3f27a1a005beb7b1032bf9aef9fe5128ee1cccc332de862717b42d0b7f9c1f34

Analysis

max time kernel
112s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20/11/2024, 02:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3f27a1a005beb7b1032bf9aef9fe5128ee1cccc332de862717b42d0b7f9c1f34.exe
Size

47.9MB
MD5

1b34108b77b984e227bbad718d89594a
SHA1

a75f5432e2ce39dc6c3f190d8d35ee2475a0ae6b
SHA256

3f27a1a005beb7b1032bf9aef9fe5128ee1cccc332de862717b42d0b7f9c1f34
SHA512

a8b82b25c7b0ed36f075cee24201ef6982bfc9978268d21c8631a1f2c03f64f1bf84f1cecd6400582c912883ea195939bd3d9d28975b8b380406a829bad0cd57
SSDEEP

786432:gRc3O2roQS8SUvmFaCLN2bywU4AKuoaklrh9EWtAN7OE1jWyUWolR1f/9jLgfipY:kc3OmS8nvdgkmF4AKflli1dWy5ol7/9O

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
4856	3f27a1a005beb7b1032bf9aef9fe5128ee1cccc332de862717b42d0b7f9c1f34.tmp
3208	Steam2.exe

Loads dropped DLL 61 IoCs

pid	Process
3208	Steam2.exe
3208	Steam2.exe
3208	Steam2.exe
3208	Steam2.exe
3208	Steam2.exe
3208	Steam2.exe
3208	Steam2.exe
3208	Steam2.exe
3208	Steam2.exe
3208	Steam2.exe
3208	Steam2.exe
3208	Steam2.exe
3208	Steam2.exe
3208	Steam2.exe
3208	Steam2.exe
3208	Steam2.exe
3208	Steam2.exe
3208	Steam2.exe
3208	Steam2.exe
3208	Steam2.exe
3208	Steam2.exe
3208	Steam2.exe
3208	Steam2.exe
3208	Steam2.exe
3208	Steam2.exe
3208	Steam2.exe
3208	Steam2.exe
3208	Steam2.exe
3208	Steam2.exe
3208	Steam2.exe
3208	Steam2.exe
3208	Steam2.exe
3208	Steam2.exe
3208	Steam2.exe
3208	Steam2.exe
3208	Steam2.exe
3208	Steam2.exe
3208	Steam2.exe
3208	Steam2.exe
3208	Steam2.exe
3208	Steam2.exe
3208	Steam2.exe
3208	Steam2.exe
3208	Steam2.exe
3208	Steam2.exe
3208	Steam2.exe
3208	Steam2.exe
3208	Steam2.exe
3208	Steam2.exe
3208	Steam2.exe
3208	Steam2.exe
3208	Steam2.exe
3208	Steam2.exe
3208	Steam2.exe
3208	Steam2.exe
3208	Steam2.exe
3208	Steam2.exe
3208	Steam2.exe
3208	Steam2.exe
3208	Steam2.exe
3208	Steam2.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3f27a1a005beb7b1032bf9aef9fe5128ee1cccc332de862717b42d0b7f9c1f34.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3f27a1a005beb7b1032bf9aef9fe5128ee1cccc332de862717b42d0b7f9c1f34.tmp

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
4856	3f27a1a005beb7b1032bf9aef9fe5128ee1cccc332de862717b42d0b7f9c1f34.tmp
4856	3f27a1a005beb7b1032bf9aef9fe5128ee1cccc332de862717b42d0b7f9c1f34.tmp
3208	Steam2.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3208	Steam2.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4856	3f27a1a005beb7b1032bf9aef9fe5128ee1cccc332de862717b42d0b7f9c1f34.tmp

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 4384 wrote to memory of 4856	4384	3f27a1a005beb7b1032bf9aef9fe5128ee1cccc332de862717b42d0b7f9c1f34.exe	86
PID 4384 wrote to memory of 4856	4384	3f27a1a005beb7b1032bf9aef9fe5128ee1cccc332de862717b42d0b7f9c1f34.exe	86
PID 4384 wrote to memory of 4856	4384	3f27a1a005beb7b1032bf9aef9fe5128ee1cccc332de862717b42d0b7f9c1f34.exe	86
PID 4856 wrote to memory of 3208	4856	3f27a1a005beb7b1032bf9aef9fe5128ee1cccc332de862717b42d0b7f9c1f34.tmp	94
PID 4856 wrote to memory of 3208	4856	3f27a1a005beb7b1032bf9aef9fe5128ee1cccc332de862717b42d0b7f9c1f34.tmp	94

C:\Users\Admin\AppData\Local\Temp\3f27a1a005beb7b1032bf9aef9fe5128ee1cccc332de862717b42d0b7f9c1f34.exe
"C:\Users\Admin\AppData\Local\Temp\3f27a1a005beb7b1032bf9aef9fe5128ee1cccc332de862717b42d0b7f9c1f34.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4384
- C:\Users\Admin\AppData\Local\Temp\is-NSS14.tmp\3f27a1a005beb7b1032bf9aef9fe5128ee1cccc332de862717b42d0b7f9c1f34.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-NSS14.tmp\3f27a1a005beb7b1032bf9aef9fe5128ee1cccc332de862717b42d0b7f9c1f34.tmp" /SL5="$5024C,49358704,796160,C:\Users\Admin\AppData\Local\Temp\3f27a1a005beb7b1032bf9aef9fe5128ee1cccc332de862717b42d0b7f9c1f34.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:4856
- - C:\Users\Admin\AppData\Local\Programs\SteamClient\Steam2.exe
    "C:\Users\Admin\AppData\Local\Programs\SteamClient\Steam2.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:3208

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Programs\SteamClient\DirectWriteForwarder.dll

Filesize
486KB

MD5
6f5a7b47bf1d61c9b84276a99121bbf4

SHA1
2a806a697397fafec4e9b333251963f43285a085

SHA256
391042279b8c582dedeaee0ce82b211db4020b07ededd0ff44b6225a702665d7

SHA512
9d873b9935ba153ef43b398fb5b11e7cded24a4885c219d66dc4e48df1c6e690ea61afae2ef95b95eef761743387dcc2c7cc85d0dcc107c271771fc4700378a6

Download Submit
C:\Users\Admin\AppData\Local\Programs\SteamClient\Microsoft.Win32.Primitives.dll

Filesize
15KB

MD5
d3baad7a5db953de71aa459841cc37db

SHA1
cb94ad1ea3706c7346ceb305abb6b47436671636

SHA256
a682b72f9d80bc517f197a0ff85cd2858eb743d8cb6e8453c946e413bd10c0e1

SHA512
7680f910655b9bdc99dda93d62f936fcf2c57931d7a324316d53571e2f069f691eaeea2fe30af1f08cc24e07d188692eb46d9a8cf6ab21cc7fb3fc391346de2c

Download Submit
C:\Users\Admin\AppData\Local\Programs\SteamClient\Microsoft.Win32.Registry.dll

Filesize
118KB

MD5
4fd4616455d07e7252b50b565a2e75c5

SHA1
cd6db5a8dca0d94aa5e48717e32f3ec3e1b17998

SHA256
853da3e1e5ba29decfc91a39fa1b70955bdc63e18f034ae119635df53704e9d9

SHA512
1e37902f3b4afcc08acd7c8450e72de11ca16d1d338b8e076bf4940bde832866d410900ed6513b1d6ba67e7fcf579336998d7b2a2ac9483404b3fa2c6866ee2d

Download Submit
C:\Users\Admin\AppData\Local\Programs\SteamClient\PresentationCore.dll

Filesize
8.1MB

MD5
eb08e99c6fcf641a2d936d4e16160408

SHA1
b0c22d6f0049629bd3575430fef188f13e593906

SHA256
c325ec0006a3a743cbf2df266e6c57a3b07bd0865938467204af1f36992c8a3c

SHA512
3bab6873f737ced3cc8700ef953355db4f7b9de3706ef35bf87516a3c4ecf3a9fac77ef047266b3c4bda3dff146cae329a8acaf5b9e6b5d27d86152a64b679e1

Download Submit
C:\Users\Admin\AppData\Local\Programs\SteamClient\PresentationFramework.dll

Filesize
15.4MB

MD5
fce0527dcea85fb4f9256c2d398be500

SHA1
a3e485d52c82461129d317b06b252cbb64fcfd3a

SHA256
b903285a81535d3f7d394e284fd8baff2df2001cff2d590b63bf159d6435e5f7

SHA512
a3f202a35af1ff36e371588b5d2eec57718d94028a1af8388453f7467f1a20502197376a2a1f02e4486cf8d91e773868018554f8f82ac6971195f7c93e7f9f51

Download Submit
C:\Users\Admin\AppData\Local\Programs\SteamClient\PresentationNative_cor3.dll

Filesize
1.2MB

MD5
1b7e26a5178d7e80ef9b5d1bf0c53763

SHA1
f3cacde5660e6db3b96a19032707326434c4a1da

SHA256
66e5d8d49f9645fd67c12324e0e947b8646779b502a3bc475e3a3aeb650e20bb

SHA512
bee9c66dbce0e9ab4ac06b5aa3a01e4fd33475a1be74d92dc9a75c2a3ced6b441f8a76747f3cf09913e38beae055fa277c55267353cda97abd018146e7355b89

Download Submit
C:\Users\Admin\AppData\Local\Programs\SteamClient\Steam2.dll

Filesize
150KB

MD5
e17923870064df5200cd84f4b60afed6

SHA1
bc5f5e3573868896505e3b743c5626ee10292df6

SHA256
405b6d4eba43d561dc8914a44ab6a2d70088fc0b18c2909e3b403b1f7871d6cd

SHA512
bc3d0f7b9f7d94e4a8a4355033d45c91a265118cf518253c6a5411c63f01ddd349497ffdedc8308ae61d6bc37558d80a04c25a132ea36f15e50aa73f5f3370ef

Download Submit
C:\Users\Admin\AppData\Local\Programs\SteamClient\Steam2.exe

Filesize
155KB

MD5
24579f75ee35bdd8e4ccc5351295bd9d

SHA1
aba441303c3b421dc246eadc469ca05f00dd006f

SHA256
0b5d62717704afe1282a9d6ade9104fe40e1c6ee855e4db66e8ef68f68c57cff

SHA512
3494565c8f75122f1204339bbdb3d90a4c2bb28405f98f5869d94775d9eb855fa19733c036b27e7bd3b6532a0aaede94ed427be3ac41d66efe7050073c6490d0

Download Submit
C:\Users\Admin\AppData\Local\Programs\SteamClient\System.Collections.NonGeneric.dll

Filesize
102KB

MD5
7dfe9c0a526e8be845fdf94c77a40215

SHA1
c3c84d477a91f553167c88d7dc77ec77723138b4

SHA256
4f96e191302a84c970545aadb2fc53fa9b5455b1de54187a5373e0e3b5c90991

SHA512
61971e48894e92832ed76967b06e0d8ab57b8748096159852bf2f6ad8c74f8b6dc759ec3fa868ae91f1f08d4f9ecb15cc3a8df697452dd17972a96715b0c73a3

Download Submit
C:\Users\Admin\AppData\Local\Programs\SteamClient\System.Collections.Specialized.dll

Filesize
102KB

MD5
7b967aba7a1321af17a04576de32cc50

SHA1
dc2f05b710d21733befb5066fa99bfb3ae1b7c4f

SHA256
c3d7055a0c71a9e8641c7883dbbdffebdbb27d2350de43ba925d947662533daf

SHA512
4b8abbe1101ea2cb7b257198e2dcb353cca151c4bebd4697a128ffd69d27e1de64fe19fcbdc79636414b01b15b7848e2c16e6b9bde24688d1794a7334aeaa9a4

Download Submit
C:\Users\Admin\AppData\Local\Programs\SteamClient\System.Collections.dll

Filesize
254KB

MD5
c755e2d819f1462687ba99f28d7fb638

SHA1
1758e9e47d46c3b1d4f71520d09f3fa80e40c9d6

SHA256
7ee67cdc969f5bd5ba1a4e99a17ed8a67c2dd835537a982cb41a7ebe3ad025fe

SHA512
060610e7c30ab2625c85315e0ac105e08888bd2b37a9abcfa33566565c632e7397fc5db5edf03054feca2b2f46cb73f54e2cdb258ccd470d1947a27bc7de997d

Download Submit
C:\Users\Admin\AppData\Local\Programs\SteamClient\System.ComponentModel.Primitives.dll

Filesize
78KB

MD5
a862087e377cb4e1ced00dfa23160cb3

SHA1
65198639efed63e4eb19839876453e6dc3c1d957

SHA256
7f450304cd7ff566c745ea2c776160865db400d42a2edc206020d8735c7b233f

SHA512
136adc24e973984d67227e66fcb6bdb3002c23d9883d20f111d78448b6dcb667da0a32e30292d669ac55ae35b2106fe754d8c262505ae5ede9058d750e74b50f

Download Submit
C:\Users\Admin\AppData\Local\Programs\SteamClient\System.Configuration.ConfigurationManager.dll

Filesize
1.0MB

MD5
29dc8a1515153483dc01004ebff4ea6f

SHA1
5981cda980a00577d8b0d4777315417b12730256

SHA256
3c65989cf6c67de98e21ce52a607f2a49f335bb465937aa9ba994b0f8c86e541

SHA512
bd71c0c1bbcde7f540aa25bd03a39301a8704f63d33e1fbd7cb98c9d3117ca68a4447dd43fb78b8d26b98727408da02cfc2435b0296543df8886b7456d4c6346

Download Submit
C:\Users\Admin\AppData\Local\Programs\SteamClient\System.Diagnostics.Debug.dll

Filesize
15KB

MD5
30bf6c4ef92aed34fc143a9724f3cedd

SHA1
1bb4bba6801925d9b9bbd7dbbccf1a8f522b4087

SHA256
40e5813eab9d7fa7a1914dbbd8e452c04f9ff053c5a4e5be494dc85ac4bd9246

SHA512
be5e7104f3635d000d7246832ac54c9e32512df678cd4b4baffe81ee3a1178bcd0028989af71c2617fcf849a316f67a3f7d790c901b1d35ccbd08f16c24ba592

Download Submit
C:\Users\Admin\AppData\Local\Programs\SteamClient\System.IO.Packaging.dll

Filesize
282KB

MD5
c5b20b04c09a5a9e56e695016d5d52c9

SHA1
507e9acdc223a8df9ec446158121f59be73ce1c3

SHA256
1033977b422496b3b5f008979be89cf9a06743581a36b6408cb4ded628d714a4

SHA512
bc608f0128ed30e40bd16f13e1c749ee86ecdcbc615184e59096697b04e3c69d879999dc9a14b4e047dd20dbd2cf81297e748f8f32ae92ad121a033813c269b9

Download Submit
C:\Users\Admin\AppData\Local\Programs\SteamClient\System.Memory.dll

Filesize
154KB

MD5
11c346045e8c17c82c66b33e1e200dd8

SHA1
64e08782d5ca2acb2ac2c88b2d8f0323f43e3295

SHA256
344c7a232249c2ace65d2cc03d62c356fe3f56ad46a0cc4603a36ec7d0f5587f

SHA512
294f1f8def433238de0e98754bd44bf0614490d8a1086759924f548b91e219e223380601f16b987b27c9d0d67fe80393827a30580cfa096c49f5b2834e73fb88

Download Submit
C:\Users\Admin\AppData\Local\Programs\SteamClient\System.Net.WebClient.dll

Filesize
166KB

MD5
53ab5080deee5c08f664c6329db1cf45

SHA1
f800510d0212425220bc0dfbaadc9fbd979ddfb6

SHA256
ebb450e89de674b20c93e0108123ff1c1d2f217cf9cdf2e51609a84e76708687

SHA512
dc321bb7693ecf188c148df5abe942f2dd6d2fca6f681876bc9c066a1356c7e3562846e5e1d91b759afac9f1872d9516fce81270e1aeea4ffd608899a4ef9772

Download Submit
C:\Users\Admin\AppData\Local\Programs\SteamClient\System.Private.CoreLib.dll

Filesize
12.6MB

MD5
a2ea4d0a864dc1f7c7a4ea4d3930011a

SHA1
0c0ee0f265387c64d8b9f0bb29e7d9320f394c65

SHA256
60ab682b551cc4e94e2de432149e032fd63ac0b6d15397decc4d8be87c6be1ab

SHA512
90ef986ae72d4713aaea1e86f185ec709f4726095bed25598073b0af988d8f941b0cb345f05bc1832936b9d0f2b9db477d97a9afd83cbc6552281fd9e5553997

Download Submit
C:\Users\Admin\AppData\Local\Programs\SteamClient\System.Private.Uri.dll

Filesize
254KB

MD5
22647404e842f5177dec97b960b98501

SHA1
5e5decc395401901278f2b4727ed6539ce28a51c

SHA256
f289bc9873ae0bd99db74e00f480c931ca94f3785251132c04699ab01893604b

SHA512
3ef4f8141b680ef0922c24284e7b5d5f7b006c0e718e69d6e2f0446b58b271099fe599398c1814c8698b8460a5a6062bafaa12d2f7ffed5123a86dca46bdb340

Download Submit
C:\Users\Admin\AppData\Local\Programs\SteamClient\System.Private.Xml.dll

Filesize
7.6MB

MD5
1b47420d8ad2071cded2c944e3f6c984

SHA1
157cd6b1dc208bafcca11282fb3b6259d9d5dced

SHA256
cfb4dba4ac73773f5eac02006f0fe7e6399cd67f5a12b4ce26c9f0f406a7eded

SHA512
4ece5be567cac3751fffba31fe00f73458e205f658a3c55ac42271d00e43ceda2ace6c0d59272b527b36a83ec1c340a1fb7ebd9b041fcf841badb0b6b92fc80a

Download Submit
C:\Users\Admin\AppData\Local\Programs\SteamClient\System.Runtime.CompilerServices.VisualC.dll

Filesize
30KB

MD5
460684b262de49f8a3c771b47c993ea3

SHA1
15b760439d2c0a0b39eec012eda53d67078d0fa8

SHA256
2d796a9138318ac5bcfe96970f3c5920f8307856c1bee5f9d5beaef0369ae319

SHA512
41cf1ea52bbf2adeb8a066533fe9647b67e9feedbf45dc4e517d61eb31a35b8944062de7b59476ae8e533e99cdc5e06270957652a1467f94157264f53258ecbd

Download Submit
C:\Users\Admin\AppData\Local\Programs\SteamClient\System.Runtime.Extensions.dll

Filesize
17KB

MD5
76436c13bba8732978a08454fd284d23

SHA1
359a7a36e8df9517450bff786c07c68abc004c9a

SHA256
ad4c4c92bad3d1be04793a39377129a42c45c227fe404113fb9f9bebda3c4b06

SHA512
23dcef122ee3da9e0d3a40bcbae1673dc5ef84103207d56fe5b3823e8d20d5b15124bc83de0e6dd60ac06bde8f0ee6527e7d70a654956db68f4af97fc4102a6e

Download Submit
C:\Users\Admin\AppData\Local\Programs\SteamClient\System.Runtime.InteropServices.dll

Filesize
94KB

MD5
1ba98c8a3c7d903abff78d01e081d64c

SHA1
15ef718b9f1eec435c7aee8a59b41562d88934a4

SHA256
69de6ab16dfba66224b37e4fcd5e62afdf45f75c9f5c78bfd6cbfa09142390c8

SHA512
fb194521d9964012cbca456505a9858b49f36009a6e9dce9f9ec6126693990750285f57db2831048606336eb9f28193d6073b3e6cacef337d7323a3967ff3846

Download Submit
C:\Users\Admin\AppData\Local\Programs\SteamClient\System.Runtime.dll

Filesize
42KB

MD5
ea2e0866f900117135c1771d85281303

SHA1
ec58a506017621db3233d1513d28727ea2fa7c7a

SHA256
819e11fe3c456dfd56377233b2bae5bc11fef41fa3a8816ed30fafff74a2090f

SHA512
4fae0463dd343e74d73401e9724e17f044699ccccee3873467a0171360fa1f0af080178a71ad7ddc7878218c9069eccd9b7b85557e699fac0cdaaa28bae0c40a

Download Submit
C:\Users\Admin\AppData\Local\Programs\SteamClient\System.Text.Encoding.Extensions.dll

Filesize
15KB

MD5
8dc6e3fb54faa14613ce7a90722569e4

SHA1
87f0edb5aee1326917f74586b8985c06c4246e60

SHA256
08e5a63deb24f9f9df1aa4128f2020644a86edc8cc42d23d3e5e4e00a4a1f52a

SHA512
b29af1804677f24b4e2a9efba474c66580f530c09b001e747d9e6676762fd0025d23b6ca2a400f2ea7b09ed7469f160dc32d79856df30031fc55204eb8c9b936

Download Submit
C:\Users\Admin\AppData\Local\Programs\SteamClient\System.Threading.Thread.dll

Filesize
15KB

MD5
a1a92b8791b4d56c7b6e335483e38135

SHA1
8c9d7fc7b452c7993313d349722a2c25283bb53b

SHA256
9b1f4f2c7fc17d2cd4f49fecdd6b8d71c77998f54509ef1b28f2910dc9a6b618

SHA512
b03148c8fb0f67f5d1c2acbff7be34c8e5d9e17b4fdf60c85af3437815aacc69de8dd3e693b44c7e40ea8228ea1e3399849646666046e218972f2cab8b15cb29

Download Submit
C:\Users\Admin\AppData\Local\Programs\SteamClient\System.Threading.dll

Filesize
82KB

MD5
2552d8702cce0128057f347bf760ad72

SHA1
f32d9d8051c0820cf92d6d326d7cd65226850a75

SHA256
5f4184fd0607dcb2e3006118b618aac3417b9c52e51c6d58c9c396a1f6af9720

SHA512
f25554ecced6e7ff8fa370c8a2d526a204ba7139aa944e4b42f010f30a199dd7c0d434a187db9cd97ccfb054b9810e059bd3a50c5e0c2b40594c741f289b2dfd

Download Submit
C:\Users\Admin\AppData\Local\Programs\SteamClient\System.Xaml.dll

Filesize
1.4MB

MD5
87605f39616fa8f05f32ea9087681cbe

SHA1
1b971b72c32b1cb2d0c3e1c9000b7bf14f5b0122

SHA256
6efe4c56c90455a4a5dcd11de881dddfbfcf343d523edfee30bc318b4622ebc3

SHA512
db7071f23469d0b69197c69dc2258f221ec966e5ffd92767031cc095296ee0b1abfc024738c47ac11c30e2146def634b267355518d1f1d979b7ba7e6cf39dd49

Download Submit
C:\Users\Admin\AppData\Local\Programs\SteamClient\System.Xml.ReaderWriter.dll

Filesize
21KB

MD5
e08002b259471a203fb54a3142617115

SHA1
fb0edc0f656f850ec49740479c78251a8feef35c

SHA256
1a10820beed89fe0a72d2d6a9e849001590b35625006ef53f67ec4981964b231

SHA512
acf5c0a39460a24f0687d84be6b435b1e57bb90d77a13da712ceaae4b8409960ff21509f3e857d489abd6827d8faa635edb4fedf4141c7bfb858aab4ec6d4c1e

Download Submit
C:\Users\Admin\AppData\Local\Programs\SteamClient\WindowsBase.dll

Filesize
2.2MB

MD5
3a905af6b4a0c8431e438b35e8e0afac

SHA1
7f33226b0501abbb4a8e685f752a172f4a486987

SHA256
56799a464ab74e86f00104d3cb39ddeb6fca2e9da8cf063b660ce67c47a2979a

SHA512
ae69ab68318dd3f4931f657a95231e8bec5d6eff007a29c17a1fe22448e1f5a5d06b0c5fe76e614aa5ee71cb546c74451904911fd8c415da5c360ff1aae8f2a1

Download Submit
C:\Users\Admin\AppData\Local\Programs\SteamClient\clrjit.dll

Filesize
1.7MB

MD5
00949aa1fce3c881929adb781077d8c0

SHA1
ff75673fd2492ec8d09458e2000cce68565eff26

SHA256
91a91d35eb8d85293dff960e8431963114aefb9b62b0c261c0012ed040a2fe44

SHA512
3fce596dc69c4335ec5403171f5a044dc7e5e3de8bffe56777444e33dbed91d3647e74eda936c2ce0117f5b9d5c2d28a522c26f8e54b4b1be2e1adbb4f1159cb

Download Submit
C:\Users\Admin\AppData\Local\Programs\SteamClient\coreclr.dll

Filesize
4.8MB

MD5
059fc7a9cead83069d5147dd4dd75ae5

SHA1
ef7754ee10708c753e6a64c5f3b122cef94a6166

SHA256
db1d6deb3b4a74769db761eedf669142ab2d759eba324672de2649ef3d88e7f0

SHA512
1656bd914b308f1ffbcced00a53c96ab4bcfd411ca6aa0e98fd8f4768a2f94a4096d6858e4aa0e6a1dbf068f1d1a1e2d3d560592afb09da1ebbb27b8f9e7f903

Download Submit
C:\Users\Admin\AppData\Local\Programs\SteamClient\hostfxr.dll

Filesize
342KB

MD5
d078ea59cae2f77f8794a632dd0809bc

SHA1
843a780e62b4f2c85e17de2e87b2c3cf233d9571

SHA256
f451a4839bd27a10fd03e751c843f2389e71e76a2f7bf418a650a53844d21d1f

SHA512
a9b9b223286170cadcfca8f2e125791b817301b6464f0ec839990696d743986634563e2ce8080d540cdacc0fd725c0fa17c40cf6668a8a59ffc2df17fbedc7b9

Download Submit
C:\Users\Admin\AppData\Local\Programs\SteamClient\hostpolicy.dll

Filesize
384KB

MD5
4df8367f195394e23720173c751cf159

SHA1
e215cf52164d4180605d5c16f873691649f4c32e

SHA256
29bcb525992e2bf1dc2c66918450ade3b36e88226b1ceab18a8c110a0e0da0dc

SHA512
fd5db356cb08578b731c62afe3a98d57fde6889ed1664038f01fbef00fe06c83bc93365cfe94b8d23906990bff5da437a97c684c69cb61812e46c627c55cdd34

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-NSS14.tmp\3f27a1a005beb7b1032bf9aef9fe5128ee1cccc332de862717b42d0b7f9c1f34.tmp

Filesize
3.0MB

MD5
5338593c8a3654fef48e3efd7fbbe890

SHA1
6b301281f7ed992e22fedbf962314edcee4560cd

SHA256
a29e2a4b87d32a4949c359d321b3b3ebb9d471ae5380500a5725bce414158760

SHA512
56cb89b9c51010c5ee73a4da935fdbd75ee93afacb5681cd9648f9523339d3d2e151de35976974fda58874a0c5247a3251a5bd8428fd2435b07bf8e45d4035e4

Download Submit
memory/4384-8-0x0000000000400000-0x00000000004D0000-memory.dmp

Filesize
832KB

Download
memory/4384-575-0x0000000000400000-0x00000000004D0000-memory.dmp

Filesize
832KB

Download
memory/4384-2-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/4384-0-0x0000000000400000-0x00000000004D0000-memory.dmp

Filesize
832KB

Download
memory/4856-9-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/4856-6-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/4856-574-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/4856-572-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download