7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb

Analysis

max time kernel
835s
max time network
836s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05/02/2025, 10:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Steam.exe
Size

4.2MB
MD5

33bcb1c8975a4063a134a72803e0ca16
SHA1

ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65
SHA256

12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1
SHA512

13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49
SSDEEP

98304:7JeV/ztZBe91oiImuUiK9N9EGQKF9lSHbr7aw:1S/hwkmg4EpbrOw

Score

4^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1700	Steam.exe

Loads dropped DLL 2 IoCs

pid	Process
3020	Steam.exe
1700	Steam.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Steam.exe

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Steam.exe

Modifies system certificate store 2 TTPs 2 IoCs

defense_evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	Steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	Steam.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3020	Steam.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3020 wrote to memory of 1700	3020	Steam.exe	31
PID 3020 wrote to memory of 1700	3020	Steam.exe	31
PID 3020 wrote to memory of 1700	3020	Steam.exe	31
PID 3020 wrote to memory of 1700	3020	Steam.exe	31

C:\Users\Admin\AppData\Local\Temp\Steam.exe
"C:\Users\Admin\AppData\Local\Temp\Steam.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies system certificate store
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:3020
- C:\Users\Admin\AppData\Local\Temp\Steam.exe
  C:\Users\Admin\AppData\Local\Temp\Steam.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  PID:1700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\aom.dll

Filesize
7.1MB

MD5
d764264518e77cc546a5876c3bcebad4

SHA1
ea17d45b396fa193a851bfd345e2b2c20ad60e12

SHA256
e78492de0ab575add50b925bfd44216d224d09904a9b14c17087a92fdcbc15cd

SHA512
7cf132ea5254a55c08186ffcf5e47360ef5ddd57d03d7051171f6753b22e3925304d183c2037bfd320ad56c08e079f9b2c4640db8cb3dbd38ff500c7a39e997f

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\audio.dll

Filesize
190KB

MD5
2fe7c8c80f2ba787dc587253930d7dbd

SHA1
17b7ee137acbbaa4324402addae246773813bad5

SHA256
22d53b94b096df9e7eedc32d7147010dccca87fdb86f34960eac6a642ae8c50c

SHA512
a6edc6d81d0b0b16ef91628fde99bb72b5ff64eadad3a8e7ec2b811c43820db88c20f7a31dd4ded377f0af6a25f5b5253fc8826572434d7c22265d50d884c96e

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\SDL3.dll

Filesize
2.0MB

MD5
428a1e6c2c221be2f7edb279f4433f89

SHA1
022c57e5c92e0191a7df50d65bb5adccb976bed0

SHA256
b9913beae31855b149d9c0fa2b99a0129a107c3d908b820ed3a228186aa17fa4

SHA512
d22709732e544b1ff2190f28e592e29c5fe2770878f4f68b2695d82847283757becd7079d5231e46b877f6d32867906bfb66f4b3401315530c71ed425928dfd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\VkICD_mock_icd.dll

Filesize
530KB

MD5
d81b13ec606e3226c1d96376fc1b9bab

SHA1
5fe0c2d68c87b012ce6b5917d519dc1f59584588

SHA256
ed06f35ee8f52c5e3ab9a5eda4323381d5d570b2e4a1c2a3d6c535d1961746f0

SHA512
ce00fe87d36947a5400e5afdaac6c0c7dfb796c2406ae320cb8a6f8133e7bc5b42277bd78f59def2fab4c3f71f478c9bc318ed33d66e8cb57e8712bd8ab73f66

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\VkLayer_khronos_validation.dll

Filesize
13.6MB

MD5
e95985f32f10795d52d3f64305046177

SHA1
c246fcfac3a240fe2956313e0962a70e63238637

SHA256
4d5cabced4a09fe807dfc864dc971c5eaabe6e3ec1ebca43f1bee9a297e501bb

SHA512
657d0d4dbc88b98840000ccb029ab926c6862661e58cb7457292e3942262ee9ee94eef0851215b788fa9bff33b8bdba6a5d436d060afc96380e45da00a33af45

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\chrome_elf.dll

Filesize
1.0MB

MD5
e7aa59100d1d8967970e0ec5c47127ab

SHA1
ee5fea5c24f445deb669d9bbf2484a8e5e602911

SHA256
2fffc399aadf13b84d582563789c89ad1ca8540b9a460beb022293668e3519ce

SHA512
eb6a2d52b697e9a834e82887fc957fc308178061758dd8b5edee6bd1498adfb585f7a5cafcc9305fad00877994c04a559f685cbd2f04a06679ac5eb72856735e

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\d3dcompiler_47.dll

Filesize
3.9MB

MD5
d1fcf051ff831f61bbe3d8cb29497fdb

SHA1
1d7eb1d12b3dbaecf2ac000b5ac2143af9b0fb31

SHA256
92b00522e337329cee62e1377df08aef8ef95cf0d62d860707946c9a65952e33

SHA512
bf56a3684ecc11f27af7255e1b6b7d6d8cae10a1954c35435752184a4238de7acd49d5e6a120713dc0c8760d28edd0a44ad178a3a225c7e2769c5d0be2cb6542

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\dbgcore.dll

Filesize
157KB

MD5
fcdece2601d0f58d2d3028984a69dd54

SHA1
972653ada6e8594834922ad75a628f169b1755aa

SHA256
1c7965573f8e26052096f68b294b9e492f654331f0c55e70baa9ccb1b6c22c39

SHA512
e6f8edeaae1e5f87fdd6f81edb75461525d9c4e46a5fc415db9f8917a1665b31d8af372e0a148e99faafdb1b56199568857469859af3820b17ae58008d7a0083

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\eventlog_provider.dll

Filesize
16KB

MD5
4a68eb152acced0502449f334b33ce8a

SHA1
2919f002b9e39249fd2164d56392fe977ed9d2c1

SHA256
4d9128f3522f2156ab469880da259665a7e102dc1005a2a7274d7c1c59795d95

SHA512
89ddfae05518dc41055d1b6191bece865d47395c855e8ea3d3d6e61f3f658ea8c712726f9ac097d3df204219d954ccbabaafe61e219a669599d3c43de79346e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\libEGL.dll

Filesize
373KB

MD5
164c0ceab670cd126d88f87095540c64

SHA1
1b294f24c2c7d06ab038b3d392ce3145f085f160

SHA256
83bed34e5d87a310ceb8e7a87249cd6a912f35b9bd4e3fb7ff5c405d1e66d736

SHA512
2f0c48bdb96ebdef6089568a695796786db68b5feebedc7969d47862cdfe0246fa97591290f75a778bee664ff7818970da6f2d687710212ffddfbffd332ba449

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\libGLESv2.dll

Filesize
6.7MB

MD5
2ff192980307f12f78b778d824a69da3

SHA1
3eedf7257a13b38ec74f570eda079fc2531fd93b

SHA256
f6b7ebef4cb9f625bf2324019fbcfde1cb5664b025022d314be00387c8492baa

SHA512
1c8827c1edea1e87f6f2a0670b02610a038b8398b8389f5a52855da4710af7f8dd0349f806e9f027936ad8de411fff9f90625f30bac057061650858da49233f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\msdia140.dll

Filesize
2.2MB

MD5
015381094732bdb6f84f42e9b067a6c0

SHA1
1728d366602810c0be292fd194634a548630c917

SHA256
b25b7c1b585b711950cd5c1fc24e2c6d56e6e2d3b0a99b79901cb7b317cb2505

SHA512
ac7c7649e9fd30db4fed9deb74dcc6ee677a7f8aea9907c088ffe5a9b95d7d9c9814cfb47e67c8e7cb16f539711068e4bcf1384b51328fc33d645b8479b924d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\msvcp140.dll

Filesize
430KB

MD5
097a7c6c73ebeca5000c044d2129d02c

SHA1
3e70e2ca18a46d45630ea501faf246b1708cec4a

SHA256
34fd3b22b076c313abdc223cd7abdc7308f6498727c1c02dba279607b0d24c08

SHA512
7de0ccfa2b39071f952de160fe9347498c7eb31f9e4750fd99504cab8a9a90299d0d00b8e19f518af4d420d49f2604a2ab446c5c3760fcc1109858cfccb4bba3

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\steamwebhelper.exe

Filesize
6.2MB

MD5
38911916f831c96e2d1f485e35800c2b

SHA1
13894a60ba454c4f8c4d91d0e0a64da69d4111dd

SHA256
97f55f2815e42c167d3307f578046efcad3da814fdd96e32633fd7126ce70921

SHA512
3c214188361953358cbf3ce137059027628ca73f8e1918c990665e11f753a5c4516047cb4d1d36a950b78ed96ee152dffa6c6467e76c6086c7d1df1fe076a05b

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\vccorlib140.dll

Filesize
270KB

MD5
c739cf61b40efe7b14f9f65fa29ebcc9

SHA1
3773c973d7363003a251e2603d9f5f758b2a812e

SHA256
7da3f6815cda9f6b29f19eac04c7e6d28b1735fc5ce7e075048437be02eef3ef

SHA512
1c3b3cdb11de40ae1e440c25c17e411341133f870f8dba6e6a810d142e299b3c449a28300a030e46450df1d1b3f6203d6115ca3cb1ede82c3faa198a4861dd64

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\vcruntime140.dll

Filesize
80KB

MD5
20e118a3400e7c7d4bf4041b75dc0bac

SHA1
ad5a44de06a522359bda21c5dd8c6095c26808bf

SHA256
a7059a17a58e78a87151c8aa5231e33f9bbf0ad7c122ef67591858da3c41aa98

SHA512
fa7ed72a424fa064722fb0a4766a491c891befafc68a2923294464e51d0c2504db11430d87e72e5211a4448578d609ecafadf78048ce9b47d79d3ebe32169616

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\vk_swiftshader.dll

Filesize
4.5MB

MD5
3edfc8a97e0d020633649d7b56c7da40

SHA1
4e6789c56d72fcea629c3260214951bfce5823bc

SHA256
5fa583544f849f728018d539cb510e4fbde105c20b4366d8415218441dbe9a39

SHA512
235f5a7e758d15b4c5f69c6587a38a33a3030ce4aedb3ea03eeea04e7162243f0d9253a64a1c0dd3f975e87b9cabb6071c3ea9828f6663a07cebe47d4af8c66d

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\vulkan-1.dll

Filesize
823KB

MD5
edf71b3dd99f1503b85e3fb45bda6a52

SHA1
018ccc9868b50c5b7ef3d8eb62cf037b6cee67a3

SHA256
f4a835ca5c5e2be18b26457699258956c32466a76182960065cdf6433576e5d7

SHA512
6cbf4466366d8b0bc1097aaa01d32e14ee18c43daf2d4344213804936492c62899631c8cfd41cd03a66625a4ff236d0f28811d35f4f4933c6157940c8ae8ac48

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7\winh264.dll

Filesize
135KB

MD5
3f0ed7680f2bde7b91358127d06762a0

SHA1
4bcf68a48b9834c01c4a586e5cde24384571d5ec

SHA256
e716b7f7b22e2e0a00f8aed5972d5d119151ab58c3c01eb56c846e2666fd99c8

SHA512
d4734cc93b0af606e1dbed36c018f0112d8ba88d9246089da552a3f1ec79005193333674fdc10f5b5ab159934e39441b641995674a80577c73dcd46e617482d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\SDL3.dll

Filesize
2.4MB

MD5
92b39ae8e627a7d10d8b3d236cad2cd1

SHA1
8f4a0ab76976e664b50f9778aedaade15e0cf77a

SHA256
c6df44e2b4c7830c3839fd46c2bb73a07dc1a210204a974b25d013a577d58e82

SHA512
cf85bc5a3d8517490ec800d10107fcfe816b641d34563184e65d06e86586b59e37641c103e9e7fce21b7a5b2fe076f5d0fcd16c001535551053a9f58390011de

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\VkICD_mock_icd.dll

Filesize
622KB

MD5
ec5cfeb47ad7878cd03a3ceed46afa5d

SHA1
97d28798a351b4460da2804a7c4e82f7709e034e

SHA256
071f126ca68c193bb36b98f710e4412f7d99d3f7fa0032c6d6e25adb535044b9

SHA512
cbee0537990645e13999c9ff951902574ea2da65eeec259037c6558953141b686607e1f0ee7bf12754a3d69ed6f6435f2d726105cfbd27bceb4cd11737af46eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\VkLayer_khronos_validation.dll

Filesize
15.9MB

MD5
e5015dbbda7f53acc5e7aec89a106d69

SHA1
5a72fe0eaeb9b4030509259a8caee7a072464ed0

SHA256
0128f6c8ffded9433bfcdedb43d75adcf18139644f2b8fdb45111c1642beb757

SHA512
b197192cc84bdfa880185594fa4d461ce6bf071ea0187fa1f3570eeea87c6de00fb8b71276d19fc26d78184f2632a066cd71f2a9c93e69f478519ae8c43bca10

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\chrome_elf.dll

Filesize
1.3MB

MD5
0eeaea918f3603e5ff2bd955f9f0c0aa

SHA1
0404b3bd9324703a46d5f3e3d2471386951feee5

SHA256
3f49301338c33f40b3ca8528eaa40e9f7fc8f7952f59b8f4281ca5d3e1ddf25f

SHA512
0fa19dc76d28d449f2e96e4faf3ce57e7ad811b8888de2140152ba0355cc8d6ed787371ff90fbac0d1b0c900fcb1fd4ef1f45c8114b0f10ca5f97f05146ef945

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\d3dcompiler_47.dll

Filesize
4.7MB

MD5
c6c2fc1388f3d04c170417d733fcd52b

SHA1
fe74b15be9b5227cc3597471e4df0913b5acefb2

SHA256
8b575383ebaf641d7e29b85d010af232dfe008be800ec936d5b4d0c19ae47ca4

SHA512
e155cc3d0e1f1b2ad8992cc907c36923bcbce17cb53e731ea3d02e529bef11324219a86e461fbb6d0b9247d1638d14d558e083fdcdd2c6ef301160d00bc88fe7

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\dbgcore.dll

Filesize
211KB

MD5
e6bcc49fe10142480344ecf6f78f17f7

SHA1
fc8d3f1e85b2dc6934cbd4d2fb9250792eb991aa

SHA256
b4675afaff6fe2d9253a16e4bbeb376b0b4fdee087ce71419e11b78ca211ef2a

SHA512
9152d99fc8ab1a4a7f6d2f73fd3cde17c741620b42e7011fd4534315ce18ac12517846ee21f12327d6343e5c4f4a86d01e4b40a1ef1ffc803e4969f3629dfd36

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\dxcompiler.dll

Filesize
21.0MB

MD5
e3f531e75b63bcb3bbf8da1d5df8aa43

SHA1
9574e78e7ae36944687083923a9d09e15c593ebb

SHA256
fdf572f1b15982d6b6b0083026fad4a0352a5c99efe97f182e8ba72d682de610

SHA512
424fdc9da6518d5f269cf635aa66524161fa31771a8bc6dd91add826cdde9f0bed7879b259419c33a1d00155546d1a68aadc6a9acff32290b9543767dd04a9d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\dxil.dll

Filesize
1.4MB

MD5
8167a6e8cc35988d02938cfa3ae1c0dd

SHA1
1bb1b83c7dc957e074320b033aab83f015eb777b

SHA256
bf97fcfc4f107a98932ac6f9169d9fb936dbedaac5cc06005a87fae436b577cb

SHA512
bcb9e8fbc79c108ec525ec2a1d5d8bba7c2a295e39eabf48d8eba2095eeffcbb2a2b8f66219cda9786bae6a1fa6ff27f054f97ffa002957d16f2969018e62606

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\eventlog_provider.dll

Filesize
17KB

MD5
a73d3ef675f9a0840a4f08e71066f5b2

SHA1
bbe14a1ea609bf288a54b0299c74f8f8f66a1bab

SHA256
7359a29c5c6201c815ab3e58487f0f95617f766bd6cb2eda182dc8da5e058c8d

SHA512
30b34a9c91fd08f6f689271fc486e5a2d7f984f6bb0717aa68d4d1d8b58e3e18059cf24ff679893249f1b40d2514994a0b36143425e6dce02f1aee3751810958

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\libEGL.dll

Filesize
472KB

MD5
9a5749b691b3c345f4e313b06b127a94

SHA1
bad7c65d67e3d548e9ae757a7aa5bd5a079fd3b8

SHA256
682acd1cfa7390386d8cd8c8267e365ac0abbef1788587f8150b99e424e9b0e9

SHA512
4de9d18b4245105ea22520ee6b27cf7cb8f5ca0777408eb9993f4f97d1820582c6e3694e0142cdb373e8406e1117f568ae4f314b3027a0791d8866bd191b545f

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\libGLESv2.dll

Filesize
7.7MB

MD5
35f34351979e8aca52c09d674dde7345

SHA1
3fad78f021c78f8368823d6a26b81999d8b10ac9

SHA256
cdcd26fc7fc0c79b03726f66c235634f1a58de0ea2418281c157b9f05151f2ef

SHA512
5a1941c673d9fb101189e65bf3ca7d016baf0b75fd29ee2bbcb30270d27717c292b4c8ed08a646c022a87d94434cd29ef2719f8fc4388ef2be00b58f036f43d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\msdia140.dll

Filesize
2.2MB

MD5
4aa30cedcc1b685865f518c70aa50bc7

SHA1
d457dd8fc0fdb1cc15879f7f09f2ffdcfbef8cba

SHA256
0b07dd35f63e959e25627ee7f439440bf59ce27b68eb2512eb68b8933cf734f2

SHA512
bef70d17dd68cd9060d1e4db9fe9a36ffccad5f2540a1e9587385d48484d021abc2e493397bc4284d40a44379be3c576a8244603388f20cfcd9e95d64f70adeb

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\msvcp140.dll

Filesize
552KB

MD5
e4f0a1efb0a99c7d32ec8327dd908bb3

SHA1
30eab0dc9ad15964802e201b1c16d6f85b5d60e9

SHA256
e2dc7de6aadef0aabdefa69bb9106d00c715b3a3fb0f5cbb78f18a3ab7a415a1

SHA512
e15b2c8fb583b64b1d1119d26562e1c74b4c19cb665ec2cccddcfa3023f248532495ceafb927b9ae5d4dec71703049b2785f62592d1cf6251badee70733fc7a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\openvr_api.dll

Filesize
806KB

MD5
4398179b668c70f4464ce9448fa0bac3

SHA1
a12848d2488fbd31a2481922664a2875f162bbdd

SHA256
0ba4d3049449403e1966cf8922ac5c2e6130fabe72c0cc6b3218da82f9110ac9

SHA512
98db440b4c220a9e71b60104c819c402bd88b6c10b9ed518660e8550884fa518e165bf20ec2d85a4bb5c379a28e9524d4b69dd25dc599e062498670fe8f28bc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe

Filesize
7.3MB

MD5
2b8f6b92f6e177d9001772d95e4619cc

SHA1
5cf0854021cc9b32b8e21bb03814bcf49447dd0f

SHA256
3f9d785b34229d36e38fac794370efb6cf07db47e446d31baaddc5efbdd8a83e

SHA512
55bd5b8ac9492a114c2cd39dba61c0146bcba5edae85c59bd3b85be8de94962f45b69e978c0ce767ddeedc4667bffe71491d51553b47ec6bd23b1bc66b301699

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\vccorlib140.dll

Filesize
334KB

MD5
7249674ac9b3fc78398de046298ae4a1

SHA1
e4283070297d13ae44ba47a38285d7cacd63168e

SHA256
e18722bed36d062ae370dc68d117a3fdde9d036a15f3c7cc8ab5cc595d0a4dcc

SHA512
c5c236cf89f033e8515341de0f3d5a08f27a3af113433a7cf6eb840681cfbdce780d0649c6c1de86f9bd147d6ecc500c82e5ea96b75f7116dede2232b7576d17

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\vcruntime140.dll

Filesize
108KB

MD5
a924549aea37bf5efa506064f7b65c24

SHA1
129e0e0984cc7fbcb3b7d995381b15ed74c9a2f7

SHA256
61a3fafb47929f37917cd5cc246ce6d33870002d76a7798d4cd9cfb08a3578d4

SHA512
35dc1d19b391699388f699e102aeeef8a2e098d0e12798b7d5110da03dd2274a157360c40635ff085c3201753160ad0acc5ad5629508a537d4c4ae10200ec403

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\vcruntime140_1.dll

Filesize
39KB

MD5
835b2f63f048f365bd9dc5b9c61a1e4c

SHA1
766540c9f4e391d9f66288c84ad30a7ab3cbd747

SHA256
4be002c978b4af28f153d005a8873273ac404e61822ed17f7fc433d42e39ce02

SHA512
6e60e0cf8cdace4e86f8215a273e9afb735590288c58b971ec73f4aa914241a8cb7a9e4c8fbaf268da36bb5696c8ad20f2efdffd528235a6d50d8ab06e41822b

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\vk_swiftshader.dll

Filesize
5.1MB

MD5
33d3b13bfa8c934619d0bdd765458c81

SHA1
f2bbb1c8899d6fb620b4d935af72d81c75de8afe

SHA256
0141d84b53b416c6059c7b1b02c0cca8eb18a16e5368812a4fb3bd2f495b4153

SHA512
36a41472abfcfaa035f8388315963099508fa6eb2a10fa3b139b09a9bdc66b2a39f685fe770d89830b290b8c475f0f72778c19f3634dcbabfc63165abd311e87

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\vulkan-1.dll

Filesize
940KB

MD5
aa74caa083d40de250705536c2bd2f79

SHA1
0f2613989f4d797b0c0528e984ed00c866014f2e

SHA256
066a8cf28d992f6e94546bc1e62a0276d34a67219250565de49c3e4f80172070

SHA512
aeaccb4e56618e0c3c37836cfd731eef86eca4d9bd613260f25a66010261603eb2321492e09a67cc43f38b066439b1e4290c40e70faa3062ed49981b9fcd9c3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\winh264.dll

Filesize
169KB

MD5
a269bc8562b7e02c5d08d4744be28b1c

SHA1
9facc69bc62804caeb3b7caa5e0b4551c582a5c0

SHA256
80ce8eec4c5ced50cc51766909302f274b7f846965103f20a5c1e31a59d53d23

SHA512
8cfbd769ac075151958d89cbcc4eaebb1833e33398b20e5c5c3b8840a339c7fe2888f1a04b49fc60bc5df05c43bd2df1aa09b2eb2b1fdc4e97a46eb5da40081f

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\chromehtml.dll

Filesize
1.4MB

MD5
d0a7c0f7279ac6f9f5cc4d146a7fd88a

SHA1
d6d17ed29f5ce9f0a695af0ac396bfd95c6f081d

SHA256
7932fd9009896ea4c5f7101e13533e85517ded6e0ce2b6517314a3b10271f79b

SHA512
34efc4c8399eb933d1bf3fe1f43ec24665c1e9c9101381cc8cc56569762b77bccaa596e83250560bcae50327f9bd11b0f0cf7305833d84f280acc874507a9683

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\drivers.exe

Filesize
7.2MB

MD5
feccb50391574f116581314548eab7c5

SHA1
c77745f1c9eadbf5402d0abd8ae297242c9bc8f9

SHA256
e2159157ab4eb8bb9fd72549acb5b22c274d3a8676ad5de0a743740b53434f88

SHA512
adda2b0e4519ff68b1a9a7c9f79b5aad1ca02611c597b299d6e8c82ee3558b638d56cc2e1c8a443cb3982de0bfe0447b5c5990826aa9b731ab86e26a844e84c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\filesystem_stdio.dll

Filesize
208KB

MD5
f6a15c134a0389e00077a5c7afb29f5b

SHA1
88560df3bb441637bd9dca4c9f18acb441aed176

SHA256
49c34ca6204dd5866baa70e4d86411e491cd37191d951c73dd531ffcac08f2ce

SHA512
d584a1213d46a6741ea49c33ab081a1e74600ff3994daf531c8e38f5273883590ff4d7a0772e98df9f446b1c1818ed7351da32180d8fd257f6ada69affd43e05

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\fossilize-replay.exe

Filesize
1.9MB

MD5
662390717a93963bd694ee341bf8834c

SHA1
6a0aec03050f082c672170092398d9c05103d326

SHA256
0aa520a18d0d6af823fa7deaf642b3a04a9625d5478579fddffa719df3ecefe1

SHA512
8f5bcf0baf6bae16e5e049a96a19bdefef3d9c0173363539eb820a6905c8348f270573469f7666480dc9b5460c662b3322201b22b4388c7113bf21ea5c6e205f

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\fossilize-replay64.exe

Filesize
2.2MB

MD5
6d2a8da67be0d49b4233b8cfda310655

SHA1
094808f820050e92008c4e4790d18e050237b669

SHA256
54db44a9de1d48be0fe8fefc2f126415dbc67d67b4a5eccdac63b99afbd156a2

SHA512
90c1ad204bb871f2f952666d00bcd9614d94dcea3a1aef56e0d3b818217e52778e60e9088e237cd062449d5d5a23264190a9e9d64d57b6a14ae41b9c8961b71b

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\friendsui.dll

Filesize
2.7MB

MD5
95aedfe4f9602a6d41c3ef7802c77e2a

SHA1
665817b301c31180af5e1ff1aa7070f3aaa85e3d

SHA256
8d868cb8f8f9152c37d1ed632fc52f4eaafb1781414f75401177f8a156574398

SHA512
eee57db94878bcb358ea98b3774735fd5aa3d8cc61e12e82420eeb59dfef65c236826f385b81e6113e9b147e12951805ffcfcc508c1d93bb043a819dc0f14886

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\gameoverlayui.dll

Filesize
4.1MB

MD5
6c464a3ea45d06958433c8a77616011b

SHA1
acdecbe2165c74caa7168d72ac2837736bc8e0a4

SHA256
0bce53f107113f6950aeb9dc10606be84a541d7e2a839339d9a01436d2e62528

SHA512
3f758b6843c47181d89d1909c4f037b848730c7f223022c0c315f74c433ad09bf6932232fc41dccd2d5cc759c90f5fd1062d70b6c8e7ac80066c3b00025a6ff2

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery.exe

Filesize
45KB

MD5
d6d6ddf71c2a46b4735c20ec16270ab6

SHA1
2e6d36d000a498c6811fcdc49dcf316bfbafa5ce

SHA256
0d422efdfa17dc6e1ebf0ed9e2902fd7c0eaa2f77b8a5a8f1df1478453a37ab8

SHA512
4b422c55cfca42f3f4ec441d7c01bf1ce6943ca00beb3919cc86bbd63a850bb859090b9f16cd0d0ad0723b662afaa2a994f4e319a7c5801af1fc57ad54708047

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery64.exe

Filesize
941KB

MD5
519ccd21fc4a0f26debd33320c50df57

SHA1
416c1d65e0dbae21b6f7c43e32c194581bd8488b

SHA256
23b4063251315814e188d64afe08ea49979f5fb2b74b86860e655a1a4d8fe4e3

SHA512
6e8b5d54b928ddf8ad33da84b7a38cc1b971ec9aaff95ac9c5ff73d5646d2044d99c69ec137b1acd86a9ceead2626bfac08281186452349890c11e302c58255e

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\mss32.dll

Filesize
430KB

MD5
d6d952c03fb8b6f9c63761213ec4d4af

SHA1
e12800f2bf9e09e6ae9dda5ac2f4b775781993f2

SHA256
9c832318a05290ebef3bd809cbbc7df70a08cbd86745899eaeb169d5a42bf99d

SHA512
587db5b9a224550ebb5a52f185824daae6ec2a60f457b7276c80bcd8d4bf4eb4bf36e2efff9280ebca7cb339836b50e338482a05e107a7192c51ad8b93c21f90

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\nattypeprobe.dll

Filesize
167KB

MD5
3eef78bedcf17ef62dea1b9e2e32a315

SHA1
85f4bf8ce205f869620ffd1fac8e7efac95eef84

SHA256
6ce4af10cf99f23627814f1a39eb4d95f01d1ba6630f6de02850f7994989ca6b

SHA512
b42d79d8249fcde2534afaf994a83ade60544ea18316efb67c8d08188947c08c70a047a2762f73cff70bd0a769aae8dd80231344346c3c7ba13363966dd6e99c

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\secure_desktop_capture.exe

Filesize
2.9MB

MD5
6c06586c48132af36c0aabd030484cec

SHA1
5ccf984a5e5f927b4d7693a655662fef508e9f36

SHA256
638c80a6930b34cad837693caeb004ab9238f6abe8ffabc7bef4ae1686785f85

SHA512
f22033bcdb412928067e314506f531425122820661baf81d62a048adf4a128d59141c00f3d4a5588b9b340b1b5e6fb2a56d28bdb6bcaae3105411786dc073335

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\steamservice.dll

Filesize
3.3MB

MD5
a391843cb0c97ddbff57a2e2b0ec46b8

SHA1
d01588c30f1a5ae08765c8049b912df591a0da09

SHA256
91d9de621e8322d33670c798580e1c7399267ec07bcd4346780f273cf320c21e

SHA512
040b133adf382c146b923467c3593bf54c3f98fad1a1ee64c3ea929a952245ebd04b86a6d87b6649096f126fce15f02f92fbcf476d910b5bace2c38ddd6a64df

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\steamservice.exe

Filesize
2.6MB

MD5
65da8c3eca673ca9c98ce34c99cbfbec

SHA1
a6db6f935ac9b22eb1ea0613aa0649db41c4dcda

SHA256
6308c87d0217cd836a57b444ff43f68c53f349c4e8ade3ebf76954e8a1e7d4e0

SHA512
b82416b32dd5e4473054163a1d0092d9cd718ddcf8e43c7ed599b66f0e4095a74b62bedfad66675358b0eab18f6cf7d5d4896151650072071e5e2106e962c676

Download Submit
C:\Users\Admin\AppData\Local\Temp\logs\bootstrap_log.txt

Filesize
57KB

MD5
a1295f9fd0cfb35a920ecac41a370ff8

SHA1
428ef79727cc722904b7c5876b0c6c778f431f8a

SHA256
c32ecc49d0cac562f8e16ede8a42fbe45182cfb2931bab9e487c7e797982964d

SHA512
5c6a575f7311855c7718f4e7fde32fd7f778fb099d71faef40645a52dadabed64bdac472512a8dedadbd74c6c90cb8e60bea9260791e3c9309a077a0eaa726d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\steam_client_win32.installed

Filesize
467KB

MD5
2c3c7decb970a4232d6ee88f9202b37a

SHA1
0e3b7fa59baeec7e0ceed429d6bc72390d083417

SHA256
64c634429d62da854f3e6ca1b77825ff6a78e0712b4648449dfece0dafa6173c

SHA512
3c12f68b10b2e38e6630788e3e880af43c0bc51c59481ae80ab9575be1cd14ea09cc2610d3915155e8ca9e6a8ac83cdd5ec3564c640987b99d6201aa2241b11c

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\steam_client_win32.manifest

Filesize
8KB

MD5
023c4ba5aa36109489c08d74e3be66c5

SHA1
d871cd07767f079592f193cfdc21bde25136f3c9

SHA256
4a1c822b6baec70b962c87d14c97727383dcb132895dd34c408322b4acb8db66

SHA512
26c8a6023abdee82ace7f3523ef607639b05f3a16446815153836a59e3cfd44c9ac918ee50fe204bd3b5b4defce8bc51d6f5ed102b9b4b6b01314023f145da2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\tmp\graphics\[email protected]_

Filesize
15KB

MD5
577b7286c7b05cecde9bea0a0d39740e

SHA1
144d97afe83738177a2dbe43994f14ec11e44b53

SHA256
983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824

SHA512
8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\tmp\graphics\icon_button_news_mousedown.tga_

Filesize
20KB

MD5
00bf35778a90f9dfa68ce0d1a032d9b5

SHA1
de6a3d102de9a186e1585be14b49390dcb9605d6

SHA256
cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2

SHA512
342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\tmp\resource\filter_clean_bulgarian.txt.gz_

Filesize
23B

MD5
836dd6b25a8902af48cd52738b675e4b

SHA1
449347c06a872bedf311046bca8d316bfba3830b

SHA256
6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64

SHA512
6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

Download Submit
C:\Users\Admin\AppData\Local\Temp\public\steambootstrapper_english.txt

Filesize
4KB

MD5
27993eb75894ca4894db266ad9b5e61b

SHA1
4def653ee04b0514822b690052598435ec25e686

SHA256
fbc09c1b9a55d04b57be8fb2ad5ab58b38f76054ecd3d1b70440a2d08191b05b

SHA512
eaebeee5b1a7dfb9bdf661623554793d7ef7e15d9f9cf01f94da1eb0b84b88c8f24176463d15c407ebf670c5b7fd4052daea33ba43e75c1de2979487c4987bab

Download Submit
\Users\Admin\AppData\Local\Temp\crashhandler.dll

Filesize
362KB

MD5
efbe2b162f5dda866f1a5ba708409b18

SHA1
32592f696575afbc10763ec0b4cfd6722d87ade1

SHA256
cc19e5ccc0c6e2152dd82ee24c04fe4f3f4d24702874c7c3801b59e206cef137

SHA512
fdbc2aee4a0fa0ca179ed3bfd2832601a7bb47105803274b096d147bc38141f4d8d45b6a1e1aa47f3344e5c564a8cbb2209893d07227029e16bb2e9170637e42

Download Submit
\Users\Admin\AppData\Local\Temp\steam.exe

Filesize
4.2MB

MD5
2ad6f35ecad640c8aea50f40752c2469

SHA1
4d51af6cb4d5d4af71eb75b94809922a8dba88cd

SHA256
be92837c03bcfe27e7b455ea3ce172b41115bd4a1b40a6c150eabd22b6904156

SHA512
144fc02a8c8c82ae60c29730cdfe47fe5038cf4f1db8347dd6250f71a218fbb8a02f932a6f71f77cff9a30acc44f48177afff8256896b8cc9bf45d4445d65b49

Download Submit
memory/3020-12206-0x00000000002B0000-0x0000000000762000-memory.dmp

Filesize
4.7MB

Download