7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb

Analysis

max time kernel
779s
max time network
780s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
22-10-2024 07:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SteamSetup.exe
Size

2.3MB
MD5

1b54b70beef8eb240db31718e8f7eb5d
SHA1

da5995070737ec655824c92622333c489eb6bce4
SHA256

7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb
SHA512

fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb
SSDEEP

49152:UDP/q9MIX/crfcNVBaXp1m0zyVCMwBHgFzoZhRP8:kC9MI8Hm0GCjgFc3Rk

Score

6^/10

discovery persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

SteamSetup.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Steam = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent"	SteamSetup.exe

Checks computer location settings 2 TTPs 14 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

steamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

Processes:

steam.exesteam.exe

description	ioc	process
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\BigPictureBG.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\cloud_icon_down.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_trackpad_r_ring_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\bin\cef\cef.win7x64\api-ms-win-core-sysinfo-l1-1-0.dll_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\gameproperties_general.res_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\genesis_a.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\xbox_one_brazilian.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\platform_danish.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_button_minus.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps_outlined_button_x_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sd_button_view.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\GameOverlayUI.exe_	steam.exe
File created	C:\Program Files (x86)\Steam\appcache\librarycache\1840_header.jpg	steam.exe
File created	C:\Program Files (x86)\Steam\appcache\librarycache\937890_header.jpg	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_040_act_0329.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\localization\reducedui_sc_schinese-json.js_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_color_outlined_button_y.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_color_button_a_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\movies\bigpicture_startup.webm_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\bin\cef\cef.win7x64\openvr_api.dll_	steam.exe
File created	C:\Program Files (x86)\Steam\appcache\librarycache\1737100_logo.png	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps_dpad_right_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_trackpad_ring_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\SDL3_image.dll_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_100_target_0120.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\public\steam_tray_posix.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\overlay_english.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps4_trackpad_r_ring_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\switchpro_rstick_left_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\templates\controller_ps5_gamepad_flickstick.vdf_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\offline_sc_schinese.html_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\templates\controller_apple_gamepad_fps.vdf_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\btnDefLeft.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\platform_thai.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps4_trackpad_r_up_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_touchpad_swipe.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\xbox_p1_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\xbox_lb.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\switchpro_rstick_up_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\xbox_one_thai.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps4_trackpad_r_swipe_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\resources_misc_all.zip.vz.e86a975545f3ab21a77373870cb311ef93934b8c_2224876	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps_rfn_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\xbox_p1_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\switchpro_rstick_down.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\Receipt_PayPal_Preorder.res_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\GfnRuntimeSdk.dll_	steam.exe
File created	C:\Program Files (x86)\Steam\appcache\librarycache\255470_icon.jpg	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_110_social_0070.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\localization\friendsui_greek-json.js_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\public\steam_welcome_large.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\steam_controller_french.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_button_b_lg-1.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\OverlayCDKeyDialog.res_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\bin\cef\cef.win7x64\locales\en-GB.pak_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\btnOvrOnLeft.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\scrTopRight.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps_button_x_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\gift_wizard_heart.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_lstick_right_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\Receipt_HardwarePromo_Success.res_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\bin\cef\cef.win7x64\vccorlib140.dll_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\chkselfocus_sm.tga_	steam.exe

Executes dropped EXE 44 IoCs

Processes:

steamservice.exesteam.exesteam.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exegldriverquery64.exesteamwebhelper.exesteamwebhelper.exegldriverquery.exevulkandriverquery64.exevulkandriverquery.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamerrorreporter64.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exe

pid	process
4380	steamservice.exe
216	steam.exe
13344	steam.exe
13484	steamwebhelper.exe
13712	steamwebhelper.exe
13788	steamwebhelper.exe
13956	steamwebhelper.exe
14532	gldriverquery64.exe
14660	steamwebhelper.exe
14724	steamwebhelper.exe
4152	gldriverquery.exe
1156	vulkandriverquery64.exe
3552	vulkandriverquery.exe
8936	steamwebhelper.exe
8660	steamwebhelper.exe
8520	steamwebhelper.exe
8404	steamwebhelper.exe
14120	steamerrorreporter64.exe
13600	steamwebhelper.exe
8308	steamwebhelper.exe
7232	steamwebhelper.exe
7208	steamwebhelper.exe
9244	steamwebhelper.exe
6136	steamwebhelper.exe
7556	steamwebhelper.exe
7612	steamwebhelper.exe
9320	steamwebhelper.exe
9528	steamwebhelper.exe
9944	steamwebhelper.exe
2024	steamwebhelper.exe
9980	steamwebhelper.exe
11428	steamwebhelper.exe
10072	steamwebhelper.exe
6500	steamwebhelper.exe
10244	steamwebhelper.exe
14160	steamwebhelper.exe
12304	steamwebhelper.exe
14184	steamwebhelper.exe
12860	steamwebhelper.exe
15192	steamwebhelper.exe
1392	steamwebhelper.exe
15512	steamwebhelper.exe
5236	steamwebhelper.exe
6748	steamwebhelper.exe

Loads dropped DLL 64 IoCs

Processes:

SteamSetup.exesteam.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exe

pid	process
3200	SteamSetup.exe
3200	SteamSetup.exe
3200	SteamSetup.exe
3200	SteamSetup.exe
3200	SteamSetup.exe
3200	SteamSetup.exe
3200	SteamSetup.exe
3200	SteamSetup.exe
13344	steam.exe
13344	steam.exe
13344	steam.exe
13344	steam.exe
13344	steam.exe
13344	steam.exe
13344	steam.exe
13344	steam.exe
13344	steam.exe
13344	steam.exe
13344	steam.exe
13344	steam.exe
13344	steam.exe
13344	steam.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13712	steamwebhelper.exe
13712	steamwebhelper.exe
13712	steamwebhelper.exe
13344	steam.exe
13344	steam.exe
13788	steamwebhelper.exe
13788	steamwebhelper.exe
13788	steamwebhelper.exe
13788	steamwebhelper.exe
13788	steamwebhelper.exe
13788	steamwebhelper.exe
13788	steamwebhelper.exe
13956	steamwebhelper.exe
13956	steamwebhelper.exe
13956	steamwebhelper.exe
13344	steam.exe
14660	steamwebhelper.exe
14660	steamwebhelper.exe
14724	steamwebhelper.exe
14724	steamwebhelper.exe
14660	steamwebhelper.exe
14724	steamwebhelper.exe
14724	steamwebhelper.exe
13344	steam.exe
8936	steamwebhelper.exe
8936	steamwebhelper.exe
8936	steamwebhelper.exe
8936	steamwebhelper.exe
8660	steamwebhelper.exe
8660	steamwebhelper.exe
8660	steamwebhelper.exe
8660	steamwebhelper.exe
8660	steamwebhelper.exe
8660	steamwebhelper.exe
8660	steamwebhelper.exe
8520	steamwebhelper.exe
8520	steamwebhelper.exe
8520	steamwebhelper.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

SteamSetup.exesteamservice.exesteam.exesteam.exegldriverquery.exevulkandriverquery.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SteamSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steamservice.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	gldriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vulkandriverquery.exe

Checks processor information in registry 2 TTPs 9 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

steam.exesteamwebhelper.exesteamwebhelper.exesteam.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe

Modifies registry class 64 IoCs

Processes:

steam.exesteamservice.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe"	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon	steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\steamlink\ = "URL:steamlink protocol"	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe"	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\steamlink\DefaultIcon\ = "steam.exe"	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\steam\DefaultIcon	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\steamlink\ = "URL:steamlink protocol"	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\steam\ = "URL:steam protocol"	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\steam	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\steam\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\steamlink\Shell\Open	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\steam\DefaultIcon\ = "steam.exe"	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol	steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol"	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\steamlink\URL Protocol	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\steam\URL Protocol	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\steam\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\steam\Shell	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\steamlink\DefaultIcon	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe"	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\steam	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\steam\ = "URL:steam protocol"	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\steamlink	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\steamlink\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\steamlink\Shell	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\steamlink	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\steamlink\DefaultIcon	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\steam\URL Protocol	steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol"	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol"	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\steam\DefaultIcon	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\steam\Shell\Open	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\steamlink\Shell\Open\Command	steamservice.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

steam.exesteam.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	steam.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

SteamSetup.exesteam.exe

pid	process
3200	SteamSetup.exe
3200	SteamSetup.exe
3200	SteamSetup.exe
3200	SteamSetup.exe
3200	SteamSetup.exe
3200	SteamSetup.exe
3200	SteamSetup.exe
3200	SteamSetup.exe
3200	SteamSetup.exe
3200	SteamSetup.exe
3200	SteamSetup.exe
3200	SteamSetup.exe
3200	SteamSetup.exe
3200	SteamSetup.exe
3200	SteamSetup.exe
3200	SteamSetup.exe
13344	steam.exe
13344	steam.exe
13344	steam.exe
13344	steam.exe
13344	steam.exe
13344	steam.exe
13344	steam.exe
13344	steam.exe
13344	steam.exe
13344	steam.exe
13344	steam.exe
13344	steam.exe
13344	steam.exe
13344	steam.exe
13344	steam.exe
13344	steam.exe
13344	steam.exe
13344	steam.exe
13344	steam.exe
13344	steam.exe
13344	steam.exe
13344	steam.exe
13344	steam.exe
13344	steam.exe
13344	steam.exe
13344	steam.exe
13344	steam.exe
13344	steam.exe
13344	steam.exe
13344	steam.exe
13344	steam.exe
13344	steam.exe
13344	steam.exe
13344	steam.exe
13344	steam.exe
13344	steam.exe
13344	steam.exe
13344	steam.exe
13344	steam.exe
13344	steam.exe
13344	steam.exe
13344	steam.exe
13344	steam.exe
13344	steam.exe
13344	steam.exe
13344	steam.exe
13344	steam.exe
13344	steam.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

steam.exe

pid process

13344 steam.exe

pid	process
13344	steam.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

steamservice.exesteamwebhelper.exe

description	pid	process
Token: SeSecurityPrivilege	4380	steamservice.exe
Token: SeSecurityPrivilege	4380	steamservice.exe
Token: SeShutdownPrivilege	13484	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	13484	steamwebhelper.exe
Token: SeShutdownPrivilege	13484	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	13484	steamwebhelper.exe
Token: SeShutdownPrivilege	13484	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	13484	steamwebhelper.exe
Token: SeShutdownPrivilege	13484	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	13484	steamwebhelper.exe
Token: SeShutdownPrivilege	13484	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	13484	steamwebhelper.exe
Token: SeShutdownPrivilege	13484	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	13484	steamwebhelper.exe
Token: SeShutdownPrivilege	13484	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	13484	steamwebhelper.exe
Token: SeShutdownPrivilege	13484	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	13484	steamwebhelper.exe
Token: SeShutdownPrivilege	13484	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	13484	steamwebhelper.exe
Token: SeShutdownPrivilege	13484	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	13484	steamwebhelper.exe
Token: SeShutdownPrivilege	13484	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	13484	steamwebhelper.exe
Token: SeShutdownPrivilege	13484	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	13484	steamwebhelper.exe
Token: SeShutdownPrivilege	13484	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	13484	steamwebhelper.exe
Token: SeShutdownPrivilege	13484	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	13484	steamwebhelper.exe
Token: SeShutdownPrivilege	13484	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	13484	steamwebhelper.exe
Token: SeShutdownPrivilege	13484	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	13484	steamwebhelper.exe
Token: SeShutdownPrivilege	13484	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	13484	steamwebhelper.exe
Token: SeShutdownPrivilege	13484	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	13484	steamwebhelper.exe
Token: SeShutdownPrivilege	13484	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	13484	steamwebhelper.exe
Token: SeShutdownPrivilege	13484	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	13484	steamwebhelper.exe
Token: SeShutdownPrivilege	13484	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	13484	steamwebhelper.exe
Token: SeShutdownPrivilege	13484	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	13484	steamwebhelper.exe
Token: SeShutdownPrivilege	13484	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	13484	steamwebhelper.exe
Token: SeShutdownPrivilege	13484	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	13484	steamwebhelper.exe
Token: SeShutdownPrivilege	13484	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	13484	steamwebhelper.exe
Token: SeShutdownPrivilege	13484	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	13484	steamwebhelper.exe
Token: SeShutdownPrivilege	13484	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	13484	steamwebhelper.exe
Token: SeShutdownPrivilege	13484	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	13484	steamwebhelper.exe
Token: SeShutdownPrivilege	13484	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	13484	steamwebhelper.exe
Token: SeShutdownPrivilege	13484	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	13484	steamwebhelper.exe
Token: SeShutdownPrivilege	13484	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	13484	steamwebhelper.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

steamwebhelper.exesteam.exe

pid	process
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13344	steam.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13344	steam.exe
13344	steam.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

steamwebhelper.exesteam.exe

pid	process
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13344	steam.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13344	steam.exe
13344	steam.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe
13484	steamwebhelper.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

steam.exe

pid process

13344 steam.exe

pid	process
13344	steam.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

SteamSetup.exesteam.exesteam.exesteamwebhelper.exe

description	pid	process	target process
PID 3200 wrote to memory of 4380	3200	SteamSetup.exe	steamservice.exe
PID 3200 wrote to memory of 4380	3200	SteamSetup.exe	steamservice.exe
PID 3200 wrote to memory of 4380	3200	SteamSetup.exe	steamservice.exe
PID 216 wrote to memory of 13344	216	steam.exe	steam.exe
PID 216 wrote to memory of 13344	216	steam.exe	steam.exe
PID 216 wrote to memory of 13344	216	steam.exe	steam.exe
PID 13344 wrote to memory of 13484	13344	steam.exe	steamwebhelper.exe
PID 13344 wrote to memory of 13484	13344	steam.exe	steamwebhelper.exe
PID 13484 wrote to memory of 13712	13484	steamwebhelper.exe	steamwebhelper.exe
PID 13484 wrote to memory of 13712	13484	steamwebhelper.exe	steamwebhelper.exe
PID 13484 wrote to memory of 13788	13484	steamwebhelper.exe	steamwebhelper.exe
PID 13484 wrote to memory of 13788	13484	steamwebhelper.exe	steamwebhelper.exe
PID 13484 wrote to memory of 13788	13484	steamwebhelper.exe	steamwebhelper.exe
PID 13484 wrote to memory of 13788	13484	steamwebhelper.exe	steamwebhelper.exe
PID 13484 wrote to memory of 13788	13484	steamwebhelper.exe	steamwebhelper.exe
PID 13484 wrote to memory of 13788	13484	steamwebhelper.exe	steamwebhelper.exe
PID 13484 wrote to memory of 13788	13484	steamwebhelper.exe	steamwebhelper.exe
PID 13484 wrote to memory of 13788	13484	steamwebhelper.exe	steamwebhelper.exe
PID 13484 wrote to memory of 13788	13484	steamwebhelper.exe	steamwebhelper.exe
PID 13484 wrote to memory of 13788	13484	steamwebhelper.exe	steamwebhelper.exe
PID 13484 wrote to memory of 13788	13484	steamwebhelper.exe	steamwebhelper.exe
PID 13484 wrote to memory of 13788	13484	steamwebhelper.exe	steamwebhelper.exe
PID 13484 wrote to memory of 13788	13484	steamwebhelper.exe	steamwebhelper.exe
PID 13484 wrote to memory of 13788	13484	steamwebhelper.exe	steamwebhelper.exe
PID 13484 wrote to memory of 13788	13484	steamwebhelper.exe	steamwebhelper.exe
PID 13484 wrote to memory of 13788	13484	steamwebhelper.exe	steamwebhelper.exe
PID 13484 wrote to memory of 13788	13484	steamwebhelper.exe	steamwebhelper.exe
PID 13484 wrote to memory of 13788	13484	steamwebhelper.exe	steamwebhelper.exe
PID 13484 wrote to memory of 13788	13484	steamwebhelper.exe	steamwebhelper.exe
PID 13484 wrote to memory of 13788	13484	steamwebhelper.exe	steamwebhelper.exe
PID 13484 wrote to memory of 13788	13484	steamwebhelper.exe	steamwebhelper.exe
PID 13484 wrote to memory of 13788	13484	steamwebhelper.exe	steamwebhelper.exe
PID 13484 wrote to memory of 13788	13484	steamwebhelper.exe	steamwebhelper.exe
PID 13484 wrote to memory of 13788	13484	steamwebhelper.exe	steamwebhelper.exe
PID 13484 wrote to memory of 13788	13484	steamwebhelper.exe	steamwebhelper.exe
PID 13484 wrote to memory of 13788	13484	steamwebhelper.exe	steamwebhelper.exe
PID 13484 wrote to memory of 13788	13484	steamwebhelper.exe	steamwebhelper.exe
PID 13484 wrote to memory of 13788	13484	steamwebhelper.exe	steamwebhelper.exe
PID 13484 wrote to memory of 13788	13484	steamwebhelper.exe	steamwebhelper.exe
PID 13484 wrote to memory of 13788	13484	steamwebhelper.exe	steamwebhelper.exe
PID 13484 wrote to memory of 13788	13484	steamwebhelper.exe	steamwebhelper.exe
PID 13484 wrote to memory of 13788	13484	steamwebhelper.exe	steamwebhelper.exe
PID 13484 wrote to memory of 13788	13484	steamwebhelper.exe	steamwebhelper.exe
PID 13484 wrote to memory of 13788	13484	steamwebhelper.exe	steamwebhelper.exe
PID 13484 wrote to memory of 13788	13484	steamwebhelper.exe	steamwebhelper.exe
PID 13484 wrote to memory of 13788	13484	steamwebhelper.exe	steamwebhelper.exe
PID 13484 wrote to memory of 13788	13484	steamwebhelper.exe	steamwebhelper.exe
PID 13484 wrote to memory of 13788	13484	steamwebhelper.exe	steamwebhelper.exe
PID 13484 wrote to memory of 13788	13484	steamwebhelper.exe	steamwebhelper.exe
PID 13484 wrote to memory of 13788	13484	steamwebhelper.exe	steamwebhelper.exe
PID 13484 wrote to memory of 13788	13484	steamwebhelper.exe	steamwebhelper.exe
PID 13484 wrote to memory of 13956	13484	steamwebhelper.exe	steamwebhelper.exe
PID 13484 wrote to memory of 13956	13484	steamwebhelper.exe	steamwebhelper.exe
PID 13344 wrote to memory of 14532	13344	steam.exe	gldriverquery64.exe
PID 13344 wrote to memory of 14532	13344	steam.exe	gldriverquery64.exe
PID 13484 wrote to memory of 14660	13484	steamwebhelper.exe	steamwebhelper.exe
PID 13484 wrote to memory of 14660	13484	steamwebhelper.exe	steamwebhelper.exe
PID 13484 wrote to memory of 14660	13484	steamwebhelper.exe	steamwebhelper.exe
PID 13484 wrote to memory of 14660	13484	steamwebhelper.exe	steamwebhelper.exe
PID 13484 wrote to memory of 14660	13484	steamwebhelper.exe	steamwebhelper.exe
PID 13484 wrote to memory of 14660	13484	steamwebhelper.exe	steamwebhelper.exe
PID 13484 wrote to memory of 14660	13484	steamwebhelper.exe	steamwebhelper.exe
PID 13484 wrote to memory of 14660	13484	steamwebhelper.exe	steamwebhelper.exe
PID 13484 wrote to memory of 14660	13484	steamwebhelper.exe	steamwebhelper.exe

C:\Users\Admin\AppData\Local\Temp\SteamSetup.exe
"C:\Users\Admin\AppData\Local\Temp\SteamSetup.exe"
1⤵
- Adds Run key to start application
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3200
- C:\Program Files (x86)\Steam\bin\steamservice.exe
  "C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  PID:4380

C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
1⤵
- Drops file in Program Files directory
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:216
- C:\Program Files (x86)\Steam\steam.exe
  "C:\Program Files (x86)\Steam\steam.exe"
  2⤵
  - Drops file in Program Files directory
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Modifies registry class
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:13344
- - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
    "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=13344" "-buildid=1726604483" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-userdatadir=C:\Users\Admin\AppData\Local\Steam\cefdata" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:13484
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1726604483 --initial-client-data=0x368,0x36c,0x370,0x344,0x374,0x7ff8bd39ee38,0x7ff8bd39ee48,0x7ff8bd39ee58
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:13712
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=1672 --field-trial-handle=1736,i,4152771792097938446,4829827606927459149,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:13788
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=2188 --field-trial-handle=1736,i,4152771792097938446,4829827606927459149,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:13956
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=2504 --field-trial-handle=1736,i,4152771792097938446,4829827606927459149,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:14660
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --first-renderer-process --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2932 --field-trial-handle=1736,i,4152771792097938446,4829827606927459149,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:14724
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3680 --field-trial-handle=1736,i,4152771792097938446,4829827606927459149,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:8936
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=3872 --field-trial-handle=1736,i,4152771792097938446,4829827606927459149,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:8660
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=1780 --field-trial-handle=1736,i,4152771792097938446,4829827606927459149,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:8520
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=3972 --field-trial-handle=1736,i,4152771792097938446,4829827606927459149,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2
      4⤵
      Executes dropped EXE
      PID:8404
  - - C:\Program Files (x86)\Steam\steamerrorreporter64.exe
      C:\Program Files (x86)\Steam\steamerrorreporter64.exe -pid=13484
      4⤵
      Executes dropped EXE
      PID:14120
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=3756 --field-trial-handle=1736,i,4152771792097938446,4829827606927459149,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2
      4⤵
      Executes dropped EXE
      PID:13600
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=2964 --field-trial-handle=1736,i,4152771792097938446,4829827606927459149,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2
      4⤵
      Executes dropped EXE
      PID:8308
- - C:\Program Files (x86)\Steam\bin\gldriverquery64.exe
    .\bin\gldriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:14532
- - C:\Program Files (x86)\Steam\bin\gldriverquery.exe
    .\bin\gldriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:4152
- - C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe
    .\bin\vulkandriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:1156
- - C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe
    .\bin\vulkandriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:3552
- - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
    "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=13344" "-buildid=1726604483" "-steamid=76561198841693190" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=1" "-userdatadir=C:\Users\Admin\AppData\Local\Steam\cefdata" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Checks processor information in registry
    PID:7232
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1726604483 --initial-client-data=0x35c,0x360,0x364,0x338,0x368,0x7ff8bd39ee38,0x7ff8bd39ee48,0x7ff8bd39ee58
      4⤵
      Executes dropped EXE
      PID:7208
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=76561198841693190 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=1616 --field-trial-handle=1740,i,9787564682661516985,15313824912484244347,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2
      4⤵
      Executes dropped EXE
      PID:9244
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=76561198841693190 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=2252 --field-trial-handle=1740,i,9787564682661516985,15313824912484244347,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8
      4⤵
      Executes dropped EXE
      PID:6136
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=76561198841693190 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=2528 --field-trial-handle=1740,i,9787564682661516985,15313824912484244347,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8
      4⤵
      Executes dropped EXE
      PID:7556
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=76561198841693190 --first-renderer-process --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2984 --field-trial-handle=1740,i,9787564682661516985,15313824912484244347,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      PID:7612
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=76561198841693190 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3676 --field-trial-handle=1740,i,9787564682661516985,15313824912484244347,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      PID:9320
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=76561198841693190 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=3812 --field-trial-handle=1740,i,9787564682661516985,15313824912484244347,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2
      4⤵
      Executes dropped EXE
      PID:9528
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=76561198841693190 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=3808 --field-trial-handle=1740,i,9787564682661516985,15313824912484244347,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2
      4⤵
      Executes dropped EXE
      PID:9944
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=76561198841693190 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=3832 --field-trial-handle=1740,i,9787564682661516985,15313824912484244347,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2
      4⤵
      Executes dropped EXE
      PID:2024
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=76561198841693190 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=3988 --field-trial-handle=1740,i,9787564682661516985,15313824912484244347,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2
      4⤵
      Executes dropped EXE
      PID:9980
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=76561198841693190 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3144 --field-trial-handle=1740,i,9787564682661516985,15313824912484244347,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      PID:11428
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=76561198841693190 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4232 --field-trial-handle=1740,i,9787564682661516985,15313824912484244347,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      PID:10072
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=76561198841693190 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4224 --field-trial-handle=1740,i,9787564682661516985,15313824912484244347,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1
      4⤵
      Executes dropped EXE
      PID:6500
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=76561198841693190 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=1788 --field-trial-handle=1740,i,9787564682661516985,15313824912484244347,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8
      4⤵
      Executes dropped EXE
      PID:10244
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=76561198841693190 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3784 --field-trial-handle=1740,i,9787564682661516985,15313824912484244347,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1
      4⤵
      Executes dropped EXE
      PID:14160
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=76561198841693190 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4448 --field-trial-handle=1740,i,9787564682661516985,15313824912484244347,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      PID:12304
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=76561198841693190 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=2644 --field-trial-handle=1740,i,9787564682661516985,15313824912484244347,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8
      4⤵
      Executes dropped EXE
      PID:14184
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=76561198841693190 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1232 --field-trial-handle=1740,i,9787564682661516985,15313824912484244347,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1
      4⤵
      Executes dropped EXE
      PID:12860
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=76561198841693190 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2140 --field-trial-handle=1740,i,9787564682661516985,15313824912484244347,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      PID:15192
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=76561198841693190 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3788 --field-trial-handle=1740,i,9787564682661516985,15313824912484244347,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      PID:1392
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=76561198841693190 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4308 --field-trial-handle=1740,i,9787564682661516985,15313824912484244347,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      PID:15512
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=76561198841693190 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4668 --field-trial-handle=1740,i,9787564682661516985,15313824912484244347,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      PID:5236
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=76561198841693190 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=1596 --field-trial-handle=1740,i,9787564682661516985,15313824912484244347,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      PID:6748

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x48c 0x438
1⤵
PID:14036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Steam\Steam.exe

Filesize
4.2MB

MD5
33bcb1c8975a4063a134a72803e0ca16

SHA1
ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65

SHA256
12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1

SHA512
13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49

Download Submit
C:\Program Files (x86)\Steam\aom.dll

Filesize
7.1MB

MD5
d764264518e77cc546a5876c3bcebad4

SHA1
ea17d45b396fa193a851bfd345e2b2c20ad60e12

SHA256
e78492de0ab575add50b925bfd44216d224d09904a9b14c17087a92fdcbc15cd

SHA512
7cf132ea5254a55c08186ffcf5e47360ef5ddd57d03d7051171f6753b22e3925304d183c2037bfd320ad56c08e079f9b2c4640db8cb3dbd38ff500c7a39e997f

Download Submit
C:\Program Files (x86)\Steam\appcache\librarycache\1113280_icon.jpg

Filesize
638B

MD5
7ecdaf8a54ec52b20640a88527512903

SHA1
3133a4d748ad3be61fe9db759339cd5de73339b5

SHA256
7bd8b75aec0a4d4a377f3ca3a023fd8b7c5fc7dc6a2a66d17f8cdfe5b731ab0c

SHA512
60ae2031eed0c38264f0d8db22a9b6efeb3f80c791e916e15a1730853162d56e0da014dbd93a5479bae4f3bdd5705ca89be70c90574a524abd1c276ed5c55a2d

Download Submit
C:\Program Files (x86)\Steam\bin\SteamService.exe

Filesize
2.5MB

MD5
ba0ea9249da4ab8f62432617489ae5a6

SHA1
d8873c5dcb6e128c39cf0c423b502821343659a7

SHA256
ce177dc8cf42513ff819c7b8597c7be290f9e98632a34ecd868dc76003421f0d

SHA512
52958d55b03e1ddc69afc2f1a02f7813199e4b3bf114514c438ab4d10d5ca83b865ba6090550951c0a43b666c6728304009572212444a27a3f5184663f4b0b8b

Download Submit
C:\Program Files (x86)\Steam\bin\audio.dll

Filesize
183KB

MD5
bdbf3fd3d78b9f6e01301748f6d1d280

SHA1
5a6b927c5ac3969f4e4d3aa526a8b7aa4cbb0204

SHA256
9345afacd7f25b7a4ef0e7a02cf1ad4fc3015c93f4c7f7b480aa48cd3b184847

SHA512
b973010a30447b9cece7b3ded7c6bd15399098b7d98da988fe96f14f003c056711547c5d04bc9cf81764680ab11b118168b937dc9445d05f8cab27d457788561

Download Submit
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\api-ms-win-core-console-l1-1-0.dll

Filesize
23KB

MD5
03068ddf42f4e6cf8cbacb82d12acd2c

SHA1
d4a92bace1759a9990de598a31ecc37dcdcc482c

SHA256
633470b3bcc1bf209ac5c9d3e5d8cf1aa0c51af86f7694e088a842908cd6dd62

SHA512
bdc44c95e83f01066ae54e9ebea83e6a2fc0975af1a00814b005b73fea2b004e0a2c52bf812aa945f00eeb132f89e427cdd8c7de463cdb0fe71c81fd97065272

Download Submit
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\api-ms-win-core-console-l1-2-0.dll

Filesize
23KB

MD5
ecc4653141cd6f0980d3de87ada003c6

SHA1
7e911ca31f4320f4355f1ee5ac52d788ef3d55f0

SHA256
d37289cd28bd3d63fc7cb140616bbd2641975b7511d85376e2a9b83729564783

SHA512
44109105a6c21b8b28e8addc241ddf83aaafbedc10ffce73730b9e0973180c0aeaee4e7ae0c4a3c9b10c6c7930e905023066766aa122f43dbd21ab8ae73abcf4

Download Submit
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\api-ms-win-core-datetime-l1-1-0.dll

Filesize
23KB

MD5
43edf34edf20ccdd0ed7acc7b25748ff

SHA1
b474d11f41ca492be762a8de1c13416f31ba9372

SHA256
8d18111e53502f05828578df32101b10a1ee2f4a4504c27046083ddb4bef1ab9

SHA512
5995684ee6265bf4ac4e2cd376193083bdf9693b5ef29b07cf33a86ec373505fd431d47557263d5eb15e6d3ffc9787ca8634037c51b90ab0e7b258fc57f1e3a5

Download Submit
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\api-ms-win-core-debug-l1-1-0.dll

Filesize
23KB

MD5
fd8029b4da3083b475a48ac76ec4993c

SHA1
040f3273c52e0e963b9a2d11cebfb0bcf06d13c7

SHA256
abacc78b4c8dfb89083aecc59234930460c6b1072c8d55d01369b20fb044181d

SHA512
cd3d4a6a33cd3b698bfec460cc2b9433ef7290558aa031f4d888d9801b5f025900923d51cdc78bc35d81d8c33a3e7ab335b60d7c4cd6a301e60e0506e29208a6

Download Submit
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\api-ms-win-core-errorhandling-l1-1-0.dll

Filesize
23KB

MD5
3a2dbd4334b9cc234496f2d7cf9e1d26

SHA1
99bdae37b42ce7bd386b0479fa1a1ea3c53caf1b

SHA256
1af61ea6c2bfbb2dfa24ebc20ac50fa69441a641dc60e3dfae8181901cd444c8

SHA512
8cee7c2189b51d8920939b2fc16fb8daf8b10b3ab1a889a8bebb65b5adc10175da0894660bc01a6d11c0eafc93194c4c9045a4f6bd2944628c5362d9ceda6839

Download Submit
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\api-ms-win-core-fibers-l1-1-0.dll

Filesize
23KB

MD5
52ff2bff29dd0d39daf082e77d2bf244

SHA1
452b1787f8b35def0c3dd815a4dc66f7814989e3

SHA256
fc43d6feb3425cf49ac39f242b2c1f8e078df6827fd28d829d27df5f601850f7

SHA512
805e5edf61fd44042e71302b61e236e74a736c1f5ae6ca5f61217b074865544a90aa48530964b3f502eb79c52b123a95245e8c206cec81dec78b11d209ac1308

Download Submit
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\api-ms-win-core-file-l1-1-0.dll

Filesize
27KB

MD5
87f9288def26465cd646991688c0edd8

SHA1
fc327cba7f20d0a2378a5c5609ab426a4ff93013

SHA256
641c7902819e885f1cea916e56df83999ddfc4d7ac150aa056b27e2e2ada7de2

SHA512
8f2c17822daf7c28742c0c7d3849d7433edba99af8ede77c9a03fc4784a73195b7c195bb75b2f0423dcd3c49ae1b8e57177add5cd4c6119693fbc6903e20ff7b

Download Submit
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\api-ms-win-core-file-l1-2-0.dll

Filesize
23KB

MD5
fcee2ad431d015f2645f6e87083ffd55

SHA1
8a5e202f310afd2832fc8c1a2d431025325fb046

SHA256
dcde2bd75c67d8dd94485e8c19b0a557cf30d980f1d3d23b98b7ec5b30b2a215

SHA512
a31611091139d4ad0fa1f6477fb557a4b2435e4ea90db021d80d66cd943ed4728e5c5a2962061f31c67433441103bf419fac2e3c8eb544402fe2f9428123a856

Download Submit
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\api-ms-win-core-file-l2-1-0.dll

Filesize
23KB

MD5
20cc1bc113ca79a3ae0639e8adcde6e3

SHA1
1d8760c01218059b3e3b5313ad932de13684d0ea

SHA256
e2618f8e40ba85f0eea466af889a311316a545b15f1c982035d68827999e15ad

SHA512
c46d129eb313ef801a7637bbb9a9040fb8f770ea0626146b5028141cede9c7e2a46f58bc3c17f2515cd5bed3f6775ad93cebca57373faec4fcc1821dde1fac58

Download Submit
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\api-ms-win-core-handle-l1-1-0.dll

Filesize
23KB

MD5
d61bba9bf72ba9fe6cfa57b878a946ef

SHA1
2e3e41f596219de5232311dcd6d7fa73342411c3

SHA256
667db417bdb9a7ce632b249616273f8cd3ee69ae6dcfc1b4ed11b16f1378c540

SHA512
34cb9e3f826c13c6a6622508ccdf94e803c080106e26fd311c1dd55d1bc9f3b7451a8984b58f72da3f20fcc837be6b036c27e3286954ad5f6979c70c637cc308

Download Submit
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\api-ms-win-core-heap-l1-1-0.dll

Filesize
23KB

MD5
8aa73ea893c069d0aa98240d57e88fca

SHA1
a14511fa2c916a27ec1fb3a2c207165db6cd7ea4

SHA256
2400936d6a7a396a7c282b9b02df974c463d2b89c7a16dce7d87612908124c76

SHA512
d5f9fa3ccce52a56945bc34f0a58c3cd87412a660d4a84c8c40a50364e550e0f1eda045e9456c9b99e2e46245afd25696ed3f7337bf1398ff088e218b1c1105d

Download Submit
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\api-ms-win-core-interlocked-l1-1-0.dll

Filesize
23KB

MD5
b265d592a17183a8d1450b45fc76df66

SHA1
8e2ce55c543bd41adeb8198067f0dabcf7bf2faf

SHA256
6037a1b25c98e00832ea1e3c8dbcc1a85549992f6286b80d68ad2ccac3d3bec5

SHA512
f67cf871345b17b638d294afbe7c8afe408c6a43fb85df7758d1a8249f56f1f0a74f754b45bc685e00ba5f6d88ba64f25e43b5fcc88d4f0b91a848c748172afc

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
17KB

MD5
020e36eb58332ce74ed430e839ed5ef7

SHA1
5817c89cc4cdcfd842ddbef2e4d61d4213795a55

SHA256
8c7f61599638fbae9e7eab512c94d7fa5dc300f35b5eceff7e01a9e73111eefc

SHA512
aa4fb9d8c2b54a2a974ecc100d675c1338a9e35d4e93e89ba375934b6b85e343416412db4aa094494e04346076a3c64b0ec551415d92d9f7585b4733bce9184f

Download Submit
C:\Program Files (x86)\Steam\crashhandler.dll

Filesize
346KB

MD5
8b0b8be2a990e84f4c9aac90e17e9c79

SHA1
cad7fddfe6421c00c005aebe1267f1354e7980e3

SHA256
1e0a3e673d126c8407c3501c6f5910974a9a2604dc13efb92cd09accddf26eb6

SHA512
0c3962e8ed5f5192bd06b604c791865c3179fe5cf71685598e46f0db71b46158f6d124fed8a33c120609419e9d179991a0250db33d12f1b230d6a850402625e6

Download Submit
C:\Program Files (x86)\Steam\dumps\metadata

Filesize
664B

MD5
865b6e9229ed44934ebd2c8a048b38a5

SHA1
f84c9a37e36564c6f6d2c714d1fd340b08fbf5d2

SHA256
e48597faf34911b2532b24f5367acea41970b401a1ff1dd07daed0b1c6688899

SHA512
c37275cb6edc38d17588a9a09147e99107abc91e38be0a2d249700e4232da125d6cfe5410e3901123b8109318ca2ab93436c91d4150bfed161c91f2d0867d7f7

Download Submit
C:\Program Files (x86)\Steam\dumps\reports\4705e318-e65f-4a7b-b3bb-7e3ff16ac7dc.dmp

Filesize
305KB

MD5
63b45fe9d3877e0fc02ec025fef2ccf4

SHA1
171fd5477a5d0c1f37f85adc4f31ec7770bf6b3d

SHA256
1e947a92075dce474d1a42ef3f9411fa2c9daa4b619e61be1e1e02e210051ab0

SHA512
84e6c152c37a5a3a745ec429503d45cb1b09010b6381a4b13d639310831ed5db6fb9e0634568e5e2607902142ac14c0761c8109980561cb5b261b25ffa437069

Download Submit
C:\Program Files (x86)\Steam\dumps\reports\5a823b44-8c90-494b-8023-30a7670c851a.dmp

Filesize
303KB

MD5
56e787593edb14b61ebdceb263f648e3

SHA1
e1f97fe20a1118f0a882a0f74e1211da0d1e70c0

SHA256
ff995be36f8d2da482f2a39a8059b71d8421f547458ff03abb3d4222c1101225

SHA512
21f1f3daa77e739ce31ae02f88adab1421d80b090a803f1d78fcccbeb78a16eea9e087ac41ef0f10d5358f4d8b003eb18aeae0b19dba328a9a7bc1d2a7187201

Download Submit
C:\Program Files (x86)\Steam\dumps\reports\5c7306b0-0990-4749-bc8f-b32583ddf1de.dmp

Filesize
305KB

MD5
6dcf59a6c099f2cc3efcbf53b09dca32

SHA1
1396e515ab67f686ec60c3abefb435374606b743

SHA256
5da7bf21352419c2ea4964d6c86a2ef4e8d3f77f4054b3f49ab7b19d24455acd

SHA512
f1ecbb246f1c9d9ec42474d599bdb946b74dbcada4505f7046d38d53a20e9367eb660082e519f9f5b1712ac390d2498c8295aa548ea622141ff2aa199c333548

Download Submit
C:\Program Files (x86)\Steam\dumps\reports\cdd5a08b-4c06-472f-8ab3-6960da5d348d.dmp

Filesize
303KB

MD5
88bfe9478122bf845f501156dac1909e

SHA1
a0445304427af9b59e128c4984d34a1b40c59174

SHA256
1d1ebcf9b15c429379b7f649df613a4a4ffd0ef9ccaaf68221302de6eece43de

SHA512
a73f68eddebf6823b31dbfddb0e7379b0f514d6584e8538633123c0b83733fd88e0fb1215a7c03f36a73662e09cc0c15eb78347176cb72e95c822439a9a8dbaf

Download Submit
C:\Program Files (x86)\Steam\dumps\reports\f0e3dffb-4206-4a96-a87d-6d277107dc1b.dmp

Filesize
1.0MB

MD5
ba9e0bea81fd947d852c74c2d25382f0

SHA1
5bd7dc49b71c82e062286f7ccc8c32e3ec8b2488

SHA256
8da2ec05ad67548b7403ee0f9c48bdcfdee2c8b9667cb16c372a2d2d55629060

SHA512
c9ff86d7f033a58f6e3ecdd350aa83c9e05de2a9a3a6b1fdb2b7649eeeb8f85c87c616f76119af31c095f97f54be29d663fc85f89eda9f2495c1666ef8f6d989

Download Submit
C:\Program Files (x86)\Steam\dumps\reports\f9f2e223-4756-484b-adb4-7cff86ba0362.dmp

Filesize
894KB

MD5
71e3848a93ed83b824ed9a391cb3255e

SHA1
daad54f5305e35b9f08cccde990e6bdd7fdcdfb6

SHA256
3c4ec31473da791bc0b7d1a9f2d8548acc00d73eeba0056496083f82fa1ebcea

SHA512
76dbfc357b700b0da477b9c863c3ce6c89684f01353c79528b38c15ebaeb4eff098a310d3c4c56eb3441057969b16d241f8af12cb75fea0d9c0e68bc3db722b1

Download Submit
C:\Program Files (x86)\Steam\dumps\settings.dat

Filesize
56B

MD5
14fd578004d4cd90734169448fdee8f4

SHA1
54dc91b10757178d6123f7390d194c4427897769

SHA256
e617d37347f15c12b1fe4402f02a1da0126376a62a9497825bcef48b06f615e6

SHA512
dd81e84fc5eb4573a730810110b83beef016dac8b3b0df38266b30a35bb85dbef5fda50529bb19914d10080f6ff4e135620961985a6697089e3a7d42fffdf60c

Download Submit
C:\Program Files (x86)\Steam\dumps\settings.dat

Filesize
56B

MD5
ab80fef1e64e60f28a32e37c1493521e

SHA1
38af5932d12520c9213586fe555652364779c7c8

SHA256
09066b79fa6e074ae060173f37b59c7d14c7706b5d351f1177c30028fef95b18

SHA512
cb6464e2df70ab7f96c6933d4cd831908334b0682b16df933ae08c2d3a9a1be4bdd62dfff8178c29ed59fef210cb3506f7b3c54fa5a6516571e82a7a02cbefbe

Download Submit
C:\Program Files (x86)\Steam\dumps\settings.dat

Filesize
56B

MD5
abde8fb07c8a331a6c2657d31ae0da1b

SHA1
4d9206ea709ac941c3e4335e3a31442c0beb8931

SHA256
45d928cb7b3730acc35594813a6ab4289e4e43027c719c51be578d1542d5bf07

SHA512
0152b7d4fb28a5ab56e4513dcacd0cebc485e70ac0589ed5f873a9a039463e22a7690481987e141d48038b62742b3606cfee9f850460308c49a0a92566406fa5

Download Submit
C:\Program Files (x86)\Steam\logs\bootstrap_log.txt

Filesize
10KB

MD5
a9c38ddca0932e7164186d5e71391733

SHA1
fcd643fb356a885d325b18a78d84019d3b6ced9a

SHA256
fa13f93d49a0c0ff8f92811173ef4a6c1521888dd4f8f8108694a39b2f5f68c8

SHA512
5905b5bc804ebf50ef9d924ae2bb23e46d6e97b0fa8ce47c1bbf1102afbd4c3ab1095709aac2c47f2d45ea27bd5b66fa5f7c3a051522ee53da1de9ba212cd92b

Download Submit
C:\Program Files (x86)\Steam\package\steam_client_metrics.bin

Filesize
2KB

MD5
bc0870caa3af9f1417b98083809d4b96

SHA1
e82d3805a792a388fc3c3aff7f8e575ae43cc36b

SHA256
83884979544c7b8ec08a06a5118274cb87ec249235eada951a4a12b2e1bc4f53

SHA512
6bc123078ed30ce916d30d3f7b33bcc666bedb123d77a7938e4d237474baa494e3968235d84c62c94083e27377a8cf623e307af5d2c0a268ebf2c54138cb4770

Download Submit
C:\Program Files (x86)\Steam\package\steam_client_win32.installed

Filesize
468KB

MD5
40ce961398c6ad6146d6d7dfa8a82490

SHA1
b4855086b0dd98c6728ce296b966d949de4db7df

SHA256
d62fc6727e283e75889eabb9a214d3bb275e1e317988636bd1f31fef1f76b8aa

SHA512
2a89ade9e04486fa2b7ca385cfa5f362bd2641333171dde2bf386eea69f2c8b34a0db2d5e8c4d2c35aa6c0f7201c05a7099ce4926012d3cb72e84a5c117df3ee

Download Submit
C:\Program Files (x86)\Steam\package\steam_client_win32.manifest

Filesize
8KB

MD5
02b5961bd0e56bc64b88ddcf903fc42a

SHA1
6b38e72dfc69a1df2eabfbff33d8c8ba41fcf6b2

SHA256
bd6016432b150c897af0e8ea6a7ae8df353b67a5e6293359b79dde002cabd8e0

SHA512
1539f90f4822b34ec8a841e8482144625738173e2eef5ef33bac75cd4666a20a449b7009ddc4fa04cd53197a2e6cd35075bea65f8583d9eea36813bd964807cd

Download Submit
C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_

Filesize
15KB

MD5
577b7286c7b05cecde9bea0a0d39740e

SHA1
144d97afe83738177a2dbe43994f14ec11e44b53

SHA256
983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824

SHA512
8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

Download Submit
C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_news_mousedown.tga_

Filesize
20KB

MD5
00bf35778a90f9dfa68ce0d1a032d9b5

SHA1
de6a3d102de9a186e1585be14b49390dcb9605d6

SHA256
cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2

SHA512
342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

Download Submit
C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_bulgarian.txt.gz_

Filesize
23B

MD5
836dd6b25a8902af48cd52738b675e4b

SHA1
449347c06a872bedf311046bca8d316bfba3830b

SHA256
6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64

SHA512
6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_brazilian.txt

Filesize
4KB

MD5
0340d1a0bbdb8f3017d2326f4e351e0a

SHA1
90d078e9f732794db5b0ffeb781a1f2ed2966139

SHA256
0fcd7ae491b467858f2a8745c5ecdd55451399778c2119517ee686d1f264b544

SHA512
9d23e020875ed35825169a6542512ec2ffdb349472a12eb1e59ddc635e57c8fd65fa919873821e35c755aa7d027c9a62d3d0fa617340449d7b2c4cf8dd707e93

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_bulgarian.txt

Filesize
6KB

MD5
4c81277a127e3d65fb5065f518ffe9c2

SHA1
253264b9b56e5bac0714d5be6cade09ae74c2a3a

SHA256
76a6bd74194efd819d33802decdfddaae893069d7000e44944dda05022cfa6d9

SHA512
be077b61f3b6d56a1f4d24957deaf18d2dff699bda6569604aac4f1edb57c3cfd0abc5e2a67809f72e31a90b4aed0813536c153886da2099376964c60e56001a

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_czech.txt

Filesize
4KB

MD5
2158881817b9163bf0fd4724d549aed4

SHA1
c500f2e8f47a11129114ee4f19524aee8fecc502

SHA256
650a265dffdc5dc50200bb82d56f416a3a423eecc08c962cfd1ba2d40a1ff3f7

SHA512
f3594aad9d6c50254f690c903f078a5b7a58c33bd418abdad711ebb74cfbdb5564679593e08fb2d4378faaf4160d45e3d276ba1aa8a174ed77a5791bcac46f28

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_danish.txt

Filesize
4KB

MD5
03b664bd98485425c21cdf83bc358703

SHA1
0a31dcfeb1957e0b00b87c2305400d004a9a5bdb

SHA256
fdf7b42b3b027a12e1b79cb10ab9e6e34c668b04eb9e8a907d8611ba46473115

SHA512
4a8cdd4b98432ba9d9b36bc64aab9a2eab31a074d1cbdfab3d35a14216c60752b5580c41bbb70104993420043685d3bd47eb6637b8fcbb3f42f76a15e4be041d

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_dutch.txt

Filesize
4KB

MD5
31a29061e51e245f74bb26d103c666ad

SHA1
271e26240db3ba0dcffc10866ccfcfa1c33cf1cc

SHA256
56c8a86fa95eab0d8f34f498e079b5516b96d2a2f1ad9c2a888555e50e47f192

SHA512
f85865c1e9ab45e5586d3dd2b45d15265193e8a3c34b6bb1ac7e415a1ea878cfb044e8e01012e917e4f00bb9e0a422f56253f328df1bac99a145e19433354cf8

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_english.txt

Filesize
4KB

MD5
da6cd2483ad8a21e8356e63d036df55b

SHA1
0e808a400facec559e6fbab960a7bdfaab4c6b04

SHA256
ebececd3f691ac20e5b73e5c81861a01531203df3cf2baa9e1b6d004733a42a6

SHA512
06145861eb4803c9813a88cd715769a4baa0bab0e87b28f59aa242d4369817789f4c85114e8d0ceb502e080ec3ec03400385924ec7537e7b04f724ba7f17b925

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_english.txt

Filesize
4KB

MD5
555f3a1a3e2ba4f9a31c0e1c7906f238

SHA1
b0d8b147b34f4812aa5df61fe3b5cf227b4ada7f

SHA256
38c292abd86eb2a50eb4ea1a74efc7dff017f9183e0252892e9adef5f577119c

SHA512
bed445e47f14625063683cb7635500e91632bd7f19f78eb566f8d7ea376ebdcb3994eb4e9d68b7e33acac17dec86c58652f73cb1b85251dde274f2b51741c765

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_finnish.txt

Filesize
4KB

MD5
9e62fc923c65bfc3f40aaf6ec4fd1010

SHA1
8f76faff18bd64696683c2a7a04d16aac1ef7e61

SHA256
8ff0f3cbdf28102ff037b9cda90590e4b66e1e654b90f9aea2cd5364494d02b7

SHA512
c8ff15373b37e848e6239a82424569e77c82a5fc557d17e7d2ed1d0d2b2f7d026cc1e2bc98cb5ee945c02cfefb82803c23fa6a26f48ff0adcf762f94cd5dd035

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_french.txt

Filesize
4KB

MD5
10c429eb58b4274af6b6ef08f376d46c

SHA1
af1e049ddb9f875c609b0f9a38651fc1867b50d3

SHA256
a1f6ba57ee41e009d904905c0ce5e75a59ee6790e08542561303109e1faafa13

SHA512
d8760f61760bffd8671b727d386ae220e7e6e68829a01553cfd5eb60ef8bd1d7c1b25e7b17a6db5bd17ba6712ef44999726764459318e784843c73bc4facaf46

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_german.txt

Filesize
4KB

MD5
5c026fd6072a7c5cf31c75818cddedec

SHA1
341aa1df1d034e6f0a7dff88d37c9f11a716cae6

SHA256
0828572e4fa00c186dbf1d9072a6154d65cb499c6a37e338f3305f77a2fee382

SHA512
f9d28714b2a05f8d9025f1692e4d7e8baa6daf6176353f65646a38814a242ef2adededa44419edd69f10cf96ffba506dab7cb6e52111457bf69cffef12174b12

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_greek.txt

Filesize
6KB

MD5
189ba063d1481528cbd6e0c4afc3abaa

SHA1
40bdd169fcc59928c69eea74fd7e057096b33092

SHA256
c0a7a1df442ac080668762df795c72aa322e9d415c41bd0a4c676a4dc0551695

SHA512
ce59ad9b17bab4de1254e92ce4fe7d8c8242832f62ab382e8f54199a9932cd11b5800cc33895441426373d5210cc74104e0271b721a7e26ed400b716ae4d5903

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_hungarian.txt

Filesize
4KB

MD5
18aaaf5ffcdd21b1b34291e812d83063

SHA1
aa9c7ae8d51e947582db493f0fd1d9941880429f

SHA256
1f45bb7bdfa01424f9237eec60eba35dc7f0dc4e8c2e193fe768fe96d3ff76d5

SHA512
4f3e56d1abe26b56d3f805dc85baaca450c0c7bec57ebcf8a6bb6ebb8588307dad130c83bf792bac76694909a14fd6a4d7d1e9b31e32fba11256343b9fc18154

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_indonesian.txt

Filesize
4KB

MD5
1514d082b672b372cdfb8dd85c3437f1

SHA1
336a01192edb76ae6501d6974b3b6f0c05ea223a

SHA256
3b3c5c615fd82070cc951ab482d3de8cb12df0b3df59fbd11f9d3271fa2fbca4

SHA512
4d41c945ce7c94746875b0dbceb14811d4966de4e97fe047406a304162fde7e1e2a16367fc2e43978e2e5aa66749f036b4444aa2312673c2cc3af296e8b77f55

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_italian.txt

Filesize
4KB

MD5
8958371646901eac40807eeb2f346382

SHA1
55fb07b48a3e354f7556d7edb75144635a850903

SHA256
b01ec64d75fd1fbd00fbeb45a3fb39244911a8b22bb43de4e0c03f205184f585

SHA512
14c5dbb017822336f22bf6779ccd4a66604ddc5f2c3caa24271e96f739fef007754d96844efa422d6682cbcd2d3bc902c36f0f6acb3eb87ed8d7b3f885973554

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_japanese.txt

Filesize
5KB

MD5
7e1d15fc9ba66a868c5c6cb1c2822f83

SHA1
bfe9a25fdc8721d7b76cecb9527a9ba7823dc3d7

SHA256
fc74e26a8baabbe4851109512d85173b75dbf7293d41eb3b92a1957a773c8265

SHA512
0892be14a858cc860766afb1c996b2c355108a7e50971ea3ec00d15069e919a6eb05a61fa839bea3938492c391e274144c5e248f4c204a602bf36adf27e5b406

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_koreana.txt

Filesize
4KB

MD5
202b825d0ef72096b82db255c4e747fa

SHA1
3a3265e5bbaa1d1b774195a3858f29cea75c9e75

SHA256
3d1399f5323a3ece1b1a8b3b31f8fd7f50c3bd319ab3f1c38c6e347452c95314

SHA512
e8fc7cc09f431301d22a07b238179ee053505090e3c4db30ead061513fe7159f1fe8b80efc93f4597fe00f01087bbe0bb2231e13693d72c8def138657cb91566

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_latam.txt

Filesize
4KB

MD5
7913f3f33839e3af9e10455df69866c2

SHA1
15fa957d0a6a2717027f5b35f4dbe5e0ab8ece25

SHA256
05bc1f4973c6d36002ac1b37ce46b1f941fcb4338282e0ec1ec83fb558d1a88c

SHA512
534e541757d19ee157a268bf7ea358b48015f400542fcfa49cdb547cd652926160f015fe2cf026d9c4996e56ab90ca3899dfd457997d915bf6bc9d7bb00ba804

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_norwegian.txt

Filesize
4KB

MD5
58e0fcbee3cca4ef61b97928cfe89535

SHA1
1297e3af3ca9e4fe3cc5db78ebbfa642e8a2c57b

SHA256
c084a68b65d507eb831831aa2ab9afb9536cb99a840d248cc155ff87fad18425

SHA512
99aff0c481e34cd0e4fcbb2af471afb56d91aa11be664462b08e17ae169ca03ef77e7063b4ecd0f38ca7b2f6dc0bf2e316c7b31dffbbcfc763cd8fae27dc78d2

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_polish.txt

Filesize
4KB

MD5
9b0b0e82f753cc115d87c7199885ad1b

SHA1
5743a4ab58684c1f154f84895d87f000b4e98021

SHA256
0bdeee9fa28d54d384e06ea646fbcfe3f06698a31dfdc1a50703ffe83ad78d32

SHA512
b7780b82fbe705bc8e5a527c011eb685c99ef0b2eb810617b9f82b891341af95ef1c2f46dce9e458c0c4dcc3e7a0d21db6c77f03419cd1c4b521a9b72f9017df

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_portuguese.txt

Filesize
4KB

MD5
eb8926608c5933f05a3f0090e551b15d

SHA1
a1012904d440c0e74dad336eac8793ac110f78f8

SHA256
2ed2b0d654d60e0a82b0968a91d568b775144e9d92f2b077b6da75f85ad12d04

SHA512
9113c42c38836f71ff0cc7019aff8c873845f47fbf1ab97e981cb038f4d8495b6df784402b1ee9666e8e567ae866b0284c81e6a16efb47131d5ef88569c4843a

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_romanian.txt

Filesize
4KB

MD5
6367f43ea3780c4ee166454f5936b1a8

SHA1
027a2c24c8320458c49cd78053f586cb4d94ee6f

SHA256
f8d1972e75a320344e3c834ba0a3a6a86edb39e20ef706bda9b7965d440d1998

SHA512
31aab33e0d272cb43a8c160b3d37256716a683e5052192fd0e4d3cdaf30a10a9afa9d26d5d14ad216ee455627c32892a711d2bc137ee7a7df9a297f001a19e32

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_russian.txt

Filesize
6KB

MD5
e04ad6c236b6c61fc53e2cb57ced87e8

SHA1
e9d4846b7e6cc755ee14a5d3fa45ee7d3bf425a4

SHA256
08c775efa77c2a92d369f794882e467b6e2526e61bc7aa7724f48e174524502e

SHA512
0dfb7e6d811d649103499018f3d115c542fcaba420ceb69124a4d837fe162ce514e7be2040860c5ef5f9c01c961fa6eea8730606b73ec107d87597989b6fd331

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_schinese.txt

Filesize
4KB

MD5
56dcf7b68f70826262a6ffaffe6b1c49

SHA1
12e4272ba0e4eabc610670cdc6941f942da1eb6a

SHA256
948cad1bb27109e008f2457248880c759d3fa98b92c5b4033b94f455cb8ac43f

SHA512
c3fd9caf0bd4c303a7cc300faada9cfe6dd752e82d67625b31f4c0c2c091596508bb477fe19f758fdf79b25b8ac3f5320a8785d2b6705b9bcc28a054a59454e2

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_spanish.txt

Filesize
4KB

MD5
66456d2b1085446a9f2dbd9e4632754b

SHA1
8da6248b57e5c2970d853b8d21373772a34b1c28

SHA256
c4f821a4903c4e7faea2931c7fb1cf261eba06a9840c78fdca689f5c784c06c4

SHA512
196c2282ba13715709ece706c9219fe70c05dd295840082e7d901b9e5592e74b1bb556782181cdbe35bd1ab0d6197fef67258b09491fabc6f27606dbed667d49

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_swedish.txt

Filesize
4KB

MD5
b2248784049e1af0c690be2af13a4ef3

SHA1
aec7461fa46b7f6d00ff308aa9d19c39b934c595

SHA256
4bf6b25bf5b18e13b04db6ed2e5ed635eb844fc52baa892f530194d9471f5690

SHA512
f5cee6bba20a4d05473971f7f87a36990e88a44b2855c7655b77f48f223219978d91bcd02d320c7e6c2ec368234e1d0201be85b5626ef4909e047e416e1a066c

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_tchinese.txt

Filesize
4KB

MD5
194a73f900a3283da4caa6c09fefcb08

SHA1
a7a8005ca77b9f5d9791cb66fcdf6579763b2abb

SHA256
5e4f2de5ee98d5d76f5d76fb925417d6668fba08e89f7240f923f3378e3e66f6

SHA512
25842535c165d48f4cf4fa7fd06818ec5585cc3719eff933f5776a842713d7adb5667c3b9b1a122a1152450e797535fc7a8e97ebdd31c14b4d4900a33ede01f3

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_thai.txt

Filesize
7KB

MD5
53f7e8ac1affb04bf132c2ca818eb01e

SHA1
bffc3e111761e4dc514c6398a07ffce8555697f6

SHA256
488294b7faff720dc3ab5a72e0607761484c678b96d6bcd6aad9ee2388356a83

SHA512
c2e79c2505a6fd075df113ffce92ad42c146424ca39087601daa4ed15a2b5528d478a093921d9d8a738c7b6b963275a0693ebe526b6e2135d14ced03639d0e70

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_turkish.txt

Filesize
4KB

MD5
29f9a5ab4adfae371bf980b82de2cb57

SHA1
6f7ef52a09b99868dd7230f513630ffe473eddf8

SHA256
711675edb20b3cb70acf6cf75f2eea8e0d87c8ace3e11c8df362b4517427a34f

SHA512
543fe63f791250e05e8fda24fd2ceadebb4c8925e8927de49ae490895c87eed3e61a9ad50237532649f99fe3165836261de215ee3f66ffbfc6d677ddeea7732a

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_ukrainian.txt

Filesize
6KB

MD5
cadd7a2f359b22580bdd6281ea23744d

SHA1
e82e790a7561d0908aee8e3b1af97823e147f88b

SHA256
3dd0edfbe68236e668fb308f92fe7c6493dbb05bfca85a48de93588f479ccc99

SHA512
53672dd13e6ccbe96f6d4a61297c595b6d6cba8de92caa51ccf8ab1d8a82eea5a425eab348f295b9ec27de0026ef849d9230f751a46e040be8863923f91b8519

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_vietnamese.txt

Filesize
4KB

MD5
f350c8747d77777f456037184af9212c

SHA1
753d8c260b852a299df76c4f215b0d2215f6a723

SHA256
15b6a564e05857a3d2fd6eec85a5a30c491a7553d15ffc025156b3665b919185

SHA512
efb86809a0b357b4fcd3ba2770c97d225d0f4d9fb7430c515e847c3dd77ee109def4bef11b650b9773c17050e618008fc03377638c1db3393ac780b5b0bc31b2

Download Submit
C:\Program Files (x86)\Steam\resource\filter_banned_english_cached.txt

Filesize
1KB

MD5
009ca439b8e68dbdb83850d51b07c736

SHA1
b8dd1986d15aef3dcba09c954577c780b549c582

SHA256
4bfbbfd0114ee78d7795835c64aae6dc6b525547748c5dd1150d7d1ff8757c43

SHA512
25e90b8b737b30879ec9073457cc7b30bdc46ed71b8885ce14f9c1946476d65c6bbdd0ddc19bb09c406cd9439837aec5c8ad007dbb5a4378842e1634429b093e

Download Submit
C:\Program Files (x86)\Steam\resource\filter_banned_english_cached_timestamp.txt

Filesize
29B

MD5
b69be32ed41a5822ad82bb38f7d98aeb

SHA1
cc4ae61e18cafb31d9e62072b83fb842335a18fa

SHA256
fd73d1790d087f33261ee34e87a820ed07dd94e140cadc22437d004e87cdc4f1

SHA512
73621eb67467062b286246a44cd6e853b23ff3c6d9f54934120f200d215f805cfa5698bf208224d3bc8586acd91e6166688bdf849b95a84df6a6743b24b32b15

Download Submit
C:\Program Files (x86)\Steam\resource\filter_profanity_english_cached.txt

Filesize
2KB

MD5
0b8f38d6f219adb6af9a46e34c8b55c5

SHA1
abfb7eea3e2073ef536ef4c020b79dce54028174

SHA256
c6cced2a542c64817209699a48ba5c17f32ad47a5bb799d395d707f665378de8

SHA512
4a4dcd5efb3433f23848b7bcc18a430f05107985e48f280874f0058eac863b3ddac9f849ab55271f619c026a6282387f553f1ec25e16eba7cb68c850f314beea

Download Submit
C:\Program Files (x86)\Steam\resource\filter_profanity_english_cached_timestamp.txt

Filesize
29B

MD5
4e220598da45760d1ebbd91d987dd890

SHA1
88c9f49ceaf499f35366044c2fd19bea769bd8fa

SHA256
c8d426545ef6463abea4d255844a510778a665287822fffdcaf6a152f7d19ef4

SHA512
97517c64e0801a886c8a7afd415ef4dffcb52425aefde20c315de7edd23dfd81fdae06479564294082963ec1423ff2aa33c3fd8751e248873857e1dc2028de8f

Download Submit
C:\Program Files (x86)\Steam\steam.exe

Filesize
4.2MB

MD5
b52c89b709394038e3ab592831dd5e35

SHA1
e32eded6e6d6f4c846a25119dda83afb751898c1

SHA256
7d0ca9b7dee8c4b3d0ea55d5dd60ab7343bfafb4019d8b33578ede69d6f6ad92

SHA512
288bb968dd7f96f463801da6a11904cc140ebc97f62d72185682549901bfe43863cf4203435d3221e72de1975ad1edb4bfc154fa48f40a45ef0e126c8aec9ac9

Download Submit
C:\Program Files (x86)\Steam\userdata\881427462\7\remote\sharedconfig.vdf

Filesize
165B

MD5
96d1836c9889bc883ef5a7575e8bff71

SHA1
4183e5a9b4bc81bbb5871e5aeb53acd09718a356

SHA256
8344dfed62fdc587d0455b05822d029f712efd8e6c4e55ee826ddcd002f3e912

SHA512
9f27777751d34be85adb8c33ab2ff314f1e0b052a753193815c1f09fe00003273eb2f3262bb5d17be09bb3b6394ca112f73784f04da26b54b9e75041a460a4e3

Download Submit
C:\Program Files (x86)\Steam\userdata\881427462\config\librarycache\431960.json

Filesize
16KB

MD5
c735a896fe3741800980d44928aa08ef

SHA1
84e74643d5c04048deee1eef6da3d754edd282d5

SHA256
5ea45ec19d551684a0d5f856282fd1ac04a50490bcd0e2e8229ed78c435a061d

SHA512
917c709f3771ed6623d67beb26c7f3c309c37ff07476931d7a407e390e7eeada437afd0c302ac98c4533eec949b3cda2025433560127850f21b4675a5aa94770

Download Submit
C:\Program Files (x86)\Steam\userdata\881427462\config\localconfig.vdf.async13344.tmp

Filesize
25KB

MD5
0443d60a5cfedeadf16ba052c309012d

SHA1
6299a39ea78f9ff79cee5dcab638b9e30d77b186

SHA256
946d24cb25a2676b98c4399fa4d318d8e3671d1dad2dcb42830a2a0d8c6e80cd

SHA512
d8b954fa436d25ded07d12311d1f67d8522ee8e91c84aab89e35f0dfaf480af66be6c35d5aa4ed7085b6f53d38c061bd6139ceb8a94dd0c27ffcca6489c1510f

Download Submit
C:\Program Files (x86)\Steam\userdata\881427462\config\localconfig.vdf.async13344.tmp

Filesize
33KB

MD5
6b9935b5c93d1d8f2f8c35e16217c38b

SHA1
ee3b8b0038f20e6098fa0430ca810ac20d2e4bcc

SHA256
a37f89a2ea76162366a607691d3632831a0cb1821fccfb571f9922711feb7107

SHA512
451cd8c853cdfa1ff9f5e76bd90f07fd1b79f7512a33d042d55cbde60b200cc245b3acf05751d73e281e135402f587a4ed9d71a90f873b087fe9591b9d4a4cd3

Download Submit
C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping7232_578378194\LICENSE

Filesize
473B

MD5
f6719687bed7403612eaed0b191eb4a9

SHA1
dd03919750e45507743bd089a659e8efcefa7af1

SHA256
afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59

SHA512
dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56

Download Submit
C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping7232_578378194\manifest.json

Filesize
1003B

MD5
32ef54fcac37d3d390c05880067559d6

SHA1
ab44258473c7c1a920596ccc33463a765e5fe60f

SHA256
d97f5e50808d1ef75bb241df2dde8f7293b9bfcd498dc525e258c97b39564211

SHA512
3bcdd94edb8b0df2d1684ef865f9711bf544c4c4f6adde927611b648dab2776e398e3b29681369a80e8c7ebfb9cd100ba8469ea69c5034ec023c796d8cbfefa0

Download Submit
C:\Users\Admin\AppData\Local\Steam\cefdata\Dictionaries\en-US-10-1.bdic

Filesize
441KB

MD5
4604e676a0a7d18770853919e24ec465

SHA1
415ef3b2ca0851e00ebaf0d6c9f6213c561ac98f

SHA256
a075b01d9b015c616511a9e87da77da3d9881621db32f584e4606ddabf1c1100

SHA512
3d89c21f20772a8bebdb70b29c42fca2f6bffcda49dff9d5644f3f3910b7c710a5c20154a7af5134c9c7a8624a1251b5e56ced9351d87463f31bed8188eb0774

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000003

Filesize
22KB

MD5
2ca978f581c775307bf808a9bf46840d

SHA1
fbe0afd53ce64dee5bc4f8b4fb9e040241e77890

SHA256
954ad30a39e0a15d1430e516787f19c4c33b73d7aece2de01ecba4a6fb4454f0

SHA512
0530486db6062ea295c359e909ebd2aa46e9e042736563f3af2b893eb0a3a7b8bcde00028d86ea314713ffd9007b8e6d76da61330da0fd9afd0ab9892bdd225c

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000007

Filesize
71KB

MD5
b24f87b70615250dac38a8c333047e39

SHA1
b58ec37e86e229088ae09ddbbad0bdf266a263fa

SHA256
f8a2ffdcf240bf4e2a8717947918c7941bf397c464eab40a50bbc8d48dc9ca2b

SHA512
d706e7b3a22450278b67eb7f43193b9a81f171e8506320e6cf202cb97d0ff016f8ab71a01e46edeab11e295546f5962ae18ec334ca85ead7b02402748394a72a

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000017

Filesize
40KB

MD5
23dccd50c1598cf87c321dd0e788e2e4

SHA1
4697f41531098e96b97de4ca6626fd86621efb1e

SHA256
167b5e3d2fc6a069ef986144f71f70ca1ed8c4332846757c8aa4792703420635

SHA512
00174629a41be7b3d69e0ef03041aab41adae416c39209934b8a9c3923350010ddf01ce8d37cedd6bd57769796b41ee3c18c1b393726988039b556416c20f676

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000018

Filesize
54KB

MD5
01479f6425cef7d3916de6efef4de5e2

SHA1
e24daccd3210c485d3bbd8ebc12a11856adef93c

SHA256
47e6086ce814d78deff1511b6c174e633610b0abcf1b4c60302109902faf6a30

SHA512
f930c3bd66cf87ac91dfbe5e781aa8f80961913c221cd8549783c00027e014add050d9218e8e6ae2b1249f6ca874c60bb46dc8bfdd1c2d87c7967c90a1363414

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000019

Filesize
17KB

MD5
09d3139ae1f090834b86ff1999fdb9b2

SHA1
063201fcd46058bb19607cb5716a66cbb12752a4

SHA256
adaa3809464e70dfcf7910a5b28f9b4275a202cd97dc03621b55cdaebe7f7bff

SHA512
a605e29144da332d07fa01c80cf479aced342b1c7142f1415a5db460a11bb6811bfd0c3f63900dc8501e78d5316b9f07879187297c5b5158ffa964e4bd2118fe

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000057

Filesize
37KB

MD5
37249efb1ff0fb8862809fc2c58702d5

SHA1
03cb2c33339c48f6ecf6c5ce1aace10cb9432cfe

SHA256
ffd7762321205b1c21d32e79205493cfbd6db48c327c97b57dada1784cc83cc1

SHA512
4f0e6f713a73f6a2e41a2ce15f8c5d17a65bab2db1d2619dc67b6bb83c1cc3834748a256cf7f7df729a18a02ce0dfc2f9885783981f31249169d9f380385cc38

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000058

Filesize
1.5MB

MD5
220d457252003a47bd6c120b059c2a92

SHA1
35f68a1017339b27c98a64d87540d7adcd241ad1

SHA256
4d1f5f98d7e42ba4338d0388fb386344d5c374a47d45fde1ef5b3606080f5e8f

SHA512
7768d3c36cc77be7088a1ff5529e6cde2ccc1b0715c8f3dfbf7447685414e7982aa0202e85fb913eaae8be4ec70d3a8c5d09953e7f3ce524b97ba8d266f91d5c

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000059

Filesize
30KB

MD5
81d72046d97e4e906981ee8bfbae3a7e

SHA1
5dc528721d51b10ca551605eeb57f3113ca776bd

SHA256
e3da38ef8935759329b8b15329c698dc013f378b39bcecd32111da2fb03117ca

SHA512
b60212bb3dd7615d70576dc6d72dcb2a00b4878b5cac19353dcfc8962ff6dc3203ae8b47a3a0791ab8c4b92ab55892c4fe7f8371b7ce83ae8ac80aa9ed110624

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00005a

Filesize
16KB

MD5
cd2857254f5723fc0ae891f409f2a8db

SHA1
375a0d07b7ca81968b7643b0f31919594eb936c1

SHA256
1968fea6aebadc20e7b5c9c428e6c304861d16eeb4f04a9f263efbb95335f089

SHA512
d394d2a81483d643900a4e27a539d283d2f95bdf131f670cb001ac893a0452631000603f29511b8873080e909390d23be5f24e851c101015f5ccdadea56a849f

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00005b

Filesize
19KB

MD5
755a0facebc712fbbc2d00f8cc1190b5

SHA1
865df5decbf1409f92165575c66b95ee2f3384b3

SHA256
b3ffe3714cff36ff7a8c311fd7c53682f1bf9934ca765843386b707e097b9643

SHA512
970490d56d28c1d3d15082aa0c66dc6b9d5f7b8368c85a964ce788b9aa906ad1c072a66a9db5b92bc64730f3408d2011a081cc7efeb989c2828ce0278acf5ddc

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00005c

Filesize
36KB

MD5
47d88f0e30322831ac51429e321af624

SHA1
0a3a50ae8c9d61a6d96b872f91b4694187be0bcb

SHA256
ff066f3e1ab3028b7bf326825772da1a50d4c9bfe92ec0abcb52f17ed996482c

SHA512
416fa132223c396c6ec4ba581383ff0859ee02a7e73acca4836df0e8154600cc9cfa4249832d0370fc7c45232e0114994e7da36d094cd459a6f3c77be539cece

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00005d

Filesize
43KB

MD5
3435b5e803ce93af7bcbbe4053982647

SHA1
9f0a8e528884ad4e9eb7f8dae177db117cd21d64

SHA256
b40af2e40a654e04fc0a98cbc5aa0acedb852c449e06549e3d2d833022ff0280

SHA512
d479b10beee12d39ffc80991a334dfc8630a439d8ec8524108c17a8a3e3e99a553fc74777ab33d4331daa60b0b2691cab324e9bda2198b0e0db0260cd82ae160

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000064

Filesize
18KB

MD5
af848941d02da72037a50f6a9661827d

SHA1
9a0e0c4285fa9a2268bef5c75e7ef58e457017c6

SHA256
db0c6018c203cb527e842124c3ee9dc9eedefdf6d3e9b5e57f7767b89dafa211

SHA512
87d07c886603bb9d9aac7376e962787500f9e016a8d082d447844891245cce9b30b47fc8f80db524db2536f836923b88f49d3baac6bcbfcca6cd096bf33d1188

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000065

Filesize
1.1MB

MD5
131d06731c3d240f5985b12e67d6f374

SHA1
297eedc5a98687ac1413c397a68ef2acb80d1137

SHA256
7ee0714a0ffa443dfaf8a6f680d8218d02d89a5855f90b04ae20647387810319

SHA512
df9968395e43d1a632ad91ce2ab7299fc35ae84e15e7fc44d38b3fbcefdae910e89a26a67289459430bab9b6d2aa32e03edc599c6bce7a71899cd8907bc5e9eb

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000068

Filesize
40KB

MD5
e6845a89706eedb205b4980e3baa5a28

SHA1
01f11f35813d5c8211ac9e2c29a143cea441123a

SHA256
768edab1ea3c4580ffcd3931eb6b3776961a73094a20c00fb2299382a53e8ef2

SHA512
443185d5552ecb0147bbe6d6c2949ff83f762f0e6dba91bf02e252c2c21bbecb2676ac9faeb95254d45cadc0ab9bb360d0dd7d178e8afd2e028a30082e90a95f

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000069

Filesize
54KB

MD5
3a793d201ae7d3ac1df26c1d52f1ff19

SHA1
f19435b373f0571ff6ea27ba442ba77881a6e8a0

SHA256
84aca40fb20fcb64684490b3482984422e37edbedffa4f46904cf0a8a06d6eb6

SHA512
180e3ac53589330ae5b25811b5a7ff9322f1751d436d6574fd4b384d83232f612d32780f79b50d2fee250e7e76d2a7d4bc9ab5ae1ac4d1acc5b798a9c4e9ea77

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00006a

Filesize
62KB

MD5
14aa20f0ab9864f005437e85b5574d68

SHA1
090258bc33c0cc7460d9b43ac1f285c913dbc2e5

SHA256
43f53ceb209a9bd60346f39c931c95cb666ed2174b7687136faf66ff792533e6

SHA512
2dffc6be9fb5f2884ea1df6546c46e5f04cb543a6e936e660b199c88580609b06bc4b29325892b027f7c42eb74f75e1c4b9ceeba7c4eca2a1beb834ee8138845

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00006b

Filesize
28KB

MD5
e16eb71fb27169f61e4c617a723c9fd5

SHA1
2816d99f7703976607e33dc99c21e2a68f521159

SHA256
db15d5f6ca96fd09c8e89775d4255409ea52374aac6422b1b534b5f4616ada81

SHA512
92298917a98547062bd30a46dda9b8a7cec4927ef2f2d08cf62ed5102397ce14dc65ccb44a8538f5a97f0842c061385f43fa6114797d9cd8ec9fac67f7b36b32

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00006c

Filesize
20KB

MD5
7708793bc4894155d117a1b1410558fb

SHA1
4783a472afec2be2b6ba915a7c446816ca30149e

SHA256
dd3972b4c751a41127e0f1b5bcce759ec81ce86b1fd73a513cc82ca4f3591b83

SHA512
c42a3e57d21b6ccce91e5947e4f8cdf46b7c335d6bf3dca2016efb54f9769ef19ac2580fad3ebe6493ecc3c2e65138a5b2e2aef9ac64c967dcb5030fc046e92d

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00006d

Filesize
16KB

MD5
9a28dcf7b7c384b5fc00124e9f9720c4

SHA1
f5aa40e8c2a19f7e3adc97ed46a40bb833a21a9b

SHA256
89625bf29cc7264fc5804f574feb255ba09300f2b91ecc63d2b5b72c6eeccff4

SHA512
bdc3b702e48f4f82444d4c30ada603d641bc4646162bb4d143eeb735907296a5b6227877913351ece923c1fdc4e98faac829be65d93122533168340987a8460d

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00006e

Filesize
37KB

MD5
895dc68252730d4b5668f546427ef95a

SHA1
f782e1154b99a2addb4844c34d0f9a14beecd034

SHA256
a143bea47cff21e9bf8daa3596787d1990a0e2ff683f5178528cccfdba3d1bbf

SHA512
a3dc6da7574b00cb69a03807cda6d59228c37eb6cfd65840dfc3c136c1611c2157eebbf778bda105efb15d33f8d1b366b1691ce9e89c0acc5230a2fc2685907d

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00006f

Filesize
104KB

MD5
e2550d5d3f96b56220702049c36b5a63

SHA1
beb11253d0cf08af7d9e1c44c5661123d83141a5

SHA256
560d506afd265f5f52af33624d3846d042706da2e02951b1d473ef2f90d3f263

SHA512
9c235cbd6dc8fe7823a30d9129979641adf7b13d48f74886659933d585d8a1498bafa3902c950c009fc60af5f18ec46416b23eb0464482a4c9c69d5dbb013094

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000070

Filesize
43KB

MD5
66bbcc095f4aa54176506f731ac8ed78

SHA1
956f44dbbe1d0d7856e912e57acede3f38023463

SHA256
cefa63371cbe08259715d6ea3e5f404b1200b5041ab7dc54e1d28da91d1404fd

SHA512
7cd4ce27acfdcf47b15e71a40b6d995bd6b51ed8dd021b3b73f26a9dc3dc0a61279561f19bc63fd5454fafea82c861c4152627567fbb81936cfe157e12c36b37

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000071

Filesize
34KB

MD5
1f90b2dd4ed2384dbccb55428516eb44

SHA1
efbdc1790471a526d5f45841cfe583fbadd6c6ec

SHA256
8fd87e7e34a403bffe49854565ad3e26cdcb3ccd549eb804b22244e9d0dbda9e

SHA512
780f95731fe2812bec0b1398911d31c3dbc8116b8bfdd7ffdaa64e6a49bacadb31299d16995edac1dfcb4971436cb26a40d294a08c08759cd4df86a743a799eb

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000077

Filesize
131KB

MD5
ed96af112ae58cc87d257e3a15a15058

SHA1
2fb2963ca13d8e2dff6bc71e9ead9b0fdc686cd0

SHA256
fc76b07c4a37f312ff1883efefc994e48bfc407942abbe823d665d46c2a883d2

SHA512
16adb69862af3c24cbf37be97c366d441112222fb4f39938295e89cee92344914c346f5672d146a1edf0008eed491eb66cd91615318374a4a9e12598ee48224e

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000078

Filesize
271KB

MD5
ea82891847a83af85f0b9a1cb1f8b6ba

SHA1
4973033dc32ace470c109942ec61c54bc423033b

SHA256
7cc68cfb72d35bd8561a64e55b9b27a6dcf0d0d6d828ff1377fa33e91fd79ac3

SHA512
722099a66e7aeed8af977f91248c6ccbc1f669c6c52ceb957198b1a1df68957bc6ad941a46dc66f63aed36e3e20e7db4129abb0fb8bc6b7335d17915c302a833

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\1e65fe5adc99a419_0

Filesize
333KB

MD5
83fdf0560e2a120f33726004e2868655

SHA1
85949357c77eba8c8a0ca4bb0b68cc7fb8c58ba6

SHA256
dfca90fa0e84bbdf3bde138c2503fc435a3ea543c2215fe6cd46076ebc219766

SHA512
73a051cc8f40f2c338004ac5bf9658777d3232428d6ce61baeb95f48762999943f05968814f58e8a5a3d4f63988fd55216152663ec582bef30a5e7f31a47bdb4

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\260520f90a4d1019_0

Filesize
356B

MD5
9bd7fa46b3b3e34cbc4fadeecb44e402

SHA1
315d551d81f8cdee4406008b1e24778cbe1c0ece

SHA256
c2103536fbe04600566a541d43ea35f556c58fe37edb61c74c1920ad7993ded9

SHA512
f2cd96127bd406999cdc9522bb950cd124f0a545ef6d9ef8e31796fe8ca6de0aa036fc0b20e34360b97b98d451a02cfc2820b5aa5d11058a7842e5fdab6a6320

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\3442af6088c95e17_0

Filesize
354B

MD5
79d0be3b2fee3d050bb6af812c878625

SHA1
0ad2a2b8d41192d35c8b768adc2ae6493c8ed5ff

SHA256
3500a5c5489e77517bed1d60b9516941384cfd2ca7b8ad79f3700188a3ee2403

SHA512
daa6f8571815e1c987a662bfe11b653f3bb90d2677fa7909ab266ef97257a5bc2c2871b711d374879d9c1dd952cd97e81c4e4318be0e53fd01f2fd18b524d587

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\411317948530e947_0

Filesize
420KB

MD5
e78d25796ff29b1a11863e75ef50ec27

SHA1
326023520558253669accfbba1b252139c3eb774

SHA256
0fd1b08bf2d3c8b81c181864bb5181453a197012b8935ecf69dcca98aa5a9ec0

SHA512
21e692a157d8ecd19da74118693e87a8b0633a8cfa4fd7b70674eb08960d27224f6ac8d1381cf9c0f884f3675f6b280e8af61e0e468090328bda35d5d349b018

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\a61b486d66c804c8_0

Filesize
355B

MD5
5341e80eb9555fabd0862a865b6745d5

SHA1
4e4547e10912f01780d5f120ed91b77283559c5b

SHA256
aadd6162ea657d6c04443bf0bb452576be661d62a1990eae97f1837e0484f227

SHA512
409bef6a867562d8635e28c2d19af86797334855364a7c2c3b7714a900bfc202267c99c0b6d3a0c34ba4e1990fcf72f46afaf2b9d9b37d8ec22df37c574308bf

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\dd382831bff82181_0

Filesize
450KB

MD5
ce631a0f9cd62497d53ce60f6fd5587e

SHA1
691cf5c991c4f8b3230e2836904ea75dbff0d16e

SHA256
15281942f3cc3f2b0f7e4029ce0aee6b2fa7ba57ec4c937faa89e7c9907ab755

SHA512
07b97d3e6ee9028804b465955b2b7f6abaedfd278e6197df723de348bf7da2b144a097917f869acd9db2bae98afad270e3c2b599f15c643e3237103dd67ce84c

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
c54e38e59637f194cb07685ba9c8590d

SHA1
da5bf301ab32b86a8b258f8a2f72a8d3292c8865

SHA256
1f54f98e5c827826b5ab90e273fd090ea20be65d80745590187e67b81047d142

SHA512
f6430db5b56fcaebc7a345794c7d73247586f91aca80c5a7a60a46a4c8b440664b8ff98a7ee81154f31413d21e3f8ec1689da2b45bd7a472afe005de3a3137d9

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
307e9f02e0541c4f5e8f4698b4f6990f

SHA1
3677772e7737af6615029a24f0d6e6c69a984e62

SHA256
086750e93d5296e33750983f358862864c20c169a8c85e251f005dcd02f825d0

SHA512
2a98cea24cff7f679ad2974785e5e698353237193ef095f237a793b2d36a54330036b1f160ec4fd4d5e257249d8edc52b517219f31ba9b785a0fff18fb5b2f82

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
749e150df1ec11f3904d659369fa4335

SHA1
d465d977335ce9afda5946aa06ca5c70d67a545b

SHA256
62b3091e18c769a580566a751b0f98bcc59e2dda90e688a34ea868404e0847c8

SHA512
9b61255abe8c7235ee3c42422725b1ce77310b2c4f174aae754c6b5403ac4511c6ff277fb9f40dd87dd1c206e7fc9037b871fea80741f1904ce2d957cbde8834

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ca052aebbab5fc652cd3354646b6fa19

SHA1
93891fb093c5236a0e0c0790aac6fcf70effe886

SHA256
d4e658f746e0e42d0e03330f20bda4c4d68615ad8b9a23c5eef616588ed02593

SHA512
ed3ef8c733cb28df114925f7ceb34c93dc025cc1fed40cd0fa8488b3c135a4ad0885f08f8546e9f4ff28c7cd0e8424575b7e742f903cbd1e107e039c95fbf76d

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b7b1361d07192ebdc0491bec97660242

SHA1
2200c3d4069813515887d22a75da27ec16e742d8

SHA256
bd66d18081aef08a4f0938661a6d02f40f4f6c014320c886af0d20bb3f7cae32

SHA512
550f67240c405f13b749c5b1b981094fccfcd878c9422869c852f16f47cc9752bdde7e707bea5384c7ec3e02802ab939694b91cccaabeb5c99fc6dd8cf9a3ebb

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
0c639e3573ee704433dfbbf54fddd17e

SHA1
29b8f9104c817eddce8008cb94e07df5cf14c9b3

SHA256
21fad2735db0a7be7c1a8ec882b17a152e40eba3f7d34d2b1b29777868db087d

SHA512
6666779e1f8c5806c60e33c4d5342683a83b60e932a77aed61d18ca84f1be73cab7309831e81f7614d80c090a8fede61cf47e3aa9a20c2df2d0e77f057a6c551

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
a6a69f6cfc413826d371f08ddd156010

SHA1
d8b91db275ff832df5abfb5474547c664991a1a5

SHA256
040711ab90c2ade2133d535c3fdf4d38a82d4df04330962bd08249df61a8891b

SHA512
50a92a3e83c2d011c580c06854ef0f4c55b030a62b3af37fbcac396b361d642692cb65a907c8f90c7315c6abd3fdb203b3b5d1535d3543c5e1a2ea9cd48819a0

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
59cee957b72586ee2d557ac216bebfc5

SHA1
db26f9f0bd44b06279ed41f7f37434e4890d56b2

SHA256
703c9b24b35ee33478d968797556305aecb60535b31987fb070f85dba965ddd7

SHA512
26cb74345237721da1a823e2b055f26172304472fbff8cfd49d843f6ed52187b88f2e6c173b1d0343ae7f17c9a33b98b2c0e2619b830bb4cbf3d6e7d025fb58d

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
f6c5de427a6b105dbf011ce330e26676

SHA1
d0e0816c1de99f4dd36baac63394192f08a15147

SHA256
243d06fc6d7030d3c510c36334a6ffb5b33c2c01991a92d6bb291ef1cf70e36a

SHA512
56f1b70839fde55fb386d9af17dd82593f4ce39c1e8f90188dea284c4262ab8d435c55a319a8b9f5acab1c8063eabb1e079cdd994a0224ccc0b0be0bc72ab101

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnCache\data_1

Filesize
264KB

MD5
565d1734e03ccf477a0b1641bab8d8d0

SHA1
a672f9a359296d52d6cdf0e6470410e4e7413784

SHA256
a7b7396bcaefb4a575bd0d0561f4d00175a50b503f12a47ce507bfe578c196a7

SHA512
e00f8207e9f6eefa91829b8961b1e491ae0eab2819520868a2b57f143de7a9c0718f67190b04e9c6ca2869362211af67cc3abb801fa39550ba716e15b5460aaa

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
700B

MD5
e251e0eda3b211d97d7cc9ea9c96851d

SHA1
7369308607a6310fa3bc0c158e20efa8d7903b59

SHA256
92cf3b59b16d38064ffee138f2664d8de6b5af0e1b82abb0c830df411efccc09

SHA512
bcbac5f1f0ad249867f2fd86628799ecfe782d773727dee3b083d33ad210fb68ae6e08be10c117aa83cc141707f11d2d049c1ad9bd17ffdc9eee93293bd41833

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
850B

MD5
76394630ba23da25df84a9e8bd893e98

SHA1
0610923c64b6a16596fe8c53ea521513439cb929

SHA256
06b8501840f8a26a5592dd4b97fa8bedb3c3a0aa680c008602a959a18af26ceb

SHA512
26312cb0b3a09346386c1851e93cd16ce53edb7d543422c7126b8df620e490a0c393ac2223c0749325fca5b9e865f012faaad563466e5cc9189439d4e0b218a0

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json~RFe598718.TMP

Filesize
484B

MD5
0cde8d77abab85585bafd2158744e45e

SHA1
af8c8ebd768fb6d1b2275422208a826cc4e8b9fa

SHA256
8cd5e1cb732fe7ec5a32393aeb5ee976651ddd27a126c9512f6ffe9e16513db8

SHA512
82d55550164d8c612d4aeb01a6c8673d3eeef15188a330f18c280a4468aa13368d3411d26454709b96ec619990f3221cff8804050226230763bbf30c1c940972

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
771B

MD5
eb651d31d50529968b70d3f2b5b55bc5

SHA1
1c594207c9501d6246411993a47ade246eeb5365

SHA256
241e1112c3041c971d56fbe2b1ed73612c0365503c0e5d2290e7c68dd0ab6f7d

SHA512
11e0172eebda16f81b992ad96a00cebf32ea6f2625f3b2b86fcc187eb23aed2f5cc36ff3eaa0860271bb0d0d77d53cba89c5df8f0092a5638a84221abfd3a6d9

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
686B

MD5
0ccdc9a0777f96044d604ef685bae869

SHA1
f38b3ac6f8872db719702b3bd7c78f496105ea10

SHA256
1dd8c9977810dd6215b73e0a1a90c23a0cd568bfb7066fa4b91b73cd53ce290a

SHA512
ad865b53f861d0d3aec882664a577ce00db6038e5a1040de3cdd1c077f9771490cd8d1398dc6a93a1445904375e954020e7c4066a2cfa9c1902354a0ce553f48

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
1KB

MD5
842408ec0a5d2465a72882e96f8f34ab

SHA1
c25f09fbd78900bf79995092a6a914b7979dd0cd

SHA256
0076917c71ac3b9421bfbb1c6fe825d9c66d935fc7df7278d364ff08f2aa0e56

SHA512
d24b101b1f8a3866dcd026d1edb2c30597af06cd984d74bba2bc5320eec1fa9803701f4cc180897d36767a5631c16a89407f7d8d75678096f5f8f691e652ea62

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
1KB

MD5
8e4328bd882180e452f0435ba4c65e42

SHA1
fb6a5dce6b2d3f707087b0f9345d8341f9a51aea

SHA256
c923812cc67c665c6fd1347c6ec52296399d684744ca3902a4dcf7a99385f7a9

SHA512
9a2ccbfbe0c5a2dac21462d702d2524a5cca42ff4f31187955605ac90b9c3afee1e4655df4dd95d80d2a0d22d75596c79890e1c06ec11e07de1fafffaaba53cc

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
1KB

MD5
31ab94d5608d9393b640f6276177ea9b

SHA1
9bf08860ec7d7ae8611ba53531de93a07d820347

SHA256
467b9c999bdfa69c6995b4babb9dd0d1481e38506645666a176d20752ccca8ef

SHA512
4f3fc4f5c269a6a630692c1c6b086312d1e1c89d953c9776eea59c8b2640e5505ea6943c9ee623c0018f7811b865e45d14a4dfb36d27a1ae739fc2dfbc6931e8

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
1KB

MD5
9eed410847b81508bb56f5fc843041fd

SHA1
8f1dc5daa4d40f3431bcd570d059c61fbce130eb

SHA256
3e54f60e41daf60070639aa3e1a47cf93f0bbc740bc048eafc7e12644fd13d66

SHA512
7182d532a5a2536b28bba6f0e9080ed3823305c0c6a196cf7f9ff1a6e803caeb670d8f6ec2c4356d080ea5c6337e113bbbeccedd737d2c50cf923da2b62f8597

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State~RFe599abf.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
707B

MD5
6a7d7e82fcf7649b40688c79593a3743

SHA1
070fd02ce02791548d61c3eaf46fe2d9e44a41df

SHA256
ade6193f2a2c751d7dd175097d7349a05214d556c046ad72dce1e5b04117a315

SHA512
6802a326c3608fcebea8cf8f0c82e823e0e40defe808c9ff3e5252b6c76114b79498f1eddf12ab2526dcf519a94a1fe693f038a173b902947151d4cbdc2c6515

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
707B

MD5
ec5667820935e294534748f9dc97cb2b

SHA1
2d7163ace1c03d4b32d383a0de013dc2fcd6c63d

SHA256
b4bc6d5d7c63683f4bf387ad70a46e261e09fd924df8790efbb5e091e1a51357

SHA512
5cfca4ef55a7e3ef94c3caaf3ec854b6cd3acbd9b3c8685aeca78af577713ed15c3ff19c86f641b2d596590bc75bc42e6665a734d5e1ff1abaf9d2b2fd851f75

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
707B

MD5
bf861825c3d4dccd08094040503010e2

SHA1
3e66cbcf01b4c670fe37e134882299f858cee8a5

SHA256
03476e2ba5c747bff6fb68028a320f775b594bc539255857e8f68de87d9ee7bb

SHA512
ae265a57e1740a4804d285751a3b28a102b20dd6af9a6a934e9557a70236064ac6b70bb0980c14d5dc69062d581d63c82ae272f002b7d70bd7bf3821f3238fa8

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
707B

MD5
466a5907dc74674f2b7227b1ad014582

SHA1
8f8c24790ba7f42a0ec860b3a2cad1b1411f3e3a

SHA256
91c8136effa7281ce9318642bc3ea213ec8861caa6b740057fba21fb84fb72f5

SHA512
914ff66ab88897f4f222e93befa3d246685afd60905242df038beaa92b7b149f65f777d4aa10035fe511978aff0f824443d25b4479ab8cfdcfbf05750279ac8a

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
707B

MD5
6146cf2f59fa2dc9c58787b71736a9c1

SHA1
4dd5cae7c3d19b2c7438cf0e7caed175698c6c29

SHA256
019fe15ae48d4dadca6ab434a4bee3080db8ab0051ff04ace865fa4b4edf0566

SHA512
0e676a428ff867b5e9e94347bf5c445685b6af6839424a1a3eda988f22f8e90bf5f44aa390060091d7a5e26f9f3946fcf82c449f445e257b3e95d3b4acab9641

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
707B

MD5
3fe09c211bee754cb1da046067ad9fdd

SHA1
7d1ae77443dfec83e57edfcf86898cb876433cf4

SHA256
5ea1d724a8dd9ea15ea03960e2d52fd88901752a5b08a786008b28cce0b50d62

SHA512
1ace03ddfcfc68932c2dc119db3e456f6e500d6bb83a1405b28092fb099d2cd9f1a7c2e9f710ababb11ab746fc8705ff155768240767d8517aa2c8fdf6d40a90

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
203B

MD5
2f204359293fc24c60ebbb4ee72c65f3

SHA1
c8e6171f25cd0f3ba9575777852bd6c416b03d29

SHA256
7977453283b59dbfb6e37b2b04733d189b5f7710e2f189f865e827b4174934fe

SHA512
d2ec62b870046485ed7c1bfeb5912e7cfedd1bfa147f940a8c5eba02026e936a30a6ff350741af90df67efdfe495f171f2fe507504948a1c086224bc332c6269

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
371B

MD5
606edede03690133f750172b329748de

SHA1
8e4ea3721d8627c3ff4f05fac74909edde0636df

SHA256
885891ac8b58aead4439546b2957d295096ec558c88415ccf2d32a1cea8e16b5

SHA512
67719b5370700e278b40a548bf79fccb338f9cec1a133eb8cd0a3f4e8f4efc10730aedaed27969145566a445521640733de3ccac0c0b96a1f89492ef61232d56

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
707B

MD5
5b239cdfdaa896427642cd401c15dd2c

SHA1
48634fef68a9398bdc14edc3515a81d0776a059c

SHA256
af8548191420b5aa8b15a8f403b8ef19b8efc9f430dbdb968749b661aa7d95ea

SHA512
342e0dbdb3cdd475178d04fa03bbe30387a341524114dce4f35b270c9166d0e09abb2c8f01921070b8e759bfc5d08413648a7a715dddd822dfa11319fbdf9bec

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
707B

MD5
8e54686bd275ab65905d519b595d04a8

SHA1
457c29ad548502072ac485eeb6af756565cc3d32

SHA256
27533def811a956e1de8b566b836884c60215385cdbc6148c4483794198ac55e

SHA512
0777a88372f05e68038eefdb669075e98f32eb0e5c22f4b61ca293dc84ca89a510b2bab6b55b5aab43ee70a0bdc0e9ce0db336bcb27042b17b2e42986e86eb36

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity~RFe590507.TMP

Filesize
203B

MD5
229aeb1d7476afd50f6670879de27236

SHA1
cd1dd9f1fb4c20d38bba5dc8d0fe709a01ffc8d3

SHA256
3d159cd8b852431ecb3a2b7af019b6a5b6957c041eae8300d4fc3e9cb165ac58

SHA512
202a1c0ac2df55a1ba841e9577a7a04b9b9865c102259d87e026f0654ba40569eb5f6cf51d2f0ce4928a00673f52122bd9f6f834d4df77569ad4ccbeba99f623

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json

Filesize
1KB

MD5
9de0d777da9dc30e2548a0ecfd7059bf

SHA1
05075969a93f7f686b65a542bb3c4c578d383689

SHA256
91fd3c697eaf634ce4ba56634e79d831d842870e2afa4a070138892dffcf2a25

SHA512
5ef71a63f339c6308d3f8934514c8438337889ef80646bfea75a6c613a4d66841d7efe302299f8bbc412fa4a1ea8e8f060cee8ffe6be10c7f0cb0b3d763e2dcd

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json~RFe5904c9.TMP

Filesize
1KB

MD5
c7d6b161986077003ac81e4549c7216b

SHA1
9d64abafce5d3a1daa0086cf906c5620545a457d

SHA256
5cfc61f28952d17178691699ceb9e3cc66d96af7b8df1d60faf5699af3fad4f3

SHA512
f6220caab350af7f37b0393197cfeccd96073aca282acabc131aba708c6018727b92929595d86795678376179f15d7e9af326e2486b7e4daec0cc57004ce438c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc98F6.tmp\StdUtils.dll

Filesize
110KB

MD5
db11ab4828b429a987e7682e495c1810

SHA1
29c2c2069c4975c90789dc6d3677b4b650196561

SHA256
c602c44a4d4088dbf5a659f36ba1c3a9d81f8367577de0cb940c0b8afee5c376

SHA512
460d1ccfc0d7180eae4e6f1a326d175fec78a7d6014447a9a79b6df501fa05cd4bd90f8f7a85b7b6a4610e2fa7059e30ae6e17bc828d370e5750de9b40b9ae88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc98F6.tmp\System.dll

Filesize
22KB

MD5
a36fbe922ffac9cd85a845d7a813f391

SHA1
f656a613a723cc1b449034d73551b4fcdf0dcf1a

SHA256
fa367ae36bfbe7c989c24c7abbb13482fc20bc35e7812dc377aa1c281ee14cc0

SHA512
1d1b95a285536ddc2a89a9b3be4bb5151b1d4c018ea8e521de838498f62e8f29bb7b3b0250df73e327e8e65e2c80b4a2d9a781276bf2a51d10e7099bacb2e50b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc98F6.tmp\modern-wizard.bmp

Filesize
150KB

MD5
3614a4be6b610f1daf6c801574f161fe

SHA1
6edee98c0084a94caa1fe0124b4c19f42b4e7de6

SHA256
16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b

SHA512
06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc98F6.tmp\nsDialogs.dll

Filesize
20KB

MD5
4e5bc4458afa770636f2806ee0a1e999

SHA1
76dcc64af867526f776ab9225e7f4fe076487765

SHA256
91a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0

SHA512
b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc98F6.tmp\nsExec.dll

Filesize
17KB

MD5
2095af18c696968208315d4328a2b7fe

SHA1
b1b0e70c03724b2941e92c5098cc1fc0f2b51568

SHA256
3e2399ae5ce16dd69f7e2c71d928cf54a1024afced8155f1fd663a3e123d9226

SHA512
60105dfb1cd60b4048bd7b367969f36ed6bd29f92488ba8cfa862e31942fd529cbc58e8b0c738d91d8bef07c5902ce334e36c66eae1bfe104b44a159b5615ae5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc98F6.tmp\nsProcess.dll

Filesize
15KB

MD5
08072dc900ca0626e8c079b2c5bcfcf3

SHA1
35f2bfa0b1b2a65b9475fb91af31f7b02aee4e37

SHA256
bb6ce83ddaad4f530a66a1048fac868dfc3b86f5e7b8e240d84d1633e385aee8

SHA512
8981da7f225eb78c414e9fb3c63af0c4daae4a78b4f3033df11cce43c3a22fdbf3853425fe3024f68c73d57ffb128cba4d0db63eda1402212d1c7e0ac022353c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
11KB

MD5
faa01515c0156d5bc9a4ba70aaff680f

SHA1
1f16512da4748367ed618e3245016a3b0ffede34

SHA256
6212043129e63565ba03665ad3577f5e1458b39935944d8f9318a5374f1e1d5a

SHA512
984e0eb8229aec763b720aa5c899746aca5488547dbcf4599bd7d0d5d5f62a1fcf917343ee5d76e5a88a088d87b6df8819467822423155388deb3b2014588b58

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
2ca45c5d47ffb9fb5337497a2e85a137

SHA1
8e889f93f82d5839de9b7c3af63c3912644d2535

SHA256
cbe2438651201e952e0786382e1a54ba27e90e4035b6a7ca519b9dc74783ef27

SHA512
369261179b0d735f765fae1d730e8989411941eb1525e97e54ae1fcb6e518b75a60642314f9f93d84adf574497bba982be33c74dbeff4bc842c88c6a8d1a13aa

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
11KB

MD5
847c6adc897b99dc15552cefb43699b5

SHA1
54c2eacc0179a579448c184dff0fa6ae901a3e7e

SHA256
30473e4deb4cbb2e7d7ef259c7acaca81b974e19b6c70f25e3584208dfccfa9f

SHA512
c5aff6a048129ded54c8fe7a91a3fd9371d474c954dfd45e5baaccf40fd29ea046bbc3e9636b00808d8bc1c15307c236fa3eb714f22c64352583a1d6ff256049

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
11KB

MD5
4a6996f5c9064dccfa2e854e738d00ff

SHA1
8367b74223a34f8262f6ad6145293e6fdc77ca9a

SHA256
e9f824a4b7d18e74f540348f0aacb8ee0b4ed3373cbfd0ba79a6ee8911544bc9

SHA512
1e25ae46319bb9530b7b1a342a0ea1cd4591e5e3b8d0678b89bb7f42cbf903a6aefa98192e0eeb222ac941c027f2eb3258f3083aa53a57355957cba36fb56606

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
ad42c45395c99c78fcb5f939b2c19ed5

SHA1
b979dcc67cef90c0d0d17ce7bbc8cc575dfeda95

SHA256
02223cbfd38e9806b7d282422d07ffd0b564668bcf5a69c4539853dea8d084d4

SHA512
c84504e4a8fb34fa1a5889bef6f378e8c5d44385f243c0506a60936fa417249c3bcc4d3545ff52399c8f48444abc3c6d6884d8a4e35fd6d47cea4e5be81b365b

Download Submit
memory/216-12337-0x0000000000B10000-0x0000000000FC2000-memory.dmp

Filesize
4.7MB

Download
memory/7232-13158-0x0000020E0F960000-0x0000020E0FA09000-memory.dmp

Filesize
676KB

Download
memory/7556-13276-0x0000020F87F00000-0x0000020F8802A000-memory.dmp

Filesize
1.2MB

Download
memory/7612-13277-0x000001D2A8AF0000-0x000001D2A8C1A000-memory.dmp

Filesize
1.2MB

Download
memory/8936-12746-0x000001ADC5270000-0x000001ADC539A000-memory.dmp

Filesize
1.2MB

Download
memory/9320-12950-0x0000027770460000-0x000002777058A000-memory.dmp

Filesize
1.2MB

Download
memory/10072-13414-0x00000233A0BA0000-0x00000233A0CCA000-memory.dmp

Filesize
1.2MB

Download
memory/10244-13273-0x00007FF8DBF80000-0x00007FF8DBF81000-memory.dmp

Filesize
4KB

Download
memory/11428-13079-0x0000023D235D0000-0x0000023D236FA000-memory.dmp

Filesize
1.2MB

Download
memory/13344-12516-0x000000006FB30000-0x0000000070F1B000-memory.dmp

Filesize
19.9MB

Download
memory/13344-12955-0x000000006FB30000-0x0000000070F1B000-memory.dmp

Filesize
19.9MB

Download
memory/13344-12457-0x000000006FB30000-0x0000000070F1B000-memory.dmp

Filesize
19.9MB

Download
memory/13344-12469-0x000000006FB30000-0x0000000070F1B000-memory.dmp

Filesize
19.9MB

Download
memory/13344-13317-0x000000006FB30000-0x0000000070F1B000-memory.dmp

Filesize
19.9MB

Download
memory/13344-12591-0x000000006FB30000-0x0000000070F1B000-memory.dmp

Filesize
19.9MB

Download
memory/13344-12486-0x000000006FB30000-0x0000000070F1B000-memory.dmp

Filesize
19.9MB

Download
memory/13344-12508-0x000000006FB30000-0x0000000070F1B000-memory.dmp

Filesize
19.9MB

Download
memory/13344-12512-0x000000006FB30000-0x0000000070F1B000-memory.dmp

Filesize
19.9MB

Download
memory/13344-12521-0x000000006FB30000-0x0000000070F1B000-memory.dmp

Filesize
19.9MB

Download
memory/13484-12458-0x00000253C8100000-0x00000253C81A9000-memory.dmp

Filesize
676KB

Download
memory/13484-12842-0x00000253C8100000-0x00000253C81A9000-memory.dmp

Filesize
676KB

Download
memory/14660-12390-0x00007FF8DAB10000-0x00007FF8DAB11000-memory.dmp

Filesize
4KB

Download
memory/14660-12465-0x0000026E29A20000-0x0000026E29B4A000-memory.dmp

Filesize
1.2MB

Download
memory/14660-12389-0x00007FF8DB050000-0x00007FF8DB051000-memory.dmp

Filesize
4KB

Download
memory/14724-12466-0x0000020ED0930000-0x0000020ED0A5A000-memory.dmp

Filesize
1.2MB

Download