7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb

Analysis

max time kernel
899s
max time network
898s
platform
windows10-2004_x64
resource
win10v2004-20250129-en
resource tags

arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
submitted
05-02-2025 10:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Steam.exe
Size

4.2MB
MD5

33bcb1c8975a4063a134a72803e0ca16
SHA1

ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65
SHA256

12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1
SHA512

13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49
SSDEEP

98304:7JeV/ztZBe91oiImuUiK9N9EGQKF9lSHbr7aw:1S/hwkmg4EpbrOw

Score

5^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe

Drops file in Program Files directory 6 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping8904_2058969544\manifest.json	steamwebhelper.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping8904_2058969544\_metadata\verified_contents.json	steamwebhelper.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping8904_2058969544\manifest.fingerprint	steamwebhelper.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping8904_2058969544\_platform_specific\win_x64\widevinecdm.dll.sig	steamwebhelper.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping8904_2058969544\_platform_specific\win_x64\widevinecdm.dll	steamwebhelper.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping8904_2058969544\LICENSE	steamwebhelper.exe

Executes dropped EXE 13 IoCs

pid	Process
4028	Steam.exe
8904	steamwebhelper.exe
8944	steamwebhelper.exe
2620	steamwebhelper.exe
4548	steamwebhelper.exe
2500	gldriverquery64.exe
6172	steamwebhelper.exe
3944	steamwebhelper.exe
5320	gldriverquery.exe
1152	vulkandriverquery64.exe
3856	vulkandriverquery.exe
9400	steamwebhelper.exe
9752	steamwebhelper.exe

Loads dropped DLL 58 IoCs

pid	Process
4028	Steam.exe
4028	Steam.exe
4028	Steam.exe
4028	Steam.exe
4028	Steam.exe
4028	Steam.exe
4028	Steam.exe
4028	Steam.exe
4028	Steam.exe
4028	Steam.exe
4028	Steam.exe
4028	Steam.exe
4028	Steam.exe
4028	Steam.exe
4028	Steam.exe
4028	Steam.exe
4028	Steam.exe
8904	steamwebhelper.exe
8904	steamwebhelper.exe
8904	steamwebhelper.exe
8904	steamwebhelper.exe
8944	steamwebhelper.exe
8944	steamwebhelper.exe
8944	steamwebhelper.exe
4028	Steam.exe
2620	steamwebhelper.exe
2620	steamwebhelper.exe
2620	steamwebhelper.exe
2620	steamwebhelper.exe
2620	steamwebhelper.exe
2620	steamwebhelper.exe
2620	steamwebhelper.exe
2620	steamwebhelper.exe
2620	steamwebhelper.exe
4028	Steam.exe
8904	steamwebhelper.exe
8904	steamwebhelper.exe
8904	steamwebhelper.exe
4548	steamwebhelper.exe
4548	steamwebhelper.exe
4548	steamwebhelper.exe
4028	Steam.exe
6172	steamwebhelper.exe
6172	steamwebhelper.exe
6172	steamwebhelper.exe
3944	steamwebhelper.exe
3944	steamwebhelper.exe
3944	steamwebhelper.exe
3944	steamwebhelper.exe
9400	steamwebhelper.exe
9400	steamwebhelper.exe
9400	steamwebhelper.exe
9752	steamwebhelper.exe
9752	steamwebhelper.exe
9752	steamwebhelper.exe
9752	steamwebhelper.exe
9752	steamwebhelper.exe
9752	steamwebhelper.exe

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	gldriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vulkandriverquery.exe

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Steam.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe

Modifies system certificate store 2 TTPs 6 IoCs

defense_evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	Steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	Steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	Steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	Steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	Steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	Steam.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4028	Steam.exe
4028	Steam.exe
4028	Steam.exe
4028	Steam.exe
4028	Steam.exe
4028	Steam.exe
4028	Steam.exe
4028	Steam.exe
4028	Steam.exe
4028	Steam.exe
9752	steamwebhelper.exe
9752	steamwebhelper.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4028	Steam.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
712	Steam.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	8904	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8904	steamwebhelper.exe
Token: SeShutdownPrivilege	8904	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8904	steamwebhelper.exe
Token: SeShutdownPrivilege	8904	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8904	steamwebhelper.exe
Token: SeShutdownPrivilege	8904	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8904	steamwebhelper.exe
Token: SeShutdownPrivilege	8904	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8904	steamwebhelper.exe
Token: SeShutdownPrivilege	8904	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8904	steamwebhelper.exe
Token: SeShutdownPrivilege	8904	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8904	steamwebhelper.exe
Token: SeShutdownPrivilege	8904	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8904	steamwebhelper.exe
Token: SeShutdownPrivilege	8904	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8904	steamwebhelper.exe
Token: SeShutdownPrivilege	8904	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8904	steamwebhelper.exe
Token: SeShutdownPrivilege	8904	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8904	steamwebhelper.exe
Token: SeShutdownPrivilege	8904	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8904	steamwebhelper.exe
Token: SeShutdownPrivilege	8904	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8904	steamwebhelper.exe
Token: SeShutdownPrivilege	8904	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8904	steamwebhelper.exe
Token: SeShutdownPrivilege	8904	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8904	steamwebhelper.exe
Token: SeShutdownPrivilege	8904	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8904	steamwebhelper.exe
Token: SeShutdownPrivilege	8904	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8904	steamwebhelper.exe
Token: SeShutdownPrivilege	8904	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8904	steamwebhelper.exe
Token: SeShutdownPrivilege	8904	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8904	steamwebhelper.exe
Token: SeShutdownPrivilege	8904	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8904	steamwebhelper.exe
Token: SeShutdownPrivilege	8904	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8904	steamwebhelper.exe
Token: SeShutdownPrivilege	8904	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8904	steamwebhelper.exe
Token: SeShutdownPrivilege	8904	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8904	steamwebhelper.exe
Token: SeShutdownPrivilege	8904	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8904	steamwebhelper.exe
Token: SeShutdownPrivilege	8904	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8904	steamwebhelper.exe
Token: SeShutdownPrivilege	8904	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8904	steamwebhelper.exe
Token: SeShutdownPrivilege	8904	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8904	steamwebhelper.exe
Token: SeShutdownPrivilege	8904	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8904	steamwebhelper.exe
Token: SeShutdownPrivilege	8904	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8904	steamwebhelper.exe
Token: SeShutdownPrivilege	8904	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8904	steamwebhelper.exe
Token: SeShutdownPrivilege	8904	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8904	steamwebhelper.exe
Token: SeShutdownPrivilege	8904	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8904	steamwebhelper.exe

Suspicious use of FindShellTrayWindow 16 IoCs

pid	Process
8904	steamwebhelper.exe
8904	steamwebhelper.exe
8904	steamwebhelper.exe
8904	steamwebhelper.exe
8904	steamwebhelper.exe
8904	steamwebhelper.exe
8904	steamwebhelper.exe
8904	steamwebhelper.exe
8904	steamwebhelper.exe
8904	steamwebhelper.exe
8904	steamwebhelper.exe
8904	steamwebhelper.exe
8904	steamwebhelper.exe
8904	steamwebhelper.exe
8904	steamwebhelper.exe
8904	steamwebhelper.exe

Suspicious use of SendNotifyMessage 15 IoCs

pid	Process
8904	steamwebhelper.exe
8904	steamwebhelper.exe
8904	steamwebhelper.exe
8904	steamwebhelper.exe
8904	steamwebhelper.exe
8904	steamwebhelper.exe
8904	steamwebhelper.exe
8904	steamwebhelper.exe
8904	steamwebhelper.exe
8904	steamwebhelper.exe
8904	steamwebhelper.exe
8904	steamwebhelper.exe
8904	steamwebhelper.exe
8904	steamwebhelper.exe
8904	steamwebhelper.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4028	Steam.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 712 wrote to memory of 4028	712	Steam.exe	94
PID 712 wrote to memory of 4028	712	Steam.exe	94
PID 712 wrote to memory of 4028	712	Steam.exe	94
PID 4028 wrote to memory of 8904	4028	Steam.exe	95
PID 4028 wrote to memory of 8904	4028	Steam.exe	95
PID 8904 wrote to memory of 8944	8904	steamwebhelper.exe	96
PID 8904 wrote to memory of 8944	8904	steamwebhelper.exe	96
PID 8904 wrote to memory of 2620	8904	steamwebhelper.exe	97
PID 8904 wrote to memory of 2620	8904	steamwebhelper.exe	97
PID 8904 wrote to memory of 2620	8904	steamwebhelper.exe	97
PID 8904 wrote to memory of 2620	8904	steamwebhelper.exe	97
PID 8904 wrote to memory of 2620	8904	steamwebhelper.exe	97
PID 8904 wrote to memory of 2620	8904	steamwebhelper.exe	97
PID 8904 wrote to memory of 2620	8904	steamwebhelper.exe	97
PID 8904 wrote to memory of 2620	8904	steamwebhelper.exe	97
PID 8904 wrote to memory of 2620	8904	steamwebhelper.exe	97
PID 8904 wrote to memory of 2620	8904	steamwebhelper.exe	97
PID 8904 wrote to memory of 2620	8904	steamwebhelper.exe	97
PID 8904 wrote to memory of 2620	8904	steamwebhelper.exe	97
PID 8904 wrote to memory of 2620	8904	steamwebhelper.exe	97
PID 8904 wrote to memory of 2620	8904	steamwebhelper.exe	97
PID 8904 wrote to memory of 2620	8904	steamwebhelper.exe	97
PID 8904 wrote to memory of 2620	8904	steamwebhelper.exe	97
PID 8904 wrote to memory of 2620	8904	steamwebhelper.exe	97
PID 8904 wrote to memory of 2620	8904	steamwebhelper.exe	97
PID 8904 wrote to memory of 2620	8904	steamwebhelper.exe	97
PID 8904 wrote to memory of 2620	8904	steamwebhelper.exe	97
PID 8904 wrote to memory of 2620	8904	steamwebhelper.exe	97
PID 8904 wrote to memory of 2620	8904	steamwebhelper.exe	97
PID 8904 wrote to memory of 2620	8904	steamwebhelper.exe	97
PID 8904 wrote to memory of 2620	8904	steamwebhelper.exe	97
PID 8904 wrote to memory of 2620	8904	steamwebhelper.exe	97
PID 8904 wrote to memory of 2620	8904	steamwebhelper.exe	97
PID 8904 wrote to memory of 2620	8904	steamwebhelper.exe	97
PID 8904 wrote to memory of 2620	8904	steamwebhelper.exe	97
PID 8904 wrote to memory of 2620	8904	steamwebhelper.exe	97
PID 8904 wrote to memory of 2620	8904	steamwebhelper.exe	97
PID 8904 wrote to memory of 4548	8904	steamwebhelper.exe	98
PID 8904 wrote to memory of 4548	8904	steamwebhelper.exe	98
PID 4028 wrote to memory of 2500	4028	Steam.exe	101
PID 4028 wrote to memory of 2500	4028	Steam.exe	101
PID 8904 wrote to memory of 6172	8904	steamwebhelper.exe	102
PID 8904 wrote to memory of 6172	8904	steamwebhelper.exe	102
PID 8904 wrote to memory of 6172	8904	steamwebhelper.exe	102
PID 8904 wrote to memory of 6172	8904	steamwebhelper.exe	102
PID 8904 wrote to memory of 6172	8904	steamwebhelper.exe	102
PID 8904 wrote to memory of 6172	8904	steamwebhelper.exe	102
PID 8904 wrote to memory of 6172	8904	steamwebhelper.exe	102
PID 8904 wrote to memory of 6172	8904	steamwebhelper.exe	102
PID 8904 wrote to memory of 6172	8904	steamwebhelper.exe	102
PID 8904 wrote to memory of 6172	8904	steamwebhelper.exe	102
PID 8904 wrote to memory of 6172	8904	steamwebhelper.exe	102
PID 8904 wrote to memory of 6172	8904	steamwebhelper.exe	102
PID 8904 wrote to memory of 6172	8904	steamwebhelper.exe	102
PID 8904 wrote to memory of 6172	8904	steamwebhelper.exe	102
PID 8904 wrote to memory of 6172	8904	steamwebhelper.exe	102
PID 8904 wrote to memory of 6172	8904	steamwebhelper.exe	102
PID 8904 wrote to memory of 6172	8904	steamwebhelper.exe	102
PID 8904 wrote to memory of 6172	8904	steamwebhelper.exe	102
PID 8904 wrote to memory of 6172	8904	steamwebhelper.exe	102
PID 8904 wrote to memory of 6172	8904	steamwebhelper.exe	102
PID 8904 wrote to memory of 6172	8904	steamwebhelper.exe	102
PID 8904 wrote to memory of 6172	8904	steamwebhelper.exe	102
PID 8904 wrote to memory of 6172	8904	steamwebhelper.exe	102

C:\Users\Admin\AppData\Local\Temp\Steam.exe
"C:\Users\Admin\AppData\Local\Temp\Steam.exe"
1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies system certificate store
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:712
- C:\Users\Admin\AppData\Local\Temp\Steam.exe
  C:\Users\Admin\AppData\Local\Temp\Steam.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4028
- - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
    C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe -nocrashdialog "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=4028" "-buildid=1738026274" "-steamid=0" "-logdir=C:\Users\Admin\AppData\Local\Temp\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Users\Admin\AppData\Local\Temp\clientui" "-steampath=C:\Users\Admin\AppData\Local\Temp\Steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"
    3⤵
    - Checks computer location settings
    - Drops file in Program Files directory
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:8904
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\dumps "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1738026274 --initial-client-data=0x280,0x284,0x288,0x27c,0x28c,0x7ffc85ceaf00,0x7ffc85ceaf0c,0x7ffc85ceaf18
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:8944
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1738026274 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1576,i,14201570093363450226,8122290504582165269,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1580 --mojo-platform-channel-handle=1568 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2620
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1738026274 --steamid=0 --field-trial-handle=2204,i,14201570093363450226,8122290504582165269,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2208 --mojo-platform-channel-handle=2200 /prefetch:3
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4548
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1738026274 --steamid=0 --field-trial-handle=2956,i,14201570093363450226,8122290504582165269,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2960 --mojo-platform-channel-handle=2948 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:6172
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1738026274 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3352,i,14201570093363450226,8122290504582165269,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3356 --mojo-platform-channel-handle=3348 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:3944
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1738026274 --steamid=0 --field-trial-handle=4080,i,14201570093363450226,8122290504582165269,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4084 --mojo-platform-channel-handle=4076 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:9400
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1738026274 --steamid=0 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4072,i,14201570093363450226,8122290504582165269,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4064 --mojo-platform-channel-handle=4116 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      PID:9752
- - C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery64.exe
    .\bin\gldriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:2500
- - C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery.exe
    .\bin\gldriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:5320
- - C:\Users\Admin\AppData\Local\Temp\bin\vulkandriverquery64.exe
    .\bin\vulkandriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:1152
- - C:\Users\Admin\AppData\Local\Temp\bin\vulkandriverquery.exe
    .\bin\vulkandriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:3856

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x300 0x2f8
1⤵
PID:5996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping8904_2058969544\LICENSE

Filesize
473B

MD5
f6719687bed7403612eaed0b191eb4a9

SHA1
dd03919750e45507743bd089a659e8efcefa7af1

SHA256
afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59

SHA512
dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping8904_2058969544\manifest.json

Filesize
1001B

MD5
2ff237adbc218a4934a8b361bcd3428e

SHA1
efad279269d9372dcf9c65b8527792e2e9e6ca7d

SHA256
25a702dd5389cc7b077c6b4e06c1fad9bdea74a9c37453388986d093c277d827

SHA512
bafd91699019ab756adf13633b825d9d9bae374ca146e8c05abc70c931d491d421268a6e6549a8d284782898bc6eb99e3017fbe3a98e09cd3dfecad19f95e542

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
996b82ce3609f8e60c3317c2168fa7be

SHA1
ddac672096aab08ad21f7e1112262ee2df4139b9

SHA256
d5336a158e41c2b0cb08809cdd8a407cee075c67a0dce31c11f487f25dbba1f2

SHA512
211e44149c6047e57fea533768fa0762fcc254f89662700cf8fedc786d1b863d69ac440341e1949f2f0a65bec78bc4eb3bdc90ece63c6ba4f35ae00043ed21b7

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
78a2c7300015107a4870705eb4570afc

SHA1
aafe0377b179319199a5eef9c179722d78478417

SHA256
df5d2f044c205f56814ec472bb8d72d881fb29f10544e3560d5e01bba0572db1

SHA512
a1ac29b5e1592ade51f7966e9f75d50e73391135a766e2ec535d6e654f716e9556e27470d55eb40977f198d0a033214ca260d3c92e9cd3532fe65c2a01ebaecd

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
710B

MD5
31562d641852c63631abadc30d5bf65d

SHA1
99025c154b4ebfa8c5d56d9bb3308be92753da03

SHA256
bd6db3d4b044c96373aa45a43ee23f374ebef9c37e86381d7b3009a71a6cbf98

SHA512
d537ab2c3614dcd66e7901cdd10e5835b16b5d53a1bb3b1fdeb3aab004dd2b20c2927d1ed82fc1b5ef0e33d4f46bbec29b714ddd05a1bac8bc767071b547063f

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
822B

MD5
96a6021e5ee8010052397638a0d962cc

SHA1
350396f84fc5b4f06a72c86013de7beb41bee0ad

SHA256
e0b9c52ab92cbdf1efe1ebbdabbb22949878c4ee4fbce10781961379f9f4276a

SHA512
4c71d009b9dc5662852fa2ea914dc74e2fd06aef3a3691f9a473ee18f4bb484ff9ff7cf12155629e7a5c47533eeee76403b935163594b8c173a9560e484699af

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json~RFe5bfefe.TMP

Filesize
529B

MD5
1db99c179ea307af92730487c9feda19

SHA1
139656844df31513cbac504bd9506c94d2687b64

SHA256
ed213cbe7bd2278ebd1d803342b8c815ddd371c33ee1e3a83bf9cf26fac1006a

SHA512
0ccc2ed95c35c604db08f37048ef0ead561d13f2c4eb7f6af463686e66fb53d5b37002fea22963fe6d6b06e36ec14b07ab26f259a9898d696981552e9eb5ae33

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\CSERHelper.dll

Filesize
121KB

MD5
833d30fa5bd04e2011cb6b9d7081dded

SHA1
4c8a9cccbecb4d06ec76cc38a9c850f05a020057

SHA256
09d4c2067217b1900d4d7a936969f809821649b10ed8afd0f49de2871f7a3784

SHA512
649d2c1f9cf34a220e3bb67b1a656dcb290be0a3522f87fd4e948121a25153f73bc53c06d8997744cf8cdc82486a4a902d6b0c9da87ec190abe624edbb9c04ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\GameOverlayRenderer.dll

Filesize
1.2MB

MD5
662b11fab7a015726163f3cef31a9414

SHA1
9a06adb1a879c5f55a1858d2f3370f4c714819be

SHA256
a9344d994110718c740e0313c1ad72b4800a96d92ea9a673f9a5221e79980ddf

SHA512
5e8e4b1b75e7ca34372e8bfdae9f417c5316e224dc65e2c3cba6a6cefb3854e8b043fd10350ec61f8eb8277c12157e975c89f236712259a6fc05e0b64819367a

Download Submit
C:\Users\Admin\AppData\Local\Temp\GameOverlayRenderer64.dll

Filesize
1.4MB

MD5
e0e2ca1dca8d52e3cacd4c8aebb239f1

SHA1
260e6e20357c32fb8496455dcc67e334e193a03b

SHA256
79824624587202762057412026c3c941de4118d87c3509c9cb053cb57401492d

SHA512
cc9731fa8a3ad5101eb9acdb289e3906c02df66d6527fc6b8e476cc67f79976649988b930dd74614ea391299c2ee2f2bbc7ee9b547708095569a64ff326b214b

Download Submit
C:\Users\Admin\AppData\Local\Temp\GameOverlayUI.exe

Filesize
387KB

MD5
7858bbe576791b9fea7252fda1aa8fa3

SHA1
a69b587d6f7a0ce3e13df776d4a290542816d525

SHA256
bd591808223b361c6cc0c8654a432214fc17fcd0648adb6f7bc87dc4b5d63751

SHA512
706e5aca6f8c5688c31a78956d4a2969bda34638039027fe120d4c8bfc4c01e438109811d9c27664ba1d6da93e58c433842d573ccd8fe66e3a59624b75f250bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\aom.dll

Filesize
7.1MB

MD5
d764264518e77cc546a5876c3bcebad4

SHA1
ea17d45b396fa193a851bfd345e2b2c20ad60e12

SHA256
e78492de0ab575add50b925bfd44216d224d09904a9b14c17087a92fdcbc15cd

SHA512
7cf132ea5254a55c08186ffcf5e47360ef5ddd57d03d7051171f6753b22e3925304d183c2037bfd320ad56c08e079f9b2c4640db8cb3dbd38ff500c7a39e997f

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\audio.dll

Filesize
190KB

MD5
2fe7c8c80f2ba787dc587253930d7dbd

SHA1
17b7ee137acbbaa4324402addae246773813bad5

SHA256
22d53b94b096df9e7eedc32d7147010dccca87fdb86f34960eac6a642ae8c50c

SHA512
a6edc6d81d0b0b16ef91628fde99bb72b5ff64eadad3a8e7ec2b811c43820db88c20f7a31dd4ded377f0af6a25f5b5253fc8826572434d7c22265d50d884c96e

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\SDL3.dll

Filesize
2.4MB

MD5
92b39ae8e627a7d10d8b3d236cad2cd1

SHA1
8f4a0ab76976e664b50f9778aedaade15e0cf77a

SHA256
c6df44e2b4c7830c3839fd46c2bb73a07dc1a210204a974b25d013a577d58e82

SHA512
cf85bc5a3d8517490ec800d10107fcfe816b641d34563184e65d06e86586b59e37641c103e9e7fce21b7a5b2fe076f5d0fcd16c001535551053a9f58390011de

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\VkICD_mock_icd.dll

Filesize
622KB

MD5
ec5cfeb47ad7878cd03a3ceed46afa5d

SHA1
97d28798a351b4460da2804a7c4e82f7709e034e

SHA256
071f126ca68c193bb36b98f710e4412f7d99d3f7fa0032c6d6e25adb535044b9

SHA512
cbee0537990645e13999c9ff951902574ea2da65eeec259037c6558953141b686607e1f0ee7bf12754a3d69ed6f6435f2d726105cfbd27bceb4cd11737af46eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\VkLayer_khronos_validation.dll

Filesize
15.9MB

MD5
e5015dbbda7f53acc5e7aec89a106d69

SHA1
5a72fe0eaeb9b4030509259a8caee7a072464ed0

SHA256
0128f6c8ffded9433bfcdedb43d75adcf18139644f2b8fdb45111c1642beb757

SHA512
b197192cc84bdfa880185594fa4d461ce6bf071ea0187fa1f3570eeea87c6de00fb8b71276d19fc26d78184f2632a066cd71f2a9c93e69f478519ae8c43bca10

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\chrome_elf.dll

Filesize
1.3MB

MD5
0eeaea918f3603e5ff2bd955f9f0c0aa

SHA1
0404b3bd9324703a46d5f3e3d2471386951feee5

SHA256
3f49301338c33f40b3ca8528eaa40e9f7fc8f7952f59b8f4281ca5d3e1ddf25f

SHA512
0fa19dc76d28d449f2e96e4faf3ce57e7ad811b8888de2140152ba0355cc8d6ed787371ff90fbac0d1b0c900fcb1fd4ef1f45c8114b0f10ca5f97f05146ef945

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\d3dcompiler_47.dll

Filesize
4.7MB

MD5
c6c2fc1388f3d04c170417d733fcd52b

SHA1
fe74b15be9b5227cc3597471e4df0913b5acefb2

SHA256
8b575383ebaf641d7e29b85d010af232dfe008be800ec936d5b4d0c19ae47ca4

SHA512
e155cc3d0e1f1b2ad8992cc907c36923bcbce17cb53e731ea3d02e529bef11324219a86e461fbb6d0b9247d1638d14d558e083fdcdd2c6ef301160d00bc88fe7

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\dbgcore.dll

Filesize
211KB

MD5
e6bcc49fe10142480344ecf6f78f17f7

SHA1
fc8d3f1e85b2dc6934cbd4d2fb9250792eb991aa

SHA256
b4675afaff6fe2d9253a16e4bbeb376b0b4fdee087ce71419e11b78ca211ef2a

SHA512
9152d99fc8ab1a4a7f6d2f73fd3cde17c741620b42e7011fd4534315ce18ac12517846ee21f12327d6343e5c4f4a86d01e4b40a1ef1ffc803e4969f3629dfd36

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\dxcompiler.dll

Filesize
21.0MB

MD5
e3f531e75b63bcb3bbf8da1d5df8aa43

SHA1
9574e78e7ae36944687083923a9d09e15c593ebb

SHA256
fdf572f1b15982d6b6b0083026fad4a0352a5c99efe97f182e8ba72d682de610

SHA512
424fdc9da6518d5f269cf635aa66524161fa31771a8bc6dd91add826cdde9f0bed7879b259419c33a1d00155546d1a68aadc6a9acff32290b9543767dd04a9d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\dxil.dll

Filesize
1.4MB

MD5
8167a6e8cc35988d02938cfa3ae1c0dd

SHA1
1bb1b83c7dc957e074320b033aab83f015eb777b

SHA256
bf97fcfc4f107a98932ac6f9169d9fb936dbedaac5cc06005a87fae436b577cb

SHA512
bcb9e8fbc79c108ec525ec2a1d5d8bba7c2a295e39eabf48d8eba2095eeffcbb2a2b8f66219cda9786bae6a1fa6ff27f054f97ffa002957d16f2969018e62606

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\eventlog_provider.dll

Filesize
17KB

MD5
a73d3ef675f9a0840a4f08e71066f5b2

SHA1
bbe14a1ea609bf288a54b0299c74f8f8f66a1bab

SHA256
7359a29c5c6201c815ab3e58487f0f95617f766bd6cb2eda182dc8da5e058c8d

SHA512
30b34a9c91fd08f6f689271fc486e5a2d7f984f6bb0717aa68d4d1d8b58e3e18059cf24ff679893249f1b40d2514994a0b36143425e6dce02f1aee3751810958

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\libEGL.dll

Filesize
472KB

MD5
9a5749b691b3c345f4e313b06b127a94

SHA1
bad7c65d67e3d548e9ae757a7aa5bd5a079fd3b8

SHA256
682acd1cfa7390386d8cd8c8267e365ac0abbef1788587f8150b99e424e9b0e9

SHA512
4de9d18b4245105ea22520ee6b27cf7cb8f5ca0777408eb9993f4f97d1820582c6e3694e0142cdb373e8406e1117f568ae4f314b3027a0791d8866bd191b545f

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\libGLESv2.dll

Filesize
7.7MB

MD5
35f34351979e8aca52c09d674dde7345

SHA1
3fad78f021c78f8368823d6a26b81999d8b10ac9

SHA256
cdcd26fc7fc0c79b03726f66c235634f1a58de0ea2418281c157b9f05151f2ef

SHA512
5a1941c673d9fb101189e65bf3ca7d016baf0b75fd29ee2bbcb30270d27717c292b4c8ed08a646c022a87d94434cd29ef2719f8fc4388ef2be00b58f036f43d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\msdia140.dll

Filesize
2.2MB

MD5
4aa30cedcc1b685865f518c70aa50bc7

SHA1
d457dd8fc0fdb1cc15879f7f09f2ffdcfbef8cba

SHA256
0b07dd35f63e959e25627ee7f439440bf59ce27b68eb2512eb68b8933cf734f2

SHA512
bef70d17dd68cd9060d1e4db9fe9a36ffccad5f2540a1e9587385d48484d021abc2e493397bc4284d40a44379be3c576a8244603388f20cfcd9e95d64f70adeb

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\msvcp140.dll

Filesize
552KB

MD5
e4f0a1efb0a99c7d32ec8327dd908bb3

SHA1
30eab0dc9ad15964802e201b1c16d6f85b5d60e9

SHA256
e2dc7de6aadef0aabdefa69bb9106d00c715b3a3fb0f5cbb78f18a3ab7a415a1

SHA512
e15b2c8fb583b64b1d1119d26562e1c74b4c19cb665ec2cccddcfa3023f248532495ceafb927b9ae5d4dec71703049b2785f62592d1cf6251badee70733fc7a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\openvr_api.dll

Filesize
806KB

MD5
4398179b668c70f4464ce9448fa0bac3

SHA1
a12848d2488fbd31a2481922664a2875f162bbdd

SHA256
0ba4d3049449403e1966cf8922ac5c2e6130fabe72c0cc6b3218da82f9110ac9

SHA512
98db440b4c220a9e71b60104c819c402bd88b6c10b9ed518660e8550884fa518e165bf20ec2d85a4bb5c379a28e9524d4b69dd25dc599e062498670fe8f28bc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe

Filesize
7.3MB

MD5
2b8f6b92f6e177d9001772d95e4619cc

SHA1
5cf0854021cc9b32b8e21bb03814bcf49447dd0f

SHA256
3f9d785b34229d36e38fac794370efb6cf07db47e446d31baaddc5efbdd8a83e

SHA512
55bd5b8ac9492a114c2cd39dba61c0146bcba5edae85c59bd3b85be8de94962f45b69e978c0ce767ddeedc4667bffe71491d51553b47ec6bd23b1bc66b301699

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\vccorlib140.dll

Filesize
334KB

MD5
7249674ac9b3fc78398de046298ae4a1

SHA1
e4283070297d13ae44ba47a38285d7cacd63168e

SHA256
e18722bed36d062ae370dc68d117a3fdde9d036a15f3c7cc8ab5cc595d0a4dcc

SHA512
c5c236cf89f033e8515341de0f3d5a08f27a3af113433a7cf6eb840681cfbdce780d0649c6c1de86f9bd147d6ecc500c82e5ea96b75f7116dede2232b7576d17

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\vcruntime140.dll

Filesize
108KB

MD5
a924549aea37bf5efa506064f7b65c24

SHA1
129e0e0984cc7fbcb3b7d995381b15ed74c9a2f7

SHA256
61a3fafb47929f37917cd5cc246ce6d33870002d76a7798d4cd9cfb08a3578d4

SHA512
35dc1d19b391699388f699e102aeeef8a2e098d0e12798b7d5110da03dd2274a157360c40635ff085c3201753160ad0acc5ad5629508a537d4c4ae10200ec403

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\vcruntime140_1.dll

Filesize
39KB

MD5
835b2f63f048f365bd9dc5b9c61a1e4c

SHA1
766540c9f4e391d9f66288c84ad30a7ab3cbd747

SHA256
4be002c978b4af28f153d005a8873273ac404e61822ed17f7fc433d42e39ce02

SHA512
6e60e0cf8cdace4e86f8215a273e9afb735590288c58b971ec73f4aa914241a8cb7a9e4c8fbaf268da36bb5696c8ad20f2efdffd528235a6d50d8ab06e41822b

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\vk_swiftshader.dll

Filesize
5.1MB

MD5
33d3b13bfa8c934619d0bdd765458c81

SHA1
f2bbb1c8899d6fb620b4d935af72d81c75de8afe

SHA256
0141d84b53b416c6059c7b1b02c0cca8eb18a16e5368812a4fb3bd2f495b4153

SHA512
36a41472abfcfaa035f8388315963099508fa6eb2a10fa3b139b09a9bdc66b2a39f685fe770d89830b290b8c475f0f72778c19f3634dcbabfc63165abd311e87

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\vulkan-1.dll

Filesize
940KB

MD5
aa74caa083d40de250705536c2bd2f79

SHA1
0f2613989f4d797b0c0528e984ed00c866014f2e

SHA256
066a8cf28d992f6e94546bc1e62a0276d34a67219250565de49c3e4f80172070

SHA512
aeaccb4e56618e0c3c37836cfd731eef86eca4d9bd613260f25a66010261603eb2321492e09a67cc43f38b066439b1e4290c40e70faa3062ed49981b9fcd9c3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\winh264.dll

Filesize
169KB

MD5
a269bc8562b7e02c5d08d4744be28b1c

SHA1
9facc69bc62804caeb3b7caa5e0b4551c582a5c0

SHA256
80ce8eec4c5ced50cc51766909302f274b7f846965103f20a5c1e31a59d53d23

SHA512
8cfbd769ac075151958d89cbcc4eaebb1833e33398b20e5c5c3b8840a339c7fe2888f1a04b49fc60bc5df05c43bd2df1aa09b2eb2b1fdc4e97a46eb5da40081f

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\chromehtml.dll

Filesize
1.4MB

MD5
d0a7c0f7279ac6f9f5cc4d146a7fd88a

SHA1
d6d17ed29f5ce9f0a695af0ac396bfd95c6f081d

SHA256
7932fd9009896ea4c5f7101e13533e85517ded6e0ce2b6517314a3b10271f79b

SHA512
34efc4c8399eb933d1bf3fe1f43ec24665c1e9c9101381cc8cc56569762b77bccaa596e83250560bcae50327f9bd11b0f0cf7305833d84f280acc874507a9683

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\drivers.exe

Filesize
7.2MB

MD5
feccb50391574f116581314548eab7c5

SHA1
c77745f1c9eadbf5402d0abd8ae297242c9bc8f9

SHA256
e2159157ab4eb8bb9fd72549acb5b22c274d3a8676ad5de0a743740b53434f88

SHA512
adda2b0e4519ff68b1a9a7c9f79b5aad1ca02611c597b299d6e8c82ee3558b638d56cc2e1c8a443cb3982de0bfe0447b5c5990826aa9b731ab86e26a844e84c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\filesystem_stdio.dll

Filesize
208KB

MD5
f6a15c134a0389e00077a5c7afb29f5b

SHA1
88560df3bb441637bd9dca4c9f18acb441aed176

SHA256
49c34ca6204dd5866baa70e4d86411e491cd37191d951c73dd531ffcac08f2ce

SHA512
d584a1213d46a6741ea49c33ab081a1e74600ff3994daf531c8e38f5273883590ff4d7a0772e98df9f446b1c1818ed7351da32180d8fd257f6ada69affd43e05

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\fossilize-replay.exe

Filesize
1.9MB

MD5
662390717a93963bd694ee341bf8834c

SHA1
6a0aec03050f082c672170092398d9c05103d326

SHA256
0aa520a18d0d6af823fa7deaf642b3a04a9625d5478579fddffa719df3ecefe1

SHA512
8f5bcf0baf6bae16e5e049a96a19bdefef3d9c0173363539eb820a6905c8348f270573469f7666480dc9b5460c662b3322201b22b4388c7113bf21ea5c6e205f

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\fossilize-replay64.exe

Filesize
2.2MB

MD5
6d2a8da67be0d49b4233b8cfda310655

SHA1
094808f820050e92008c4e4790d18e050237b669

SHA256
54db44a9de1d48be0fe8fefc2f126415dbc67d67b4a5eccdac63b99afbd156a2

SHA512
90c1ad204bb871f2f952666d00bcd9614d94dcea3a1aef56e0d3b818217e52778e60e9088e237cd062449d5d5a23264190a9e9d64d57b6a14ae41b9c8961b71b

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\friendsui.dll

Filesize
2.7MB

MD5
95aedfe4f9602a6d41c3ef7802c77e2a

SHA1
665817b301c31180af5e1ff1aa7070f3aaa85e3d

SHA256
8d868cb8f8f9152c37d1ed632fc52f4eaafb1781414f75401177f8a156574398

SHA512
eee57db94878bcb358ea98b3774735fd5aa3d8cc61e12e82420eeb59dfef65c236826f385b81e6113e9b147e12951805ffcfcc508c1d93bb043a819dc0f14886

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\gameoverlayui.dll

Filesize
4.1MB

MD5
6c464a3ea45d06958433c8a77616011b

SHA1
acdecbe2165c74caa7168d72ac2837736bc8e0a4

SHA256
0bce53f107113f6950aeb9dc10606be84a541d7e2a839339d9a01436d2e62528

SHA512
3f758b6843c47181d89d1909c4f037b848730c7f223022c0c315f74c433ad09bf6932232fc41dccd2d5cc759c90f5fd1062d70b6c8e7ac80066c3b00025a6ff2

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery.exe

Filesize
45KB

MD5
d6d6ddf71c2a46b4735c20ec16270ab6

SHA1
2e6d36d000a498c6811fcdc49dcf316bfbafa5ce

SHA256
0d422efdfa17dc6e1ebf0ed9e2902fd7c0eaa2f77b8a5a8f1df1478453a37ab8

SHA512
4b422c55cfca42f3f4ec441d7c01bf1ce6943ca00beb3919cc86bbd63a850bb859090b9f16cd0d0ad0723b662afaa2a994f4e319a7c5801af1fc57ad54708047

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery64.exe

Filesize
941KB

MD5
519ccd21fc4a0f26debd33320c50df57

SHA1
416c1d65e0dbae21b6f7c43e32c194581bd8488b

SHA256
23b4063251315814e188d64afe08ea49979f5fb2b74b86860e655a1a4d8fe4e3

SHA512
6e8b5d54b928ddf8ad33da84b7a38cc1b971ec9aaff95ac9c5ff73d5646d2044d99c69ec137b1acd86a9ceead2626bfac08281186452349890c11e302c58255e

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\mss32.dll

Filesize
430KB

MD5
d6d952c03fb8b6f9c63761213ec4d4af

SHA1
e12800f2bf9e09e6ae9dda5ac2f4b775781993f2

SHA256
9c832318a05290ebef3bd809cbbc7df70a08cbd86745899eaeb169d5a42bf99d

SHA512
587db5b9a224550ebb5a52f185824daae6ec2a60f457b7276c80bcd8d4bf4eb4bf36e2efff9280ebca7cb339836b50e338482a05e107a7192c51ad8b93c21f90

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\nattypeprobe.dll

Filesize
167KB

MD5
3eef78bedcf17ef62dea1b9e2e32a315

SHA1
85f4bf8ce205f869620ffd1fac8e7efac95eef84

SHA256
6ce4af10cf99f23627814f1a39eb4d95f01d1ba6630f6de02850f7994989ca6b

SHA512
b42d79d8249fcde2534afaf994a83ade60544ea18316efb67c8d08188947c08c70a047a2762f73cff70bd0a769aae8dd80231344346c3c7ba13363966dd6e99c

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\secure_desktop_capture.exe

Filesize
2.9MB

MD5
6c06586c48132af36c0aabd030484cec

SHA1
5ccf984a5e5f927b4d7693a655662fef508e9f36

SHA256
638c80a6930b34cad837693caeb004ab9238f6abe8ffabc7bef4ae1686785f85

SHA512
f22033bcdb412928067e314506f531425122820661baf81d62a048adf4a128d59141c00f3d4a5588b9b340b1b5e6fb2a56d28bdb6bcaae3105411786dc073335

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\steam_monitor.exe

Filesize
586KB

MD5
5eaa357eca8f4356e6bb0ee249ba56c8

SHA1
5d71cc683d46ced2546a2163b3053ecedf9a525e

SHA256
9604645cbe0b920c2525015070066e7afe3a726c0a67ac1abf87eb272ca29563

SHA512
9b65732eae19337686e63d77b5514a05cd767025a99d55183696dfaff9cf5a1b2e801bd78559c3c135900a5987a3a7eca8f9988fa9335a41ced965df66b110ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\steamservice.dll

Filesize
3.3MB

MD5
a391843cb0c97ddbff57a2e2b0ec46b8

SHA1
d01588c30f1a5ae08765c8049b912df591a0da09

SHA256
91d9de621e8322d33670c798580e1c7399267ec07bcd4346780f273cf320c21e

SHA512
040b133adf382c146b923467c3593bf54c3f98fad1a1ee64c3ea929a952245ebd04b86a6d87b6649096f126fce15f02f92fbcf476d910b5bace2c38ddd6a64df

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\steamservice.exe

Filesize
2.6MB

MD5
65da8c3eca673ca9c98ce34c99cbfbec

SHA1
a6db6f935ac9b22eb1ea0613aa0649db41c4dcda

SHA256
6308c87d0217cd836a57b444ff43f68c53f349c4e8ade3ebf76954e8a1e7d4e0

SHA512
b82416b32dd5e4473054163a1d0092d9cd718ddcf8e43c7ed599b66f0e4095a74b62bedfad66675358b0eab18f6cf7d5d4896151650072071e5e2106e962c676

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\steamxboxutil.exe

Filesize
630KB

MD5
5bc94d31d46102d155141ddc9e5ac995

SHA1
a290bf7f62cea51eb36dd467ce4fcfc0b7862f78

SHA256
e6c2b38a650f26cf4247f473a5c33df872eeae3226e60676fe7301eda9b51673

SHA512
67d57e2e14472f2c41dbc49aa17248ec5e55aecc73d3ea2adb470611da46db3c7f755d5ea56451cc53b2297336bdd8af7df09d3f7944fdcdabe94fda20f33ee0

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\steamxboxutil64.exe

Filesize
753KB

MD5
6d4f42d5ea6e2b9689644218cc1b2959

SHA1
1edab2241940026664baa9fa3d131c3e7b27ea9a

SHA256
913adb5459d4520c5b168cae6eb045a504ae40f97246b06081d0855ef4071a50

SHA512
14d5666faf01e833e1780181359635d4b2cf1064492bc8f45bfab286cb98eea6ffdde75b3d3d48bb35ef7e8a96a62eed17ff580944b406e66cdcb3549c721aad

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\vgui2_s.dll

Filesize
856KB

MD5
2cf03cda9a9e97620447691312383495

SHA1
9f8831f4eb52a94722af924a8d373819ea15e963

SHA256
2a7435bc81d17e7921e42ac20acb1809921236906389ceffc387950dee8a76b5

SHA512
aff9f3a008a6add92e4d7fcff60dadac5ebfb9cbc02aa315562f9f072dd59788fcee65dd344914f5aa5f1bc1882b9d83fe79929ff1bfdc4b07e1b0dc789de10e

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\vulkandriverquery.exe

Filesize
164KB

MD5
ff4b464dcfa3ebc944014a27d8b5af48

SHA1
c0cc060f6aa845198b62c9be2f23468a2321ec6e

SHA256
ccade755662703257f75b9d8516bb96721ceada66e262144327b8270ae039d9a

SHA512
9fcb677d3e97ea901c625a618db2a3567a0cb832802996cc01344d6d855a0e886a68f4953a99cc9e745c2b1ea28c7bfc72c4c6ce9df67b5bf84118977808b0a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\vulkandriverquery64.exe

Filesize
205KB

MD5
642945f9d53723afc1a91210822db414

SHA1
c5887b1b8641b0000ac5999c2ff4754f6d81af57

SHA256
3298de8065daa1e2b92422cb0b67e41935e577509b9910e6d94bb876abba3620

SHA512
568782cf8e47b952991af37b3e8f29fb7c962f03708d5746f68f0d1b3cb31610a252dce4de5924b753bcd30ff94168fb3da51e1e3802e36bfee05964d4080168

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\x64launcher.exe

Filesize
417KB

MD5
5ec250736baa9ac96474019a46934639

SHA1
c56b3bf92d935d433fc791dc278a175f0e2c072e

SHA256
d1de0b7f39a3e5d7959abe029019586bf3c88022444ba2800b86357e7788b043

SHA512
67d93007a3e47007dca9da9ecbfcfe46d3e918699e58fe9f04329238258de190f41d40e804f9ded3d89a013757d654e138190cca711635c19dd76432112c870e

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\x86launcher.exe

Filesize
393KB

MD5
fc43db07813a387ff97f57c9afbbc7e5

SHA1
52f7856cc0ed987153ea45afc174ddc0c1a8457a

SHA256
c7b9a100a8166517b5661dbd50ce321869009f18823f612fab7ce6b9c320408f

SHA512
6da543aa391613a1b5d62dbc64a30ac693524eac42f227165e0bedc5f7502a550849c46fdd66fb97e2c336d06738804f561dc15426d93579fdfb51cac2592c84

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\xpad.dll

Filesize
67KB

MD5
da9506e800e13da0abba32bb0c105382

SHA1
78447c8fc4633b86d3cea374fb619fb53e9f9ad7

SHA256
cc42da948da5be1186ed92265f2b5dd895795ac9ed264efe822b242946ad9f39

SHA512
e9161d557fb306f460251ed49fa056e5f7220e4fac859caafaf59db8a1cef0d52c320dbf97238bd73f54362afc232f9ee2c4e0fc79faeecfe382a00b12b11c90

Download Submit
C:\Users\Admin\AppData\Local\Temp\config\config.vdf

Filesize
1KB

MD5
6e6a2b18264504cc084caa3ad0bfc6ae

SHA1
b177d719bd3c1bc547d5c97937a584b8b7d57196

SHA256
f3847b5e4a40d9cf76df35398bb555117dfe3626c00a91f2babdedb619d6ad53

SHA512
74199ff275400b451642cde0a13b56709735676959d65da11ac76dd645ab11dac5de048ff7ede0cb8adb3a3056b3ecbeb3dc7481bac3768d02051e564c74b679

Download Submit
C:\Users\Admin\AppData\Local\Temp\config\config.vdf

Filesize
15KB

MD5
f3b9c288138f5ae006c042d317197737

SHA1
ff099b078cc7ed525546d2098f31e8cafd54ca96

SHA256
ea2af489110ff63fd237a6f0aa95fe0672a09ac07c68a012c963664c513d5417

SHA512
5b7dbcdecd2bc67c37585a4e00eaa72c810b1bd7b0e676df42071bb4f9ffede1f45077f35c3445e9fcd02ee3902d8c3ac62f58f251b6fe59de9e1ca02e850c85

Download Submit
C:\Users\Admin\AppData\Local\Temp\config\config.vdf

Filesize
22KB

MD5
e31568c106c26a49b35c681e28e45934

SHA1
580994047015b9b5e00490474b853ed7c21585cd

SHA256
d3c21bec04537785be89279eb54380025bacb6db05e3d08c6effa968367a706b

SHA512
4515d00cbe92443cfab9f71cbe33b4296ea7b2f45bcb51d25d5d32cc6539c8dfefc392054a96220cbcba2dc5e8b9845584c1d6486e6bc672d21ce3746238f1c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\config\config.vdf

Filesize
20KB

MD5
8138777950a46629bbf46f9c68718f02

SHA1
8972935d165abb0cf577e96b817cb292b92a61cd

SHA256
839f82ebadcf17bd6a1866afda153fd9d6f91afa48cee2576eca965c326510a7

SHA512
af4d8d6119c076cac2200030b0fc55127f31aef5e650ace8d48ffc6434c94f87ac3c8a542e1af53f93959e61cbb34521d069d3198b08e931118eaf4ec1723e48

Download Submit
C:\Users\Admin\AppData\Local\Temp\config\config.vdf

Filesize
18KB

MD5
ba545e02f6ef1103deb622c076fd4ba6

SHA1
87685de0d8b42617cc074bcb1a7c8617075cfdac

SHA256
fa4ecb122f74cd5f0f12f04e4a67b19b66084b1ac045e3420ec74a83dddbd1d1

SHA512
dfa40cb7eab794998bcf42a347cb33b0dde11d403db95940ad9fcf0f89f58eb8a778a61c7fdac6f82bbd02070da811561875dae920e33de84e3974cd76959fca

Download Submit
C:\Users\Admin\AppData\Local\Temp\config\config.vdf

Filesize
18KB

MD5
280a43b694a8831f95a462a9e1ccfac6

SHA1
6b40ca93bb157ceb77020ab6346885afa8153f1a

SHA256
0db8fd740b645be53dcd28dd8d9e9c629bfd395ef58649726fcdf7705b2d5c82

SHA512
6c8d27ab322219f484ac885083314e89e30cd507264b36bb1f768465308af699a282038484492ec3d6da863c6fcb46c46cd2e8bd8a38eac9b2331b27c446d660

Download Submit
C:\Users\Admin\AppData\Local\Temp\config\config.vdf

Filesize
22KB

MD5
157b6d30a702ecbc130897151836a8f7

SHA1
6b8db5626ca60c5577104822727dc70f9703c468

SHA256
cb0eed6707396664e0677915b7d8187ada403d6b0bfa7516e0618421058a1041

SHA512
6020044cfc310d99546631d9670b2ef746035043ae349068784675d8ebd8fe3cc309b15ba40a31297255517a0bccf17ed7e6f5c05c489cd6b3d84015bb554607

Download Submit
C:\Users\Admin\AppData\Local\Temp\config\config.vdf

Filesize
22KB

MD5
4e5bb06f87460c7443b91cb17081684d

SHA1
9fc5392599d7067e28abf9c472ed39e8bfc327dd

SHA256
c640e9e87d18d729502f67d9cc02ca8d5981dea85933e3cd7cd9fa8b04b51b6a

SHA512
3c10fddcd9bae0dab4a544560eff3e09acd5eb822236552880adbccf773cc06b3b3fe50ba5b760e1528b2c5b56cec90ced9f817669eb7ddccd994cbc5203b085

Download Submit
C:\Users\Admin\AppData\Local\Temp\config\config.vdf

Filesize
17KB

MD5
7cfa97d1b6cb0b258dabc686537d036f

SHA1
516c3915ab4d0ffae81fc0eb9c87b4fb86d2fa34

SHA256
46a1b5b9350293e5dda27d3c3c5b90a1feb8fcb559b811af5a0977c13b79b4d7

SHA512
4a33d4f1b391bad978feb86f8f9081edaa223382f2ce7887c634d2173fc89bfb0db30a9125533d2e6ef3955c3dba0a91b74565c8139da56eea9bae42b1e00202

Download Submit
C:\Users\Admin\AppData\Local\Temp\config\config.vdf

Filesize
20KB

MD5
0e2ee9a454e83c5afb9321a0a624732a

SHA1
9905df7d4532839a445eda2dd36d717dae3ca329

SHA256
f9d1e6aaa1fb5f05a2877d54aa786bba9376be4a2043b9a94f54c5f8932916b6

SHA512
6bf26a1dd9b046d7b79f5785bb0daff4d95ffde2bd8734810fc7c927ccf1f364de19ab5f85c42c80aacd25b867a47901f43c85713eaf5e02226e3209bad46e99

Download Submit
C:\Users\Admin\AppData\Local\Temp\config\config.vdf

Filesize
22KB

MD5
9dd48cb77f350e416664ccc8fe9dcf32

SHA1
1beb5d520a53941bb7e248ea3e96eb8200c781ea

SHA256
a397df0e99dd8beaaf610654a87728aed4eaa78d04a1ffe45010d21d2eb670ff

SHA512
b1aedf5f5268324b3a92e8da785192ab67853cb1955f8138c83b59d2de3127a76369dd24cfb46c8c31fb3c82ce97ab05aba5f9b75446b5be8a4e2106a6eb7d17

Download Submit
C:\Users\Admin\AppData\Local\Temp\config\config.vdf

Filesize
1KB

MD5
a2ec2e91c3ef8c42e22c4887d032b333

SHA1
e2c738a2e9400535b74e2263c7e7d1ecefe575f2

SHA256
8f9f970835f133258a7f740126012439385bbaa5a1d6a9d0d967a390977441c3

SHA512
b069d241efb19e09ec8b5e60ef6c43e00d5cc0f774b9340127c2180356dd1964ac625c1afdfaee5f99e72b26f56046fc329aadbbc365b403af765a55e9c9aab3

Download Submit
C:\Users\Admin\AppData\Local\Temp\config\config.vdf~RFe5af166.TMP

Filesize
184B

MD5
3cdebc58a05cdd75f14e64fb0d971370

SHA1
edf2d4a8a5fc017e29bf9fb218db7dd8b2be84fe

SHA256
661f122934bbc692266940a1fe2e5e51d4d460efb29d75695b8d5241c6e11da7

SHA512
289c40fae5ec1d3dd8b5b00dd93cf9cada2cb5c12bcfefea8c862ddf0a16dced15d6814dad771af9103b3a5d3016d301ee40058edde3fdea30d9767146d11cd6

Download Submit
C:\Users\Admin\AppData\Local\Temp\crashhandler.dll

Filesize
362KB

MD5
efbe2b162f5dda866f1a5ba708409b18

SHA1
32592f696575afbc10763ec0b4cfd6722d87ade1

SHA256
cc19e5ccc0c6e2152dd82ee24c04fe4f3f4d24702874c7c3801b59e206cef137

SHA512
fdbc2aee4a0fa0ca179ed3bfd2832601a7bb47105803274b096d147bc38141f4d8d45b6a1e1aa47f3344e5c564a8cbb2209893d07227029e16bb2e9170637e42

Download Submit
C:\Users\Admin\AppData\Local\Temp\crashhandler64.dll

Filesize
464KB

MD5
a4c9a0bd77bff3eef0a6423fcab96ca8

SHA1
420ed555fe83a64e87ba7b62e531ca28cc8bb4f7

SHA256
21f282cd137581b6f8a6e8ec072ad8e11e9cb509286f86c6e256a72bc476189f

SHA512
ab15b0071a506eff0200967de20f5e79d9642efe453ec0606a21d6adc919354b7a97e048aeb292f07a05894076035fb0be885bf9cc6b3e14f9aef9993923f80f

Download Submit
C:\Users\Admin\AppData\Local\Temp\d3dcompiler_46.dll

Filesize
3.1MB

MD5
c18caa9ba4f06a5d226a892df6dc1d72

SHA1
ed5d55e13cbe6912f3230ad1914777023bc7e188

SHA256
996e5b57c06b5614ee7b26936b29bace62218fb3cad3a28dba9e72bcc66d2698

SHA512
5e2ff504b285c7d48ac97f997a49ee668f407317fdc4d8b73587414e5830a43146c965b2c7d452422576530ac925293f5bdfafd9bfc507ce1a1a4ba824e915bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\d3dcompiler_46_64.dll

Filesize
3.7MB

MD5
52a41f0e49b2208df75609699fc7254c

SHA1
767a92ffbfd726ab4d09c17981caf448c6adedbf

SHA256
9614de7bac24091e2abaf70b3c852ddf9b92a48157c557c3c63d81d88d4d5ceb

SHA512
5b8ce62d69b9057e11091b48170dd805a913b87b25fc4fc343f9002e88c2331e040621c490e09f1eb9e1db61b08c3ee99c8598f78e033775a3e94b2d431505f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\dav1d.dll

Filesize
1.0MB

MD5
27e7b2632474ab74ffc0fae4ad68ef90

SHA1
81d61337044e198433f6b9105f8ee5baa7dd30b9

SHA256
41a835fcd9d66a69544d5a953ccbb9bb88310f3e3f2a0563cf3090aaff1e744a

SHA512
f276d0b59e9297bbf5d500ac98309b883f267ff12a3f1aec74e7fa23055c0cc7a4d309a68da827e33f752a9cb3e8f61eb231b9a7da3b4abb342fe1a15fc7b78d

Download Submit
C:\Users\Admin\AppData\Local\Temp\logs\bootstrap_log.txt

Filesize
47KB

MD5
e05003bc76e522ea25a5dc24fe54e037

SHA1
f2f8c3539487306cddabb81f5f889b0e8b3bc62b

SHA256
2e1cc95b29e0062580ee9f81389cc9e70a5a04af53d73e582bcf9efdfb309ba5

SHA512
1cd4f781604ef5917491e12bf2dc0ac43e45e513d54934784c31b375e8e2d8681adf1dc0f5d40b96da974a9c2090126af853db26ca807dbca8749cf380d78390

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\steam_client_metrics.bin

Filesize
2KB

MD5
bb6f86bce2f4bc051872cd1c56ae44ef

SHA1
34d6f81c092556242b2e8ea64dbafd962d5629c6

SHA256
7b0ecba26f95c309f8d774635287623d44fd48d7f486f119e31b0b45ea6aba39

SHA512
b35580e2b5331b440a7ec85521aa3705cbe707548f8f19a5aa34a614fb0d3b5e9ba0d76857480c62f0bf3691b40ced1af4e42c21155c3348eb714bc9840fb37a

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\steam_client_win32.installed

Filesize
462KB

MD5
396e31aecba390467258d23eab00b93f

SHA1
83d8acec4ef956bbacdcbb15496be8e448c16a53

SHA256
f4d605616d9aac5170d2969cdabf144a4bdacd95c6b727a689bfe162a6f56cfa

SHA512
321b179aae173a1438ee23c6ab3a8cac6ee71eeedf6c8bb1a356bead924cf28abd18fcf17b2ea3b0825b1a7a296b381ff11e187f1a5c850d239eac12310e4e0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\steam_client_win32.manifest

Filesize
8KB

MD5
023c4ba5aa36109489c08d74e3be66c5

SHA1
d871cd07767f079592f193cfdc21bde25136f3c9

SHA256
4a1c822b6baec70b962c87d14c97727383dcb132895dd34c408322b4acb8db66

SHA512
26c8a6023abdee82ace7f3523ef607639b05f3a16446815153836a59e3cfd44c9ac918ee50fe204bd3b5b4defce8bc51d6f5ed102b9b4b6b01314023f145da2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\tmp\graphics\[email protected]_

Filesize
15KB

MD5
577b7286c7b05cecde9bea0a0d39740e

SHA1
144d97afe83738177a2dbe43994f14ec11e44b53

SHA256
983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824

SHA512
8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\tmp\graphics\icon_button_news_mousedown.tga_

Filesize
20KB

MD5
00bf35778a90f9dfa68ce0d1a032d9b5

SHA1
de6a3d102de9a186e1585be14b49390dcb9605d6

SHA256
cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2

SHA512
342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\tmp\resource\filter_clean_bulgarian.txt.gz_

Filesize
23B

MD5
836dd6b25a8902af48cd52738b675e4b

SHA1
449347c06a872bedf311046bca8d316bfba3830b

SHA256
6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64

SHA512
6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

Download Submit
C:\Users\Admin\AppData\Local\Temp\public\steambootstrapper_english.txt

Filesize
4KB

MD5
27993eb75894ca4894db266ad9b5e61b

SHA1
4def653ee04b0514822b690052598435ec25e686

SHA256
fbc09c1b9a55d04b57be8fb2ad5ab58b38f76054ecd3d1b70440a2d08191b05b

SHA512
eaebeee5b1a7dfb9bdf661623554793d7ef7e15d9f9cf01f94da1eb0b84b88c8f24176463d15c407ebf670c5b7fd4052daea33ba43e75c1de2979487c4987bab

Download Submit
C:\Users\Admin\AppData\Local\Temp\steam.exe

Filesize
4.2MB

MD5
2ad6f35ecad640c8aea50f40752c2469

SHA1
4d51af6cb4d5d4af71eb75b94809922a8dba88cd

SHA256
be92837c03bcfe27e7b455ea3ce172b41115bd4a1b40a6c150eabd22b6904156

SHA512
144fc02a8c8c82ae60c29730cdfe47fe5038cf4f1db8347dd6250f71a218fbb8a02f932a6f71f77cff9a30acc44f48177afff8256896b8cc9bf45d4445d65b49

Download Submit
memory/712-12027-0x0000000000840000-0x0000000000CF2000-memory.dmp

Filesize
4.7MB

Download
memory/3944-12248-0x0000025FB7A60000-0x0000025FB7B8A000-memory.dmp

Filesize
1.2MB

Download
memory/3944-12249-0x0000025FB7E20000-0x0000025FB7EC9000-memory.dmp

Filesize
676KB

Download
memory/4028-12328-0x000000006E810000-0x000000006FB63000-memory.dmp

Filesize
19.3MB

Download
memory/4028-12178-0x000000006E810000-0x000000006FB63000-memory.dmp

Filesize
19.3MB

Download
memory/4028-12299-0x000000006E810000-0x000000006FB63000-memory.dmp

Filesize
19.3MB

Download
memory/4028-12250-0x000000006E810000-0x000000006FB63000-memory.dmp

Filesize
19.3MB

Download
memory/4028-12264-0x000000006E810000-0x000000006FB63000-memory.dmp

Filesize
19.3MB

Download
memory/4028-12371-0x000000006E810000-0x000000006FB63000-memory.dmp

Filesize
19.3MB

Download
memory/4028-12285-0x000000006E810000-0x000000006FB63000-memory.dmp

Filesize
19.3MB

Download
memory/4028-12385-0x000000006E810000-0x000000006FB63000-memory.dmp

Filesize
19.3MB

Download
memory/4028-12390-0x000000006E810000-0x000000006FB63000-memory.dmp

Filesize
19.3MB

Download
memory/4028-12269-0x000000006E810000-0x000000006FB63000-memory.dmp

Filesize
19.3MB

Download
memory/4028-12279-0x000000006E810000-0x000000006FB63000-memory.dmp

Filesize
19.3MB

Download
memory/4028-12274-0x000000006E810000-0x000000006FB63000-memory.dmp

Filesize
19.3MB

Download
memory/6172-12128-0x00007FFC8FF20000-0x00007FFC8FF21000-memory.dmp

Filesize
4KB

Download
memory/6172-12129-0x00007FFC8EC90000-0x00007FFC8EC91000-memory.dmp

Filesize
4KB

Download
memory/6172-12247-0x00000144F55C0000-0x00000144F56EA000-memory.dmp

Filesize
1.2MB

Download
memory/8904-12242-0x0000026DFBE70000-0x0000026DFBF19000-memory.dmp

Filesize
676KB

Download
memory/9400-12349-0x000001ACBAB10000-0x000001ACBAC3A000-memory.dmp

Filesize
1.2MB

Download