3bc6942fe09f10ed3447bccdcf4a70ed369366fef6b2c7f43b541f1a3c5d1c51

Analysis

max time kernel
72s
max time network
76s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
21-11-2024 17:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SteamSetup.exe
Size

1.5MB
MD5

81448c2e730b50b597bbd5e43007ce6a
SHA1

4b1b85ec2499a4ce07c89609b256923a4fc479e5
SHA256

3bc6942fe09f10ed3447bccdcf4a70ed369366fef6b2c7f43b541f1a3c5d1c51
SHA512

c9125b79012e00fc9ee800592dece583a97756b5f4485c4649f3a11143afa673b4d386af256129032064f158186542bca7da70cd31770cd7eb4a3176c96e7124
SSDEEP

24576:QDliBd5TyliR0gWwOvTCU1z3zk51iq449nkU0/1COmcrOqpXzzE2YeshfLKB7:QD8tylwXoTCWi1iq1nkU09lRENhJLKB7

Score

7^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
3348	steamservice.exe
4196	steam.exe

Loads dropped DLL 8 IoCs

pid	Process
1180	SteamSetup.exe
1180	SteamSetup.exe
1180	SteamSetup.exe
1180	SteamSetup.exe
1180	SteamSetup.exe
1180	SteamSetup.exe
1180	SteamSetup.exe
1180	SteamSetup.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Steam = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent"	SteamSetup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Steam\logs\bootstrap_log.txt	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_035_magic_0341.png_	steam.exe
File created	C:\Program Files (x86)\Steam\public\steambootstrapper_french.txt	SteamSetup.exe
File created	C:\Program Files (x86)\Steam\package\resources_misc_all.zip.vz.e86a975545f3ab21a77373870cb311ef93934b8c_2224876	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_010_wpn_0518.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_035_magic_0316.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_040_act_0303.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_050_menu_0110.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_010_wpn_0330.png_	steam.exe
File created	C:\Program Files (x86)\Steam\public\steambootstrapper_koreana.txt	SteamSetup.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_040_act_0304.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_045_move_0403.png_	steam.exe
File opened for modification	C:\Program Files (x86)\Steam\logs\bootstrap_log.txt	steam.exe
File created	C:\Program Files (x86)\Steam\package\steamui_websrc_all.zip.vz.1e4d6be476cd43a361c600932f15e441d4d42512_24875485	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_010_wpn_0523.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_035_magic_0327.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_045_move_0070.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_100_target_0100.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\RobotoMono-VariableFont_wght.ttf_	steam.exe
File created	C:\Program Files (x86)\Steam\uninstall.exe	SteamSetup.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_080_input_0110.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_060_vehicle_0090.png_	steam.exe
File created	C:\Program Files (x86)\Steam\public\steambootstrapper_thai.txt	SteamSetup.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_010_wpn_0521.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_035_magic_0306.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_045_move_0090.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_045_move_0215.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_045_move_0417.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_060_vehicle_0140.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_010_wpn_0412.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_035_magic_0347.png_	steam.exe
File created	C:\Program Files (x86)\Steam\public\steambootstrapper_czech.txt	SteamSetup.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_050_menu_0040.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_090_media_0210.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\controller_config_controller_switch_joycon_right.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\controller_config_controller_x360.png_	steam.exe
File created	C:\Program Files (x86)\Steam\public\steambootstrapper_greek.txt	SteamSetup.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_050_menu_0304.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_010_wpn_0417.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_035_magic_0309.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_045_move_0040.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_060_vehicle_0130.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_080_input_0030.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_080_input_0100.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_080_input_0120.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\steamui_websrc_movies_all.zip.4d2183b0476852dfb695b8d70192a0ccece8c7d0	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_010_wpn_0220.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_035_magic_0362.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_060_vehicle_0060.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_030_inv_0316.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_090_media_0170.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\special_blank.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\genesis_a.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_010_wpn_0350.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_035_magic_0353.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_045_move_0413.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_010_wpn_0360.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\StorageVideos.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_035_magic_0340.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_040_act_0306.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_045_move_0402.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_050_menu_0080.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_050_menu_0160.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_100_target_0030.png_	steam.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SteamSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steamservice.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe

Modifies registry class 20 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" \"%1\""	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\steam\DefaultIcon	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\steam	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\steam\URL Protocol	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\steam\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\steam\Shell	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" \"%1\""	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol"	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\steam\ = "URL:steam protocol"	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\steam\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\steam\Shell\Open	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol	steamservice.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1180	SteamSetup.exe
1180	SteamSetup.exe
1180	SteamSetup.exe
1180	SteamSetup.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeSecurityPrivilege	3348	steamservice.exe
Token: SeSecurityPrivilege	3348	steamservice.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1180 wrote to memory of 3348	1180	SteamSetup.exe	86
PID 1180 wrote to memory of 3348	1180	SteamSetup.exe	86
PID 1180 wrote to memory of 3348	1180	SteamSetup.exe	86

C:\Users\Admin\AppData\Local\Temp\SteamSetup.exe
"C:\Users\Admin\AppData\Local\Temp\SteamSetup.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1180
- C:\Program Files (x86)\Steam\bin\steamservice.exe
  "C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  PID:3348

C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Checks processor information in registry
PID:4196

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Steam\Steam.exe

Filesize
3.1MB

MD5
565d90cdc73f2cbc03d5c184c70fc524

SHA1
a676fab0be82968b922df4f611eda4dda63b7806

SHA256
70bde9e88aa386aa5139cac0c8a78b5576f1bed9e5f719c4e620d5c0cf7d5cbf

SHA512
7723098706d990259f6fcfc96c3dad15de951148b7122004b39e2e8c6db87f64d91cf45b693af88e1d0837824d96ec05dfba54ab7a02088a0b3f9052c2c335c2

Download Submit
C:\Program Files (x86)\Steam\bin\SteamService.exe

Filesize
1.6MB

MD5
3e654318b9c1203beb7f4aefb2f6d839

SHA1
5b147ca8d77e4985298c63d0ed09a217149fe665

SHA256
2cdb8a21456df3dbc46c23460be079bf285b1352bd6b131f572d4cb52bacf252

SHA512
0cde534c2f0d350c21b1ac994c9530e9692c9738921393c9c61ca7e1af8d8587fae7b8bfa1038fead9a630c0fc0a257967a962cbb55c6bfa776162b3b6678e6a

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_brazilian.txt

Filesize
7KB

MD5
0fad7d2f29c625003ff68e645593f27e

SHA1
6d0d40c62d68ba1fa54239db61a98ae75d615a98

SHA256
e4149f2d2e2fe362241717e161838e6177a1ccc522e1b95746fbd7d05bb0749f

SHA512
3ed6b85098fc71bde283e6462d483a05ea217387b3de0fbbefedad1b81ba1f71ab42d35462eb836dbcde06f05ba2da14a6283fddf45ce7fc58d1b7b1f8ba5801

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_bulgarian.txt

Filesize
9KB

MD5
84abaf1ca4bf7372acdc9f89d3b7592d

SHA1
e73b80ccb67610c4b2cfc1d7c308c836bc7ea08c

SHA256
8dd4d81cb374750de3d3df6ffd0cc238ec5d1e3946dfef4b4c8380bdd832d0fd

SHA512
a572f29bb203e590a3745c28084b20134b2e5159ce04b9177c4aa371f0b184e60c07d2bb39c1692d6040338014be77ae0464e31de40ffadc84808463aa9ddc70

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_czech.txt

Filesize
7KB

MD5
b02ddd5e3b43e43ee9e51e13968b7a21

SHA1
38e224214aca0cd6931cbe72035bc912d0403f41

SHA256
81a445a3ceb495564829cc7b0280fa993974b33476b85edcdf87f738ca82705b

SHA512
7a9b46a45dcb871dc81a5c316464e3f13f51a877003cab53b811ab6fa7fa5e69b867ddc4dc2228052558bcedc2b5c5437856c9fc53f290c4e74192b13b275209

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_danish.txt

Filesize
7KB

MD5
d01a820b7be78e208952a7bdea47e2a8

SHA1
170d1c12223470ffbc0b1e7c2cfd1edeec30cc7d

SHA256
a6ce02cd2a342a2e2e60b42b18417b006c681cf233877b51b59db44aea0ed620

SHA512
30e26e5341734070206c6058a66b1fc5e055dce8bb002ea37ee417eea30c49633cf13769f553f66a532a6398d071b2b79ee6e5199b6b8b9cc7af6b2aebd718ad

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_dutch.txt

Filesize
7KB

MD5
a24b4785c1da9b9838cca95099f973de

SHA1
73567a621fade953c308ac405a0bd9d0fc9bde08

SHA256
9c7b92b27cadcfe7ad1f47764cda4d6f5d9c64e30507463c277581e580858a43

SHA512
1b4dafe6a2ae68bb9469f1aaf20beb0b66aa3f1d0c8d548ff483fa30d1b419f75dbac2608a8dbc393e0e7dd84b72470e7146a3b518666f3cf9d6f952f912c8b2

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_english.txt

Filesize
3KB

MD5
6df4e3ebc6d7c96fe41c4c5213f17efa

SHA1
4dc2b996f828c1a1568a0f3a3fdfcbe5ca2fba2e

SHA256
6387f9aff0226a5226d5d4f0fbe77ac80797ca621f0892034f38f0bf2370e4e1

SHA512
e5eca80531c70d8c4ec7032885151dbc4072fa4a914a997796db8b62fcd27a42349987cd176bc5cc9ebf788ddcb125578b2306c02c1b27d44ac2dae0e2725aea

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_finnish.txt

Filesize
7KB

MD5
537fd7e53fd7c2c0bb5a2b26a0bf8867

SHA1
07d833c88ee67699c2d50cab18449621a545fed5

SHA256
fae3118f870c1adb564f641fee63ca1334a0f65213b16201511b343bbdaac544

SHA512
680b91571493813092f1b98e1ed03abe7f18af9639c7b3a2cc74ba968395994a96bcd9368020bf65f55729bb60214a676e27d6aa0bfb32de6b276499882e10ca

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_french.txt

Filesize
7KB

MD5
0182a05cf3aa48b0df12d899ee137ebd

SHA1
78ffdef2199e40fddfa253ff981c0602ae595b30

SHA256
46ce11c8add1fc89abe663b42a18e24c11ff8377a2ed2a4c35e835bb696701e1

SHA512
239e988e0020f4c3aec78932f865e1c7c21f68426e661e32386619b990b343065b46e023857c73f07d0c00410eedd5607427b67f32d483ced0b1be4a94778d1d

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_german.txt

Filesize
7KB

MD5
825465df8bd77c7e0aeb03736d1096c2

SHA1
c716ef125e014136ae3817babffc2b7de91b99da

SHA256
6925960062dce683a30621506b4da178054df17144fb18fff387230d561c46d1

SHA512
acaa8d94eb99835db1dce248c490049df26b31ce843d53f0d8afc8615930e0f0273a9baaabb02095510fbb01f984baca5897dd48fda33cdd6254b0a2afc963b0

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_greek.txt

Filesize
8KB

MD5
8bfaf948d2a968637202cfa810f6ff44

SHA1
d5c8f7c7ed891a7639148a91139fff69042785c6

SHA256
98205d4543eb8ea31dd97d6596d6d495b8b077c34ab3d2e525cdd3fd801f06be

SHA512
594e4f81f5037731b7e67b6b9232bab23a6318a155f2e587d7352fbb3ebf84785a7b8dc3856b3db2d8f6c94285bdec5596a9433a6aac54c03890183b2abb939b

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_hungarian.txt

Filesize
7KB

MD5
9f40b6b09785b41f1518c86e1101dcf3

SHA1
db36e656fc7487504f5ae8ddc3a33d34b278512b

SHA256
82d9da0c4f4f1971ad133e61238c4dbd946b9a58e766efd36a949f975b96ed8d

SHA512
66d3746e6be2b96041e7b95ae955b1bc052476752106062e26c241d3198da9e3631c7346dc5140f772dd61ffd3291b6e6ec787b09061c2f41f9c5b8cdd8cea1e

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_italian.txt

Filesize
7KB

MD5
153ab0f90e90e2db5d89d5223fa23d28

SHA1
ff009664e4e9982639c488fe9a3750e58caa1ae3

SHA256
f79ec156b7a205a8b34714fa32b1d5f7523cf738daf8b216100cb2cfe8489396

SHA512
da816b48f2489b1f0438253fb200e2b80fbb093491ea591d91c7677500ed71d23bc71eed93f4545b6cfa4ca2e37353c4d12ac2dc6c741b2641adba0e9b90b7f3

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_japanese.txt

Filesize
8KB

MD5
9c00f0cf5f52c9b6e1288abed68219b2

SHA1
f2381506a01c2d08532554de368be68b37c1bc05

SHA256
3e3cd5b49164d7fbfb16e1b0896955f2a8c50e1b1a0264f5b542df5be60d22ed

SHA512
ff92c247002cacd3c1b246320987ecdb398fce4bc84c2a26c2bf1c6d588b19d3f5a5a3c64655ae559aa0a369dc7470cde1a6e192c9185567e993c9222a1e49d4

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_koreana.txt

Filesize
7KB

MD5
ee823b913cae33aace5bde417e748c47

SHA1
f8c733ed0324898cbacff1920a86b99595f3736c

SHA256
b2b890baf9241a1e49adf9ba78bc70870265dbbc87d9523b47fa82da5238304d

SHA512
552a803802619039cc09e339f36708a3cbf78e16d1002c5e83522e6eaea10c04896d28d4b602b2226abc1cffb7f3fe96a68a2414c367a02729e573bcc0884894

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_norwegian.txt

Filesize
7KB

MD5
845a648a8042cbca41977824a4356feb

SHA1
05bcedd9ef743f92ec8563247f9e3c269fea1e88

SHA256
80ae7f593db16f9d5d33b75d19d43f3f3bbf0cfe017fdb0148c0eecb0aac0232

SHA512
9860ece0ee2221e463356c2c578c2df429f20c6ae56c475f9bb9999ed69ebd611ed101de2a054c495ea4e3bfb9184542f47968e80ed07f8a29e8186808fe89aa

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_polish.txt

Filesize
7KB

MD5
d0d360beca051a6150c638c814111884

SHA1
dfa0c223ff598095f1cd3b1bb31045c9474ee28f

SHA256
361fd526dee6c2f56084b6ca6079ca4ff1a52eea5878293d5dbcd8f7d6e9e2f1

SHA512
e92fe0abeaa21f662685658d1c4a02d50187d3fc55982567a8e39582ee1fbab57201bfa891bca6e76bd674f6daa51aa4fd5952f1e6a1d677fe6f0499e7f54909

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_portuguese.txt

Filesize
7KB

MD5
4a32371d0b6a48d7a43e5c1dec5c4f6c

SHA1
b51c36fabf2f605b7c69c42d03124d6b3172daa7

SHA256
cf9bbc83e6e80f288abce4b16f10d1bec89d7116695076a81150ee6578a53e37

SHA512
03617a9c386961f6ba05d922b708181117095fe342b5fd753278bcc7b91cf839135c7c9760040e707dc95cb5997bfe2e0c344b0b2be4def1c8d82ce1c068d67a

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_romanian.txt

Filesize
7KB

MD5
35f63d2eaf9c5031e0c38849e5e2846e

SHA1
150c6ec4f686f2611133a9451b829be2298d4235

SHA256
c1ae90b2b0eb2b6c0bdd18ee480ad8a55d48973f70577c7c6b387330b3aec0aa

SHA512
aa7508905f91ff69e1b9cdf16375309b038b0e864a04f0d1af19f28e44a0f31463202560f078b14eb61c88997dc540073c90a3bf5751a2fdeb7f065cf4327982

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_russian.txt

Filesize
8KB

MD5
71ad4a77bc487de7bad27a795a1d1523

SHA1
c179512988d6c241e4867a4725c448232208f8ef

SHA256
5afefcfa874796394cecf88dc82e6efbbb8c5d7c0337309b253494856c384659

SHA512
6ed41c9066fc433df7d96b9b9a38a5b170621eda3f84a0cf3f9b1f3e964cf510845e4bbcd07e73d404959ca213e35a90d443793fedaacf65b06e74f1878072ad

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_schinese.txt

Filesize
7KB

MD5
d8f7880a0ab573162d50fd41e7ede586

SHA1
7791ac9ffcfb3a4d78c362b0df78903f8380d7e1

SHA256
dc70b1acce126b30f4dc246444e0e599aa3c5285136a62d9636514d4e2db479f

SHA512
f1f5753a665e96b5bb00fec95986483c880516701993bde8be9111e093816863be0881ffd78c01811bf84bd50de00827340cd470629b4ea700ad614d996804d6

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_spanish.txt

Filesize
7KB

MD5
3b5f0ab6990fb39fa4215c4b55f7d8fc

SHA1
c9f2ae1fb72edbf42193da053a3afff4cf8daf6e

SHA256
278eecab7d6d7c8639f0114c382343067f19288fe0cd2778bbc9b3cec50d7da3

SHA512
3a94a213e3ca3ff0e4f0fa7e5108064e23011bb6e5d19a4581c901bdea31f3780a092f93bbf1059a91a73929728066ecb855dff402f2de5b8b514afbd446131f

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_swedish.txt

Filesize
7KB

MD5
47ec6fb3d98e01976d7aa81658789f6e

SHA1
dd0843152cfa3a6423852bab804c41fd9065a6fd

SHA256
c8a63c827f343a5851a9ceb352e2cb9d3ffe16797390c132c0951c53be1a91ed

SHA512
f41a40852ee05920165eec44fe8d69a9fddd6bc79f094a61ce33477d02088c8c051c7b636624d76d8f0d269e29fc3875c3de1557e0520b7189df47e6e32f6cc2

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_tchinese.txt

Filesize
7KB

MD5
b076ad87c690eeab567e54c0b8db299b

SHA1
56a60078bc7926702fc2ff2b98f688160d3ae0ae

SHA256
ce35fcd84c8f2b288de110dc74e45544a9b61bef98d29612518a41a4ee7b6d30

SHA512
b89b49c0d086aeb7ad7d2dcd43fd646eda47cd0dfef35f37610c0e3e7449fdfd4feebe6322174e08361521cb872ea1f9c6de53a81fa9af707f2aa8a7049a51e6

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_thai.txt

Filesize
9KB

MD5
1720daf2627ef4ad6626997665c74502

SHA1
2014ca6ab6473a9b2b95607189312e83aa493d09

SHA256
8eccfed053ba4881b6cd3ea518004ac98820eb6f049d9148fd74492d63d75095

SHA512
56808e7a542c6a414eabc2170846b6c4f13a3b54e1f73faa912d65c523b9fe7b5d36be9a6a81354a9329d4d70cc8d396c7bc9777c264dd7aa462328600e0a0e5

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_turkish.txt

Filesize
7KB

MD5
cc1a9b06de02d14dc28b5cb12fb805ad

SHA1
a2f2fd523ccb73833e41319a1305a26c82ee2e36

SHA256
70ddc7e39868e07b3737e648e279888865e8942c5736e7208d77597f96d8182b

SHA512
3aa0eb54a639032842f08f7a4a7dd933154f98ee84ca73b4d2cdb4e038a4a429b7307cfa4e1ce078318ff21710997e4d3311e5abd78caa000d1b130aa4ed9d12

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_ukrainian.txt

Filesize
8KB

MD5
f2ae05cc88dc6d7bc8e0e29a7622312e

SHA1
64366791878efac86ef7b5a4bea10a20daee45fa

SHA256
d1b6f19d7442784e3ea222e9506f0a45a9e981268a7035898d6c0e86932d3b9c

SHA512
309fa304e1b806fc17c2eceb97426b782c0194b607de4b1956b2bf2b0dfe3200cf39c077f349721f27811a978e44cad0fdba83e54672ee6c4d6bdc5106e1ce94

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd8167.tmp\StdUtils.dll

Filesize
99KB

MD5
98a4efba4e4b566dc3d93d2d9bfcab58

SHA1
8c54ae9fcec30b2beea8b6af4ead0a76d634a536

SHA256
e2ad7736209d62909a356248fce8e554093339b18ef3e6a989a3c278f177ad48

SHA512
2dbc9a71e666ebf782607d3ca108fd47aa6bce1d0ac2a19183cc5187dd342307b64cb88906369784518922a54ac20f408d5a58f77c0ed410e2ccf98e4e9e39a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd8167.tmp\System.dll

Filesize
11KB

MD5
a4dd044bcd94e9b3370ccf095b31f896

SHA1
17c78201323ab2095bc53184aa8267c9187d5173

SHA256
2e226715419a5882e2e14278940ee8ef0aa648a3ef7af5b3dc252674111962bc

SHA512
87335a43b9ca13e1300c7c23e702e87c669e2bcf4f6065f0c684fc53165e9c1f091cc4d79a3eca3910f0518d3b647120ac0be1a68eaade2e75eaa64adfc92c5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd8167.tmp\modern-wizard.bmp

Filesize
150KB

MD5
3614a4be6b610f1daf6c801574f161fe

SHA1
6edee98c0084a94caa1fe0124b4c19f42b4e7de6

SHA256
16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b

SHA512
06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd8167.tmp\nsDialogs.dll

Filesize
9KB

MD5
0d45588070cf728359055f776af16ec4

SHA1
c4375ceb2883dee74632e81addbfa4e8b0c6d84a

SHA256
067c77d51df034b4a614f83803140fbf4cd2f8684b88ea8c8acdf163edad085a

SHA512
751ebf4c43f100b41f799d0fbf8db118ea8751df029c1f4c4b0daeb0fef200ddf2e41c1c9c55c2dc94f2c841cf6acb7df355e98a2e5877a7797f0f1d41a7e415

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd8167.tmp\nsExec.dll

Filesize
6KB

MD5
c5b9fe538654a5a259cf64c2455c5426

SHA1
db45505fa041af025de53a0580758f3694b9444a

SHA256
7b51372117960e84d6f5eb3a26810cc044ff02283b3d656a0a456b0ab5cb8ea7

SHA512
f0f8a5570c01b16e54f47502e867ffbaf162b44a847c0ffc8062d20e9492114229de5d9d2a836da256fd3f9fb493536bdbf148d5308695b16c0e98d20d8926aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd8167.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit