7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb

Analysis

max time kernel
145s
max time network
135s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
11-11-2024 12:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Steam.exe
Size

4.2MB
MD5

33bcb1c8975a4063a134a72803e0ca16
SHA1

ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65
SHA256

12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1
SHA512

13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49
SSDEEP

98304:7JeV/ztZBe91oiImuUiK9N9EGQKF9lSHbr7aw:1S/hwkmg4EpbrOw

Score

4^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

Steam.exe

pid process

2244 Steam.exe
Loads dropped DLL 2 IoCs

Processes:

Steam.exeSteam.exe

pid process

3032 Steam.exe
2244 Steam.exe

pid	process
2244	Steam.exe

pid	process
3032	Steam.exe
2244	Steam.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

Steam.exeSteam.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Steam.exe

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Steam.exeSteam.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Steam.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

Steam.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	Steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	Steam.exe

Suspicious behavior: RenamesItself 1 IoCs

Processes:

Steam.exe

pid process

3032 Steam.exe

pid	process
3032	Steam.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

Steam.exe

description	pid	process	target process
PID 3032 wrote to memory of 2244	3032	Steam.exe	Steam.exe
PID 3032 wrote to memory of 2244	3032	Steam.exe	Steam.exe
PID 3032 wrote to memory of 2244	3032	Steam.exe	Steam.exe
PID 3032 wrote to memory of 2244	3032	Steam.exe	Steam.exe

C:\Users\Admin\AppData\Local\Temp\Steam.exe
"C:\Users\Admin\AppData\Local\Temp\Steam.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies system certificate store
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:3032
- C:\Users\Admin\AppData\Local\Temp\Steam.exe
  C:\Users\Admin\AppData\Local\Temp\Steam.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  PID:2244

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\aom.dll

Filesize
7.1MB

MD5
d764264518e77cc546a5876c3bcebad4

SHA1
ea17d45b396fa193a851bfd345e2b2c20ad60e12

SHA256
e78492de0ab575add50b925bfd44216d224d09904a9b14c17087a92fdcbc15cd

SHA512
7cf132ea5254a55c08186ffcf5e47360ef5ddd57d03d7051171f6753b22e3925304d183c2037bfd320ad56c08e079f9b2c4640db8cb3dbd38ff500c7a39e997f

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\audio.dll

Filesize
183KB

MD5
63b971674d0b8e46a59dbbcb185901f1

SHA1
83992615705bffb1a29576025bd51f2abe8c59db

SHA256
7bd7f1f5a6956099caff7e2b5a538aa4bd0f4a70768529c610810bb79b969e49

SHA512
018f96a2ed4f18faef77c893f4b558254d94083677e955fda3fb60e379ba171b7f29b48d7e55f9952842dfea5ed6eb52a3edc90b0bb3075192dbc40fd2c71ae6

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\SDL3.dll

Filesize
2.0MB

MD5
ee3fdff47e075373d6466352296e0d34

SHA1
95aefc542fac1fe391b753be6e4e19a80c5d5cad

SHA256
bfe3f9eb14e5ce465961725b49983a2cee41359985155766949710cd6721b668

SHA512
f0a070861da5cbac3d10a4dfe57144ff867dc1515b6b2b955210c79bdf0dc1fafc6823eff953d1c59d24c8c6d12ee624a37d119a746992ce75b7e0ecc72d9ec3

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\VkICD_mock_icd.dll

Filesize
530KB

MD5
4c237002cedf6f1556c941ee916bbe9c

SHA1
dfaa9cb59f1175e28506c10027fc3e6a673255e1

SHA256
eddd8f34e292e4880fc174d7dee3ae2321a3cdda19993e9c38608bd15f17890c

SHA512
652db2641b519f14ddf65a3fa93b19a1610063ea0cc460e92234a1915e9b5a9870efccf9024c44feacb79c1a1c319c5aeb6c8f43ea06cedb6ea2a74d2ce895a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\VkLayer_khronos_validation.dll

Filesize
13.6MB

MD5
d08077ae3cbb388d9770115b46afaa11

SHA1
f3a526311916a02010d198cf5dae0aa33be0d8aa

SHA256
910159809ba9929f0fe8a6bdae640c844eaa47a16a612b785a62c3be768ca5c9

SHA512
f786a349080044ad137b3e63a6a5f50c88390de91094bef123131bda31f2ab2fa5ad8f852e08fc72da4109df2a28779797c449ba77b7da4265a92fb35f4a1f44

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\chrome_elf.dll

Filesize
1.0MB

MD5
52ba66084499bd4061d8d6e00099d137

SHA1
c7fda13b7f893b5cdcc9be98f56828411b26fe7f

SHA256
481a25a6f532e6c0318ab21bed9b1e655dcd6341e5fbe3914505495b6577498b

SHA512
71b938a7e6f31279e10da83c4da3b66abef4c0bacf70aa9dd3e596a31781d9eca6b74648e6ba9c27089e22791605ae388b703f1046445ba05832b9733f091fb2

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\d3dcompiler_47.dll

Filesize
3.9MB

MD5
1fe0f58d9d34c9f26f618c481d7114b4

SHA1
deb50b1b9bfbaade6d352e4a53f5722527832a0d

SHA256
54477e70507ceb9f6630c3aa9fe2b363355112447fb19de780138d1548b70578

SHA512
ace68e845c94a0a611a30cc8f4afa400cc9a189aaa184926006c61fe74e4da2abe269e1943cf91a2e89d54bf0b777dc6bc963e6882fc97c8bd936dfca46da92a

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\dbgcore.dll

Filesize
157KB

MD5
cc338a830fd52ee77a1cafe755242d2e

SHA1
993203a518699761168d866c1fe4902691e01db7

SHA256
2c2d468689ee75d464b06893618a94be627af496737db3e1d87f87d24e4058a9

SHA512
1f6d1f1e613e96926157b5136c20dfd5972b8ea90fdab686b231e00817834b47621b4789e1c6a20a571003f4856c9754e541e6cf1eafac09d14b04014cba3511

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\eventlog_provider.dll

Filesize
16KB

MD5
463bfbebcea05d5a4ea997740448a9d3

SHA1
3a92db9944d56e2939ec2391cc58fba6d55c54bf

SHA256
b8fbe5fef69fc12c77a25a4254e5fc67d862bc155421abee9c09a730f4c5f51f

SHA512
6fea053a937757d3ea73a8303ebc2a8854ab2d16226b1b71a38a621e3105e6e186d6ad694cd277dffbb1d68eec0b69d767b133b379ba0db14d1be1aa45ddd792

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\libEGL.dll

Filesize
373KB

MD5
87f359daf619472e5df829ac3d7985cf

SHA1
e6afd148f6de486eaa9c1d0d0d9c656ea002089c

SHA256
2a5b1ea746aa194c98d811cca87dcdbb6fdd6db76a4a4437805e2745740935b1

SHA512
8755efcb1d820f9c74d848b885bb102fc7d50c647f3885e4ff1726e0e9082df7df9b2bb4d3b09789f2b5fd3661fcf048932f976a168e724e8bc9f4949273eb37

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\libGLESv2.dll

Filesize
6.7MB

MD5
bbc6341342c32ff78023faa22a50e093

SHA1
2dad58debf62b22272c799dc2404e4557664bfc0

SHA256
8377b35007700a44a17ac47d231acf98dc86f5f427812c8727cd0dcd460c7c88

SHA512
97c6ea18207b76ee79f13b1e0db2b1d2c161e301d9915ac2d71f0f0f8b9b41c1a565ce4b4c332f001fc325b565fbd3bee9301588f82775e0700cd2d8ef8486d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\msdia140.dll

Filesize
2.2MB

MD5
9748e67cf15ab81b9cf73b2660a87217

SHA1
d9f9bb1d15e7527dc64bd03dfd4f2a183d2b8fee

SHA256
f9520130aea9405b2af5f6a4d182dc47a418990dcbd5103fd652d9e11f4962d4

SHA512
9e08e6aec579f90eeeea8be3ffca9963b490f216ca30380f055b8c2a37aee975b0bb696bb6e3062bdd548ce86f16f20dc3052dfe578b2a42420b06b025e56c18

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\msvcp140.dll

Filesize
430KB

MD5
f787eb9745f6db755a8c2a879a36794b

SHA1
3c4f76a4f3eb8ae8c7fd85f19a004e752e167e99

SHA256
9751d1e49adfc80d19dd1f18b90e6c081ea0183552a4b58a2d9c8485af2048b2

SHA512
392c5883dfa68701c76baecce5d1265ac675161c3e2feca88a559e52b8ab97f9e78514b37c6f01180a5dc9eb218b6ac8063b7b08d681b3a421cbf087f34e7a87

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\steamwebhelper.exe

Filesize
6.0MB

MD5
b055e5cfd6abd4b129a9f146c52a5b9b

SHA1
68ee0fe8bc025384b38478ab0b6ddd1dc1547c24

SHA256
fd6010251d304bcd5de125d3f168a20a6adec6a11e24684a66a12ed89e33bd77

SHA512
4cbd4cb747b1d6d5919e10296db6c725278065d6900748ef31dfb13fcf27586a795bda29ca21c25e0f8811453280101ed24f5fbd12c1fd2ecaa701c87cf8feed

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\vccorlib140.dll

Filesize
270KB

MD5
d9bc961055a6b38b6ff656355b9f5b99

SHA1
c7b7afa772294b1d1a7367a66b1e6260f44b0dc4

SHA256
fd9ffe4a1232905aa895a31e943ede4b4ddc23f5054270e9d84dba534094d368

SHA512
10b8272895a4d7ed38e96c7ad4fb35c4a812c8739928b52c8f6de401755e356d8b9a226654d964c6fcc46724378b2cd42f802581f24d50d7f68238e7c463781e

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\vcruntime140.dll

Filesize
80KB

MD5
58ccd0d9dd80105d4882b48926b1bff3

SHA1
159b40c199ec73da956aa59377882a8a6d68d514

SHA256
cc0d455fae9f544b308e8a00e907834d43b73b7b10445a09493bb407f59608c8

SHA512
58b0bfb465434ec3223c801b680ebb5bd5352929b124a9bae2f78323f2a311588f94fdb30b479584210af8c4d28f941c4800a48a9e3bcc2c6118083e2edcc75a

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\vk_swiftshader.dll

Filesize
4.5MB

MD5
dc71117f9dd9bea67d72eed5d38c4db3

SHA1
94e73458ff947e33be6e8d49a5e4f1af107caeb2

SHA256
a8c00af19df3764aefdbdf85dc6b10603af975d0235c911e38278653e64aba40

SHA512
8a0781f4c8c5ccea7faabb06ddcb9378b5aea19f3cbdcd966c7d49eed6ec60b243c97d051da451d836a377367d3e3a1066ac6183084a842a951a2264252f0921

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\vulkan-1.dll

Filesize
823KB

MD5
69a2945b61507c20184f930d8989b6df

SHA1
21c8c6d88b1c4cf3258967e058a83b448582ce14

SHA256
e5ef4f5f5e978e6d00e4c8e94412677049b44d88193b320911f54894bb8c043f

SHA512
686cacce65316869f9154eb420a4009567b9804800adbb834c9519ea5e5cc0917a0134588d7a9766d7ee8a2cb12122418a1b8aec9edf7e7ce57a30aaced3bc9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\winh264.dll

Filesize
135KB

MD5
3f0ed7680f2bde7b91358127d06762a0

SHA1
4bcf68a48b9834c01c4a586e5cde24384571d5ec

SHA256
e716b7f7b22e2e0a00f8aed5972d5d119151ab58c3c01eb56c846e2666fd99c8

SHA512
d4734cc93b0af606e1dbed36c018f0112d8ba88d9246089da552a3f1ec79005193333674fdc10f5b5ab159934e39441b641995674a80577c73dcd46e617482d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\SDL3.dll

Filesize
2.4MB

MD5
b0a21ba21e79bc2f11e80a43e20a3adb

SHA1
708effe3c19896d22f4c61e45242e57bade1e373

SHA256
a88174d7f8a411a9fc1cd5c8ed6d78cce0698bd3645c8e395a67d0a6613afbdf

SHA512
14ab5ea9305e6dea470f3eb03f73ef4df920402ab31624500202941e521e6c79b78952c8655c8eba89e9c98de2d84eff8593e5bc82fb33b99ff9543fc82a31bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\VkICD_mock_icd.dll

Filesize
622KB

MD5
56bed9df1102c56ab16dfa18d6566a45

SHA1
676dfcb7ba46efc3553233c200aa6411708d7da4

SHA256
a62e04ccbea51ab7b2b7de180e39568b8bc2ac12815c8a41723a4895a96f0e9d

SHA512
2ec7f70da3f98c38963506bc32f52f7b3ecc884f4d45c3939cca0ae6058a5a7868a4486ffbae0b022b1d5f34246655116c255074b48bf27bfe5e377796b1eb0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\VkLayer_khronos_validation.dll

Filesize
15.9MB

MD5
6e5c6cf34346186e3e04827e3f32a06a

SHA1
7e86d14ac69a988cee670fbdcba013a15aa9a100

SHA256
77d8078e35d232b31fd706bdb3d3e9c12b32faf7e51090f417638230b6449808

SHA512
f519e9c9b01406bf8cbb10322e73e5195abd5a39941854efea35b80641da36fbece2ca11d51d28b49f80a5099dee3825f5eed770850c338cdeeea231b3c6db41

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\chrome_elf.dll

Filesize
1.3MB

MD5
1d7c12f54a1c26b49b287ec08da3430d

SHA1
4ae1c3281c61780293340104aeaff1533eb1c59a

SHA256
22abe408da4703c068ef3b4419e09d270b4961096f16ff86d1bac752cab44abe

SHA512
0e2dd6cfafc5f151dcc92d343b64e5ecb1ab31de8913212985a86416f0d623047c5a65fe6211c7cdeff30bb6740e14b99adac3496fa0d799fc3a4115e2ced21f

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\d3dcompiler_47.dll

Filesize
4.7MB

MD5
25c6a5ff6eef9dbeb199aa695d0bac52

SHA1
ebeeebc3f40b161328454119558f06c23bef5524

SHA256
3a70b65777fe52b0871aa6f593a0248f6b886f17c60c2cda09b7e4dc42a91a63

SHA512
8e6bc58a3d73826a17418eb95664a9d98c5c65e67e0f9a4f163bb04750e22ac771e522a63a26798eeb53ed2f9d9e72e22e1158fe06d9c45056722a8fab472296

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\dbgcore.dll

Filesize
211KB

MD5
067f141b175624d7a88a3558484e9d02

SHA1
b314045f58c45484646960463c37b85eea163ed0

SHA256
7a8cbb3ba129bc3a41ffd8315ccce023f4626ec341b35c79c8c84add8bfb7f27

SHA512
344d9990da1460ffa8e19a511a4e975c6c2c7dd21d73dfcc3849729ef33678fbe688f0282fdff799b81c41b2200772f5b36ea488506b6acf11d649f81b653a7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\dxcompiler.dll

Filesize
21.0MB

MD5
e42ccd57a524076ddd278038619c3861

SHA1
331eaed6c9d6e97bd58b76e346a10bcf54ec2a14

SHA256
2077446491af4a4a92e69c249d6b79a8b7a090ae5d3f6b525cb59dbfde9baace

SHA512
5e74839aadbbd492e482281e199f76c498a93ab62b533b7275ecf30f6df34db22dfc9daaa1e41a7c91a7e50a2699d5cdf50a7165384c0ad1b5068ad1ccda1ffa

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\dxil.dll

Filesize
1.4MB

MD5
d2a3821ff8201eb0f095b805db0fb4d7

SHA1
550576dca8bf7ee81f175d5eb65631a507ff0cbe

SHA256
9137f402f2687d5c2d83dfa7e15180ceb9ae29d741b16506aefef18f94d4768a

SHA512
f4aabeecff7a5579c41dd65a2c408383ff164224e30a5d81ca39f4aa31db8b42efcf7bffe4303fec87541d90a0c38354c44028c6dfdcb9c060f24c065e03ecb2

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\eventlog_provider.dll

Filesize
17KB

MD5
2d35374fd25759e50c61f42a07bbb861

SHA1
09a5932bb4add6414c896992bc3c8c272d927cd2

SHA256
7b7576bfcc2173557713ea9a5c9b0a2ec816e956a90b4e2194709764ed337cb3

SHA512
fcb1d30f0b4518eb68579d6cf156bd5e1454d08b92714c5fe3544c8ca07f2764f6a9fc5caa1ed9beca5b3a8b5d10d28e9660a4115e1d9fd6d0162aa01953b9d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\libEGL.dll

Filesize
472KB

MD5
3a304c8e873f8dd2bc6e24f90bf9fccd

SHA1
26f44bc752f99780af4ad4971a99f27204bc3381

SHA256
591623ae0702765d55580edd0a5c0add25dfda32d4d5c41767588626175316bf

SHA512
5fa50ea4a1028f47187021bc50cb2d63730d024e7d3bd048100f836e45bf364d8f69ac01f142254ef52a8517dff4d58ded548e0c524d366c49c3fad86d11f518

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\libGLESv2.dll

Filesize
7.7MB

MD5
3cd37ca91216ed0b7fcd78beb2cc15c9

SHA1
7ab7ebd83fc094a64a1d3fb68fb90912e1447a90

SHA256
7ed85c93fca522e485cfa4a9688bfe5c5ccf1b3dc3ad4a518fba7582f2208061

SHA512
810b7bb12e6ee24fbde119923b4db804a3aa410850c587d94ad232162b962b9a0e179c2857511b16aa2c3a257443202fc8320c5237be4daef435e6acc8907f96

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\msdia140.dll

Filesize
2.2MB

MD5
02229c4846fcdea33d8afa6c5027a8d0

SHA1
1ceaea09a8efec2a26c3c557cfc988af21739db8

SHA256
f430f70c0aaef9ac63b6c8119dc2e4b946d2f11254be094bb023e785a7d984cd

SHA512
44d58947d3496ed254cf1ab378b3341c5ca6d082f338b0523fff7ca529904e28c83d41a553aac24738e62b1666489f4e4a6efb26ee3d8879244449c538bc1df0

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\msvcp140.dll

Filesize
552KB

MD5
f63106b5dfee9ce783c48e18c7946d23

SHA1
641b1f1d0126923a8863f269348425b8519aa9b6

SHA256
5d112ddf70fb8f538e6584f735e3d39ea4033bfea3cc31de376718cc612d78b3

SHA512
91126343191bd4b3004d1bbe12c9dbd08861bc8529d9200ccc845e745b23cd6810bd2a7e69ba8b196f2e43873f74a7b9d208e7dfa1744418a5ac7894d33e4a9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\openvr_api.dll

Filesize
806KB

MD5
4398179b668c70f4464ce9448fa0bac3

SHA1
a12848d2488fbd31a2481922664a2875f162bbdd

SHA256
0ba4d3049449403e1966cf8922ac5c2e6130fabe72c0cc6b3218da82f9110ac9

SHA512
98db440b4c220a9e71b60104c819c402bd88b6c10b9ed518660e8550884fa518e165bf20ec2d85a4bb5c379a28e9524d4b69dd25dc599e062498670fe8f28bc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe

Filesize
7.1MB

MD5
91e71e8136e662647f0e581264f3a7be

SHA1
ccc8ca4b2d65bb0a00086eb235aefccd545e8502

SHA256
893f8b99c29e73d6bd03a4ad3e3c93b286ae56bddfd9a535382a1ad98958b155

SHA512
a1ae696d1232f2f6bda63cb0f05b12074c96d011d1bf9d6ca3bf8f997b35a58ff32da7eb69fcdd25b3f4227d913dd9515dcaf0d28a550ef794d7ef16deb499bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\vccorlib140.dll

Filesize
334KB

MD5
6672493b9344f8b778b1b7479b891acc

SHA1
970bb9b5171ff54bbedbcfb786b36f526cdd3e75

SHA256
eb476ca01260fb15f5aec9224ca98fd377c3054428261039215bd9c5cb131e6e

SHA512
0204754bd999e49c17c7f998957cde9f83f709a7135c0a37c8e0a851dc30ba589f74ee56f2b4d3ffccc1ff1ee3ab4d353718a6832916f87dbe6253cfc3ebd53e

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\vcruntime140.dll

Filesize
108KB

MD5
c222a309ccc76458e178bb9b222c7b80

SHA1
2d422417691c7af551549ea66144e9e32636e9e3

SHA256
bd7155d139347f53663311ffcf0818450061738ae77274499c751686803196e0

SHA512
e8355e04aca341ebdb9bc803ff009e7dfc649ccd77351f2afe58131342eeaee1c23b0a143d61f8779627abd30f253d6972c66ad46a201c961294a35637a0b890

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\vcruntime140_1.dll

Filesize
39KB

MD5
1bfd347f502ae7aad8479e2f181bbb17

SHA1
97246413d67afbfdf5a3d1fcdfaf634fb6ce6860

SHA256
ea1c838839e3a25ebf638e5ea38fd0c5cb7fb5ee3d5516a161875218df5b5f42

SHA512
755bd706415809bafbe276cf33823fa571be74b5a4a309343dc4238b08ed06f5598cc4392bd8cb348d8d537b1036fe94a03d7119b45ae0d326d181f7a58183c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\vk_swiftshader.dll

Filesize
5.1MB

MD5
cf500acba505f5e8aa149f7f2fd1e7d6

SHA1
2d0891a8795589df739ab14eea6daffefa60aa9f

SHA256
2cc5eeb19c548fe12a98c5fa3af2db4fbfc9d532876882d932a53b8ea70607a7

SHA512
72cc837c995964314731179c92c78ad0341960d43c279a549ea5b42c782904906587d61dcd037f7f4ab08860088923437fb4c690d3aa524d9fdb11dd1577f667

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\vulkan-1.dll

Filesize
940KB

MD5
21a1de954341a4f0aeffc96597aae998

SHA1
43f03e0deb26b2881cccbe697f423b4ddf268ab8

SHA256
5f199e6aae466d014af27c3a26776ad19509e1f62fa33d9dfcd6d4fb864543cb

SHA512
0766a6c838b44be7872c7f302ef9632ea08a696921c26f4f7941db2dcad572ef7c394d2bbf6cbea0b7e2bc7219b3da815bb949ed053b6c5cfee91b737306a381

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\winh264.dll

Filesize
169KB

MD5
a269bc8562b7e02c5d08d4744be28b1c

SHA1
9facc69bc62804caeb3b7caa5e0b4551c582a5c0

SHA256
80ce8eec4c5ced50cc51766909302f274b7f846965103f20a5c1e31a59d53d23

SHA512
8cfbd769ac075151958d89cbcc4eaebb1833e33398b20e5c5c3b8840a339c7fe2888f1a04b49fc60bc5df05c43bd2df1aa09b2eb2b1fdc4e97a46eb5da40081f

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\chromehtml.dll

Filesize
1.4MB

MD5
302dc22c803f3881a0ab9caee8e816e0

SHA1
ee29b3e581fdb21d25235c171b2b222eb70ea1d4

SHA256
1eba61c802062bcd6f707c647e051236dd40db6be7674e533bc4e770aeebf139

SHA512
3340ca70dd0eac75d41211327873c294997b16a437d781353dc4666179f03328f3acf966279fe3586eeab343d23682d97f7316baa3142043ae108dfe7d91bd30

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\drivers.exe

Filesize
7.2MB

MD5
ef801f4408581f653cfbebc626497efd

SHA1
dd5567e76186cb3ee562326da4a948724b49ba77

SHA256
ab5830db258a4857abca8c999ddc8562ac1a1f1a1d27af758be1d11c08e9dce3

SHA512
c152af5fd8b3b243d68f3db69711e03238fa96f3152095b985d47ab5da1d751eefbf45649dde4b52fb64788a2b29452a1ad5eb26268ec4f617e4cbbc0ea4e067

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\filesystem_stdio.dll

Filesize
193KB

MD5
4c1282c3fade7e475a1fc7842937c65b

SHA1
6286a38425be7a6ddb6c8c2afe0ef123f789885a

SHA256
5bedb95d9a08a9dd1aa497de78e4b29ab7af6c22775bbd91bdf9207b22b186cf

SHA512
5842f470a2723a3a3c74f2053365920c79e19fc315885194d37550fd6e34bd2f8bb1de941974328c762d739aa4cb44454affa3f6848fad1e80ed152249012a50

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\fossilize-replay.exe

Filesize
1.9MB

MD5
52535a98df7dd44ecfd98dcfb43ac020

SHA1
3a1073d70c1a1b01653baeee7f4c736c54ce13b2

SHA256
ee43714b137a195a22fe4242662846209e85ab9d32dbe23d1f78d2892d89d9bb

SHA512
2b8e6e6ee8229052049b2ab18af4fcf6d81a82dc591c69abd455af52bc2f328858190bedfa830ad32a4e6144d8621460c9b92e19ddf13ad18c9b0661827b9b91

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\fossilize-replay64.exe

Filesize
2.2MB

MD5
a70ca3b2dbad1450ebc3772449fd5e4c

SHA1
667143ef313e8b77fa205a928c0a215cd34c6da0

SHA256
fa6e03d71346fb67f5920d2afc21d8ea21a302d854aa491fcfce473e80fe4404

SHA512
d433a7b11875916023a1980020af62d41f0e7f4bff67bc6677bb4db8ac413bc09900e61f5fbb7cfbf1ed6c498a5dd0f9b6fb2361e46d53983f48850201513cbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\friendsui.dll

Filesize
2.7MB

MD5
809b06b25a964c3a6db94c9c46d7527d

SHA1
42a4c4f393fd10887a1079cf9e5a2027cab57000

SHA256
609d3441536d9509fe446b5450713c3da3cf45abf7947cc60ca095e6f5812131

SHA512
3bd0f31ccc9aa3083a5978892474492b8a1573fd55aee50e294a31c4c3e1e308a7486593f24aa8fc3b54d5fa89f644065ea9cd96c982ac219952a66799a0a389

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\gameoverlayui.dll

Filesize
4.1MB

MD5
e0144283ca6a2eb5b9970022c0dacec9

SHA1
e63449e3a4b3e661923378aa9d14c387c708a2b9

SHA256
34ecc9ddd4d1850508c297dbf539e6257314deb76443fc8926e92daf61c9ba10

SHA512
84bb4968748e5e840abbe1a1c7091adc1072b0c061216aabbb328f434053a2d89ecf6e13122e8f830edf344dfbf67a5d1f14fea11e3a39409de393dbc20cfed6

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery.exe

Filesize
45KB

MD5
d6d6ddf71c2a46b4735c20ec16270ab6

SHA1
2e6d36d000a498c6811fcdc49dcf316bfbafa5ce

SHA256
0d422efdfa17dc6e1ebf0ed9e2902fd7c0eaa2f77b8a5a8f1df1478453a37ab8

SHA512
4b422c55cfca42f3f4ec441d7c01bf1ce6943ca00beb3919cc86bbd63a850bb859090b9f16cd0d0ad0723b662afaa2a994f4e319a7c5801af1fc57ad54708047

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery64.exe

Filesize
941KB

MD5
519ccd21fc4a0f26debd33320c50df57

SHA1
416c1d65e0dbae21b6f7c43e32c194581bd8488b

SHA256
23b4063251315814e188d64afe08ea49979f5fb2b74b86860e655a1a4d8fe4e3

SHA512
6e8b5d54b928ddf8ad33da84b7a38cc1b971ec9aaff95ac9c5ff73d5646d2044d99c69ec137b1acd86a9ceead2626bfac08281186452349890c11e302c58255e

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\mss32.dll

Filesize
430KB

MD5
d6d952c03fb8b6f9c63761213ec4d4af

SHA1
e12800f2bf9e09e6ae9dda5ac2f4b775781993f2

SHA256
9c832318a05290ebef3bd809cbbc7df70a08cbd86745899eaeb169d5a42bf99d

SHA512
587db5b9a224550ebb5a52f185824daae6ec2a60f457b7276c80bcd8d4bf4eb4bf36e2efff9280ebca7cb339836b50e338482a05e107a7192c51ad8b93c21f90

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\nattypeprobe.dll

Filesize
159KB

MD5
b9056ea728f8bb85cc49090b28a6ae0c

SHA1
c380cf49d747e3ddef3fad7b8b0fe968f916e6ea

SHA256
f8e121af3ddb8f98171a1cefd33d624fac702922a5c03296ac00756d28b69554

SHA512
7d6f4159a5d81bd08e99a83f77925d503ead040f67d44bfb83fded2aac93c4cfa05db09834151e967613d1533ad707e4065868d2bf49decb9812f36ccb42ea95

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\secure_desktop_capture.exe

Filesize
2.9MB

MD5
5e602fef9f6003601ea46cf3a13adaff

SHA1
034b5b9fd4bc5bb150d9fe6517a5a63b4c28b626

SHA256
0b3f81d9ea2db128c8897cb1acd66b61f6343b24586c39b52369dd66c1a7f71a

SHA512
c4f732b19d01e28330ec6025322b788b5837bd070e2c10f26385c7c2e5022044681a7f430a187a1be79387bfe577d9198a62d03ad8d7a42c93ee56dd42780349

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\steamservice.dll

Filesize
3.2MB

MD5
66e50fd33a7f59aec848ad515edf73ac

SHA1
9351382152505c7136205291273ae11ad19992c8

SHA256
9a9841ada8dd9c4dd41aa31e3c71cad98615575bf2dc6f53bc0fbae5201afa32

SHA512
be96c561e713dd1153ee5b40a4a1128238f47963ac966ddb57153719049535a6218b907fc413487a4d41e262b7d268ee0c54bf9a589ad04cefa12b171b1e8505

Download Submit
C:\Users\Admin\AppData\Local\Temp\logs\bootstrap_log.txt

Filesize
22KB

MD5
c5903328041a56a39e83dc874bc337cb

SHA1
7a3e94c6a0f1621c8a9b51ea1668abed9ac1afe9

SHA256
5b8c10199d30817ab8e85ae586c180965d058fae46611979eaa17569b57945ef

SHA512
8e430bee284feccc04bc5f8e68fa64f1865936dec5da12bfc7eef5a4d19f130eae4aa8891d50871f7603625c158bbacae439365143fac74a418c08965a3632f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\steam_client_metrics.bin

Filesize
3KB

MD5
34e8b54f486abf85da146d9a8ea9d924

SHA1
d22af9179d7dcf91877248e4330266017fee25cf

SHA256
6f68965bd4c45674846f8d503d26303636c42b18c474719ebf63c900628cee09

SHA512
e3debcca9236379df5d7be01ec5fb6651728d0f3d9d551b32f67cafed8a294ffdc325f7e02b79bf9cab71aac88bba155f38d90ed743cba988e37addbf00d16ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\steam_client_win32.installed

Filesize
467KB

MD5
61a4326c996863956fb5d1b134146c81

SHA1
3214cc2b4df674fa27564bf8e6e5ebd29cbc94d5

SHA256
438ff4e3ec5707e0a414cd5958b0b5f46555dffe246ba2a3266488e330dcca89

SHA512
fea85053bc41746c512a149f260477f9a4455e625dc68447ae1235ad118944876e3b0629d0476292f9a6caadfd44e1986a25dae8f9fbdaadd96f82c277d0362e

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\steam_client_win32.manifest

Filesize
8KB

MD5
b1a967b318030e275d3bf19635f17644

SHA1
ab036db9ca9c485e64333333d18b1b27655461b2

SHA256
5b1efdcd684821cf4d00e8fb4c7133d1e6a8b40d511c62c7e6fca6e3fa2c9e36

SHA512
eab0a2fa354481a8db92bf503437ed0d200e4727fb454834aab7f5125cebb901ee53b9bea44227b44bdbb3bb1280290699b4cf8fdbf3bbbef8b121c621d95a85

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\tmp\graphics\[email protected]_

Filesize
15KB

MD5
577b7286c7b05cecde9bea0a0d39740e

SHA1
144d97afe83738177a2dbe43994f14ec11e44b53

SHA256
983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824

SHA512
8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\tmp\graphics\icon_button_news_mousedown.tga_

Filesize
20KB

MD5
00bf35778a90f9dfa68ce0d1a032d9b5

SHA1
de6a3d102de9a186e1585be14b49390dcb9605d6

SHA256
cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2

SHA512
342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\tmp\resource\filter_clean_bulgarian.txt.gz_

Filesize
23B

MD5
836dd6b25a8902af48cd52738b675e4b

SHA1
449347c06a872bedf311046bca8d316bfba3830b

SHA256
6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64

SHA512
6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

Download Submit
C:\Users\Admin\AppData\Local\Temp\public\steambootstrapper_english.txt

Filesize
4KB

MD5
27993eb75894ca4894db266ad9b5e61b

SHA1
4def653ee04b0514822b690052598435ec25e686

SHA256
fbc09c1b9a55d04b57be8fb2ad5ab58b38f76054ecd3d1b70440a2d08191b05b

SHA512
eaebeee5b1a7dfb9bdf661623554793d7ef7e15d9f9cf01f94da1eb0b84b88c8f24176463d15c407ebf670c5b7fd4052daea33ba43e75c1de2979487c4987bab

Download Submit
\Users\Admin\AppData\Local\Temp\crashhandler.dll

Filesize
347KB

MD5
020ad894f0395691f728e74614adbd96

SHA1
d9c479da05f8cd20f42842ab9c6cb76170feaced

SHA256
ed97c4061db76f43a87aab8c226a6be0a68bbdf9cb331b3974bb9eb3da60a399

SHA512
db6bcf95135da7c247e7750e469c806c75c96622c1f765989d13e09439e3d52d434137cf9322470ffe3ad19b0bfb38ad23f8f015063511e7c77525173e6ee8a2

Download Submit
\Users\Admin\AppData\Local\Temp\steam.exe

Filesize
4.2MB

MD5
52d06173e5995fdb588e56840ac7343d

SHA1
0e3a1de21cfa9652adec0e9385db153e494f07f0

SHA256
0ab4f7c0d72361c9c37c5ce59f1df39f1a138f258c380a9bc1328ce146651721

SHA512
7e6e0159afa4fd02d9bec216d6861e425cf44d15e2742c05454aeccf4408be36cb43d57ec89094e5ba64e25c1282f912a956a66e297ef8e62b130a809dcd5693

Download Submit
memory/3032-12198-0x0000000001050000-0x0000000001502000-memory.dmp

Filesize
4.7MB

Download
memory/3032-12207-0x0000000001050000-0x0000000001502000-memory.dmp

Filesize
4.7MB

Download