8730606b73ec107d87597989b6fd331

Download Submit
F:\Steam\public\steambootstrapper_schinese.txt

Filesize
4KB

MD5
56dcf7b68f70826262a6ffaffe6b1c49

SHA1
12e4272ba0e4eabc610670cdc6941f942da1eb6a

SHA256
948cad1bb27109e008f2457248880c759d3fa98b92c5b4033b94f455cb8ac43f

SHA512
c3fd9caf0bd4c303a7cc300faada9cfe6dd752e82d67625b31f4c0c2c091596508bb477fe19f758fdf79b25b8ac3f5320a8785d2b6705b9bcc28a054a59454e2

Download Submit
F:\Steam\public\steambootstrapper_spanish.txt

Filesize
4KB

MD5
66456d2b1085446a9f2dbd9e4632754b

SHA1
8da6248b57e5c2970d853b8d21373772a34b1c28

SHA256
c4f821a4903c4e7faea2931c7fb1cf261eba06a9840c78fdca689f5c784c06c4

SHA512
196c2282ba13715709ece706c9219fe70c05dd295840082e7d901b9e5592e74b1bb556782181cdbe35bd1ab0d6197fef67258b09491fabc6f27606dbed667d49

Download Submit
F:\Steam\public\steambootstrapper_swedish.txt

Filesize
4KB

MD5
b2248784049e1af0c690be2af13a4ef3

SHA1
aec7461fa46b7f6d00ff308aa9d19c39b934c595

SHA256
4bf6b25bf5b18e13b04db6ed2e5ed635eb844fc52baa892f530194d9471f5690

SHA512
f5cee6bba20a4d05473971f7f87a36990e88a44b2855c7655b77f48f223219978d91bcd02d320c7e6c2ec368234e1d0201be85b5626ef4909e047e416e1a066c

Download Submit
F:\Steam\public\steambootstrapper_tchinese.txt

Filesize
4KB

MD5
194a73f900a3283da4caa6c09fefcb08

SHA1
a7a8005ca77b9f5d9791cb66fcdf6579763b2abb

SHA256
5e4f2de5ee98d5d76f5d76fb925417d6668fba08e89f7240f923f3378e3e66f6

SHA512
25842535c165d48f4cf4fa7fd06818ec5585cc3719eff933f5776a842713d7adb5667c3b9b1a122a1152450e797535fc7a8e97ebdd31c14b4d4900a33ede01f3

Download Submit
F:\Steam\public\steambootstrapper_thai.txt

Filesize
7KB

MD5
53f7e8ac1affb04bf132c2ca818eb01e

SHA1
bffc3e111761e4dc514c6398a07ffce8555697f6

SHA256
488294b7faff720dc3ab5a72e0607761484c678b96d6bcd6aad9ee2388356a83

SHA512
c2e79c2505a6fd075df113ffce92ad42c146424ca39087601daa4ed15a2b5528d478a093921d9d8a738c7b6b963275a0693ebe526b6e2135d14ced03639d0e70

Download Submit
F:\Steam\public\steambootstrapper_turkish.txt

Filesize
4KB

MD5
29f9a5ab4adfae371bf980b82de2cb57

SHA1
6f7ef52a09b99868dd7230f513630ffe473eddf8

SHA256
711675edb20b3cb70acf6cf75f2eea8e0d87c8ace3e11c8df362b4517427a34f

SHA512
543fe63f791250e05e8fda24fd2ceadebb4c8925e8927de49ae490895c87eed3e61a9ad50237532649f99fe3165836261de215ee3f66ffbfc6d677ddeea7732a

Download Submit
F:\Steam\public\steambootstrapper_ukrainian.txt

Filesize
6KB

MD5
cadd7a2f359b22580bdd6281ea23744d

SHA1
e82e790a7561d0908aee8e3b1af97823e147f88b

SHA256
3dd0edfbe68236e668fb308f92fe7c6493dbb05bfca85a48de93588f479ccc99

SHA512
53672dd13e6ccbe96f6d4a61297c595b6d6cba8de92caa51ccf8ab1d8a82eea5a425eab348f295b9ec27de0026ef849d9230f751a46e040be8863923f91b8519

Download Submit
F:\Steam\public\steambootstrapper_vietnamese.txt

Filesize
4KB

MD5
f350c8747d77777f456037184af9212c

SHA1
753d8c260b852a299df76c4f215b0d2215f6a723

SHA256
15b6a564e05857a3d2fd6eec85a5a30c491a7553d15ffc025156b3665b919185

SHA512
efb86809a0b357b4fcd3ba2770c97d225d0f4d9fb7430c515e847c3dd77ee109def4bef11b650b9773c17050e618008fc03377638c1db3393ac780b5b0bc31b2

Download Submit
F:\Steam\steam.exe

Filesize
4.0MB

MD5
bd1ed756391acbe0968b30932fbd12a7

SHA1
f4f54e094d64065bd41879089e7c804e35e5adf2

SHA256
5048dd1c3aa3d27df8ef6de7bdd9c1e8b97059a7a9cc972c5bc2a5134a46d6bf

SHA512
55dbf9ac0dea069073bc8e239283369b805beb28d84319c32d0ce3da8ef7122a232e8e5514fb817b59ca4d1756c31089bc48a380e010d1f8162f90d43657c1e6

Download Submit
F:\Steam\steam.exe

Filesize
4.2MB

MD5
0f433ee9a006400416679cf6e5a510c5

SHA1
558403043f0288aba3d9a43e9dfa7e109bc0b31a

SHA256
88eb0e145502e84cfb242b4733eeecbda53f78e33fe748f3c0e1fb14edbd7cd4

SHA512
82048118e7b816ffe9dd0ce114b0fda049345e9d27ab64b1c7a2efb4edb2d08775379ad6678c5a6a77fbfa91d8969e8642460f62b5cded32a704ab238a010ba3

Download Submit
memory/900-12398-0x0000000000090000-0x0000000000544000-memory.dmp

Filesize
4.7MB

Download
memory/3212-12597-0x000001C6C1E20000-0x000001C6C25CE000-memory.dmp

Filesize
7.7MB

Download
memory/3212-12598-0x000001C6C1D20000-0x000001C6C1D28000-memory.dmp

Filesize
32KB

Download
memory/7612-12497-0x000000006FC00000-0x0000000070EFE000-memory.dmp

Filesize
19.0MB

Download
memory/7612-12540-0x000000006FC00000-0x0000000070EFE000-memory.dmp

Filesize
19.0MB

Download
memory/7612-12547-0x000000006FC00000-0x0000000070EFE000-memory.dmp

Filesize
19.0MB

Download
memory/7612-12574-0x000000006FC00000-0x0000000070EFE000-memory.dmp

Filesize
19.0MB

Download
memory/7612-12534-0x000000006FC00000-0x0000000070EFE000-memory.dmp

Filesize
19.0MB

Download
memory/7612-12528-0x000000006FC00000-0x0000000070EFE000-memory.dmp

Filesize
19.0MB

Download
memory/7612-12522-0x000000006FC00000-0x0000000070EFE000-memory.dmp

Filesize
19.0MB

Download
memory/7612-12609-0x000000006FC00000-0x0000000070EFE000-memory.dmp

Filesize
19.0MB

Download
memory/7612-12585-0x000000006FC00000-0x0000000070EFE000-memory.dmp

Filesize
19.0MB

Download
memory/7612-12507-0x000000006FC00000-0x0000000070EFE000-memory.dmp

Filesize
19.0MB

Download
memory/8336-12498-0x00000254D62E0000-0x00000254D638F000-memory.dmp

Filesize
700KB

Download
memory/9996-12438-0x00007FFF277C0000-0x00007FFF277C1000-memory.dmp

Filesize
4KB

Download
memory/9996-12502-0x000001BA8B7F0000-0x000001BA8B7F8000-memory.dmp

Filesize
32KB

Download
memory/9996-12501-0x000001BA8B920000-0x000001BA8C0CE000-memory.dmp

Filesize
7.7MB

Download
memory/9996-12436-0x00007FFF27780000-0x00007FFF27781000-memory.dmp

Filesize
4KB

Download
memory/10044-12503-0x0000029729BC0000-0x000002972A36E000-memory.dmp

Filesize
7.7MB

Download
memory/10044-12504-0x0000029729880000-0x0000029729888000-memory.dmp

Filesize
32KB

Download