7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb

Analysis

max time kernel
150s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
07-12-2024 23:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Steam.exe
Size

4.2MB
MD5

33bcb1c8975a4063a134a72803e0ca16
SHA1

ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65
SHA256

12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1
SHA512

13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49
SSDEEP

98304:7JeV/ztZBe91oiImuUiK9N9EGQKF9lSHbr7aw:1S/hwkmg4EpbrOw

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	steamwebhelper.exe

Executes dropped EXE 11 IoCs

pid	Process
8124	Steam.exe
1796	steamwebhelper.exe
9196	steamwebhelper.exe
9260	steamwebhelper.exe
9428	steamwebhelper.exe
4648	gldriverquery64.exe
10740	steamwebhelper.exe
10768	steamwebhelper.exe
11104	gldriverquery.exe
11188	vulkandriverquery64.exe
11260	vulkandriverquery.exe

Loads dropped DLL 45 IoCs

pid	Process
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
1796	steamwebhelper.exe
1796	steamwebhelper.exe
1796	steamwebhelper.exe
1796	steamwebhelper.exe
9196	steamwebhelper.exe
9196	steamwebhelper.exe
9196	steamwebhelper.exe
8124	Steam.exe
8124	Steam.exe
9260	steamwebhelper.exe
9260	steamwebhelper.exe
9260	steamwebhelper.exe
9260	steamwebhelper.exe
9260	steamwebhelper.exe
9260	steamwebhelper.exe
9260	steamwebhelper.exe
9260	steamwebhelper.exe
9260	steamwebhelper.exe
9428	steamwebhelper.exe
9428	steamwebhelper.exe
9428	steamwebhelper.exe
8124	Steam.exe
10740	steamwebhelper.exe
10740	steamwebhelper.exe
10740	steamwebhelper.exe
10768	steamwebhelper.exe
10768	steamwebhelper.exe
10768	steamwebhelper.exe
10768	steamwebhelper.exe

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	gldriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vulkandriverquery.exe

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Steam.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	Steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	Steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	Steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	Steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	Steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	Steam.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe
8124	Steam.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
8124	Steam.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3108	Steam.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1796	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	1796	steamwebhelper.exe
Token: SeShutdownPrivilege	1796	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	1796	steamwebhelper.exe
Token: SeShutdownPrivilege	1796	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	1796	steamwebhelper.exe
Token: SeShutdownPrivilege	1796	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	1796	steamwebhelper.exe
Token: SeShutdownPrivilege	1796	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	1796	steamwebhelper.exe
Token: SeShutdownPrivilege	1796	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	1796	steamwebhelper.exe
Token: SeShutdownPrivilege	1796	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	1796	steamwebhelper.exe
Token: SeShutdownPrivilege	1796	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	1796	steamwebhelper.exe
Token: SeShutdownPrivilege	1796	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	1796	steamwebhelper.exe
Token: SeShutdownPrivilege	1796	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	1796	steamwebhelper.exe
Token: SeShutdownPrivilege	1796	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	1796	steamwebhelper.exe
Token: SeShutdownPrivilege	1796	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	1796	steamwebhelper.exe
Token: SeShutdownPrivilege	1796	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	1796	steamwebhelper.exe
Token: SeShutdownPrivilege	1796	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	1796	steamwebhelper.exe
Token: SeShutdownPrivilege	1796	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	1796	steamwebhelper.exe
Token: SeShutdownPrivilege	1796	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	1796	steamwebhelper.exe
Token: SeShutdownPrivilege	1796	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	1796	steamwebhelper.exe
Token: SeShutdownPrivilege	1796	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	1796	steamwebhelper.exe
Token: SeShutdownPrivilege	1796	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	1796	steamwebhelper.exe
Token: SeShutdownPrivilege	1796	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	1796	steamwebhelper.exe
Token: SeShutdownPrivilege	1796	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	1796	steamwebhelper.exe
Token: SeShutdownPrivilege	1796	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	1796	steamwebhelper.exe
Token: SeShutdownPrivilege	1796	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	1796	steamwebhelper.exe
Token: SeShutdownPrivilege	1796	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	1796	steamwebhelper.exe
Token: SeShutdownPrivilege	1796	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	1796	steamwebhelper.exe
Token: SeShutdownPrivilege	1796	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	1796	steamwebhelper.exe
Token: SeShutdownPrivilege	1796	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	1796	steamwebhelper.exe
Token: SeShutdownPrivilege	1796	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	1796	steamwebhelper.exe
Token: SeShutdownPrivilege	1796	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	1796	steamwebhelper.exe
Token: SeShutdownPrivilege	1796	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	1796	steamwebhelper.exe
Token: SeShutdownPrivilege	1796	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	1796	steamwebhelper.exe
Token: SeShutdownPrivilege	1796	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	1796	steamwebhelper.exe

Suspicious use of FindShellTrayWindow 16 IoCs

pid	Process
1796	steamwebhelper.exe
1796	steamwebhelper.exe
1796	steamwebhelper.exe
1796	steamwebhelper.exe
1796	steamwebhelper.exe
1796	steamwebhelper.exe
1796	steamwebhelper.exe
1796	steamwebhelper.exe
1796	steamwebhelper.exe
1796	steamwebhelper.exe
1796	steamwebhelper.exe
1796	steamwebhelper.exe
1796	steamwebhelper.exe
1796	steamwebhelper.exe
1796	steamwebhelper.exe
1796	steamwebhelper.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
1796	steamwebhelper.exe
1796	steamwebhelper.exe
1796	steamwebhelper.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
8124	Steam.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3108 wrote to memory of 8124	3108	Steam.exe	77
PID 3108 wrote to memory of 8124	3108	Steam.exe	77
PID 3108 wrote to memory of 8124	3108	Steam.exe	77
PID 8124 wrote to memory of 1796	8124	Steam.exe	78
PID 8124 wrote to memory of 1796	8124	Steam.exe	78
PID 1796 wrote to memory of 9196	1796	steamwebhelper.exe	79
PID 1796 wrote to memory of 9196	1796	steamwebhelper.exe	79
PID 1796 wrote to memory of 9260	1796	steamwebhelper.exe	80
PID 1796 wrote to memory of 9260	1796	steamwebhelper.exe	80
PID 1796 wrote to memory of 9260	1796	steamwebhelper.exe	80
PID 1796 wrote to memory of 9260	1796	steamwebhelper.exe	80
PID 1796 wrote to memory of 9260	1796	steamwebhelper.exe	80
PID 1796 wrote to memory of 9260	1796	steamwebhelper.exe	80
PID 1796 wrote to memory of 9260	1796	steamwebhelper.exe	80
PID 1796 wrote to memory of 9260	1796	steamwebhelper.exe	80
PID 1796 wrote to memory of 9260	1796	steamwebhelper.exe	80
PID 1796 wrote to memory of 9260	1796	steamwebhelper.exe	80
PID 1796 wrote to memory of 9260	1796	steamwebhelper.exe	80
PID 1796 wrote to memory of 9260	1796	steamwebhelper.exe	80
PID 1796 wrote to memory of 9260	1796	steamwebhelper.exe	80
PID 1796 wrote to memory of 9260	1796	steamwebhelper.exe	80
PID 1796 wrote to memory of 9260	1796	steamwebhelper.exe	80
PID 1796 wrote to memory of 9260	1796	steamwebhelper.exe	80
PID 1796 wrote to memory of 9260	1796	steamwebhelper.exe	80
PID 1796 wrote to memory of 9260	1796	steamwebhelper.exe	80
PID 1796 wrote to memory of 9260	1796	steamwebhelper.exe	80
PID 1796 wrote to memory of 9260	1796	steamwebhelper.exe	80
PID 1796 wrote to memory of 9260	1796	steamwebhelper.exe	80
PID 1796 wrote to memory of 9260	1796	steamwebhelper.exe	80
PID 1796 wrote to memory of 9260	1796	steamwebhelper.exe	80
PID 1796 wrote to memory of 9260	1796	steamwebhelper.exe	80
PID 1796 wrote to memory of 9260	1796	steamwebhelper.exe	80
PID 1796 wrote to memory of 9260	1796	steamwebhelper.exe	80
PID 1796 wrote to memory of 9260	1796	steamwebhelper.exe	80
PID 1796 wrote to memory of 9260	1796	steamwebhelper.exe	80
PID 1796 wrote to memory of 9260	1796	steamwebhelper.exe	80
PID 1796 wrote to memory of 9260	1796	steamwebhelper.exe	80
PID 1796 wrote to memory of 9428	1796	steamwebhelper.exe	82
PID 1796 wrote to memory of 9428	1796	steamwebhelper.exe	82
PID 8124 wrote to memory of 4648	8124	Steam.exe	84
PID 8124 wrote to memory of 4648	8124	Steam.exe	84
PID 1796 wrote to memory of 10740	1796	steamwebhelper.exe	86
PID 1796 wrote to memory of 10740	1796	steamwebhelper.exe	86
PID 1796 wrote to memory of 10740	1796	steamwebhelper.exe	86
PID 1796 wrote to memory of 10740	1796	steamwebhelper.exe	86
PID 1796 wrote to memory of 10740	1796	steamwebhelper.exe	86
PID 1796 wrote to memory of 10740	1796	steamwebhelper.exe	86
PID 1796 wrote to memory of 10740	1796	steamwebhelper.exe	86
PID 1796 wrote to memory of 10740	1796	steamwebhelper.exe	86
PID 1796 wrote to memory of 10740	1796	steamwebhelper.exe	86
PID 1796 wrote to memory of 10740	1796	steamwebhelper.exe	86
PID 1796 wrote to memory of 10740	1796	steamwebhelper.exe	86
PID 1796 wrote to memory of 10740	1796	steamwebhelper.exe	86
PID 1796 wrote to memory of 10740	1796	steamwebhelper.exe	86
PID 1796 wrote to memory of 10740	1796	steamwebhelper.exe	86
PID 1796 wrote to memory of 10740	1796	steamwebhelper.exe	86
PID 1796 wrote to memory of 10740	1796	steamwebhelper.exe	86
PID 1796 wrote to memory of 10740	1796	steamwebhelper.exe	86
PID 1796 wrote to memory of 10740	1796	steamwebhelper.exe	86
PID 1796 wrote to memory of 10740	1796	steamwebhelper.exe	86
PID 1796 wrote to memory of 10740	1796	steamwebhelper.exe	86
PID 1796 wrote to memory of 10740	1796	steamwebhelper.exe	86
PID 1796 wrote to memory of 10740	1796	steamwebhelper.exe	86
PID 1796 wrote to memory of 10740	1796	steamwebhelper.exe	86

C:\Users\Admin\AppData\Local\Temp\Steam.exe
"C:\Users\Admin\AppData\Local\Temp\Steam.exe"
1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies system certificate store
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:3108
- C:\Users\Admin\AppData\Local\Temp\Steam.exe
  C:\Users\Admin\AppData\Local\Temp\Steam.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:8124
- - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
    C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=8124" "-buildid=1733265492" "-steamid=0" "-logdir=C:\Users\Admin\AppData\Local\Temp\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Users\Admin\AppData\Local\Temp\clientui" "-steampath=C:\Users\Admin\AppData\Local\Temp\Steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"
    3⤵
    - Drops file in Windows directory
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:1796
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\dumps "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1733265492 --initial-client-data=0x288,0x28c,0x290,0x284,0x294,0x7ff88c5baf00,0x7ff88c5baf0c,0x7ff88c5baf18
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:9196
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1564,i,17256488704813649068,6607705817026126051,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1568 --mojo-platform-channel-handle=1556 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:9260
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=2216,i,17256488704813649068,6607705817026126051,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2220 --mojo-platform-channel-handle=2212 /prefetch:11
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:9428
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=2872,i,17256488704813649068,6607705817026126051,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2876 --mojo-platform-channel-handle=2868 /prefetch:13
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:10740
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3064,i,17256488704813649068,6607705817026126051,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3068 --mojo-platform-channel-handle=3060 /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:10768
- - C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery64.exe
    .\bin\gldriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:4648
- - C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery.exe
    .\bin\gldriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:11104
- - C:\Users\Admin\AppData\Local\Temp\bin\vulkandriverquery64.exe
    .\bin\vulkandriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:11188
- - C:\Users\Admin\AppData\Local\Temp\bin\vulkandriverquery.exe
    .\bin\vulkandriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:11260

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C8 0x00000000000004DC
1⤵
PID:9376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
95d9b32e1e41c265c3d5ca74b982c1c3

SHA1
7b0ed033b2d2c84e848eaf25a1c8898cf433284c

SHA256
7cbd21c794e8803fe91f161dd55da6ff3e79e2d4184ec9873c7162692a2549fb

SHA512
5f536c0e6bb4e55b6dd52be76badebcd42989fe42b6c620ed89da4d5dd0267a5b9cf2120dfa3bc44bd3e89677ab2889f8d82868f622d2d5ca1b536e05d3e0286

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index~RFe59a677.TMP

Filesize
48B

MD5
945d1ece3803b47a4f4437ebf2d9e5fc

SHA1
3e4f4ae6a72fc50a1209bd610c1add81a39a6a66

SHA256
a3000064778b6e5951af88a35c12f30320d4a0a3a70958b04f6f6482fbdbcc5b

SHA512
aeeaffe3d3f2af2975db2d0191f01c93454ef4dd099e6ab09e9afe6f2d197047f7253141c75a6179fd994658ac09703fbe5314a21eebaa5f5a96d4a0a37ecc56

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnGraphiteCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\aom.dll

Filesize
7.1MB

MD5
d764264518e77cc546a5876c3bcebad4

SHA1
ea17d45b396fa193a851bfd345e2b2c20ad60e12

SHA256
e78492de0ab575add50b925bfd44216d224d09904a9b14c17087a92fdcbc15cd

SHA512
7cf132ea5254a55c08186ffcf5e47360ef5ddd57d03d7051171f6753b22e3925304d183c2037bfd320ad56c08e079f9b2c4640db8cb3dbd38ff500c7a39e997f

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\audio.dll

Filesize
183KB

MD5
63203b19d445107d45ad60e15c4dbf51

SHA1
0437eda1fa6acaea24dda0825982c4ed700205b8

SHA256
a02ebac018b3477e6d5c4f68672fb7bcfbcc19caff690447391eb5909067b6ac

SHA512
d13280fe2ff018bf324c58598cd40d7d290e0c3358d63ab1fc3dfc8f3cd3365e92cb971f808daf85f1e8e5cd5661a27a74e56b7e4b939842db6342a8a0eaacad

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\SDL3.dll

Filesize
2.0MB

MD5
cbea799e76c3fba37e66af0476a178c5

SHA1
a81bfe177a7d8dda0e5a8b2f9a91e92a975518cd

SHA256
e263d4644a3779817b9a83714ec70cdff3827ba220d63c0aa0bccfe85a2b41f4

SHA512
0619c358c87aa8bd46a13cb4cec30482f789c522bf2ed993e80c67f7b5d20579c86a18056f625bdac6c572ea5477b7f876cfbf5ce193ea85dcc55ae33f8a0e69

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\VkICD_mock_icd.dll

Filesize
530KB

MD5
d81b13ec606e3226c1d96376fc1b9bab

SHA1
5fe0c2d68c87b012ce6b5917d519dc1f59584588

SHA256
ed06f35ee8f52c5e3ab9a5eda4323381d5d570b2e4a1c2a3d6c535d1961746f0

SHA512
ce00fe87d36947a5400e5afdaac6c0c7dfb796c2406ae320cb8a6f8133e7bc5b42277bd78f59def2fab4c3f71f478c9bc318ed33d66e8cb57e8712bd8ab73f66

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\VkLayer_khronos_validation.dll

Filesize
13.6MB

MD5
e95985f32f10795d52d3f64305046177

SHA1
c246fcfac3a240fe2956313e0962a70e63238637

SHA256
4d5cabced4a09fe807dfc864dc971c5eaabe6e3ec1ebca43f1bee9a297e501bb

SHA512
657d0d4dbc88b98840000ccb029ab926c6862661e58cb7457292e3942262ee9ee94eef0851215b788fa9bff33b8bdba6a5d436d060afc96380e45da00a33af45

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\chrome_elf.dll

Filesize
1.0MB

MD5
e7aa59100d1d8967970e0ec5c47127ab

SHA1
ee5fea5c24f445deb669d9bbf2484a8e5e602911

SHA256
2fffc399aadf13b84d582563789c89ad1ca8540b9a460beb022293668e3519ce

SHA512
eb6a2d52b697e9a834e82887fc957fc308178061758dd8b5edee6bd1498adfb585f7a5cafcc9305fad00877994c04a559f685cbd2f04a06679ac5eb72856735e

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\d3dcompiler_47.dll

Filesize
3.9MB

MD5
d1fcf051ff831f61bbe3d8cb29497fdb

SHA1
1d7eb1d12b3dbaecf2ac000b5ac2143af9b0fb31

SHA256
92b00522e337329cee62e1377df08aef8ef95cf0d62d860707946c9a65952e33

SHA512
bf56a3684ecc11f27af7255e1b6b7d6d8cae10a1954c35435752184a4238de7acd49d5e6a120713dc0c8760d28edd0a44ad178a3a225c7e2769c5d0be2cb6542

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\dbgcore.dll

Filesize
157KB

MD5
fcdece2601d0f58d2d3028984a69dd54

SHA1
972653ada6e8594834922ad75a628f169b1755aa

SHA256
1c7965573f8e26052096f68b294b9e492f654331f0c55e70baa9ccb1b6c22c39

SHA512
e6f8edeaae1e5f87fdd6f81edb75461525d9c4e46a5fc415db9f8917a1665b31d8af372e0a148e99faafdb1b56199568857469859af3820b17ae58008d7a0083

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\eventlog_provider.dll

Filesize
16KB

MD5
4a68eb152acced0502449f334b33ce8a

SHA1
2919f002b9e39249fd2164d56392fe977ed9d2c1

SHA256
4d9128f3522f2156ab469880da259665a7e102dc1005a2a7274d7c1c59795d95

SHA512
89ddfae05518dc41055d1b6191bece865d47395c855e8ea3d3d6e61f3f658ea8c712726f9ac097d3df204219d954ccbabaafe61e219a669599d3c43de79346e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\libEGL.dll

Filesize
373KB

MD5
164c0ceab670cd126d88f87095540c64

SHA1
1b294f24c2c7d06ab038b3d392ce3145f085f160

SHA256
83bed34e5d87a310ceb8e7a87249cd6a912f35b9bd4e3fb7ff5c405d1e66d736

SHA512
2f0c48bdb96ebdef6089568a695796786db68b5feebedc7969d47862cdfe0246fa97591290f75a778bee664ff7818970da6f2d687710212ffddfbffd332ba449

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\libGLESv2.dll

Filesize
6.7MB

MD5
2ff192980307f12f78b778d824a69da3

SHA1
3eedf7257a13b38ec74f570eda079fc2531fd93b

SHA256
f6b7ebef4cb9f625bf2324019fbcfde1cb5664b025022d314be00387c8492baa

SHA512
1c8827c1edea1e87f6f2a0670b02610a038b8398b8389f5a52855da4710af7f8dd0349f806e9f027936ad8de411fff9f90625f30bac057061650858da49233f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\msdia140.dll

Filesize
2.2MB

MD5
015381094732bdb6f84f42e9b067a6c0

SHA1
1728d366602810c0be292fd194634a548630c917

SHA256
b25b7c1b585b711950cd5c1fc24e2c6d56e6e2d3b0a99b79901cb7b317cb2505

SHA512
ac7c7649e9fd30db4fed9deb74dcc6ee677a7f8aea9907c088ffe5a9b95d7d9c9814cfb47e67c8e7cb16f539711068e4bcf1384b51328fc33d645b8479b924d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\msvcp140.dll

Filesize
430KB

MD5
097a7c6c73ebeca5000c044d2129d02c

SHA1
3e70e2ca18a46d45630ea501faf246b1708cec4a

SHA256
34fd3b22b076c313abdc223cd7abdc7308f6498727c1c02dba279607b0d24c08

SHA512
7de0ccfa2b39071f952de160fe9347498c7eb31f9e4750fd99504cab8a9a90299d0d00b8e19f518af4d420d49f2604a2ab446c5c3760fcc1109858cfccb4bba3

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\steamwebhelper.exe

Filesize
6.0MB

MD5
fea8e705da1516e03fd562601739599a

SHA1
d7408a4449a6dba91fc6f560f75fe70a8fca8ac4

SHA256
b4b5b783b94718fda047e7f63febd504e9c3abed4026bd295d8d7ded55eba348

SHA512
b327985eba688405f7ba4604acbc951f279172a72663f73f99964a478293a2ac107bfa65516f949267201074c9bf5acd45f4230707721b97fee75c1cd3712093

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\vccorlib140.dll

Filesize
270KB

MD5
c739cf61b40efe7b14f9f65fa29ebcc9

SHA1
3773c973d7363003a251e2603d9f5f758b2a812e

SHA256
7da3f6815cda9f6b29f19eac04c7e6d28b1735fc5ce7e075048437be02eef3ef

SHA512
1c3b3cdb11de40ae1e440c25c17e411341133f870f8dba6e6a810d142e299b3c449a28300a030e46450df1d1b3f6203d6115ca3cb1ede82c3faa198a4861dd64

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\vcruntime140.dll

Filesize
80KB

MD5
20e118a3400e7c7d4bf4041b75dc0bac

SHA1
ad5a44de06a522359bda21c5dd8c6095c26808bf

SHA256
a7059a17a58e78a87151c8aa5231e33f9bbf0ad7c122ef67591858da3c41aa98

SHA512
fa7ed72a424fa064722fb0a4766a491c891befafc68a2923294464e51d0c2504db11430d87e72e5211a4448578d609ecafadf78048ce9b47d79d3ebe32169616

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\vk_swiftshader.dll

Filesize
4.5MB

MD5
3edfc8a97e0d020633649d7b56c7da40

SHA1
4e6789c56d72fcea629c3260214951bfce5823bc

SHA256
5fa583544f849f728018d539cb510e4fbde105c20b4366d8415218441dbe9a39

SHA512
235f5a7e758d15b4c5f69c6587a38a33a3030ce4aedb3ea03eeea04e7162243f0d9253a64a1c0dd3f975e87b9cabb6071c3ea9828f6663a07cebe47d4af8c66d

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\vulkan-1.dll

Filesize
823KB

MD5
edf71b3dd99f1503b85e3fb45bda6a52

SHA1
018ccc9868b50c5b7ef3d8eb62cf037b6cee67a3

SHA256
f4a835ca5c5e2be18b26457699258956c32466a76182960065cdf6433576e5d7

SHA512
6cbf4466366d8b0bc1097aaa01d32e14ee18c43daf2d4344213804936492c62899631c8cfd41cd03a66625a4ff236d0f28811d35f4f4933c6157940c8ae8ac48

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\winh264.dll

Filesize
135KB

MD5
3f0ed7680f2bde7b91358127d06762a0

SHA1
4bcf68a48b9834c01c4a586e5cde24384571d5ec

SHA256
e716b7f7b22e2e0a00f8aed5972d5d119151ab58c3c01eb56c846e2666fd99c8

SHA512
d4734cc93b0af606e1dbed36c018f0112d8ba88d9246089da552a3f1ec79005193333674fdc10f5b5ab159934e39441b641995674a80577c73dcd46e617482d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\SDL3.dll

Filesize
2.4MB

MD5
0b7d88b6506a25bc5fbeedf3cbfb8ee5

SHA1
63c39ca97a861a363191614a462167adaa76c828

SHA256
bd878e25f57c54dc70d05efa4ef08893f650698fed76dab8d91de288cabf0796

SHA512
30a2c1d162e20b3943e9fc197e1598fe30733006cd04d9747e55284be0dfd6df3ed2a533d01ad5d2012f42e2fb81f5e667c80aaf538aded62810546e36c3f29a

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\VkICD_mock_icd.dll

Filesize
622KB

MD5
ec5cfeb47ad7878cd03a3ceed46afa5d

SHA1
97d28798a351b4460da2804a7c4e82f7709e034e

SHA256
071f126ca68c193bb36b98f710e4412f7d99d3f7fa0032c6d6e25adb535044b9

SHA512
cbee0537990645e13999c9ff951902574ea2da65eeec259037c6558953141b686607e1f0ee7bf12754a3d69ed6f6435f2d726105cfbd27bceb4cd11737af46eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\VkLayer_khronos_validation.dll

Filesize
15.9MB

MD5
e5015dbbda7f53acc5e7aec89a106d69

SHA1
5a72fe0eaeb9b4030509259a8caee7a072464ed0

SHA256
0128f6c8ffded9433bfcdedb43d75adcf18139644f2b8fdb45111c1642beb757

SHA512
b197192cc84bdfa880185594fa4d461ce6bf071ea0187fa1f3570eeea87c6de00fb8b71276d19fc26d78184f2632a066cd71f2a9c93e69f478519ae8c43bca10

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\chrome_elf.dll

Filesize
1.3MB

MD5
0eeaea918f3603e5ff2bd955f9f0c0aa

SHA1
0404b3bd9324703a46d5f3e3d2471386951feee5

SHA256
3f49301338c33f40b3ca8528eaa40e9f7fc8f7952f59b8f4281ca5d3e1ddf25f

SHA512
0fa19dc76d28d449f2e96e4faf3ce57e7ad811b8888de2140152ba0355cc8d6ed787371ff90fbac0d1b0c900fcb1fd4ef1f45c8114b0f10ca5f97f05146ef945

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\d3dcompiler_47.dll

Filesize
4.7MB

MD5
c6c2fc1388f3d04c170417d733fcd52b

SHA1
fe74b15be9b5227cc3597471e4df0913b5acefb2

SHA256
8b575383ebaf641d7e29b85d010af232dfe008be800ec936d5b4d0c19ae47ca4

SHA512
e155cc3d0e1f1b2ad8992cc907c36923bcbce17cb53e731ea3d02e529bef11324219a86e461fbb6d0b9247d1638d14d558e083fdcdd2c6ef301160d00bc88fe7

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\dbgcore.dll

Filesize
211KB

MD5
e6bcc49fe10142480344ecf6f78f17f7

SHA1
fc8d3f1e85b2dc6934cbd4d2fb9250792eb991aa

SHA256
b4675afaff6fe2d9253a16e4bbeb376b0b4fdee087ce71419e11b78ca211ef2a

SHA512
9152d99fc8ab1a4a7f6d2f73fd3cde17c741620b42e7011fd4534315ce18ac12517846ee21f12327d6343e5c4f4a86d01e4b40a1ef1ffc803e4969f3629dfd36

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\dxcompiler.dll

Filesize
21.0MB

MD5
e3f531e75b63bcb3bbf8da1d5df8aa43

SHA1
9574e78e7ae36944687083923a9d09e15c593ebb

SHA256
fdf572f1b15982d6b6b0083026fad4a0352a5c99efe97f182e8ba72d682de610

SHA512
424fdc9da6518d5f269cf635aa66524161fa31771a8bc6dd91add826cdde9f0bed7879b259419c33a1d00155546d1a68aadc6a9acff32290b9543767dd04a9d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\dxil.dll

Filesize
1.4MB

MD5
8167a6e8cc35988d02938cfa3ae1c0dd

SHA1
1bb1b83c7dc957e074320b033aab83f015eb777b

SHA256
bf97fcfc4f107a98932ac6f9169d9fb936dbedaac5cc06005a87fae436b577cb

SHA512
bcb9e8fbc79c108ec525ec2a1d5d8bba7c2a295e39eabf48d8eba2095eeffcbb2a2b8f66219cda9786bae6a1fa6ff27f054f97ffa002957d16f2969018e62606

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\eventlog_provider.dll

Filesize
17KB

MD5
a73d3ef675f9a0840a4f08e71066f5b2

SHA1
bbe14a1ea609bf288a54b0299c74f8f8f66a1bab

SHA256
7359a29c5c6201c815ab3e58487f0f95617f766bd6cb2eda182dc8da5e058c8d

SHA512
30b34a9c91fd08f6f689271fc486e5a2d7f984f6bb0717aa68d4d1d8b58e3e18059cf24ff679893249f1b40d2514994a0b36143425e6dce02f1aee3751810958

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\libEGL.dll

Filesize
472KB

MD5
9a5749b691b3c345f4e313b06b127a94

SHA1
bad7c65d67e3d548e9ae757a7aa5bd5a079fd3b8

SHA256
682acd1cfa7390386d8cd8c8267e365ac0abbef1788587f8150b99e424e9b0e9

SHA512
4de9d18b4245105ea22520ee6b27cf7cb8f5ca0777408eb9993f4f97d1820582c6e3694e0142cdb373e8406e1117f568ae4f314b3027a0791d8866bd191b545f

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\libGLESv2.dll

Filesize
7.7MB

MD5
35f34351979e8aca52c09d674dde7345

SHA1
3fad78f021c78f8368823d6a26b81999d8b10ac9

SHA256
cdcd26fc7fc0c79b03726f66c235634f1a58de0ea2418281c157b9f05151f2ef

SHA512
5a1941c673d9fb101189e65bf3ca7d016baf0b75fd29ee2bbcb30270d27717c292b4c8ed08a646c022a87d94434cd29ef2719f8fc4388ef2be00b58f036f43d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\msdia140.dll

Filesize
2.2MB

MD5
4aa30cedcc1b685865f518c70aa50bc7

SHA1
d457dd8fc0fdb1cc15879f7f09f2ffdcfbef8cba

SHA256
0b07dd35f63e959e25627ee7f439440bf59ce27b68eb2512eb68b8933cf734f2

SHA512
bef70d17dd68cd9060d1e4db9fe9a36ffccad5f2540a1e9587385d48484d021abc2e493397bc4284d40a44379be3c576a8244603388f20cfcd9e95d64f70adeb

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\msvcp140.dll

Filesize
552KB

MD5
e4f0a1efb0a99c7d32ec8327dd908bb3

SHA1
30eab0dc9ad15964802e201b1c16d6f85b5d60e9

SHA256
e2dc7de6aadef0aabdefa69bb9106d00c715b3a3fb0f5cbb78f18a3ab7a415a1

SHA512
e15b2c8fb583b64b1d1119d26562e1c74b4c19cb665ec2cccddcfa3023f248532495ceafb927b9ae5d4dec71703049b2785f62592d1cf6251badee70733fc7a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\openvr_api.dll

Filesize
806KB

MD5
4398179b668c70f4464ce9448fa0bac3

SHA1
a12848d2488fbd31a2481922664a2875f162bbdd

SHA256
0ba4d3049449403e1966cf8922ac5c2e6130fabe72c0cc6b3218da82f9110ac9

SHA512
98db440b4c220a9e71b60104c819c402bd88b6c10b9ed518660e8550884fa518e165bf20ec2d85a4bb5c379a28e9524d4b69dd25dc599e062498670fe8f28bc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe

Filesize
7.1MB

MD5
e2a9d0be4445cf81d3877cc2d6ccf183

SHA1
5c1cfdcd40e51630b694628b05539cbf14cbea8e

SHA256
89058331d7125928e05c5c16bd4114c5bf81fae050dcbf640939c6d3178c74a1

SHA512
586a20734bad253573f4c7a4888f62d655fd98e65a3e09e1705f60e2f86984137ddeb2a4bec676a1744ab7143e480e08b781dd44def68ccd90fb28babcc051fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\vccorlib140.dll

Filesize
334KB

MD5
7249674ac9b3fc78398de046298ae4a1

SHA1
e4283070297d13ae44ba47a38285d7cacd63168e

SHA256
e18722bed36d062ae370dc68d117a3fdde9d036a15f3c7cc8ab5cc595d0a4dcc

SHA512
c5c236cf89f033e8515341de0f3d5a08f27a3af113433a7cf6eb840681cfbdce780d0649c6c1de86f9bd147d6ecc500c82e5ea96b75f7116dede2232b7576d17

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\vcruntime140.dll

Filesize
108KB

MD5
a924549aea37bf5efa506064f7b65c24

SHA1
129e0e0984cc7fbcb3b7d995381b15ed74c9a2f7

SHA256
61a3fafb47929f37917cd5cc246ce6d33870002d76a7798d4cd9cfb08a3578d4

SHA512
35dc1d19b391699388f699e102aeeef8a2e098d0e12798b7d5110da03dd2274a157360c40635ff085c3201753160ad0acc5ad5629508a537d4c4ae10200ec403

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\vcruntime140_1.dll

Filesize
39KB

MD5
835b2f63f048f365bd9dc5b9c61a1e4c

SHA1
766540c9f4e391d9f66288c84ad30a7ab3cbd747

SHA256
4be002c978b4af28f153d005a8873273ac404e61822ed17f7fc433d42e39ce02

SHA512
6e60e0cf8cdace4e86f8215a273e9afb735590288c58b971ec73f4aa914241a8cb7a9e4c8fbaf268da36bb5696c8ad20f2efdffd528235a6d50d8ab06e41822b

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\vk_swiftshader.dll

Filesize
5.1MB

MD5
33d3b13bfa8c934619d0bdd765458c81

SHA1
f2bbb1c8899d6fb620b4d935af72d81c75de8afe

SHA256
0141d84b53b416c6059c7b1b02c0cca8eb18a16e5368812a4fb3bd2f495b4153

SHA512
36a41472abfcfaa035f8388315963099508fa6eb2a10fa3b139b09a9bdc66b2a39f685fe770d89830b290b8c475f0f72778c19f3634dcbabfc63165abd311e87

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\vulkan-1.dll

Filesize
940KB

MD5
aa74caa083d40de250705536c2bd2f79

SHA1
0f2613989f4d797b0c0528e984ed00c866014f2e

SHA256
066a8cf28d992f6e94546bc1e62a0276d34a67219250565de49c3e4f80172070

SHA512
aeaccb4e56618e0c3c37836cfd731eef86eca4d9bd613260f25a66010261603eb2321492e09a67cc43f38b066439b1e4290c40e70faa3062ed49981b9fcd9c3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\winh264.dll

Filesize
169KB

MD5
a269bc8562b7e02c5d08d4744be28b1c

SHA1
9facc69bc62804caeb3b7caa5e0b4551c582a5c0

SHA256
80ce8eec4c5ced50cc51766909302f274b7f846965103f20a5c1e31a59d53d23

SHA512
8cfbd769ac075151958d89cbcc4eaebb1833e33398b20e5c5c3b8840a339c7fe2888f1a04b49fc60bc5df05c43bd2df1aa09b2eb2b1fdc4e97a46eb5da40081f

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\chromehtml.dll

Filesize
1.4MB

MD5
47d4104dbaf9c73f9fb7e1e53b0006bb

SHA1
425f21a7e29a8c8af800d483d04041c90e5b2904

SHA256
8a63bff7f59d43684c0203e6eb58eb3de4e79ea6c2f902968b042002541f2307

SHA512
b99ae6ba9678a78f4654a8ceb90bd491d51494f2ff03b06666728a22c017e1130d59da4b784163132c5fe75a003a2ca7fa72c967a3c0c03af91d3b8bc54f3b47

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\drivers.exe

Filesize
7.2MB

MD5
ef801f4408581f653cfbebc626497efd

SHA1
dd5567e76186cb3ee562326da4a948724b49ba77

SHA256
ab5830db258a4857abca8c999ddc8562ac1a1f1a1d27af758be1d11c08e9dce3

SHA512
c152af5fd8b3b243d68f3db69711e03238fa96f3152095b985d47ab5da1d751eefbf45649dde4b52fb64788a2b29452a1ad5eb26268ec4f617e4cbbc0ea4e067

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\filesystem_stdio.dll

Filesize
193KB

MD5
0bc6d16fc84491f56fdea790b6be528e

SHA1
eb71c0add38d1803b5ae4f13c287b80320543896

SHA256
a2329fa67a4af91172e1c4bc1b3700443a4501579475fe0145d4579cd1fd92fa

SHA512
7e870be7b150220e1cb301ae9b6150b2f198981978ac92861426f2218b702a85240258f59c203028e33a4db1a4aba62b34f345b0b3d0a14809b0cc20f3be0600

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\fossilize-replay.exe

Filesize
1.9MB

MD5
7064bc533038322c72261ae1aa27a220

SHA1
9e7e750d68786b918c7e89b715bf28d289ef4852

SHA256
2d79edec941579e025c94d1cac84615dc4f8de5beb41987d7f5e8aa811425f48

SHA512
5a4c0722b5fb7ff98beeb32db547c1fca65482eb78420335cf451b8a2ea0c8b415786a8ec3c92bc690bd4f26a067675edebac0d27bccaac1015cfa693e6b77e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\fossilize-replay64.exe

Filesize
2.2MB

MD5
7052ff62c5d2807cc1cf9b515100879f

SHA1
e2ca74c35ca7551b3cb679acc02712da7eb063ab

SHA256
8c59b485716e8c44859a4dfad14e39ee4c2c84b6891e10808fd8cf1504c692c4

SHA512
8d52d55833bb8adc596f17ffd8982142ead40f2a6b5045617cc486ab442861fcf4839cad62f6d8ab9f0a6620ad0ae70e02e481954b6998975b8805f52e6aecfe

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\friendsui.dll

Filesize
2.7MB

MD5
32d3e95ce79a133754f46b3aab240d78

SHA1
f1c63c1011c97bc104de209b4e4245b591812140

SHA256
168c2d5872d37420101088ea61ae1babe4410af987e78932fd7c762daf46f888

SHA512
501cbc0c4e46809765e367fad9762424aea10106ee30862a563c23e9a1bdb5aa70aa6be1be68a34f2cc99a708a4559af6b07dfabd344cddfa0f137a3c6d4dbec

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\gameoverlayui.dll

Filesize
4.1MB

MD5
083ec8d42470604274fd4e1b31ad3e72

SHA1
37e2a15b23addce0f89f917d7c9776dd613c2398

SHA256
3800a1577e9b090775577820e2336b104a7e650fe907c755283715ce811282e3

SHA512
cdf8c3f9ed4e8afd7586cbbf78538e03eabd174be5347f9a44484d05baeafe0e01195bdf151cc544686b8d278897e7726932790a54a436c04c65fb994567063d

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery.exe

Filesize
45KB

MD5
d6d6ddf71c2a46b4735c20ec16270ab6

SHA1
2e6d36d000a498c6811fcdc49dcf316bfbafa5ce

SHA256
0d422efdfa17dc6e1ebf0ed9e2902fd7c0eaa2f77b8a5a8f1df1478453a37ab8

SHA512
4b422c55cfca42f3f4ec441d7c01bf1ce6943ca00beb3919cc86bbd63a850bb859090b9f16cd0d0ad0723b662afaa2a994f4e319a7c5801af1fc57ad54708047

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery64.exe

Filesize
941KB

MD5
519ccd21fc4a0f26debd33320c50df57

SHA1
416c1d65e0dbae21b6f7c43e32c194581bd8488b

SHA256
23b4063251315814e188d64afe08ea49979f5fb2b74b86860e655a1a4d8fe4e3

SHA512
6e8b5d54b928ddf8ad33da84b7a38cc1b971ec9aaff95ac9c5ff73d5646d2044d99c69ec137b1acd86a9ceead2626bfac08281186452349890c11e302c58255e

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\mss32.dll

Filesize
430KB

MD5
d6d952c03fb8b6f9c63761213ec4d4af

SHA1
e12800f2bf9e09e6ae9dda5ac2f4b775781993f2

SHA256
9c832318a05290ebef3bd809cbbc7df70a08cbd86745899eaeb169d5a42bf99d

SHA512
587db5b9a224550ebb5a52f185824daae6ec2a60f457b7276c80bcd8d4bf4eb4bf36e2efff9280ebca7cb339836b50e338482a05e107a7192c51ad8b93c21f90

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\nattypeprobe.dll

Filesize
159KB

MD5
4cfbf8e6d6be5196980a20c19ef6f601

SHA1
9db16baa28931ca1768790aeef029824692e1b2a

SHA256
5373f1704159628ffaeb8964a80f0e2006b0cf2e76ec9797e31979d8491aff3f

SHA512
9d7b38cb73da93d96baeaf6f8c142819f400c415ba0b053f84c1a0f1e59736b580052851bf38bb77a99f9ae88f121ba2894e879142eb116d1975fd04cadf4dc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\secure_desktop_capture.exe

Filesize
2.9MB

MD5
b7a4754df464ce890b1c04e1f28a7384

SHA1
6480e3bf54db89ed93335cd25aa73a4c8ccf9c53

SHA256
757fde89c9f89bfcdaf4034e2e0042f0ffbd4b8310f87cc383757af19b79283c

SHA512
445ec366027cbb6180b2aeedcebf044216db9ae44349d559c394ed9cb9ab93d1f3e5394be5112452f6fe95b7742d99491e1507db86326317597c3ea7f3e963f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\steamservice.dll

Filesize
3.2MB

MD5
30049bcd7a12005ed2ea9ee5b8ec67c8

SHA1
a0c46f61a0228d3495d525b038269deeb51446da

SHA256
50fefeed8bf6810ea6e7fe5fab1b79c0dc4f503c1992ea249021c2f4a47960f0

SHA512
700d713d5b9a7882fcbb8b49c26544f340c2455f8dd9e2d2b25f69d420568d1fe6f7736403887d84ccad6bd2aae18df4d464f07d794437ac20860ef651481403

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\steamservice.exe

Filesize
2.5MB

MD5
db6e8a1bee85a43c95cd51a9cadb16a5

SHA1
4a22954cf1feff46e77d25b4647532a4cd0cd890

SHA256
2020d520ce9b254fa4ab3810077b6747c7d551909fdf797dbc1f464d96e96e15

SHA512
7190435e0b1d36fe84fb2ff83106a090e55f7c7b0a1ca8e2d58de4b652ddc7078e0280836b0e3ccb08a47d40548cf8bd8cff7aa588dfc70aa313c64bc42164b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\config\config.vdf

Filesize
16KB

MD5
92d29e3e31d8ec4b745d59d823a42a57

SHA1
e3ef1d09d352afb2c5e8733ca68470873b4c90f4

SHA256
043cd3fa0a6d4ed12a222e592397a5532a7280c711a97e2ea2b1f2e28a478f61

SHA512
d047f734d9acc7f1e7ebf780d6ed950d8971841c9bc048f96eb35561829d8a93a35bf01712f94e4f38a3855744ad98ba034a143bb1d56c62ee6ae97633c8040c

Download Submit
C:\Users\Admin\AppData\Local\Temp\config\config.vdf

Filesize
1KB

MD5
6e6a2b18264504cc084caa3ad0bfc6ae

SHA1
b177d719bd3c1bc547d5c97937a584b8b7d57196

SHA256
f3847b5e4a40d9cf76df35398bb555117dfe3626c00a91f2babdedb619d6ad53

SHA512
74199ff275400b451642cde0a13b56709735676959d65da11ac76dd645ab11dac5de048ff7ede0cb8adb3a3056b3ecbeb3dc7481bac3768d02051e564c74b679

Download Submit
C:\Users\Admin\AppData\Local\Temp\config\config.vdf

Filesize
1KB

MD5
a2ec2e91c3ef8c42e22c4887d032b333

SHA1
e2c738a2e9400535b74e2263c7e7d1ecefe575f2

SHA256
8f9f970835f133258a7f740126012439385bbaa5a1d6a9d0d967a390977441c3

SHA512
b069d241efb19e09ec8b5e60ef6c43e00d5cc0f774b9340127c2180356dd1964ac625c1afdfaee5f99e72b26f56046fc329aadbbc365b403af765a55e9c9aab3

Download Submit
C:\Users\Admin\AppData\Local\Temp\config\config.vdf~RFe595327.TMP

Filesize
184B

MD5
3cdebc58a05cdd75f14e64fb0d971370

SHA1
edf2d4a8a5fc017e29bf9fb218db7dd8b2be84fe

SHA256
661f122934bbc692266940a1fe2e5e51d4d460efb29d75695b8d5241c6e11da7

SHA512
289c40fae5ec1d3dd8b5b00dd93cf9cada2cb5c12bcfefea8c862ddf0a16dced15d6814dad771af9103b3a5d3016d301ee40058edde3fdea30d9767146d11cd6

Download Submit
C:\Users\Admin\AppData\Local\Temp\crashhandler.dll

Filesize
347KB

MD5
7a93763803b9ea422e70015fcb23f981

SHA1
9765753a26e91b908acca2e88a3c1db9d57b2f53

SHA256
85b6c815533b6016062e3536eb04bbe0dfaed8e3c89eca8da1d586f12b780001

SHA512
0748982ce6f5db44c09e6f9a01ab343ec81adb775bf10ec1bcc84c51c7bc3710c165ec7286db587a4997815926b480f1c53a9b87f2762baa7b28ed4187a7396a

Download Submit
C:\Users\Admin\AppData\Local\Temp\logs\bootstrap_log.txt

Filesize
27KB

MD5
1d4e00a86ae0110da7150ce41e25255e

SHA1
ceb011d6898f871f44fff2d75956858bd5e3e394

SHA256
b05763ee28c9adcb5a76b1e3adfc082f0b9b2652b28481dcc95eb6f169c87b3e

SHA512
938d46d73796bbed78d960cafc5117500af26acfc91a29f29d6bb301f792bdaa6fb5e13c9c96c2a7b298e356728777922fe1fbe4566f858099a9888403107da6

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\steam_client_metrics.bin

Filesize
3KB

MD5
2b1d3c43720df464838cd64182781336

SHA1
16f5bd500d596b1f711ee0fde460b8bfcbe076dd

SHA256
912ae14f8adf527b3c2e13d8c4336d1e209aafc5beb8e2c58a7abf679eaa6b76

SHA512
ed693db8afee69200e170c15dc31bf6e6a11dd32711522487263cba07a2600fb7fab59edcd7faf3b4d8e348796db5af2163a332f9a8d9cf24c6ee8c23d699097

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\steam_client_win32.installed

Filesize
467KB

MD5
52d8ede96810d63a2e00aded3618c5b9

SHA1
814eabde914b1a357e19d89d247a79eddb29ed97

SHA256
c9e5b5d9591d2b03617ff086d41ef05b2d52c0ecb6c39fe245d273ecce06df6d

SHA512
8fce857456f52537b450112019817e1155c865ff48d91501e6f6314521a13fea0a4fd5ea555b9934029b0f5b964166241ec1bd0c0f57c065488a2cbff8073063

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\steam_client_win32.manifest

Filesize
8KB

MD5
78079dd63939f7c2db1ae475b12cacb9

SHA1
a2dda051df71353b2fe2cd8600a6714650ee37ac

SHA256
529e2294203328f262b6fdc8a4b26077840aea72b8a1e752603ce8c625a1db77

SHA512
74d4f33c2eedada639378e9b32f1703cd67cede37dc4ce0dd733bfba9a6e6a63a3ff667c2a6616961c56c2900888288d7d2aa3070269ea6696771cdccc05b132

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\tmp\graphics\[email protected]_

Filesize
15KB

MD5
577b7286c7b05cecde9bea0a0d39740e

SHA1
144d97afe83738177a2dbe43994f14ec11e44b53

SHA256
983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824

SHA512
8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\tmp\graphics\icon_button_news_mousedown.tga_

Filesize
20KB

MD5
00bf35778a90f9dfa68ce0d1a032d9b5

SHA1
de6a3d102de9a186e1585be14b49390dcb9605d6

SHA256
cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2

SHA512
342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\tmp\resource\filter_clean_bulgarian.txt.gz_

Filesize
23B

MD5
836dd6b25a8902af48cd52738b675e4b

SHA1
449347c06a872bedf311046bca8d316bfba3830b

SHA256
6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64

SHA512
6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

Download Submit
C:\Users\Admin\AppData\Local\Temp\public\steambootstrapper_english.txt

Filesize
4KB

MD5
27993eb75894ca4894db266ad9b5e61b

SHA1
4def653ee04b0514822b690052598435ec25e686

SHA256
fbc09c1b9a55d04b57be8fb2ad5ab58b38f76054ecd3d1b70440a2d08191b05b

SHA512
eaebeee5b1a7dfb9bdf661623554793d7ef7e15d9f9cf01f94da1eb0b84b88c8f24176463d15c407ebf670c5b7fd4052daea33ba43e75c1de2979487c4987bab

Download Submit
C:\Users\Admin\AppData\Local\Temp\steam.exe

Filesize
4.2MB

MD5
4bf015883412d366a1423e51ea534a21

SHA1
e89e0e631edc7aa0cde78463e3b5a1250e3a976d

SHA256
b5d588810e2b68f8a92de74b9741e0120f130d1e079144d50951c54cc04ed72c

SHA512
3610e464336b85793da07de2dc9a4940936bc47314b0aeddd910f2558a7669249fb4d588fb29d3b862ebddc5e3cd2883fbccbde9c35ef7215c1c864525bfa4be

Download Submit
memory/3108-12197-0x0000000000400000-0x00000000008B2000-memory.dmp

Filesize
4.7MB

Download
memory/8124-12430-0x000000006E7D0000-0x000000006FB11000-memory.dmp

Filesize
19.3MB

Download
memory/8124-12391-0x000000006E7D0000-0x000000006FB11000-memory.dmp

Filesize
19.3MB

Download
memory/8124-12444-0x000000006E7D0000-0x000000006FB11000-memory.dmp

Filesize
19.3MB

Download
memory/8124-12447-0x000000006E7D0000-0x000000006FB11000-memory.dmp

Filesize
19.3MB

Download
memory/10740-12428-0x000002169AF70000-0x000002169B090000-memory.dmp

Filesize
1.1MB

Download
memory/10740-12303-0x00007FF89B180000-0x00007FF89B181000-memory.dmp

Filesize
4KB

Download
memory/10740-12302-0x00007FF899510000-0x00007FF899511000-memory.dmp

Filesize
4KB

Download
memory/10768-12429-0x0000016BD33F0000-0x0000016BD3510000-memory.dmp

Filesize
1.1MB

Download