7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb

Analysis

max time kernel
899s
max time network
901s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
13-01-2025 09:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Steam.exe
Size

4.2MB
MD5

33bcb1c8975a4063a134a72803e0ca16
SHA1

ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65
SHA256

12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1
SHA512

13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49
SSDEEP

98304:7JeV/ztZBe91oiImuUiK9N9EGQKF9lSHbr7aw:1S/hwkmg4EpbrOw

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 7 IoCs

description	ioc	Process
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping18904_353847226\_metadata\verified_contents.json	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping18904_353847226\manifest.fingerprint	steamwebhelper.exe
File opened for modification	C:\Windows\SystemTemp	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping18904_353847226\_platform_specific\win_x64\widevinecdm.dll.sig	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping18904_353847226\_platform_specific\win_x64\widevinecdm.dll	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping18904_353847226\LICENSE	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping18904_353847226\manifest.json	steamwebhelper.exe

Executes dropped EXE 15 IoCs

pid	Process
18536	Steam.exe
18904	steamwebhelper.exe
12284	steamwebhelper.exe
12088	steamwebhelper.exe
20112	steamwebhelper.exe
20240	gldriverquery64.exe
11640	steamwebhelper.exe
11552	steamwebhelper.exe
11364	gldriverquery.exe
10152	vulkandriverquery64.exe
9936	vulkandriverquery.exe
5896	steamwebhelper.exe
12644	steamwebhelper.exe
10744	steamerrorreporter.exe
7100	steamerrorreporter.exe

Loads dropped DLL 60 IoCs

pid	Process
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18904	steamwebhelper.exe
18904	steamwebhelper.exe
18904	steamwebhelper.exe
18904	steamwebhelper.exe
12284	steamwebhelper.exe
12284	steamwebhelper.exe
12284	steamwebhelper.exe
18536	Steam.exe
18536	Steam.exe
12088	steamwebhelper.exe
12088	steamwebhelper.exe
12088	steamwebhelper.exe
12088	steamwebhelper.exe
12088	steamwebhelper.exe
12088	steamwebhelper.exe
12088	steamwebhelper.exe
12088	steamwebhelper.exe
12088	steamwebhelper.exe
20112	steamwebhelper.exe
20112	steamwebhelper.exe
20112	steamwebhelper.exe
18536	Steam.exe
11640	steamwebhelper.exe
11640	steamwebhelper.exe
11640	steamwebhelper.exe
11552	steamwebhelper.exe
11552	steamwebhelper.exe
11552	steamwebhelper.exe
11552	steamwebhelper.exe
5896	steamwebhelper.exe
5896	steamwebhelper.exe
5896	steamwebhelper.exe
12644	steamwebhelper.exe
12644	steamwebhelper.exe
12644	steamwebhelper.exe
12644	steamwebhelper.exe
12644	steamwebhelper.exe
12644	steamwebhelper.exe
10744	steamerrorreporter.exe
10744	steamerrorreporter.exe
7100	steamerrorreporter.exe
7100	steamerrorreporter.exe

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steamerrorreporter.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steamerrorreporter.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	gldriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vulkandriverquery.exe

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Steam.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Steam.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	Steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	Steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	Steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	Steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	Steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	Steam.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe
18536	Steam.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
18536	Steam.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3520	Steam.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	18904	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	18904	steamwebhelper.exe
Token: SeShutdownPrivilege	18904	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	18904	steamwebhelper.exe
Token: SeShutdownPrivilege	18904	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	18904	steamwebhelper.exe
Token: SeShutdownPrivilege	18904	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	18904	steamwebhelper.exe
Token: SeShutdownPrivilege	18904	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	18904	steamwebhelper.exe
Token: SeShutdownPrivilege	18904	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	18904	steamwebhelper.exe
Token: SeShutdownPrivilege	18904	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	18904	steamwebhelper.exe
Token: SeShutdownPrivilege	18904	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	18904	steamwebhelper.exe
Token: SeShutdownPrivilege	18904	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	18904	steamwebhelper.exe
Token: SeShutdownPrivilege	18904	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	18904	steamwebhelper.exe
Token: SeShutdownPrivilege	18904	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	18904	steamwebhelper.exe
Token: SeShutdownPrivilege	18904	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	18904	steamwebhelper.exe
Token: SeShutdownPrivilege	18904	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	18904	steamwebhelper.exe
Token: SeShutdownPrivilege	18904	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	18904	steamwebhelper.exe
Token: SeShutdownPrivilege	18904	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	18904	steamwebhelper.exe
Token: SeShutdownPrivilege	18904	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	18904	steamwebhelper.exe
Token: SeShutdownPrivilege	18904	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	18904	steamwebhelper.exe
Token: SeShutdownPrivilege	18904	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	18904	steamwebhelper.exe
Token: SeShutdownPrivilege	18904	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	18904	steamwebhelper.exe
Token: SeShutdownPrivilege	18904	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	18904	steamwebhelper.exe
Token: SeShutdownPrivilege	18904	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	18904	steamwebhelper.exe
Token: SeShutdownPrivilege	18904	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	18904	steamwebhelper.exe
Token: SeShutdownPrivilege	18904	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	18904	steamwebhelper.exe
Token: SeShutdownPrivilege	18904	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	18904	steamwebhelper.exe
Token: SeShutdownPrivilege	18904	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	18904	steamwebhelper.exe
Token: SeShutdownPrivilege	18904	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	18904	steamwebhelper.exe
Token: SeShutdownPrivilege	18904	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	18904	steamwebhelper.exe
Token: SeShutdownPrivilege	18904	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	18904	steamwebhelper.exe
Token: SeShutdownPrivilege	18904	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	18904	steamwebhelper.exe
Token: SeShutdownPrivilege	18904	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	18904	steamwebhelper.exe
Token: SeShutdownPrivilege	18904	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	18904	steamwebhelper.exe
Token: SeShutdownPrivilege	18904	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	18904	steamwebhelper.exe

Suspicious use of FindShellTrayWindow 16 IoCs

pid	Process
18904	steamwebhelper.exe
18904	steamwebhelper.exe
18904	steamwebhelper.exe
18904	steamwebhelper.exe
18904	steamwebhelper.exe
18904	steamwebhelper.exe
18904	steamwebhelper.exe
18904	steamwebhelper.exe
18904	steamwebhelper.exe
18904	steamwebhelper.exe
18904	steamwebhelper.exe
18904	steamwebhelper.exe
18904	steamwebhelper.exe
18904	steamwebhelper.exe
18904	steamwebhelper.exe
18904	steamwebhelper.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
18904	steamwebhelper.exe
18904	steamwebhelper.exe
18904	steamwebhelper.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
18536	Steam.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3520 wrote to memory of 18536	3520	Steam.exe	77
PID 3520 wrote to memory of 18536	3520	Steam.exe	77
PID 3520 wrote to memory of 18536	3520	Steam.exe	77
PID 18536 wrote to memory of 18904	18536	Steam.exe	78
PID 18536 wrote to memory of 18904	18536	Steam.exe	78
PID 18904 wrote to memory of 12284	18904	steamwebhelper.exe	79
PID 18904 wrote to memory of 12284	18904	steamwebhelper.exe	79
PID 18904 wrote to memory of 12088	18904	steamwebhelper.exe	80
PID 18904 wrote to memory of 12088	18904	steamwebhelper.exe	80
PID 18904 wrote to memory of 12088	18904	steamwebhelper.exe	80
PID 18904 wrote to memory of 12088	18904	steamwebhelper.exe	80
PID 18904 wrote to memory of 12088	18904	steamwebhelper.exe	80
PID 18904 wrote to memory of 12088	18904	steamwebhelper.exe	80
PID 18904 wrote to memory of 12088	18904	steamwebhelper.exe	80
PID 18904 wrote to memory of 12088	18904	steamwebhelper.exe	80
PID 18904 wrote to memory of 12088	18904	steamwebhelper.exe	80
PID 18904 wrote to memory of 12088	18904	steamwebhelper.exe	80
PID 18904 wrote to memory of 12088	18904	steamwebhelper.exe	80
PID 18904 wrote to memory of 12088	18904	steamwebhelper.exe	80
PID 18904 wrote to memory of 12088	18904	steamwebhelper.exe	80
PID 18904 wrote to memory of 12088	18904	steamwebhelper.exe	80
PID 18904 wrote to memory of 12088	18904	steamwebhelper.exe	80
PID 18904 wrote to memory of 12088	18904	steamwebhelper.exe	80
PID 18904 wrote to memory of 12088	18904	steamwebhelper.exe	80
PID 18904 wrote to memory of 12088	18904	steamwebhelper.exe	80
PID 18904 wrote to memory of 12088	18904	steamwebhelper.exe	80
PID 18904 wrote to memory of 12088	18904	steamwebhelper.exe	80
PID 18904 wrote to memory of 12088	18904	steamwebhelper.exe	80
PID 18904 wrote to memory of 12088	18904	steamwebhelper.exe	80
PID 18904 wrote to memory of 12088	18904	steamwebhelper.exe	80
PID 18904 wrote to memory of 12088	18904	steamwebhelper.exe	80
PID 18904 wrote to memory of 12088	18904	steamwebhelper.exe	80
PID 18904 wrote to memory of 12088	18904	steamwebhelper.exe	80
PID 18904 wrote to memory of 12088	18904	steamwebhelper.exe	80
PID 18904 wrote to memory of 12088	18904	steamwebhelper.exe	80
PID 18904 wrote to memory of 12088	18904	steamwebhelper.exe	80
PID 18904 wrote to memory of 12088	18904	steamwebhelper.exe	80
PID 18904 wrote to memory of 20112	18904	steamwebhelper.exe	83
PID 18904 wrote to memory of 20112	18904	steamwebhelper.exe	83
PID 18536 wrote to memory of 20240	18536	Steam.exe	84
PID 18536 wrote to memory of 20240	18536	Steam.exe	84
PID 18904 wrote to memory of 11640	18904	steamwebhelper.exe	86
PID 18904 wrote to memory of 11640	18904	steamwebhelper.exe	86
PID 18904 wrote to memory of 11640	18904	steamwebhelper.exe	86
PID 18904 wrote to memory of 11640	18904	steamwebhelper.exe	86
PID 18904 wrote to memory of 11640	18904	steamwebhelper.exe	86
PID 18904 wrote to memory of 11640	18904	steamwebhelper.exe	86
PID 18904 wrote to memory of 11640	18904	steamwebhelper.exe	86
PID 18904 wrote to memory of 11640	18904	steamwebhelper.exe	86
PID 18904 wrote to memory of 11640	18904	steamwebhelper.exe	86
PID 18904 wrote to memory of 11640	18904	steamwebhelper.exe	86
PID 18904 wrote to memory of 11640	18904	steamwebhelper.exe	86
PID 18904 wrote to memory of 11640	18904	steamwebhelper.exe	86
PID 18904 wrote to memory of 11640	18904	steamwebhelper.exe	86
PID 18904 wrote to memory of 11640	18904	steamwebhelper.exe	86
PID 18904 wrote to memory of 11640	18904	steamwebhelper.exe	86
PID 18904 wrote to memory of 11640	18904	steamwebhelper.exe	86
PID 18904 wrote to memory of 11640	18904	steamwebhelper.exe	86
PID 18904 wrote to memory of 11640	18904	steamwebhelper.exe	86
PID 18904 wrote to memory of 11640	18904	steamwebhelper.exe	86
PID 18904 wrote to memory of 11640	18904	steamwebhelper.exe	86
PID 18904 wrote to memory of 11640	18904	steamwebhelper.exe	86
PID 18904 wrote to memory of 11640	18904	steamwebhelper.exe	86
PID 18904 wrote to memory of 11640	18904	steamwebhelper.exe	86

C:\Users\Admin\AppData\Local\Temp\Steam.exe
"C:\Users\Admin\AppData\Local\Temp\Steam.exe"
1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies system certificate store
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:3520
- C:\Users\Admin\AppData\Local\Temp\Steam.exe
  C:\Users\Admin\AppData\Local\Temp\Steam.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:18536
- - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
    C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=18536" "-buildid=1733265492" "-steamid=0" "-logdir=C:\Users\Admin\AppData\Local\Temp\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Users\Admin\AppData\Local\Temp\clientui" "-steampath=C:\Users\Admin\AppData\Local\Temp\Steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"
    3⤵
    - Drops file in Windows directory
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:18904
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\dumps "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1733265492 --initial-client-data=0x2a0,0x2a4,0x2a8,0x29c,0x2ac,0x7ffcd754af00,0x7ffcd754af0c,0x7ffcd754af18
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:12284
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1568,i,9883168239888362808,17987744397748847836,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1572 --mojo-platform-channel-handle=1560 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:12088
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=2224,i,9883168239888362808,17987744397748847836,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2228 --mojo-platform-channel-handle=2220 /prefetch:11
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:20112
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=2872,i,9883168239888362808,17987744397748847836,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2876 --mojo-platform-channel-handle=2868 /prefetch:13
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:11640
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3076,i,9883168239888362808,17987744397748847836,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3080 --mojo-platform-channel-handle=3068 /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:11552
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=3780,i,9883168239888362808,17987744397748847836,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3784 --mojo-platform-channel-handle=3776 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5896
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3712,i,9883168239888362808,17987744397748847836,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3720 --mojo-platform-channel-handle=3728 /prefetch:10
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:12644
- - C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery64.exe
    .\bin\gldriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:20240
- - C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery.exe
    .\bin\gldriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:11364
- - C:\Users\Admin\AppData\Local\Temp\bin\vulkandriverquery64.exe
    .\bin\vulkandriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:10152
- - C:\Users\Admin\AppData\Local\Temp\bin\vulkandriverquery.exe
    .\bin\vulkandriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:9936
- - C:\Users\Admin\AppData\Local\Temp\steamerrorreporter.exe
    C:\Users\Admin\AppData\Local\Temp\ste
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:10744
- - C:\Users\Admin\AppData\Local\Temp\steamerrorreporter.exe
    C:\Users\Admin\AppData\Local\Temp\ste
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:7100

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004D4
1⤵
PID:19976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
110dadd2a07fb6b115956786eca9386a

SHA1
aec71fc60a9fa381f2d6a24e52239f30a470279e

SHA256
ed453860d536a480e6d6b9824e5cff0e000dc9bd6be15fabde4a6c94ff666ba4

SHA512
d0d6252dd2ef252cef827d583b3012a35cecdac64ebae39e5e902e7d7192c1ecf3da0ca92da0c2cb4ba632eb73d04114003e347d1467c43ec8bce2c03657e286

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index~RFe595c4f.TMP

Filesize
48B

MD5
f23870c44e43c9d0b34b44698ad6be29

SHA1
4d9d6ec55de00a3d3f0dd6568a0a84c173d36972

SHA256
2bbdba9f9f80c5dff112cf8674d783de1e7890395ac050e219fbe6bd4397337f

SHA512
eb6711435ead572b8aaad39c9c97802ba2458b0d2f1afe746034c11c016b727abd501240e3e3c1cae8c76f2aabf375742ddd5206c2e492e87d50a2dd1e1876e7

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Local Storage\leveldb\000001.dbtmp

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Local Storage\leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
710B

MD5
a32424e9367c66b7e291a52eb5d21aab

SHA1
22a560de628e3c8ce17d2b3c201528c73227b22b

SHA256
f06240a5f2260b1411d674aab2708d5a3af90a6ea46743272f63007921d6a03a

SHA512
af88276c11e2472ef7a41b98dcdb0b6217c6032eecc799d74fbff1327534baf03a4f8cbcd3994255bf23898712e39bcd4f2a8883a10ea1b057077718d70d535f

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
822B

MD5
ed7916b239295866f3cb5785fa792a91

SHA1
d491c601ed087a1d9154c22e7c8b50aa5d969363

SHA256
4761751c406fb6dd5d0d3b7249daf772f973a22ed6af2ef07ae035d96ff8933d

SHA512
8949675612fd8481d500abb0797033c3f5a1cac85199840565b4b2e1add92ccc2d11ec8b985401ac28ff26d87ea49994315dfe2ce28c054f5e547e979f31bb77

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json~RFe5a18b9.TMP

Filesize
529B

MD5
977b486010aac6eaa7707cf20e1c2348

SHA1
d1d53e7e513f8851ddcd6bbc2e1eba33ad5ddfce

SHA256
73c5a8cd9c5246084afbbcf6c9de0171f78f5025a41f6554a0578c9d7db57096

SHA512
824831fcfa04c003267921e65524ef7e4bc486659e98e72e320d6d3e8469654321c05f37ebeb871419d4fcdb082eaf299762264fd14896557ac1c87a2aee3a04

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
300B

MD5
f838cd09724c67eec8003a2c4bc4d442

SHA1
188163354e8f73bf846ca132b2440b0fcb8eaaa6

SHA256
695535265b949bc01517275587fbcfc608b40c5b0d89bb392fb1d3bbad5cf738

SHA512
d7d82efa83292ddb58b8e52b0c3ee4cacf4c2a484be7387a1485439e6a7389f5225b9df29e6ebfd0d1a20aed78cbe39ad1d1e42f07823a6a492dbacacaf136c1

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State~RFe5a2c61.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Temp\CSERHelper.dll

Filesize
121KB

MD5
833d30fa5bd04e2011cb6b9d7081dded

SHA1
4c8a9cccbecb4d06ec76cc38a9c850f05a020057

SHA256
09d4c2067217b1900d4d7a936969f809821649b10ed8afd0f49de2871f7a3784

SHA512
649d2c1f9cf34a220e3bb67b1a656dcb290be0a3522f87fd4e948121a25153f73bc53c06d8997744cf8cdc82486a4a902d6b0c9da87ec190abe624edbb9c04ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\GameOverlayRenderer.dll

Filesize
1.2MB

MD5
0ed7ce175c59bab8f860b249f55ed5e1

SHA1
dc5a081fb28c7612e42bb88c2ab8add756ca86d9

SHA256
eda9d033c16f50f6e84ca0c71c20849c054ebe8b33f10b435c83769533a26f59

SHA512
564c2dde03e48dc03c547f0d7aed47e9255666cec537139646d1f759d1d1e42d2a65293764cdbbf6d04e82fad2954e62f142f9e6b24153d91bc8adc91106db80

Download Submit
C:\Users\Admin\AppData\Local\Temp\GameOverlayRenderer64.dll

Filesize
1.4MB

MD5
f6a8b57995d4095ee6338c9057815c75

SHA1
086d14a49bbda009c5b8441f7fe3e6493bfd94af

SHA256
4a2154ac44e08dbf449ff3ee1ede3313baf1a8d6613c8c41f82ac7e191e55b54

SHA512
b77c73f41b8560fe648f07cc386086bf38fb2d73eb5ae7af78b047a610789fb3d4a73a2693f267e2e7de390a94e71e6763956b1d24ef00f55302400f46b46e07

Download Submit
C:\Users\Admin\AppData\Local\Temp\GameOverlayUI.exe

Filesize
379KB

MD5
d4232488a87a71a060713080eb61d5b2

SHA1
4bfd251b5909d71d83d14f1160b5b913e6f7db78

SHA256
493ec2ff278c84b85ac014f67a7e9ec8a6c672f50bbf4d578dea81fa8b07cc3e

SHA512
733ce11dd10d93d65b53a42e36524bde54981080ef1bebc4c536377a208dacd7cf98df373333ec92d8113efef8bd72ffb17ac795ed42db2ce9e2c762fbf84b57

Download Submit
C:\Users\Admin\AppData\Local\Temp\aom.dll

Filesize
7.1MB

MD5
d764264518e77cc546a5876c3bcebad4

SHA1
ea17d45b396fa193a851bfd345e2b2c20ad60e12

SHA256
e78492de0ab575add50b925bfd44216d224d09904a9b14c17087a92fdcbc15cd

SHA512
7cf132ea5254a55c08186ffcf5e47360ef5ddd57d03d7051171f6753b22e3925304d183c2037bfd320ad56c08e079f9b2c4640db8cb3dbd38ff500c7a39e997f

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\audio.dll

Filesize
183KB

MD5
63203b19d445107d45ad60e15c4dbf51

SHA1
0437eda1fa6acaea24dda0825982c4ed700205b8

SHA256
a02ebac018b3477e6d5c4f68672fb7bcfbcc19caff690447391eb5909067b6ac

SHA512
d13280fe2ff018bf324c58598cd40d7d290e0c3358d63ab1fc3dfc8f3cd3365e92cb971f808daf85f1e8e5cd5661a27a74e56b7e4b939842db6342a8a0eaacad

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\SDL3.dll

Filesize
2.4MB

MD5
0b7d88b6506a25bc5fbeedf3cbfb8ee5

SHA1
63c39ca97a861a363191614a462167adaa76c828

SHA256
bd878e25f57c54dc70d05efa4ef08893f650698fed76dab8d91de288cabf0796

SHA512
30a2c1d162e20b3943e9fc197e1598fe30733006cd04d9747e55284be0dfd6df3ed2a533d01ad5d2012f42e2fb81f5e667c80aaf538aded62810546e36c3f29a

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\VkICD_mock_icd.dll

Filesize
622KB

MD5
ec5cfeb47ad7878cd03a3ceed46afa5d

SHA1
97d28798a351b4460da2804a7c4e82f7709e034e

SHA256
071f126ca68c193bb36b98f710e4412f7d99d3f7fa0032c6d6e25adb535044b9

SHA512
cbee0537990645e13999c9ff951902574ea2da65eeec259037c6558953141b686607e1f0ee7bf12754a3d69ed6f6435f2d726105cfbd27bceb4cd11737af46eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\VkLayer_khronos_validation.dll

Filesize
15.9MB

MD5
e5015dbbda7f53acc5e7aec89a106d69

SHA1
5a72fe0eaeb9b4030509259a8caee7a072464ed0

SHA256
0128f6c8ffded9433bfcdedb43d75adcf18139644f2b8fdb45111c1642beb757

SHA512
b197192cc84bdfa880185594fa4d461ce6bf071ea0187fa1f3570eeea87c6de00fb8b71276d19fc26d78184f2632a066cd71f2a9c93e69f478519ae8c43bca10

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\chrome_elf.dll

Filesize
1.3MB

MD5
0eeaea918f3603e5ff2bd955f9f0c0aa

SHA1
0404b3bd9324703a46d5f3e3d2471386951feee5

SHA256
3f49301338c33f40b3ca8528eaa40e9f7fc8f7952f59b8f4281ca5d3e1ddf25f

SHA512
0fa19dc76d28d449f2e96e4faf3ce57e7ad811b8888de2140152ba0355cc8d6ed787371ff90fbac0d1b0c900fcb1fd4ef1f45c8114b0f10ca5f97f05146ef945

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\d3dcompiler_47.dll

Filesize
4.7MB

MD5
c6c2fc1388f3d04c170417d733fcd52b

SHA1
fe74b15be9b5227cc3597471e4df0913b5acefb2

SHA256
8b575383ebaf641d7e29b85d010af232dfe008be800ec936d5b4d0c19ae47ca4

SHA512
e155cc3d0e1f1b2ad8992cc907c36923bcbce17cb53e731ea3d02e529bef11324219a86e461fbb6d0b9247d1638d14d558e083fdcdd2c6ef301160d00bc88fe7

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\dbgcore.dll

Filesize
211KB

MD5
e6bcc49fe10142480344ecf6f78f17f7

SHA1
fc8d3f1e85b2dc6934cbd4d2fb9250792eb991aa

SHA256
b4675afaff6fe2d9253a16e4bbeb376b0b4fdee087ce71419e11b78ca211ef2a

SHA512
9152d99fc8ab1a4a7f6d2f73fd3cde17c741620b42e7011fd4534315ce18ac12517846ee21f12327d6343e5c4f4a86d01e4b40a1ef1ffc803e4969f3629dfd36

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\dxcompiler.dll

Filesize
21.0MB

MD5
e3f531e75b63bcb3bbf8da1d5df8aa43

SHA1
9574e78e7ae36944687083923a9d09e15c593ebb

SHA256
fdf572f1b15982d6b6b0083026fad4a0352a5c99efe97f182e8ba72d682de610

SHA512
424fdc9da6518d5f269cf635aa66524161fa31771a8bc6dd91add826cdde9f0bed7879b259419c33a1d00155546d1a68aadc6a9acff32290b9543767dd04a9d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\dxil.dll

Filesize
1.4MB

MD5
8167a6e8cc35988d02938cfa3ae1c0dd

SHA1
1bb1b83c7dc957e074320b033aab83f015eb777b

SHA256
bf97fcfc4f107a98932ac6f9169d9fb936dbedaac5cc06005a87fae436b577cb

SHA512
bcb9e8fbc79c108ec525ec2a1d5d8bba7c2a295e39eabf48d8eba2095eeffcbb2a2b8f66219cda9786bae6a1fa6ff27f054f97ffa002957d16f2969018e62606

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\eventlog_provider.dll

Filesize
17KB

MD5
a73d3ef675f9a0840a4f08e71066f5b2

SHA1
bbe14a1ea609bf288a54b0299c74f8f8f66a1bab

SHA256
7359a29c5c6201c815ab3e58487f0f95617f766bd6cb2eda182dc8da5e058c8d

SHA512
30b34a9c91fd08f6f689271fc486e5a2d7f984f6bb0717aa68d4d1d8b58e3e18059cf24ff679893249f1b40d2514994a0b36143425e6dce02f1aee3751810958

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\libEGL.dll

Filesize
472KB

MD5
9a5749b691b3c345f4e313b06b127a94

SHA1
bad7c65d67e3d548e9ae757a7aa5bd5a079fd3b8

SHA256
682acd1cfa7390386d8cd8c8267e365ac0abbef1788587f8150b99e424e9b0e9

SHA512
4de9d18b4245105ea22520ee6b27cf7cb8f5ca0777408eb9993f4f97d1820582c6e3694e0142cdb373e8406e1117f568ae4f314b3027a0791d8866bd191b545f

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\libGLESv2.dll

Filesize
7.7MB

MD5
35f34351979e8aca52c09d674dde7345

SHA1
3fad78f021c78f8368823d6a26b81999d8b10ac9

SHA256
cdcd26fc7fc0c79b03726f66c235634f1a58de0ea2418281c157b9f05151f2ef

SHA512
5a1941c673d9fb101189e65bf3ca7d016baf0b75fd29ee2bbcb30270d27717c292b4c8ed08a646c022a87d94434cd29ef2719f8fc4388ef2be00b58f036f43d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\msdia140.dll

Filesize
2.2MB

MD5
4aa30cedcc1b685865f518c70aa50bc7

SHA1
d457dd8fc0fdb1cc15879f7f09f2ffdcfbef8cba

SHA256
0b07dd35f63e959e25627ee7f439440bf59ce27b68eb2512eb68b8933cf734f2

SHA512
bef70d17dd68cd9060d1e4db9fe9a36ffccad5f2540a1e9587385d48484d021abc2e493397bc4284d40a44379be3c576a8244603388f20cfcd9e95d64f70adeb

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\msvcp140.dll

Filesize
552KB

MD5
e4f0a1efb0a99c7d32ec8327dd908bb3

SHA1
30eab0dc9ad15964802e201b1c16d6f85b5d60e9

SHA256
e2dc7de6aadef0aabdefa69bb9106d00c715b3a3fb0f5cbb78f18a3ab7a415a1

SHA512
e15b2c8fb583b64b1d1119d26562e1c74b4c19cb665ec2cccddcfa3023f248532495ceafb927b9ae5d4dec71703049b2785f62592d1cf6251badee70733fc7a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\openvr_api.dll

Filesize
806KB

MD5
4398179b668c70f4464ce9448fa0bac3

SHA1
a12848d2488fbd31a2481922664a2875f162bbdd

SHA256
0ba4d3049449403e1966cf8922ac5c2e6130fabe72c0cc6b3218da82f9110ac9

SHA512
98db440b4c220a9e71b60104c819c402bd88b6c10b9ed518660e8550884fa518e165bf20ec2d85a4bb5c379a28e9524d4b69dd25dc599e062498670fe8f28bc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe

Filesize
7.1MB

MD5
e2a9d0be4445cf81d3877cc2d6ccf183

SHA1
5c1cfdcd40e51630b694628b05539cbf14cbea8e

SHA256
89058331d7125928e05c5c16bd4114c5bf81fae050dcbf640939c6d3178c74a1

SHA512
586a20734bad253573f4c7a4888f62d655fd98e65a3e09e1705f60e2f86984137ddeb2a4bec676a1744ab7143e480e08b781dd44def68ccd90fb28babcc051fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\vccorlib140.dll

Filesize
334KB

MD5
7249674ac9b3fc78398de046298ae4a1

SHA1
e4283070297d13ae44ba47a38285d7cacd63168e

SHA256
e18722bed36d062ae370dc68d117a3fdde9d036a15f3c7cc8ab5cc595d0a4dcc

SHA512
c5c236cf89f033e8515341de0f3d5a08f27a3af113433a7cf6eb840681cfbdce780d0649c6c1de86f9bd147d6ecc500c82e5ea96b75f7116dede2232b7576d17

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\vcruntime140.dll

Filesize
108KB

MD5
a924549aea37bf5efa506064f7b65c24

SHA1
129e0e0984cc7fbcb3b7d995381b15ed74c9a2f7

SHA256
61a3fafb47929f37917cd5cc246ce6d33870002d76a7798d4cd9cfb08a3578d4

SHA512
35dc1d19b391699388f699e102aeeef8a2e098d0e12798b7d5110da03dd2274a157360c40635ff085c3201753160ad0acc5ad5629508a537d4c4ae10200ec403

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\vcruntime140_1.dll

Filesize
39KB

MD5
835b2f63f048f365bd9dc5b9c61a1e4c

SHA1
766540c9f4e391d9f66288c84ad30a7ab3cbd747

SHA256
4be002c978b4af28f153d005a8873273ac404e61822ed17f7fc433d42e39ce02

SHA512
6e60e0cf8cdace4e86f8215a273e9afb735590288c58b971ec73f4aa914241a8cb7a9e4c8fbaf268da36bb5696c8ad20f2efdffd528235a6d50d8ab06e41822b

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\vk_swiftshader.dll

Filesize
5.1MB

MD5
33d3b13bfa8c934619d0bdd765458c81

SHA1
f2bbb1c8899d6fb620b4d935af72d81c75de8afe

SHA256
0141d84b53b416c6059c7b1b02c0cca8eb18a16e5368812a4fb3bd2f495b4153

SHA512
36a41472abfcfaa035f8388315963099508fa6eb2a10fa3b139b09a9bdc66b2a39f685fe770d89830b290b8c475f0f72778c19f3634dcbabfc63165abd311e87

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\vulkan-1.dll

Filesize
940KB

MD5
aa74caa083d40de250705536c2bd2f79

SHA1
0f2613989f4d797b0c0528e984ed00c866014f2e

SHA256
066a8cf28d992f6e94546bc1e62a0276d34a67219250565de49c3e4f80172070

SHA512
aeaccb4e56618e0c3c37836cfd731eef86eca4d9bd613260f25a66010261603eb2321492e09a67cc43f38b066439b1e4290c40e70faa3062ed49981b9fcd9c3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\winh264.dll

Filesize
169KB

MD5
a269bc8562b7e02c5d08d4744be28b1c

SHA1
9facc69bc62804caeb3b7caa5e0b4551c582a5c0

SHA256
80ce8eec4c5ced50cc51766909302f274b7f846965103f20a5c1e31a59d53d23

SHA512
8cfbd769ac075151958d89cbcc4eaebb1833e33398b20e5c5c3b8840a339c7fe2888f1a04b49fc60bc5df05c43bd2df1aa09b2eb2b1fdc4e97a46eb5da40081f

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\chromehtml.dll

Filesize
1.4MB

MD5
47d4104dbaf9c73f9fb7e1e53b0006bb

SHA1
425f21a7e29a8c8af800d483d04041c90e5b2904

SHA256
8a63bff7f59d43684c0203e6eb58eb3de4e79ea6c2f902968b042002541f2307

SHA512
b99ae6ba9678a78f4654a8ceb90bd491d51494f2ff03b06666728a22c017e1130d59da4b784163132c5fe75a003a2ca7fa72c967a3c0c03af91d3b8bc54f3b47

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\drivers.exe

Filesize
7.2MB

MD5
ef801f4408581f653cfbebc626497efd

SHA1
dd5567e76186cb3ee562326da4a948724b49ba77

SHA256
ab5830db258a4857abca8c999ddc8562ac1a1f1a1d27af758be1d11c08e9dce3

SHA512
c152af5fd8b3b243d68f3db69711e03238fa96f3152095b985d47ab5da1d751eefbf45649dde4b52fb64788a2b29452a1ad5eb26268ec4f617e4cbbc0ea4e067

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\filesystem_stdio.dll

Filesize
193KB

MD5
0bc6d16fc84491f56fdea790b6be528e

SHA1
eb71c0add38d1803b5ae4f13c287b80320543896

SHA256
a2329fa67a4af91172e1c4bc1b3700443a4501579475fe0145d4579cd1fd92fa

SHA512
7e870be7b150220e1cb301ae9b6150b2f198981978ac92861426f2218b702a85240258f59c203028e33a4db1a4aba62b34f345b0b3d0a14809b0cc20f3be0600

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\fossilize-replay.exe

Filesize
1.9MB

MD5
7064bc533038322c72261ae1aa27a220

SHA1
9e7e750d68786b918c7e89b715bf28d289ef4852

SHA256
2d79edec941579e025c94d1cac84615dc4f8de5beb41987d7f5e8aa811425f48

SHA512
5a4c0722b5fb7ff98beeb32db547c1fca65482eb78420335cf451b8a2ea0c8b415786a8ec3c92bc690bd4f26a067675edebac0d27bccaac1015cfa693e6b77e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\fossilize-replay64.exe

Filesize
2.2MB

MD5
7052ff62c5d2807cc1cf9b515100879f

SHA1
e2ca74c35ca7551b3cb679acc02712da7eb063ab

SHA256
8c59b485716e8c44859a4dfad14e39ee4c2c84b6891e10808fd8cf1504c692c4

SHA512
8d52d55833bb8adc596f17ffd8982142ead40f2a6b5045617cc486ab442861fcf4839cad62f6d8ab9f0a6620ad0ae70e02e481954b6998975b8805f52e6aecfe

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\friendsui.dll

Filesize
2.7MB

MD5
32d3e95ce79a133754f46b3aab240d78

SHA1
f1c63c1011c97bc104de209b4e4245b591812140

SHA256
168c2d5872d37420101088ea61ae1babe4410af987e78932fd7c762daf46f888

SHA512
501cbc0c4e46809765e367fad9762424aea10106ee30862a563c23e9a1bdb5aa70aa6be1be68a34f2cc99a708a4559af6b07dfabd344cddfa0f137a3c6d4dbec

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\gameoverlayui.dll

Filesize
4.1MB

MD5
083ec8d42470604274fd4e1b31ad3e72

SHA1
37e2a15b23addce0f89f917d7c9776dd613c2398

SHA256
3800a1577e9b090775577820e2336b104a7e650fe907c755283715ce811282e3

SHA512
cdf8c3f9ed4e8afd7586cbbf78538e03eabd174be5347f9a44484d05baeafe0e01195bdf151cc544686b8d278897e7726932790a54a436c04c65fb994567063d

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery.exe

Filesize
45KB

MD5
d6d6ddf71c2a46b4735c20ec16270ab6

SHA1
2e6d36d000a498c6811fcdc49dcf316bfbafa5ce

SHA256
0d422efdfa17dc6e1ebf0ed9e2902fd7c0eaa2f77b8a5a8f1df1478453a37ab8

SHA512
4b422c55cfca42f3f4ec441d7c01bf1ce6943ca00beb3919cc86bbd63a850bb859090b9f16cd0d0ad0723b662afaa2a994f4e319a7c5801af1fc57ad54708047

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery64.exe

Filesize
941KB

MD5
519ccd21fc4a0f26debd33320c50df57

SHA1
416c1d65e0dbae21b6f7c43e32c194581bd8488b

SHA256
23b4063251315814e188d64afe08ea49979f5fb2b74b86860e655a1a4d8fe4e3

SHA512
6e8b5d54b928ddf8ad33da84b7a38cc1b971ec9aaff95ac9c5ff73d5646d2044d99c69ec137b1acd86a9ceead2626bfac08281186452349890c11e302c58255e

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\mss32.dll

Filesize
430KB

MD5
d6d952c03fb8b6f9c63761213ec4d4af

SHA1
e12800f2bf9e09e6ae9dda5ac2f4b775781993f2

SHA256
9c832318a05290ebef3bd809cbbc7df70a08cbd86745899eaeb169d5a42bf99d

SHA512
587db5b9a224550ebb5a52f185824daae6ec2a60f457b7276c80bcd8d4bf4eb4bf36e2efff9280ebca7cb339836b50e338482a05e107a7192c51ad8b93c21f90

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\nattypeprobe.dll

Filesize
159KB

MD5
4cfbf8e6d6be5196980a20c19ef6f601

SHA1
9db16baa28931ca1768790aeef029824692e1b2a

SHA256
5373f1704159628ffaeb8964a80f0e2006b0cf2e76ec9797e31979d8491aff3f

SHA512
9d7b38cb73da93d96baeaf6f8c142819f400c415ba0b053f84c1a0f1e59736b580052851bf38bb77a99f9ae88f121ba2894e879142eb116d1975fd04cadf4dc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\secure_desktop_capture.exe

Filesize
2.9MB

MD5
b7a4754df464ce890b1c04e1f28a7384

SHA1
6480e3bf54db89ed93335cd25aa73a4c8ccf9c53

SHA256
757fde89c9f89bfcdaf4034e2e0042f0ffbd4b8310f87cc383757af19b79283c

SHA512
445ec366027cbb6180b2aeedcebf044216db9ae44349d559c394ed9cb9ab93d1f3e5394be5112452f6fe95b7742d99491e1507db86326317597c3ea7f3e963f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\steam_monitor.exe

Filesize
575KB

MD5
e6e1c5f98a8f65d82f3df4a5e0c5358f

SHA1
ae3df338a95fb6c8dd003e619fd01a5134de7798

SHA256
b703c9c39b42863038c1e2a1b5edfa3c092c9ec9d07797816318c5c112fa5023

SHA512
a72c6ba6d9efc35d197a3ebffdf0715e0d67fc4794afdd0fbb21dcafb4c4ecff864efa59270c5ede1a45b9ceb7fca9fcfefcb84381834edcf2a53caca81de4a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\steamservice.dll

Filesize
3.2MB

MD5
30049bcd7a12005ed2ea9ee5b8ec67c8

SHA1
a0c46f61a0228d3495d525b038269deeb51446da

SHA256
50fefeed8bf6810ea6e7fe5fab1b79c0dc4f503c1992ea249021c2f4a47960f0

SHA512
700d713d5b9a7882fcbb8b49c26544f340c2455f8dd9e2d2b25f69d420568d1fe6f7736403887d84ccad6bd2aae18df4d464f07d794437ac20860ef651481403

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\steamservice.exe

Filesize
2.5MB

MD5
db6e8a1bee85a43c95cd51a9cadb16a5

SHA1
4a22954cf1feff46e77d25b4647532a4cd0cd890

SHA256
2020d520ce9b254fa4ab3810077b6747c7d551909fdf797dbc1f464d96e96e15

SHA512
7190435e0b1d36fe84fb2ff83106a090e55f7c7b0a1ca8e2d58de4b652ddc7078e0280836b0e3ccb08a47d40548cf8bd8cff7aa588dfc70aa313c64bc42164b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\steamxboxutil.exe

Filesize
622KB

MD5
d12ce672d13c453967b889d5832414b9

SHA1
d54d037af110071a082bd3ffc193c96c0b4ca5d8

SHA256
b9b919b681238b2df5c9fb796a4b57406e3bd756c2e1a62745fe0f3bac963623

SHA512
5a34068dfce42d9593afda3aba5d23180a521eb58fda860a85877ec57c62fc1852b6bd26bb50f35b02326516cfdb685d3b6b65762b7b3fdef6ab1abd3c7ad6af

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\steamxboxutil64.exe

Filesize
753KB

MD5
ab530d6ccc9319c79dd38693c885c99e

SHA1
1b93e965720844f6696d38e8f3bc605039cb9b60

SHA256
6b28b3e3fbd05d238efddfbd8779a1e6de0af27ca82c922c656280e5cbfbe494

SHA512
375ef27f854b60ea87e4f8b390f440a3abdc9a10280eef7021d19ba41b07b2d531928b671d0f26d3c4f95b3b40a79504adb515086dcfcf71cd489d104f05ed0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\vgui2_s.dll

Filesize
849KB

MD5
563c374d47756efff255f756377deaf5

SHA1
6cdc1161cd8c6e08a42af105e66ba82c0cc87dbb

SHA256
710ba050f18c141cee533b81c640a9ec85b7c937ce5ae9feb29d1dfc5ac985b4

SHA512
c0a082eed3225a9366743bf41f0734e7af779c9e23642fc427e23fbec7ec658093015be1a944b263748c507ab05c43e1b4fb1f55f5129e3d25b66a86b99c9cd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\vulkandriverquery.exe

Filesize
159KB

MD5
33eae77a52a76efadb0ff9a2e7724c21

SHA1
024fa3e8b92228e25bb8bd8f637174e26fa97b07

SHA256
be1d95aabf5380d7e1bb4c7f6d7dcada9b75314b02a089ea4d5bd5b3f284d1f1

SHA512
500e1efd156a0e4a8be6f28e936fd0926ccd7ff7b6d7988d0c373b1af38e33c2e6b1f5b80be086d51a56187d1b301cf9482ab7a9e18f3e74f8f49a29f6c0da7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\vulkandriverquery64.exe

Filesize
205KB

MD5
be2caf3ad88fa2de3e62b551ad7d6bac

SHA1
0ca3f02f3c728146b10a68a09e811f687e50a763

SHA256
09a881a23c7adc6f4948e78218e3d1558ba8fb1ea24237d4a12f154342819eea

SHA512
1a1305dd5b9a0db39c53c8a6db3f5515c9e1fed6140e288915a9d937bac62b466321b295c4d70b1372784a3f9cf23d03c60d1164a4c4b83d07fbb818b9b7989e

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\x64launcher.exe

Filesize
417KB

MD5
f8a554cf30268f74e3b381b2b0fb02b8

SHA1
0b02ad5cd5a243badbaca19bb9bc91e4795b28b0

SHA256
217f5553067c0ae5a72fb7909a0ff78493e17dcb594c78bb1a4ffc4726adc004

SHA512
2143a676be68dd28f4a4235df5b2e746d686b1f33c8fbec0e3472e6337bdd924ab8294d14e3393b366ca866817378298e37d399341d84d0a62cca2fa63e8e0f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\x86launcher.exe

Filesize
384KB

MD5
71466e3aea1f153b9cea7eee27f0b6ad

SHA1
b4e5f336278f48b6a52e437bd540885fda3230bd

SHA256
3d97303007b1a9ad731144de7531a7fdcbdc2abaeedfa29f6fc7e8707d58be9d

SHA512
e6b0ea8d7d34cf58f4acb3c73ec33443ef07d7804fa273da9ceb16c79265a3a49bc118e61ec1b05d9e26695855235b61323c53b51bf9a29db3d1c10512c1740b

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\xpad.dll

Filesize
67KB

MD5
da9506e800e13da0abba32bb0c105382

SHA1
78447c8fc4633b86d3cea374fb619fb53e9f9ad7

SHA256
cc42da948da5be1186ed92265f2b5dd895795ac9ed264efe822b242946ad9f39

SHA512
e9161d557fb306f460251ed49fa056e5f7220e4fac859caafaf59db8a1cef0d52c320dbf97238bd73f54362afc232f9ee2c4e0fc79faeecfe382a00b12b11c90

Download Submit
C:\Users\Admin\AppData\Local\Temp\config\config.vdf

Filesize
15KB

MD5
a7cf40434a9b30df108adee7a8c202b5

SHA1
908875b21203d0b8861d222df68a55d0be4e658f

SHA256
3a4f6f8401a017bad1ada745219322e9b74efd7def19244316ae7dfe7d16565b

SHA512
b58dfd3e6b1cc8cacd4930a9de80e20b17b2d47e253537c3317eaeaec65dd3b4e8e3c551ff5fccaa0d6b054f3b292eaec9e0b3f973b96b5c21c26a7218080129

Download Submit
C:\Users\Admin\AppData\Local\Temp\config\config.vdf

Filesize
20KB

MD5
4902913017d939e783a7eff08b380526

SHA1
990745d177d1f6c2ee9aac8043bce20d68db19bc

SHA256
d58dca122dc6ac8254f5766383a8f5572ccec6363f6ca82b10099b43733d00b0

SHA512
896fbc4969d46e34e923e19d2efce7d90b1362446101bf94a3915cea5b3b95d3be92498198c6a20d7710eedb85df4968f65f9a77969f8a78346444955d55bfe0

Download Submit
C:\Users\Admin\AppData\Local\Temp\config\config.vdf

Filesize
16KB

MD5
94a687796ce155b0addc1a814a6b4868

SHA1
ea5428bb93bda6ec029272e63a183a9342d5a4a5

SHA256
a208248ebfa7de211f0494318301174657a380fa901dc8b7f45a495100621039

SHA512
cd1613d71a4fbb74cf0947e819bfc999b8c5335f32dc80cb2c5208e97d6f4bdbc11f323955447fad6affd80047851c070694a276a1bf11c492fb01a049080111

Download Submit
C:\Users\Admin\AppData\Local\Temp\config\config.vdf

Filesize
15KB

MD5
76fcd9e3f77caabe8f16e656c7f860e8

SHA1
5894b2482984aa40dacc3f744c7633109778d33d

SHA256
726e4f37de4f5b14899f5e43191c879f804e8c3c57667bf2222c620e90de9be9

SHA512
cc3409fb0e5b6d3cecad139eed3e561789af8379745eb362a3dc8487487e6f12a8d30e77c8527f6736757c23c2d0bd03fb609977a0236729dfa37662444921ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\config\config.vdf

Filesize
21KB

MD5
2dbf73e98448721b204a0ac2fa671d54

SHA1
40208d4d28248ea39b0245239b40be844f3f50f3

SHA256
05ab2906559a3d5963fff3ba5b1fdedfce73cc12d6242a92ac3b64635bbf86dc

SHA512
008877730fab28189aab64ff11b721061d5daaab78eb193de4d5030add4bfe04da2295574d2ade733c0188341298256ff7ef4a878761c0a261accca7ed499a57

Download Submit
C:\Users\Admin\AppData\Local\Temp\config\config.vdf

Filesize
22KB

MD5
216dca021f65316f788d8b13e81a3472

SHA1
a7a243ae7193d0743b9ae251ca89742c377ae6c6

SHA256
2c3edb0b94f2c1b5b35eb54042465ed2674c8a7466a95ae2029f55cd54106183

SHA512
d2dd9f9845b33e8e37c8491eda5fd324dddbd893de983bb2f714a5fed2118336f18bc79b6f2d932497114b58942ba65f8d3861945b443ad2fa46e3e9705e95ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\config\config.vdf

Filesize
22KB

MD5
8ce696d4f5d1e24629882b5b06890794

SHA1
1aa5e99bb9336d960b41ecb94dc2be06123da4e2

SHA256
a7ced459909852da11cb327d0eb0bfb1548aafdd6220118220f76aab16602c41

SHA512
785ccb0058a6840e385529b068bf7b1a12613657267f47a2d9b15a8deed30f0bc5be4d249bc2849d9ac98d1e6136b92207616c3ea4abe750da687774f5e3a653

Download Submit
C:\Users\Admin\AppData\Local\Temp\config\config.vdf

Filesize
18KB

MD5
bbc6db34d00940dbbd4fea5c4fbe0f6c

SHA1
eeb1b0305025ac8850d6e9c58c1bafedcedca5a7

SHA256
9540d8268d3bb220833e951a8d32032e497ad54dfc9a74d997f6073923cd6daa

SHA512
2cfd36c0f60956b10cbcd3a4352100a6a859de470f049934347c42a47a9f83c4d8e0b58e507b8ac8f1c8d98a8341548e2013cb22fc2dd1f206d11f7b7c6dba4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\config\config.vdf

Filesize
22KB

MD5
5c2b5c50286f3f33f5b5f8a71348f90c

SHA1
25a539dddce11590d82675e1994688db2a795c83

SHA256
741a19bf7b8bdd3bb4c6ea600d540b842b92795936417488b6195f7679bf6c0e

SHA512
27e9b062be17d370c6fe0a096115dfef79071814728e33b62a621cf9669775c43b6e7393432503bae65561ce1ebdc6465bd5180a6fa63f0ebe59942f0afe8e6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\config\config.vdf

Filesize
1KB

MD5
6e6a2b18264504cc084caa3ad0bfc6ae

SHA1
b177d719bd3c1bc547d5c97937a584b8b7d57196

SHA256
f3847b5e4a40d9cf76df35398bb555117dfe3626c00a91f2babdedb619d6ad53

SHA512
74199ff275400b451642cde0a13b56709735676959d65da11ac76dd645ab11dac5de048ff7ede0cb8adb3a3056b3ecbeb3dc7481bac3768d02051e564c74b679

Download Submit
C:\Users\Admin\AppData\Local\Temp\config\config.vdf

Filesize
1KB

MD5
a2ec2e91c3ef8c42e22c4887d032b333

SHA1
e2c738a2e9400535b74e2263c7e7d1ecefe575f2

SHA256
8f9f970835f133258a7f740126012439385bbaa5a1d6a9d0d967a390977441c3

SHA512
b069d241efb19e09ec8b5e60ef6c43e00d5cc0f774b9340127c2180356dd1964ac625c1afdfaee5f99e72b26f56046fc329aadbbc365b403af765a55e9c9aab3

Download Submit
C:\Users\Admin\AppData\Local\Temp\config\config.vdf

Filesize
19KB

MD5
d2424f40977189fdca156106e57f7f99

SHA1
1c6ec945722bbce96b4c5663a4736f55bb5a6165

SHA256
698e89f80093babb35db44146f02184eca8ac5ac24e122e51722d7eee1d8ec53

SHA512
efcbb8dbc1e917aeb4b0101c36d42ed5ced279f042bcf957dc3dfeec35d84b34dfbab2dfa9e48f772581fa6be7a9525fa144558997b5b2888c0b175a9874bba2

Download Submit
C:\Users\Admin\AppData\Local\Temp\config\config.vdf

Filesize
21KB

MD5
ff5bad14e7e2975cf234df728465283f

SHA1
c38a4867f12633837115fe3adbde7a92c2e0e1e1

SHA256
d5365d2db7250259cdc7d58d317eba90d1fa7e34d28a608f33ed9e704a5a0b71

SHA512
59aaa9247b65cf3b9a6a54f30309d377fb6e81759c889a7bf08d6f8c3185f23a3f53ccf890f6cca2ae76633036200c8b6497c69baabb4b6d756ee8fdc0d9ffa2

Download Submit
C:\Users\Admin\AppData\Local\Temp\config\config.vdf~RFe590a47.TMP

Filesize
184B

MD5
3cdebc58a05cdd75f14e64fb0d971370

SHA1
edf2d4a8a5fc017e29bf9fb218db7dd8b2be84fe

SHA256
661f122934bbc692266940a1fe2e5e51d4d460efb29d75695b8d5241c6e11da7

SHA512
289c40fae5ec1d3dd8b5b00dd93cf9cada2cb5c12bcfefea8c862ddf0a16dced15d6814dad771af9103b3a5d3016d301ee40058edde3fdea30d9767146d11cd6

Download Submit
C:\Users\Admin\AppData\Local\Temp\crashhandler.dll

Filesize
347KB

MD5
7a93763803b9ea422e70015fcb23f981

SHA1
9765753a26e91b908acca2e88a3c1db9d57b2f53

SHA256
85b6c815533b6016062e3536eb04bbe0dfaed8e3c89eca8da1d586f12b780001

SHA512
0748982ce6f5db44c09e6f9a01ab343ec81adb775bf10ec1bcc84c51c7bc3710c165ec7286db587a4997815926b480f1c53a9b87f2762baa7b28ed4187a7396a

Download Submit
C:\Users\Admin\AppData\Local\Temp\crashhandler64.dll

Filesize
464KB

MD5
52f4675a1bb69a177ba8fb559ed26176

SHA1
dd862defb9ee28ed7bf63f8e4da0c435a4a1e41d

SHA256
9b9000c711ceceda5ae1632975c4faef01223742d153fc20d07d95ace969eea9

SHA512
ba3f3e61740f45e13c98665da1cdbe53541dde07338f42ed920f93eb9290250c63860fd4df0735dd870c46fc0ef87b02999087938c699752492fb0f48b23394a

Download Submit
C:\Users\Admin\AppData\Local\Temp\d3dcompiler_46.dll

Filesize
3.1MB

MD5
c18caa9ba4f06a5d226a892df6dc1d72

SHA1
ed5d55e13cbe6912f3230ad1914777023bc7e188

SHA256
996e5b57c06b5614ee7b26936b29bace62218fb3cad3a28dba9e72bcc66d2698

SHA512
5e2ff504b285c7d48ac97f997a49ee668f407317fdc4d8b73587414e5830a43146c965b2c7d452422576530ac925293f5bdfafd9bfc507ce1a1a4ba824e915bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\d3dcompiler_46_64.dll

Filesize
3.7MB

MD5
52a41f0e49b2208df75609699fc7254c

SHA1
767a92ffbfd726ab4d09c17981caf448c6adedbf

SHA256
9614de7bac24091e2abaf70b3c852ddf9b92a48157c557c3c63d81d88d4d5ceb

SHA512
5b8ce62d69b9057e11091b48170dd805a913b87b25fc4fc343f9002e88c2331e040621c490e09f1eb9e1db61b08c3ee99c8598f78e033775a3e94b2d431505f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\dav1d.dll

Filesize
1.0MB

MD5
27e7b2632474ab74ffc0fae4ad68ef90

SHA1
81d61337044e198433f6b9105f8ee5baa7dd30b9

SHA256
41a835fcd9d66a69544d5a953ccbb9bb88310f3e3f2a0563cf3090aaff1e744a

SHA512
f276d0b59e9297bbf5d500ac98309b883f267ff12a3f1aec74e7fa23055c0cc7a4d309a68da827e33f752a9cb3e8f61eb231b9a7da3b4abb342fe1a15fc7b78d

Download Submit
C:\Users\Admin\AppData\Local\Temp\logs\bootstrap_log.txt

Filesize
27KB

MD5
b26a7cb426ffecab55e7e8e295166836

SHA1
6ce3a6f1388f2684de5876b9a3a6cf8e8f9379f1

SHA256
eb5b0875d0f20b9ee4037127e7add65260136fe0b50f16cac5e6489f9e42ee06

SHA512
a8f6721eccbc3feedce0dffcdba3343dc695966b4a8c1e4deca75abeaa0eb2a3736f9e5bdd0f2539de1eada1d7d0ec0b6d44957c8ee6de7f55ebb52ba9bc2d1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\steam_client_metrics.bin

Filesize
2KB

MD5
7c61c99ca04f423b2b54545afd52fb24

SHA1
9326f5760a04443828c72ebd17d0a95a5645fe04

SHA256
9008690e8698dce21b738152973e608cdc5d67962d2c7ab147719ddc4d11a088

SHA512
6e545b2dfe68114462cc7a96a35365ed023a88bdbb7e0425b485e222d6149d6cbd8b84b64a31e86d65ddfd6e7a3c76f103c115885d340700aa7bbfe858562661

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\steam_client_win32.installed

Filesize
462KB

MD5
1805058395a2006a901cbfaee2e0137e

SHA1
55e3af03436c8cea0d70d5f034e6aa74f6b2e68b

SHA256
73e39fda53aadd629825a7cde7530d8c013f65cb3f9b366abcf15f494db83f8b

SHA512
9a5b554933ea31be9f0e9f47b410df0e4d6b34666dee4aea4d8b309c8126c260f2805e2a47696b1bf014460c9f9b0626074668cd5a4fdf27712cf70d4b0bae92

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\steam_client_win32.manifest

Filesize
8KB

MD5
78079dd63939f7c2db1ae475b12cacb9

SHA1
a2dda051df71353b2fe2cd8600a6714650ee37ac

SHA256
529e2294203328f262b6fdc8a4b26077840aea72b8a1e752603ce8c625a1db77

SHA512
74d4f33c2eedada639378e9b32f1703cd67cede37dc4ce0dd733bfba9a6e6a63a3ff667c2a6616961c56c2900888288d7d2aa3070269ea6696771cdccc05b132

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\tmp\graphics\[email protected]_

Filesize
15KB

MD5
577b7286c7b05cecde9bea0a0d39740e

SHA1
144d97afe83738177a2dbe43994f14ec11e44b53

SHA256
983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824

SHA512
8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\tmp\graphics\icon_button_news_mousedown.tga_

Filesize
20KB

MD5
00bf35778a90f9dfa68ce0d1a032d9b5

SHA1
de6a3d102de9a186e1585be14b49390dcb9605d6

SHA256
cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2

SHA512
342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\tmp\resource\filter_clean_bulgarian.txt.gz_

Filesize
23B

MD5
836dd6b25a8902af48cd52738b675e4b

SHA1
449347c06a872bedf311046bca8d316bfba3830b

SHA256
6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64

SHA512
6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

Download Submit
C:\Users\Admin\AppData\Local\Temp\public\steambootstrapper_english.txt

Filesize
4KB

MD5
27993eb75894ca4894db266ad9b5e61b

SHA1
4def653ee04b0514822b690052598435ec25e686

SHA256
fbc09c1b9a55d04b57be8fb2ad5ab58b38f76054ecd3d1b70440a2d08191b05b

SHA512
eaebeee5b1a7dfb9bdf661623554793d7ef7e15d9f9cf01f94da1eb0b84b88c8f24176463d15c407ebf670c5b7fd4052daea33ba43e75c1de2979487c4987bab

Download Submit
C:\Users\Admin\AppData\Local\Temp\steam.exe

Filesize
4.2MB

MD5
4bf015883412d366a1423e51ea534a21

SHA1
e89e0e631edc7aa0cde78463e3b5a1250e3a976d

SHA256
b5d588810e2b68f8a92de74b9741e0120f130d1e079144d50951c54cc04ed72c

SHA512
3610e464336b85793da07de2dc9a4940936bc47314b0aeddd910f2558a7669249fb4d588fb29d3b862ebddc5e3cd2883fbccbde9c35ef7215c1c864525bfa4be

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping18904_353847226\LICENSE

Filesize
473B

MD5
f6719687bed7403612eaed0b191eb4a9

SHA1
dd03919750e45507743bd089a659e8efcefa7af1

SHA256
afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59

SHA512
dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping18904_353847226\manifest.json

Filesize
1001B

MD5
2ff237adbc218a4934a8b361bcd3428e

SHA1
efad279269d9372dcf9c65b8527792e2e9e6ca7d

SHA256
25a702dd5389cc7b077c6b4e06c1fad9bdea74a9c37453388986d093c277d827

SHA512
bafd91699019ab756adf13633b825d9d9bae374ca146e8c05abc70c931d491d421268a6e6549a8d284782898bc6eb99e3017fbe3a98e09cd3dfecad19f95e542

Download Submit
memory/3520-12027-0x00000000007F0000-0x0000000000CA2000-memory.dmp

Filesize
4.7MB

Download
memory/11640-12131-0x00007FFCE5F60000-0x00007FFCE5F61000-memory.dmp

Filesize
4KB

Download
memory/11640-12133-0x00007FFCE45F0000-0x00007FFCE45F1000-memory.dmp

Filesize
4KB

Download
memory/12644-12379-0x0000013FFEFD0000-0x0000013FFEFD1000-memory.dmp

Filesize
4KB

Download
memory/12644-12377-0x0000013FFEFD0000-0x0000013FFEFD1000-memory.dmp

Filesize
4KB

Download
memory/12644-12381-0x0000013FFEEE0000-0x0000013FFEF3D000-memory.dmp

Filesize
372KB

Download
memory/12644-12375-0x0000013FFEFD0000-0x0000013FFEFD1000-memory.dmp

Filesize
4KB

Download
memory/12644-12368-0x0000013FFEFD0000-0x0000013FFEFD1000-memory.dmp

Filesize
4KB

Download
memory/12644-12370-0x0000013FFEFD0000-0x0000013FFEFD1000-memory.dmp

Filesize
4KB

Download
memory/12644-12369-0x0000013FFEFD0000-0x0000013FFEFD1000-memory.dmp

Filesize
4KB

Download
memory/12644-12374-0x0000013FFEFD0000-0x0000013FFEFD1000-memory.dmp

Filesize
4KB

Download
memory/12644-12380-0x0000013FFEFD0000-0x0000013FFEFD1000-memory.dmp

Filesize
4KB

Download
memory/12644-12376-0x0000013FFEFD0000-0x0000013FFEFD1000-memory.dmp

Filesize
4KB

Download
memory/12644-12378-0x0000013FFEFD0000-0x0000013FFEFD1000-memory.dmp

Filesize
4KB

Download
memory/18536-12394-0x000000006E650000-0x000000006F991000-memory.dmp

Filesize
19.3MB

Download
memory/18536-12435-0x000000006E650000-0x000000006F991000-memory.dmp

Filesize
19.3MB

Download
memory/18536-12367-0x000000006E650000-0x000000006F991000-memory.dmp

Filesize
19.3MB

Download
memory/18536-12365-0x000000006E650000-0x000000006F991000-memory.dmp

Filesize
19.3MB

Download
memory/18536-12390-0x000000006E650000-0x000000006F991000-memory.dmp

Filesize
19.3MB

Download
memory/18536-12392-0x000000006E650000-0x000000006F991000-memory.dmp

Filesize
19.3MB

Download
memory/18536-12354-0x000000006E650000-0x000000006F991000-memory.dmp

Filesize
19.3MB

Download
memory/18536-12396-0x000000006E650000-0x000000006F991000-memory.dmp

Filesize
19.3MB

Download
memory/18536-12315-0x000000006E650000-0x000000006F991000-memory.dmp

Filesize
19.3MB

Download
memory/18536-12431-0x000000006E650000-0x000000006F991000-memory.dmp

Filesize
19.3MB

Download
memory/18536-12433-0x000000006E650000-0x000000006F991000-memory.dmp

Filesize
19.3MB

Download
memory/18536-12256-0x000000006E650000-0x000000006F991000-memory.dmp

Filesize
19.3MB

Download
memory/18536-12437-0x000000006E650000-0x000000006F991000-memory.dmp

Filesize
19.3MB

Download
memory/18536-12439-0x000000006E650000-0x000000006F991000-memory.dmp

Filesize
19.3MB

Download
memory/18536-12441-0x000000006E650000-0x000000006F991000-memory.dmp

Filesize
19.3MB

Download
memory/18536-12443-0x000000006E650000-0x000000006F991000-memory.dmp

Filesize
19.3MB

Download
memory/18536-12304-0x000000006E650000-0x000000006F991000-memory.dmp

Filesize
19.3MB

Download
memory/18536-12221-0x000000006E650000-0x000000006F991000-memory.dmp

Filesize
19.3MB

Download
memory/18536-12269-0x000000006E650000-0x000000006F991000-memory.dmp

Filesize
19.3MB

Download
memory/18536-12278-0x000000006E650000-0x000000006F991000-memory.dmp

Filesize
19.3MB

Download
memory/18536-12275-0x000000006E650000-0x000000006F991000-memory.dmp

Filesize
19.3MB

Download
memory/18536-12273-0x000000006E650000-0x000000006F991000-memory.dmp

Filesize
19.3MB

Download
memory/18536-12271-0x000000006E650000-0x000000006F991000-memory.dmp

Filesize
19.3MB

Download
memory/18904-12253-0x00000272C3F40000-0x00000272C3F9D000-memory.dmp

Filesize
372KB

Download