3bc6942fe09f10ed3447bccdcf4a70ed369366fef6b2c7f43b541f1a3c5d1c51

Analysis

max time kernel
150s
max time network
151s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
21-11-2024 17:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Steam.exe
Size

3.1MB
MD5

565d90cdc73f2cbc03d5c184c70fc524
SHA1

a676fab0be82968b922df4f611eda4dda63b7806
SHA256

70bde9e88aa386aa5139cac0c8a78b5576f1bed9e5f719c4e620d5c0cf7d5cbf
SHA512

7723098706d990259f6fcfc96c3dad15de951148b7122004b39e2e8c6db87f64d91cf45b693af88e1d0837824d96ec05dfba54ab7a02088a0b3f9052c2c335c2
SSDEEP

49152:7hnDK926jryDyLzEgmImO7cnlJjO8tWE7OdDEJy7+Py4goHsFbaPbu+dZmPNK5PN:7lDK92QrWgj+C8t37KDayj4gOs+RmP+

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe

Executes dropped EXE 11 IoCs

pid	Process
13060	Steam.exe
16476	steamwebhelper.exe
16512	steamwebhelper.exe
16660	steamwebhelper.exe
16888	steamwebhelper.exe
17044	gldriverquery64.exe
17132	steamwebhelper.exe
17216	steamwebhelper.exe
14528	gldriverquery.exe
5772	vulkandriverquery64.exe
18116	vulkandriverquery.exe

Loads dropped DLL 44 IoCs

pid	Process
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
16476	steamwebhelper.exe
16476	steamwebhelper.exe
16476	steamwebhelper.exe
16476	steamwebhelper.exe
16512	steamwebhelper.exe
16512	steamwebhelper.exe
16512	steamwebhelper.exe
13060	Steam.exe
13060	Steam.exe
16660	steamwebhelper.exe
16660	steamwebhelper.exe
16660	steamwebhelper.exe
16660	steamwebhelper.exe
16660	steamwebhelper.exe
16660	steamwebhelper.exe
16660	steamwebhelper.exe
16888	steamwebhelper.exe
16888	steamwebhelper.exe
16888	steamwebhelper.exe
13060	Steam.exe
17132	steamwebhelper.exe
17132	steamwebhelper.exe
17132	steamwebhelper.exe
17216	steamwebhelper.exe
17216	steamwebhelper.exe
17216	steamwebhelper.exe
17216	steamwebhelper.exe
16476	steamwebhelper.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	steamwebhelper.exe

System Location Discovery: System Language Discovery 1 TTPs 10 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steamwebhelper.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steamwebhelper.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steamwebhelper.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steamwebhelper.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steamwebhelper.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	gldriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vulkandriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steamwebhelper.exe

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Steam.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	Steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc252000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	Steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	Steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e1900000001000000100000002fe1f70bb05d7c92335bc5e05b984da6030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f6314000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	Steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c00000001000000040000000010000014000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e81900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	Steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a82000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	Steam.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe
13060	Steam.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
13060	Steam.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
220	Steam.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	16476	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	16476	steamwebhelper.exe
Token: SeShutdownPrivilege	16476	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	16476	steamwebhelper.exe
Token: SeShutdownPrivilege	16476	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	16476	steamwebhelper.exe
Token: SeShutdownPrivilege	16476	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	16476	steamwebhelper.exe
Token: SeShutdownPrivilege	16476	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	16476	steamwebhelper.exe
Token: SeShutdownPrivilege	16476	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	16476	steamwebhelper.exe
Token: SeShutdownPrivilege	16476	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	16476	steamwebhelper.exe
Token: SeShutdownPrivilege	16476	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	16476	steamwebhelper.exe
Token: SeShutdownPrivilege	16476	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	16476	steamwebhelper.exe
Token: SeShutdownPrivilege	16476	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	16476	steamwebhelper.exe
Token: SeShutdownPrivilege	16476	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	16476	steamwebhelper.exe
Token: SeShutdownPrivilege	16476	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	16476	steamwebhelper.exe
Token: SeShutdownPrivilege	16476	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	16476	steamwebhelper.exe
Token: SeShutdownPrivilege	16476	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	16476	steamwebhelper.exe
Token: SeShutdownPrivilege	16476	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	16476	steamwebhelper.exe
Token: SeShutdownPrivilege	16476	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	16476	steamwebhelper.exe
Token: SeShutdownPrivilege	16476	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	16476	steamwebhelper.exe
Token: SeShutdownPrivilege	16476	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	16476	steamwebhelper.exe
Token: SeShutdownPrivilege	16476	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	16476	steamwebhelper.exe
Token: SeShutdownPrivilege	16476	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	16476	steamwebhelper.exe
Token: SeShutdownPrivilege	16476	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	16476	steamwebhelper.exe
Token: SeShutdownPrivilege	16476	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	16476	steamwebhelper.exe
Token: SeShutdownPrivilege	16476	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	16476	steamwebhelper.exe
Token: SeShutdownPrivilege	16476	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	16476	steamwebhelper.exe
Token: SeShutdownPrivilege	16476	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	16476	steamwebhelper.exe
Token: SeShutdownPrivilege	16476	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	16476	steamwebhelper.exe
Token: SeShutdownPrivilege	16476	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	16476	steamwebhelper.exe
Token: SeShutdownPrivilege	16476	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	16476	steamwebhelper.exe
Token: SeShutdownPrivilege	16476	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	16476	steamwebhelper.exe
Token: SeShutdownPrivilege	16476	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	16476	steamwebhelper.exe
Token: SeShutdownPrivilege	16476	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	16476	steamwebhelper.exe
Token: SeShutdownPrivilege	16476	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	16476	steamwebhelper.exe

Suspicious use of FindShellTrayWindow 16 IoCs

pid	Process
16476	steamwebhelper.exe
16476	steamwebhelper.exe
16476	steamwebhelper.exe
16476	steamwebhelper.exe
16476	steamwebhelper.exe
16476	steamwebhelper.exe
16476	steamwebhelper.exe
16476	steamwebhelper.exe
16476	steamwebhelper.exe
16476	steamwebhelper.exe
16476	steamwebhelper.exe
16476	steamwebhelper.exe
16476	steamwebhelper.exe
16476	steamwebhelper.exe
16476	steamwebhelper.exe
16476	steamwebhelper.exe

Suspicious use of SendNotifyMessage 15 IoCs

pid	Process
16476	steamwebhelper.exe
16476	steamwebhelper.exe
16476	steamwebhelper.exe
16476	steamwebhelper.exe
16476	steamwebhelper.exe
16476	steamwebhelper.exe
16476	steamwebhelper.exe
16476	steamwebhelper.exe
16476	steamwebhelper.exe
16476	steamwebhelper.exe
16476	steamwebhelper.exe
16476	steamwebhelper.exe
16476	steamwebhelper.exe
16476	steamwebhelper.exe
16476	steamwebhelper.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
13060	Steam.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 220 wrote to memory of 13060	220	Steam.exe	91
PID 220 wrote to memory of 13060	220	Steam.exe	91
PID 220 wrote to memory of 13060	220	Steam.exe	91
PID 13060 wrote to memory of 16476	13060	Steam.exe	92
PID 13060 wrote to memory of 16476	13060	Steam.exe	92
PID 13060 wrote to memory of 16476	13060	Steam.exe	92
PID 16476 wrote to memory of 16512	16476	steamwebhelper.exe	93
PID 16476 wrote to memory of 16512	16476	steamwebhelper.exe	93
PID 16476 wrote to memory of 16512	16476	steamwebhelper.exe	93
PID 16476 wrote to memory of 16660	16476	steamwebhelper.exe	94
PID 16476 wrote to memory of 16660	16476	steamwebhelper.exe	94
PID 16476 wrote to memory of 16660	16476	steamwebhelper.exe	94
PID 16476 wrote to memory of 16660	16476	steamwebhelper.exe	94
PID 16476 wrote to memory of 16660	16476	steamwebhelper.exe	94
PID 16476 wrote to memory of 16660	16476	steamwebhelper.exe	94
PID 16476 wrote to memory of 16660	16476	steamwebhelper.exe	94
PID 16476 wrote to memory of 16660	16476	steamwebhelper.exe	94
PID 16476 wrote to memory of 16660	16476	steamwebhelper.exe	94
PID 16476 wrote to memory of 16660	16476	steamwebhelper.exe	94
PID 16476 wrote to memory of 16660	16476	steamwebhelper.exe	94
PID 16476 wrote to memory of 16660	16476	steamwebhelper.exe	94
PID 16476 wrote to memory of 16660	16476	steamwebhelper.exe	94
PID 16476 wrote to memory of 16660	16476	steamwebhelper.exe	94
PID 16476 wrote to memory of 16660	16476	steamwebhelper.exe	94
PID 16476 wrote to memory of 16660	16476	steamwebhelper.exe	94
PID 16476 wrote to memory of 16660	16476	steamwebhelper.exe	94
PID 16476 wrote to memory of 16660	16476	steamwebhelper.exe	94
PID 16476 wrote to memory of 16660	16476	steamwebhelper.exe	94
PID 16476 wrote to memory of 16660	16476	steamwebhelper.exe	94
PID 16476 wrote to memory of 16660	16476	steamwebhelper.exe	94
PID 16476 wrote to memory of 16660	16476	steamwebhelper.exe	94
PID 16476 wrote to memory of 16660	16476	steamwebhelper.exe	94
PID 16476 wrote to memory of 16660	16476	steamwebhelper.exe	94
PID 16476 wrote to memory of 16660	16476	steamwebhelper.exe	94
PID 16476 wrote to memory of 16660	16476	steamwebhelper.exe	94
PID 16476 wrote to memory of 16660	16476	steamwebhelper.exe	94
PID 16476 wrote to memory of 16660	16476	steamwebhelper.exe	94
PID 16476 wrote to memory of 16660	16476	steamwebhelper.exe	94
PID 16476 wrote to memory of 16660	16476	steamwebhelper.exe	94
PID 16476 wrote to memory of 16660	16476	steamwebhelper.exe	94
PID 16476 wrote to memory of 16888	16476	steamwebhelper.exe	96
PID 16476 wrote to memory of 16888	16476	steamwebhelper.exe	96
PID 16476 wrote to memory of 16888	16476	steamwebhelper.exe	96
PID 13060 wrote to memory of 17044	13060	Steam.exe	97
PID 13060 wrote to memory of 17044	13060	Steam.exe	97
PID 16476 wrote to memory of 17132	16476	steamwebhelper.exe	98
PID 16476 wrote to memory of 17132	16476	steamwebhelper.exe	98
PID 16476 wrote to memory of 17132	16476	steamwebhelper.exe	98
PID 16476 wrote to memory of 17132	16476	steamwebhelper.exe	98
PID 16476 wrote to memory of 17132	16476	steamwebhelper.exe	98
PID 16476 wrote to memory of 17132	16476	steamwebhelper.exe	98
PID 16476 wrote to memory of 17132	16476	steamwebhelper.exe	98
PID 16476 wrote to memory of 17132	16476	steamwebhelper.exe	98
PID 16476 wrote to memory of 17132	16476	steamwebhelper.exe	98
PID 16476 wrote to memory of 17132	16476	steamwebhelper.exe	98
PID 16476 wrote to memory of 17132	16476	steamwebhelper.exe	98
PID 16476 wrote to memory of 17132	16476	steamwebhelper.exe	98
PID 16476 wrote to memory of 17132	16476	steamwebhelper.exe	98
PID 16476 wrote to memory of 17132	16476	steamwebhelper.exe	98
PID 16476 wrote to memory of 17132	16476	steamwebhelper.exe	98
PID 16476 wrote to memory of 17132	16476	steamwebhelper.exe	98
PID 16476 wrote to memory of 17132	16476	steamwebhelper.exe	98
PID 16476 wrote to memory of 17132	16476	steamwebhelper.exe	98
PID 16476 wrote to memory of 17132	16476	steamwebhelper.exe	98

C:\Users\Admin\AppData\Local\Temp\Steam.exe
"C:\Users\Admin\AppData\Local\Temp\Steam.exe"
1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:220
- C:\Users\Admin\AppData\Local\Temp\Steam.exe
  C:\Users\Admin\AppData\Local\Temp\Steam.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:13060
- - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\steamwebhelper.exe
    C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\steamwebhelper.exe "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=13060" "-buildid=1731433018" "-steamid=0" "-logdir=C:\Users\Admin\AppData\Local\Temp\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Users\Admin\AppData\Local\Temp\clientui" "-steampath=C:\Users\Admin\AppData\Local\Temp\Steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    - Checks processor information in registry
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:16476
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\steamwebhelper.exe
      C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\steamwebhelper.exe --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\dumps "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win32 --annotation=product=cefwebhelper --annotation=version=1731433018 --initial-client-data=0x2cc,0x2d0,0x2d4,0x2c8,0x2d8,0x64eacb64,0x64eacb70,0x64eacb7c
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:16512
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\steamwebhelper.exe
      "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1648,i,4747511732318751025,3482247837279899306,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1652 --mojo-platform-channel-handle=1640 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:16660
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\steamwebhelper.exe
      "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=2312,i,4747511732318751025,3482247837279899306,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2328 --mojo-platform-channel-handle=2308 /prefetch:3
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:16888
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\steamwebhelper.exe
      "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=2840,i,4747511732318751025,3482247837279899306,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2844 --mojo-platform-channel-handle=2836 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:17132
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\steamwebhelper.exe
      "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3188,i,4747511732318751025,3482247837279899306,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3192 --mojo-platform-channel-handle=3184 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:17216
- - C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery64.exe
    .\bin\gldriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:17044
- - C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery.exe
    .\bin\gldriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:14528
- - C:\Users\Admin\AppData\Local\Temp\bin\vulkandriverquery64.exe
    .\bin\vulkandriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:5772
- - C:\Users\Admin\AppData\Local\Temp\bin\vulkandriverquery.exe
    .\bin\vulkandriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:18116

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x494 0x2ec
1⤵
PID:16816

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
1e7249355272ba29da46c2c0eda20fbe

SHA1
e070e02bc82af721ae9ad04bc4ace58ba9363416

SHA256
e2cf85d8d7e7f09fb22a65e74d00d240e71b6fee0ec7d384896368536be81f9a

SHA512
ec1bda0d15baf1229ae337b11c004c6a9a7a2bc40e71079f223a70122ae6a8968b4a8a3b1322000bd713d373e15f82aed77c03f081a453ece6242140d7a5f0d7

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
8f51a6a522083d50dfebaec25eb6cf3e

SHA1
b6affb68268d0a693d763d83403898b86bfd3c6f

SHA256
67499c85ea1efde3c8fc459ea6d2818939a7a8f07bbcf44d93e58d09dc5d98af

SHA512
ea2d3df83d16d74def34088dc0485e88b8dddc8fabe5a6ab82b832f0c93a16f27b204614d58044606a2ec4b0be60de404550c722602f07e9a7b3cc6c45028cd0

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnGraphiteCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\CSERHelper.dll

Filesize
121KB

MD5
833d30fa5bd04e2011cb6b9d7081dded

SHA1
4c8a9cccbecb4d06ec76cc38a9c850f05a020057

SHA256
09d4c2067217b1900d4d7a936969f809821649b10ed8afd0f49de2871f7a3784

SHA512
649d2c1f9cf34a220e3bb67b1a656dcb290be0a3522f87fd4e948121a25153f73bc53c06d8997744cf8cdc82486a4a902d6b0c9da87ec190abe624edbb9c04ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\GameOverlayRenderer.dll

Filesize
1.2MB

MD5
314d35c4296117456c3faf8818ecaf08

SHA1
63248c426438b41f5c326bfb67aa5c769ff685ef

SHA256
e3cbd619f3e7d96ca7cbefc6b485bd119bccf32dd11767c612112491e98ae7dd

SHA512
7f12b8321f397852ff665993528337bc52517741d1ccb6f6a6693188924f490b812571a433a86123615e9623ee9239e120e75116ad768647c3170fd4f3e8a0d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\GameOverlayRenderer64.dll

Filesize
1.4MB

MD5
685583d40d5e344fe0d436e2acce6fce

SHA1
3a73373eabfc81a463d39bf0d00801f64af77c29

SHA256
42aa5d63bbab3953a5c280048688f6c3e1402b8786c4c69005c5e8a1e165abfe

SHA512
2a7528d1e0792bea5731a07355a1d3991057085536106c68d96fc9d1b41313fb63c4ee2d85029b55299b4c19fb5d9091f78cfc8bfab0dcd15bd82090bbefd40c

Download Submit
C:\Users\Admin\AppData\Local\Temp\GameOverlayUI.exe

Filesize
379KB

MD5
74610dc932ef2f977c1b250cdbd75a3a

SHA1
4555a3a2365cfb0f7e8df228aee0fd14c4da785c

SHA256
828e2af8dc9c20c79fed02bca397d984095e6c01b91816cf0810e3f209641878

SHA512
937ae494c68c34d379be8b51ec68f682852c2dca863a30dfa6c27cce82b4162bacb5742fd38b5ef80a17d3000bb578c8a2271b9dad8a4ae80dac8451518b7ecb

Download Submit
C:\Users\Admin\AppData\Local\Temp\GfnRuntimeSdk.dll

Filesize
2.5MB

MD5
2295e64498c97512de4f006eed191d31

SHA1
51f8f969d65d5611b9f16e13b48f4a246af26899

SHA256
78fc4bce302745a4851ce32f33e81c17d09c679a291fc4b4d7862c7b15f56e33

SHA512
b9525b2125330111d0b463125ee702adc79e8b027858a2bd4233697ecc9d6b80ec80433afc46d97f61bf0e4490273b0e86908d2d78587397d862923a3d9cff83

Download Submit
C:\Users\Admin\AppData\Local\Temp\aom.dll

Filesize
7.1MB

MD5
d764264518e77cc546a5876c3bcebad4

SHA1
ea17d45b396fa193a851bfd345e2b2c20ad60e12

SHA256
e78492de0ab575add50b925bfd44216d224d09904a9b14c17087a92fdcbc15cd

SHA512
7cf132ea5254a55c08186ffcf5e47360ef5ddd57d03d7051171f6753b22e3925304d183c2037bfd320ad56c08e079f9b2c4640db8cb3dbd38ff500c7a39e997f

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\audio.dll

Filesize
183KB

MD5
bc83f9686398c71c4c574a408aae7dc9

SHA1
f11656e4faaad6d5c3a3c9d9f282352cee63d4e0

SHA256
7115452974e926c0358b04d24ddf061ad39bba4fe97287fdaec836fb9fdad297

SHA512
432cc5ed06a906c753b94e85033b8b4d7d0ef7277c58659df7a504d9bf2644c6a284ef75748d24f66dd515d19156c0212e9afb3dea7554a9e8ecb7e2288192e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\SDL3.dll

Filesize
2.0MB

MD5
62349712e9b9d12274a73b58f697a019

SHA1
c2aa42e59230bb34b998e5ea15d2ce22c801e157

SHA256
71978b557f2e44b261aefbab57874921107024781e65d53c688ca39d84c4d130

SHA512
bb88ed2068b3bfcef9648fc21d000c6c83649c7b679c4336243842afe656289a721a01397363de52ed00506f7753103b5c99dc450f543149dad98b7fcd9306a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\VkICD_mock_icd.dll

Filesize
530KB

MD5
4c237002cedf6f1556c941ee916bbe9c

SHA1
dfaa9cb59f1175e28506c10027fc3e6a673255e1

SHA256
eddd8f34e292e4880fc174d7dee3ae2321a3cdda19993e9c38608bd15f17890c

SHA512
652db2641b519f14ddf65a3fa93b19a1610063ea0cc460e92234a1915e9b5a9870efccf9024c44feacb79c1a1c319c5aeb6c8f43ea06cedb6ea2a74d2ce895a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\VkLayer_khronos_validation.dll

Filesize
13.6MB

MD5
d08077ae3cbb388d9770115b46afaa11

SHA1
f3a526311916a02010d198cf5dae0aa33be0d8aa

SHA256
910159809ba9929f0fe8a6bdae640c844eaa47a16a612b785a62c3be768ca5c9

SHA512
f786a349080044ad137b3e63a6a5f50c88390de91094bef123131bda31f2ab2fa5ad8f852e08fc72da4109df2a28779797c449ba77b7da4265a92fb35f4a1f44

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\chrome_elf.dll

Filesize
1.0MB

MD5
52ba66084499bd4061d8d6e00099d137

SHA1
c7fda13b7f893b5cdcc9be98f56828411b26fe7f

SHA256
481a25a6f532e6c0318ab21bed9b1e655dcd6341e5fbe3914505495b6577498b

SHA512
71b938a7e6f31279e10da83c4da3b66abef4c0bacf70aa9dd3e596a31781d9eca6b74648e6ba9c27089e22791605ae388b703f1046445ba05832b9733f091fb2

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\d3dcompiler_47.dll

Filesize
3.9MB

MD5
1fe0f58d9d34c9f26f618c481d7114b4

SHA1
deb50b1b9bfbaade6d352e4a53f5722527832a0d

SHA256
54477e70507ceb9f6630c3aa9fe2b363355112447fb19de780138d1548b70578

SHA512
ace68e845c94a0a611a30cc8f4afa400cc9a189aaa184926006c61fe74e4da2abe269e1943cf91a2e89d54bf0b777dc6bc963e6882fc97c8bd936dfca46da92a

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\dbgcore.dll

Filesize
157KB

MD5
cc338a830fd52ee77a1cafe755242d2e

SHA1
993203a518699761168d866c1fe4902691e01db7

SHA256
2c2d468689ee75d464b06893618a94be627af496737db3e1d87f87d24e4058a9

SHA512
1f6d1f1e613e96926157b5136c20dfd5972b8ea90fdab686b231e00817834b47621b4789e1c6a20a571003f4856c9754e541e6cf1eafac09d14b04014cba3511

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\eventlog_provider.dll

Filesize
16KB

MD5
463bfbebcea05d5a4ea997740448a9d3

SHA1
3a92db9944d56e2939ec2391cc58fba6d55c54bf

SHA256
b8fbe5fef69fc12c77a25a4254e5fc67d862bc155421abee9c09a730f4c5f51f

SHA512
6fea053a937757d3ea73a8303ebc2a8854ab2d16226b1b71a38a621e3105e6e186d6ad694cd277dffbb1d68eec0b69d767b133b379ba0db14d1be1aa45ddd792

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\libEGL.dll

Filesize
373KB

MD5
87f359daf619472e5df829ac3d7985cf

SHA1
e6afd148f6de486eaa9c1d0d0d9c656ea002089c

SHA256
2a5b1ea746aa194c98d811cca87dcdbb6fdd6db76a4a4437805e2745740935b1

SHA512
8755efcb1d820f9c74d848b885bb102fc7d50c647f3885e4ff1726e0e9082df7df9b2bb4d3b09789f2b5fd3661fcf048932f976a168e724e8bc9f4949273eb37

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\libGLESv2.dll

Filesize
6.7MB

MD5
bbc6341342c32ff78023faa22a50e093

SHA1
2dad58debf62b22272c799dc2404e4557664bfc0

SHA256
8377b35007700a44a17ac47d231acf98dc86f5f427812c8727cd0dcd460c7c88

SHA512
97c6ea18207b76ee79f13b1e0db2b1d2c161e301d9915ac2d71f0f0f8b9b41c1a565ce4b4c332f001fc325b565fbd3bee9301588f82775e0700cd2d8ef8486d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\msdia140.dll

Filesize
2.2MB

MD5
9748e67cf15ab81b9cf73b2660a87217

SHA1
d9f9bb1d15e7527dc64bd03dfd4f2a183d2b8fee

SHA256
f9520130aea9405b2af5f6a4d182dc47a418990dcbd5103fd652d9e11f4962d4

SHA512
9e08e6aec579f90eeeea8be3ffca9963b490f216ca30380f055b8c2a37aee975b0bb696bb6e3062bdd548ce86f16f20dc3052dfe578b2a42420b06b025e56c18

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\msvcp140.dll

Filesize
430KB

MD5
f787eb9745f6db755a8c2a879a36794b

SHA1
3c4f76a4f3eb8ae8c7fd85f19a004e752e167e99

SHA256
9751d1e49adfc80d19dd1f18b90e6c081ea0183552a4b58a2d9c8485af2048b2

SHA512
392c5883dfa68701c76baecce5d1265ac675161c3e2feca88a559e52b8ab97f9e78514b37c6f01180a5dc9eb218b6ac8063b7b08d681b3a421cbf087f34e7a87

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\steamwebhelper.exe

Filesize
6.0MB

MD5
b8a39f5e7864e095318915a81d80d5f9

SHA1
11e79d7482c4e2ba3250fad52b72365c5a4e88a9

SHA256
253ea909a5e2c7ff7114c5672492c32bd1b1a9949400e2dac7e97a5fcf2a4b74

SHA512
32925a830c46a75324eb0ff4332aa19e35f3ec8f8f2c18a02ba89db14ea0e03d41084007c8008ee7b0622e3ef1e9b1631e37053908c858929d458aa88a2f25a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\vccorlib140.dll

Filesize
270KB

MD5
d9bc961055a6b38b6ff656355b9f5b99

SHA1
c7b7afa772294b1d1a7367a66b1e6260f44b0dc4

SHA256
fd9ffe4a1232905aa895a31e943ede4b4ddc23f5054270e9d84dba534094d368

SHA512
10b8272895a4d7ed38e96c7ad4fb35c4a812c8739928b52c8f6de401755e356d8b9a226654d964c6fcc46724378b2cd42f802581f24d50d7f68238e7c463781e

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\vcruntime140.dll

Filesize
80KB

MD5
58ccd0d9dd80105d4882b48926b1bff3

SHA1
159b40c199ec73da956aa59377882a8a6d68d514

SHA256
cc0d455fae9f544b308e8a00e907834d43b73b7b10445a09493bb407f59608c8

SHA512
58b0bfb465434ec3223c801b680ebb5bd5352929b124a9bae2f78323f2a311588f94fdb30b479584210af8c4d28f941c4800a48a9e3bcc2c6118083e2edcc75a

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\vk_swiftshader.dll

Filesize
4.5MB

MD5
dc71117f9dd9bea67d72eed5d38c4db3

SHA1
94e73458ff947e33be6e8d49a5e4f1af107caeb2

SHA256
a8c00af19df3764aefdbdf85dc6b10603af975d0235c911e38278653e64aba40

SHA512
8a0781f4c8c5ccea7faabb06ddcb9378b5aea19f3cbdcd966c7d49eed6ec60b243c97d051da451d836a377367d3e3a1066ac6183084a842a951a2264252f0921

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\vulkan-1.dll

Filesize
823KB

MD5
69a2945b61507c20184f930d8989b6df

SHA1
21c8c6d88b1c4cf3258967e058a83b448582ce14

SHA256
e5ef4f5f5e978e6d00e4c8e94412677049b44d88193b320911f54894bb8c043f

SHA512
686cacce65316869f9154eb420a4009567b9804800adbb834c9519ea5e5cc0917a0134588d7a9766d7ee8a2cb12122418a1b8aec9edf7e7ce57a30aaced3bc9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\winh264.dll

Filesize
135KB

MD5
3f0ed7680f2bde7b91358127d06762a0

SHA1
4bcf68a48b9834c01c4a586e5cde24384571d5ec

SHA256
e716b7f7b22e2e0a00f8aed5972d5d119151ab58c3c01eb56c846e2666fd99c8

SHA512
d4734cc93b0af606e1dbed36c018f0112d8ba88d9246089da552a3f1ec79005193333674fdc10f5b5ab159934e39441b641995674a80577c73dcd46e617482d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\chromehtml.dll

Filesize
1.4MB

MD5
402b256302979c23697675744d0d9928

SHA1
a9b9af0efb89ec55cf9993226acd69daa557fcca

SHA256
ed5c3bc27b61cecbb55a7a71bbdd8d22c55c3da1102af1ea0af9de0444c77bf7

SHA512
a5131fdef028cfa76d517b4d9fb4cade0e2226693f5ca4c93ed75b24064492ec87a65f091e617a4d333cff44d68406bee75edda4947d5cabe502267b54e9c54e

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\drivers.exe

Filesize
7.2MB

MD5
ef801f4408581f653cfbebc626497efd

SHA1
dd5567e76186cb3ee562326da4a948724b49ba77

SHA256
ab5830db258a4857abca8c999ddc8562ac1a1f1a1d27af758be1d11c08e9dce3

SHA512
c152af5fd8b3b243d68f3db69711e03238fa96f3152095b985d47ab5da1d751eefbf45649dde4b52fb64788a2b29452a1ad5eb26268ec4f617e4cbbc0ea4e067

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\filesystem_stdio.dll

Filesize
193KB

MD5
c651fe4cb63fa2ab73ff1640014c41ab

SHA1
a50583f00ffc33e2cac11fc4aa14f091e5511bc7

SHA256
c8ac320513414f0d3a670d8f7abbdb120346b37882507f88c661ba9981d758a7

SHA512
663c878f46ae17ac5ff3fd8591a50b13fa447a3e234527cd180474bed0a5b9625b1ba98f24c59fb91e8029eb441d876dd2b21538ef9bdea4e6bf9fbbc2ab9bbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\fossilize-replay.exe

Filesize
1.9MB

MD5
f001bf414c50bf600133219a87c92899

SHA1
12eba3b76fd8668739b1cbb295a81eb68e5cecc7

SHA256
929f1f57e08acd21ad28de078578ef5a22803aec207b0e98dabb4140770fc538

SHA512
c8d275f572531177ab5ac1fbe680c0c59403afd273a58deb6ad52fe828349920bdd94852454265172c336cd1de78d023d669d98334e9fb1e678e2a98a806fc04

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\fossilize-replay64.exe

Filesize
2.2MB

MD5
1640cd21b59890eec06dbaa901c79a2e

SHA1
d7212941689dd8d7b4888c0d431fdd3fc3396091

SHA256
174f1656744f83060f0ce4b72039e67dd53b515feaf4ae8f6102657398e14150

SHA512
f3c2ea93f9d895efcafc39f310d7cf24c8350a0001fd4a6b0827bf400418e56abe6b8cacf5b4ad74a601fa6ffd2bc2d5332c41235f9d1fbb4889fe211cd1a3fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\friendsui.dll

Filesize
2.7MB

MD5
41d3daeacbff89447b88e4d513aab07d

SHA1
4c8629c8df0bff2c62ef31a7000782522b23416a

SHA256
4bd421e8110c10c461028ce79bfe21342a4a1840166f616d1ef965e9270bbbe4

SHA512
956bec8a88476312936a1dd25f253044d58fa0b6867477c5968f05f7cc619fc0f98e4ff6db0fd626dfd78d424835794fb83e7555b7fd323b2dcabcb12b70cfce

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\gameoverlayui.dll

Filesize
4.1MB

MD5
32654f8d701709885c6aeac747943798

SHA1
8767e95ec51b953b637f85e21d0fa05e2687c670

SHA256
a55096495d813151bc201811f32deb6f2c59794db972b8968105ec624d0841fd

SHA512
6570a689bcd8f513200a794f847038fc33b42b28353dc4fdfa9a59bb63872f23651c05a30cda6856d1bf6d8274acdf18241c26b670a898e8234d3d72ef18a2ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery.exe

Filesize
45KB

MD5
d6d6ddf71c2a46b4735c20ec16270ab6

SHA1
2e6d36d000a498c6811fcdc49dcf316bfbafa5ce

SHA256
0d422efdfa17dc6e1ebf0ed9e2902fd7c0eaa2f77b8a5a8f1df1478453a37ab8

SHA512
4b422c55cfca42f3f4ec441d7c01bf1ce6943ca00beb3919cc86bbd63a850bb859090b9f16cd0d0ad0723b662afaa2a994f4e319a7c5801af1fc57ad54708047

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery64.exe

Filesize
941KB

MD5
519ccd21fc4a0f26debd33320c50df57

SHA1
416c1d65e0dbae21b6f7c43e32c194581bd8488b

SHA256
23b4063251315814e188d64afe08ea49979f5fb2b74b86860e655a1a4d8fe4e3

SHA512
6e8b5d54b928ddf8ad33da84b7a38cc1b971ec9aaff95ac9c5ff73d5646d2044d99c69ec137b1acd86a9ceead2626bfac08281186452349890c11e302c58255e

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\mss32.dll

Filesize
430KB

MD5
d6d952c03fb8b6f9c63761213ec4d4af

SHA1
e12800f2bf9e09e6ae9dda5ac2f4b775781993f2

SHA256
9c832318a05290ebef3bd809cbbc7df70a08cbd86745899eaeb169d5a42bf99d

SHA512
587db5b9a224550ebb5a52f185824daae6ec2a60f457b7276c80bcd8d4bf4eb4bf36e2efff9280ebca7cb339836b50e338482a05e107a7192c51ad8b93c21f90

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\nattypeprobe.dll

Filesize
159KB

MD5
4708efb8944ea8678acb8dde84ae222b

SHA1
0e60ea0ca643048501ae7009caf92aec52f468b8

SHA256
4896d22d8d901d77b97bd88272fcfef0fd2df9abf69422bf7d9c454c1ed52549

SHA512
1d64d2dd0400a0ac634c049e7bfae1878c1e361a5d45b4809040e4390161c38a113e2ed6de03cc3a17abae0341d226d57bcbb158e617bc014f3cf8cb3bb1abd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\secure_desktop_capture.exe

Filesize
2.9MB

MD5
689fe340a9f4d9409003aa736b44f0bb

SHA1
8e1b945e49fb7cc963779d40188de993542ab524

SHA256
c8614f71d5060c25694ec7b0e80b0127b333ccc41d4e2bf438ada318d6b72492

SHA512
834f66a0e266809536cdd14cf471ee888509cbd4f81a38f2e489b545b68070cf7cbae1d5fac976ac8735b32eb99dd0cb0bb46e0a53fcab75feccf868a0998af6

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\steam_monitor.exe

Filesize
575KB

MD5
db795f90cbdc4d29da404aecb603cd6e

SHA1
34939eedb30a18d663b77b9a331a6282682d1cff

SHA256
ef4456e686664257167d8f2a1724664e3e7c8b49966b9397facdcf632899bdd6

SHA512
8364d2222450d1e9076d0056567d610e4348f3d3f8743bb8c328fcf4c73f640f9b10c1997d67d6b7b4b0d3ca4dc75a18fefb2fef9920d001a515af09cb797f88

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\steamservice.dll

Filesize
3.2MB

MD5
707f328992e7628202984074716c01b4

SHA1
e2257b4d70235ea7a81f13c4a610b13653122865

SHA256
639532314bf3d56355ad8d35d158d5f216ae335ebc8d6a40ec1050a8b0236870

SHA512
8e7e35f2b82edea04fa37809927ce8f7ae389a95eb8cbd9b2894c3c9d1ddfa3bafdcc8b57646779d96029ae74c2442543aeff021c1da05731c11be8f81b60aff

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\steamservice.exe

Filesize
2.5MB

MD5
49d1cfb4e4cf6350f1dfa1a493227381

SHA1
b9a159f46a15f2823338cf0a4c974c8e056d57c5

SHA256
1904d4df10dd5aed32d968b0c6675f913e3503ac0e4e16f300834283c79802fc

SHA512
b6c178ca0c61920aed8c2f0b8ca05339dabe3c3e66234367f97e467809d7d1524a39efbe20a68d747a5b2e816bc0a39ad31f51f5733d485d941c38e240c69d63

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\steamxboxutil.exe

Filesize
622KB

MD5
33d7955809a940d4162d165991b2a12a

SHA1
f8907a5612214e78556e093d39ea79f566c95aee

SHA256
83baeded517d83b5f4c3fbb498536787f070d436942284a4f619f6114a56f280

SHA512
2a979ea4ce9bd240acf341c5c52c0bab4dbe97ab9f1dddf2a08f81d62c85da95b61d012575bd7564b91233ad5e72ca5edd4bfdb815f1d184ab663822c1cae86a

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\steamxboxutil64.exe

Filesize
753KB

MD5
cb04b45abd514b12e5dd82982102dd2e

SHA1
e62359285eb5aa22556ec4b728ed524deff1d1cf

SHA256
a17a06da731bf3ef02542fc0fb9ceceae4025366872a7793fe4beb8bfa906579

SHA512
09a307f5b1fda8c195fb5bab10f9bf97700440862eab8bf93b7be633f2089ba843a333465be78edeafc069cdceeeb1bf092e77613b56b2c409914cfe083c07cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\vgui2_s.dll

Filesize
849KB

MD5
d476e5c698ff4a2a8f25e4bdb97006cb

SHA1
e2dc89198c0911e2c94d0ed1b47d696ae1325079

SHA256
aaa8e48deead4d39e0d44b2a3c71100c6c20e9b6b54f7121adc4c29eca4ec00a

SHA512
9e16f2502bb65b16e4306acee72fb978d1077e3d47aa5ed80dd06cc68158f79e42b6c5d908942bc79034b6e2ebddbe4441b8f9c42e45f7f46b4ecdac4324c32e

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\vulkandriverquery.exe

Filesize
159KB

MD5
2eaa85bb2dd42c3d2fad0dd0694a5366

SHA1
77b6bd4bf75ea0a4c39b956ef53cba933d2b8d13

SHA256
b1c81dcc0bdabe3d19df925672830740963361fe3f67cc4332ec1f3520d2d8da

SHA512
8357a18349544058dc091b98cc18183ec8359e1f0a2fa4f401bdbbccd128fd02648fc0e1e9e4eb683502d2e70bdd64e9bc6402b1400bd249d082ccda546318b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\vulkandriverquery64.exe

Filesize
205KB

MD5
dee06d4ba8f34297b8ac1c75c2588a7b

SHA1
85ddac85d4112457904286ac4f337c887be26a3a

SHA256
fd6729f9d896d816f94bcb7d0f9a9b153794e468f8d7ffa5ef1f7eaf2c28664c

SHA512
a82d8e1436722028e7c54aca1ec905eed073c8d668619a98f174d3ccd93a066e453a56197cf7fd8b84b263e0c861b1554c788eb2ae39334cc447e9d2fd1a2a1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\x64launcher.exe

Filesize
417KB

MD5
6446bde1a8847a671546aed468db14c1

SHA1
f8f2cd027a8226e79233fb3e1ae3079a0881126f

SHA256
4fcb04e0f766b4a43f4e71da97c6211e7a013dfea39cfe26cedff69100dd67be

SHA512
14b664f39257654ece1fbc2fba9b500b060dc77c8286af17361743c611307e52ad9214d41d4c6443b99b66c4e9b395f7d1f959bc525399445d75f730f9afa4fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\x86launcher.exe

Filesize
384KB

MD5
eb36015c73cb830021597277044430d5

SHA1
e9f179609c5ae399228ae5b6a7e5594b1c1e7c17

SHA256
90453b0e949408d7f83b557170ddb00bc63ad4d99a73e1bffb82d41958384b35

SHA512
58cfe8718fdcbf051a808fefb9717ce38c078a7d465da7d5d86d89c2e8e8a7310482ad950a0644445b71ff9de38ac692e633a1c774c0404df93b5436b6af8b93

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\xpad.dll

Filesize
67KB

MD5
da9506e800e13da0abba32bb0c105382

SHA1
78447c8fc4633b86d3cea374fb619fb53e9f9ad7

SHA256
cc42da948da5be1186ed92265f2b5dd895795ac9ed264efe822b242946ad9f39

SHA512
e9161d557fb306f460251ed49fa056e5f7220e4fac859caafaf59db8a1cef0d52c320dbf97238bd73f54362afc232f9ee2c4e0fc79faeecfe382a00b12b11c90

Download Submit
C:\Users\Admin\AppData\Local\Temp\config\config.vdf

Filesize
11KB

MD5
2dd1517c371fb63040e0cbeed401375e

SHA1
a5dcd6e920950d0c273d5178a68b67b8aa26cba9

SHA256
602b9eae1032945c2ae854349627ae6c2294a97074e1e0d00a1fc3f74dfdd552

SHA512
2ad5c7c06edc81123d41d5b2c917ade007143d103b5d8e084c79ddfc4b75352c8cd73be9dd95200db715e34d6a8e531a39252b453aa4fcbae29d817a7feacd71

Download Submit
C:\Users\Admin\AppData\Local\Temp\config\config.vdf

Filesize
1KB

MD5
6e6a2b18264504cc084caa3ad0bfc6ae

SHA1
b177d719bd3c1bc547d5c97937a584b8b7d57196

SHA256
f3847b5e4a40d9cf76df35398bb555117dfe3626c00a91f2babdedb619d6ad53

SHA512
74199ff275400b451642cde0a13b56709735676959d65da11ac76dd645ab11dac5de048ff7ede0cb8adb3a3056b3ecbeb3dc7481bac3768d02051e564c74b679

Download Submit
C:\Users\Admin\AppData\Local\Temp\config\config.vdf

Filesize
1KB

MD5
a2ec2e91c3ef8c42e22c4887d032b333

SHA1
e2c738a2e9400535b74e2263c7e7d1ecefe575f2

SHA256
8f9f970835f133258a7f740126012439385bbaa5a1d6a9d0d967a390977441c3

SHA512
b069d241efb19e09ec8b5e60ef6c43e00d5cc0f774b9340127c2180356dd1964ac625c1afdfaee5f99e72b26f56046fc329aadbbc365b403af765a55e9c9aab3

Download Submit
C:\Users\Admin\AppData\Local\Temp\crashhandler.dll

Filesize
347KB

MD5
8a181eb1ea07abb3919d7c3d90393410

SHA1
8a21841c78c2402339570b79d8fed8f1dc600633

SHA256
468f40c0e25b884584ccb97deddf4d519ff519e6c02d41de11f98733772bf62d

SHA512
59bdb6d023b4a3d196644b46eb6ab303851c5a647c3b8e0c7ad4373f6154f36fd5762cdf843fc7bd6e970515cbf53b828be9b85521dc8c736426d0d1c89e98ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\crashhandler64.dll

Filesize
464KB

MD5
78e01e843700dfef7eca9fca3c8d6a71

SHA1
f5203adba71cb908549d738d678c9f2185cacbdb

SHA256
0c0cd7247a3e3bbeb19d2b7666640bfa255c14d5c2d9330b9c6cc311e6121b2d

SHA512
b60b7c9ee8cddde914804a8a32e70873c336cb72f1ea4df5ecc380c4c9eadabd223bcf8ff1144770df0ab3cadc9ffaefdfad8605b5a9a162e7e4db7e1c06a460

Download Submit
C:\Users\Admin\AppData\Local\Temp\d3dcompiler_46.dll

Filesize
3.1MB

MD5
c18caa9ba4f06a5d226a892df6dc1d72

SHA1
ed5d55e13cbe6912f3230ad1914777023bc7e188

SHA256
996e5b57c06b5614ee7b26936b29bace62218fb3cad3a28dba9e72bcc66d2698

SHA512
5e2ff504b285c7d48ac97f997a49ee668f407317fdc4d8b73587414e5830a43146c965b2c7d452422576530ac925293f5bdfafd9bfc507ce1a1a4ba824e915bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\d3dcompiler_46_64.dll

Filesize
3.7MB

MD5
52a41f0e49b2208df75609699fc7254c

SHA1
767a92ffbfd726ab4d09c17981caf448c6adedbf

SHA256
9614de7bac24091e2abaf70b3c852ddf9b92a48157c557c3c63d81d88d4d5ceb

SHA512
5b8ce62d69b9057e11091b48170dd805a913b87b25fc4fc343f9002e88c2331e040621c490e09f1eb9e1db61b08c3ee99c8598f78e033775a3e94b2d431505f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\dav1d.dll

Filesize
1.0MB

MD5
27e7b2632474ab74ffc0fae4ad68ef90

SHA1
81d61337044e198433f6b9105f8ee5baa7dd30b9

SHA256
41a835fcd9d66a69544d5a953ccbb9bb88310f3e3f2a0563cf3090aaff1e744a

SHA512
f276d0b59e9297bbf5d500ac98309b883f267ff12a3f1aec74e7fa23055c0cc7a4d309a68da827e33f752a9cb3e8f61eb231b9a7da3b4abb342fe1a15fc7b78d

Download Submit
C:\Users\Admin\AppData\Local\Temp\libavcodec-61.dll

Filesize
5.1MB

MD5
9699cb5512d5d598038a9844bbee1346

SHA1
927c01090f989db90650924c50485cb9d6ffb7a2

SHA256
77ba8b127e57357666cbb1cf4c3eeba52e30aa92619e472066722fb93533014c

SHA512
c7e5ee724d5861a86fbfa5f0fada46d5fd132e82c68eee65a8aa86a53438a4a439f9b7ac6bf95a6b9ac0a07aedd503f942bdda25938f3cc11a98c30c63d0d5ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\libavfilter-10.dll

Filesize
854KB

MD5
03aabe84f5c4d74652ce625a1c25f9a1

SHA1
cb83b15970d448ad4e1ffa81922d11be30f00c06

SHA256
417a143185fc461378e8751aaa378ce352d53be3b51298f1c674a4991fe47e15

SHA512
cb59d90fab19b599f0663c02b035594fa973d433b547f583257b27c57745330be65d0bd504618c6aecdfc122a4f99f25c10d799129e6859fcde32c3b03223d07

Download Submit
C:\Users\Admin\AppData\Local\Temp\libavformat-61.dll

Filesize
1.6MB

MD5
361af789b2290aa1daba35777bf8cdc5

SHA1
ba8d0490d7a9b241bf5a5dc71b5378651985dc70

SHA256
171ace3955572a34af9238f342f91e86a548d12fb448b362dcef6de69126e51e

SHA512
a477e8ebcadedc364eef6c53c1f5072433e71bf13e897ff1a2fb049fa514da5ed5c2b6d5e04589f066fda24ed92e18235e707dc2634f27f91bcd3deedc56b269

Download Submit
C:\Users\Admin\AppData\Local\Temp\libavif-16.dll

Filesize
685KB

MD5
c7cf83b53325f66ef0170c55188b7ee2

SHA1
0cb9b496281367eecf38c1b94295bf65e1e76da3

SHA256
73adadfcc0649a024b5ec8d0162c896c2e70d7b095120b211dad5592177daf06

SHA512
4393b81115612d40059f63e3efc8b229bc535afdef6cd0f9e4904fbd0be09913afa3459a2b8b4fc9ad62babf40526f0f4597f73dc2550f5220f75e240775699a

Download Submit
C:\Users\Admin\AppData\Local\Temp\logs\bootstrap_log.txt

Filesize
23KB

MD5
82e3134868f90b931601303c18edc6a7

SHA1
ae314fc22419f53bda0506de73760dc01d9a9ebf

SHA256
f25ce51f526e45021cad771dcecc63d6c63aa1bd7f59ca3f3b438890449f732d

SHA512
87d7d606a246a1e63bf230f41a0ecfa4e42c37c730083da04b20f58aa69c8d316624403c01b69ea478452ee947c641fa90f67a89f23765faf41bdbdee43c0fe2

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\steam_client_win32.installed

Filesize
461KB

MD5
021e3f7056a9d5c63364d0815aae01e5

SHA1
ac822be3032c15d156e5b464e0815ddcb9918586

SHA256
788faf2c9914a0fc2958f4d31bf505bd7b54897b45c67f6d87875009d7cd4f88

SHA512
3889fda6989d046aeb52b7c41f24fb3b14c93450cb4062869cf3192d634fee3710288eca2f900ff9bf11d2012d9649d3afcb73069d71c5e505dedd8466946111

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\steam_client_win32.manifest

Filesize
8KB

MD5
fe5170d0df394c0f68f44b56c5dd9954

SHA1
bd8b3761e204f4190120a2d0ba8111fa6d4b8007

SHA256
d9128bf6e56002320a8fde94681a3a4614b44a960d4b2578571deeac0b6a9aeb

SHA512
a91b3bc4d2dc3b258c5e12f946fcc2a1fb3f5d55d720c4b000c2c1a78c0f6497611ccc8c5d0d3ef2c6f96a933b0fb09c85acdc46acb47af31d143081811a4ce7

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\tmp\graphics\[email protected]_

Filesize
15KB

MD5
577b7286c7b05cecde9bea0a0d39740e

SHA1
144d97afe83738177a2dbe43994f14ec11e44b53

SHA256
983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824

SHA512
8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\tmp\graphics\icon_button_news_mousedown.tga_

Filesize
20KB

MD5
00bf35778a90f9dfa68ce0d1a032d9b5

SHA1
de6a3d102de9a186e1585be14b49390dcb9605d6

SHA256
cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2

SHA512
342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\tmp\resource\filter_clean_bulgarian.txt.gz_

Filesize
23B

MD5
836dd6b25a8902af48cd52738b675e4b

SHA1
449347c06a872bedf311046bca8d316bfba3830b

SHA256
6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64

SHA512
6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

Download Submit
C:\Users\Admin\AppData\Local\Temp\public\steambootstrapper_english.txt

Filesize
4KB

MD5
27993eb75894ca4894db266ad9b5e61b

SHA1
4def653ee04b0514822b690052598435ec25e686

SHA256
fbc09c1b9a55d04b57be8fb2ad5ab58b38f76054ecd3d1b70440a2d08191b05b

SHA512
eaebeee5b1a7dfb9bdf661623554793d7ef7e15d9f9cf01f94da1eb0b84b88c8f24176463d15c407ebf670c5b7fd4052daea33ba43e75c1de2979487c4987bab

Download Submit
C:\Users\Admin\AppData\Local\Temp\steam.exe

Filesize
4.2MB

MD5
d3484bb0997b56404bdc05122c8193fa

SHA1
fa96d4613a4865830e608093eb83b8eb8be8482a

SHA256
f5c97342e82c944e810094bc1097201f1bd41c64ba615aa3d68f7a9543a6d2a0

SHA512
157deb211acf9a0c2db0d392f2442889aec05aa90de3e08ebae6b784e12bbe4d4a20d187b085656410024f66609e2bac7449f6605c02249e57ce8d9ad8f165ab

Download Submit
memory/220-12008-0x00000000009C0000-0x0000000000D30000-memory.dmp

Filesize
3.4MB

Download
memory/13060-12258-0x0000000062E90000-0x00000000641D0000-memory.dmp

Filesize
19.2MB

Download
memory/13060-12256-0x0000000062E90000-0x00000000641D0000-memory.dmp

Filesize
19.2MB

Download
memory/13060-12257-0x0000000062E90000-0x00000000641D0000-memory.dmp

Filesize
19.2MB

Download
memory/13060-12255-0x0000000062E90000-0x00000000641D0000-memory.dmp

Filesize
19.2MB

Download
memory/13060-12243-0x0000000062E90000-0x00000000641D0000-memory.dmp

Filesize
19.2MB

Download
memory/13060-12188-0x0000000062E90000-0x00000000641D0000-memory.dmp

Filesize
19.2MB

Download
memory/17216-12149-0x0000000001760000-0x0000000001770000-memory.dmp

Filesize
64KB

Download
memory/17216-12150-0x0000000001760000-0x0000000001770000-memory.dmp

Filesize
64KB

Download
memory/17216-12151-0x0000000001760000-0x0000000001770000-memory.dmp

Filesize
64KB

Download