7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb

Analysis

max time kernel
899s
max time network
899s
platform
windows11-21h2_x64
resource
win11-20250313-en
resource tags

arch:x64arch:x86image:win11-20250313-enlocale:en-usos:windows11-21h2-x64system
submitted
27/03/2025, 10:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Steam.exe
Size

4.2MB
MD5

33bcb1c8975a4063a134a72803e0ca16
SHA1

ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65
SHA256

12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1
SHA512

13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49
SSDEEP

98304:7JeV/ztZBe91oiImuUiK9N9EGQKF9lSHbr7aw:1S/hwkmg4EpbrOw

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 7 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping17504_1701566452\_platform_specific\win_x64\widevinecdm.dll.sig	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping17504_1701566452\_platform_specific\win_x64\widevinecdm.dll	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping17504_1701566452\LICENSE	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping17504_1701566452\manifest.json	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping17504_1701566452\_metadata\verified_contents.json	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping17504_1701566452\manifest.fingerprint	steamwebhelper.exe

Executes dropped EXE 14 IoCs

pid	Process
8220	Steam.exe
17428	steamsysinfo.exe
17504	steamwebhelper.exe
17576	steamwebhelper.exe
17800	steamwebhelper.exe
18008	steamwebhelper.exe
18180	gldriverquery64.exe
18568	steamwebhelper.exe
18872	steamwebhelper.exe
19632	gldriverquery.exe
19856	vulkandriverquery64.exe
20124	vulkandriverquery.exe
6116	steamwebhelper.exe
5432	steamwebhelper.exe

Loads dropped DLL 64 IoCs

pid	Process
8220	Steam.exe
8220	Steam.exe
8220	Steam.exe
8220	Steam.exe
8220	Steam.exe
8220	Steam.exe
8220	Steam.exe
8220	Steam.exe
8220	Steam.exe
8220	Steam.exe
8220	Steam.exe
8220	Steam.exe
8220	Steam.exe
8220	Steam.exe
8220	Steam.exe
17428	steamsysinfo.exe
17428	steamsysinfo.exe
17428	steamsysinfo.exe
17504	steamwebhelper.exe
17504	steamwebhelper.exe
17504	steamwebhelper.exe
17504	steamwebhelper.exe
17576	steamwebhelper.exe
17576	steamwebhelper.exe
17576	steamwebhelper.exe
8220	Steam.exe
8220	Steam.exe
17800	steamwebhelper.exe
17800	steamwebhelper.exe
17800	steamwebhelper.exe
17800	steamwebhelper.exe
17800	steamwebhelper.exe
17800	steamwebhelper.exe
17800	steamwebhelper.exe
17800	steamwebhelper.exe
17800	steamwebhelper.exe
17800	steamwebhelper.exe
17504	steamwebhelper.exe
17504	steamwebhelper.exe
17504	steamwebhelper.exe
18008	steamwebhelper.exe
18008	steamwebhelper.exe
18008	steamwebhelper.exe
17504	steamwebhelper.exe
18008	steamwebhelper.exe
8220	Steam.exe
18568	steamwebhelper.exe
18568	steamwebhelper.exe
18568	steamwebhelper.exe
18568	steamwebhelper.exe
18872	steamwebhelper.exe
18872	steamwebhelper.exe
18872	steamwebhelper.exe
18872	steamwebhelper.exe
18872	steamwebhelper.exe
6116	steamwebhelper.exe
6116	steamwebhelper.exe
6116	steamwebhelper.exe
6116	steamwebhelper.exe
5432	steamwebhelper.exe
5432	steamwebhelper.exe
5432	steamwebhelper.exe
5432	steamwebhelper.exe
5432	steamwebhelper.exe

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	gldriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vulkandriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steamsysinfo.exe

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Steam.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe

Modifies system certificate store 2 TTPs 6 IoCs

defense_evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	Steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	Steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	Steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	Steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	Steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	Steam.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
8220	Steam.exe
8220	Steam.exe
8220	Steam.exe
8220	Steam.exe
8220	Steam.exe
8220	Steam.exe
8220	Steam.exe
8220	Steam.exe
8220	Steam.exe
8220	Steam.exe
5432	steamwebhelper.exe
5432	steamwebhelper.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
8220	Steam.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2020	Steam.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	17504	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17504	steamwebhelper.exe
Token: SeShutdownPrivilege	17504	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17504	steamwebhelper.exe
Token: SeShutdownPrivilege	17504	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17504	steamwebhelper.exe
Token: SeShutdownPrivilege	17504	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17504	steamwebhelper.exe
Token: SeShutdownPrivilege	17504	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17504	steamwebhelper.exe
Token: SeShutdownPrivilege	17504	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17504	steamwebhelper.exe
Token: SeShutdownPrivilege	17504	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17504	steamwebhelper.exe
Token: SeShutdownPrivilege	17504	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17504	steamwebhelper.exe
Token: SeShutdownPrivilege	17504	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17504	steamwebhelper.exe
Token: SeShutdownPrivilege	17504	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17504	steamwebhelper.exe
Token: SeShutdownPrivilege	17504	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17504	steamwebhelper.exe
Token: SeShutdownPrivilege	17504	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17504	steamwebhelper.exe
Token: SeShutdownPrivilege	17504	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17504	steamwebhelper.exe
Token: SeShutdownPrivilege	17504	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17504	steamwebhelper.exe
Token: SeShutdownPrivilege	17504	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17504	steamwebhelper.exe
Token: SeShutdownPrivilege	17504	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17504	steamwebhelper.exe
Token: SeShutdownPrivilege	17504	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17504	steamwebhelper.exe
Token: SeShutdownPrivilege	17504	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17504	steamwebhelper.exe
Token: SeShutdownPrivilege	17504	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17504	steamwebhelper.exe
Token: SeShutdownPrivilege	17504	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17504	steamwebhelper.exe
Token: SeShutdownPrivilege	17504	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17504	steamwebhelper.exe
Token: SeShutdownPrivilege	17504	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17504	steamwebhelper.exe
Token: SeShutdownPrivilege	17504	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17504	steamwebhelper.exe
Token: SeShutdownPrivilege	17504	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17504	steamwebhelper.exe
Token: SeShutdownPrivilege	17504	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17504	steamwebhelper.exe
Token: SeShutdownPrivilege	17504	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17504	steamwebhelper.exe
Token: SeShutdownPrivilege	17504	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17504	steamwebhelper.exe
Token: SeShutdownPrivilege	17504	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17504	steamwebhelper.exe
Token: SeShutdownPrivilege	17504	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17504	steamwebhelper.exe
Token: SeShutdownPrivilege	17504	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17504	steamwebhelper.exe
Token: SeShutdownPrivilege	17504	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17504	steamwebhelper.exe
Token: SeShutdownPrivilege	17504	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	17504	steamwebhelper.exe

Suspicious use of FindShellTrayWindow 16 IoCs

pid	Process
17504	steamwebhelper.exe
17504	steamwebhelper.exe
17504	steamwebhelper.exe
17504	steamwebhelper.exe
17504	steamwebhelper.exe
17504	steamwebhelper.exe
17504	steamwebhelper.exe
17504	steamwebhelper.exe
17504	steamwebhelper.exe
17504	steamwebhelper.exe
17504	steamwebhelper.exe
17504	steamwebhelper.exe
17504	steamwebhelper.exe
17504	steamwebhelper.exe
17504	steamwebhelper.exe
17504	steamwebhelper.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
17504	steamwebhelper.exe
17504	steamwebhelper.exe
17504	steamwebhelper.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
8220	Steam.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2020 wrote to memory of 8220	2020	Steam.exe	79
PID 2020 wrote to memory of 8220	2020	Steam.exe	79
PID 2020 wrote to memory of 8220	2020	Steam.exe	79
PID 8220 wrote to memory of 17428	8220	Steam.exe	80
PID 8220 wrote to memory of 17428	8220	Steam.exe	80
PID 8220 wrote to memory of 17428	8220	Steam.exe	80
PID 8220 wrote to memory of 17504	8220	Steam.exe	82
PID 8220 wrote to memory of 17504	8220	Steam.exe	82
PID 17504 wrote to memory of 17576	17504	steamwebhelper.exe	83
PID 17504 wrote to memory of 17576	17504	steamwebhelper.exe	83
PID 17504 wrote to memory of 17800	17504	steamwebhelper.exe	84
PID 17504 wrote to memory of 17800	17504	steamwebhelper.exe	84
PID 17504 wrote to memory of 17800	17504	steamwebhelper.exe	84
PID 17504 wrote to memory of 17800	17504	steamwebhelper.exe	84
PID 17504 wrote to memory of 17800	17504	steamwebhelper.exe	84
PID 17504 wrote to memory of 17800	17504	steamwebhelper.exe	84
PID 17504 wrote to memory of 17800	17504	steamwebhelper.exe	84
PID 17504 wrote to memory of 17800	17504	steamwebhelper.exe	84
PID 17504 wrote to memory of 17800	17504	steamwebhelper.exe	84
PID 17504 wrote to memory of 17800	17504	steamwebhelper.exe	84
PID 17504 wrote to memory of 17800	17504	steamwebhelper.exe	84
PID 17504 wrote to memory of 17800	17504	steamwebhelper.exe	84
PID 17504 wrote to memory of 17800	17504	steamwebhelper.exe	84
PID 17504 wrote to memory of 17800	17504	steamwebhelper.exe	84
PID 17504 wrote to memory of 17800	17504	steamwebhelper.exe	84
PID 17504 wrote to memory of 17800	17504	steamwebhelper.exe	84
PID 17504 wrote to memory of 17800	17504	steamwebhelper.exe	84
PID 17504 wrote to memory of 17800	17504	steamwebhelper.exe	84
PID 17504 wrote to memory of 17800	17504	steamwebhelper.exe	84
PID 17504 wrote to memory of 17800	17504	steamwebhelper.exe	84
PID 17504 wrote to memory of 17800	17504	steamwebhelper.exe	84
PID 17504 wrote to memory of 17800	17504	steamwebhelper.exe	84
PID 17504 wrote to memory of 17800	17504	steamwebhelper.exe	84
PID 17504 wrote to memory of 17800	17504	steamwebhelper.exe	84
PID 17504 wrote to memory of 17800	17504	steamwebhelper.exe	84
PID 17504 wrote to memory of 17800	17504	steamwebhelper.exe	84
PID 17504 wrote to memory of 17800	17504	steamwebhelper.exe	84
PID 17504 wrote to memory of 17800	17504	steamwebhelper.exe	84
PID 17504 wrote to memory of 17800	17504	steamwebhelper.exe	84
PID 17504 wrote to memory of 17800	17504	steamwebhelper.exe	84
PID 17504 wrote to memory of 18008	17504	steamwebhelper.exe	87
PID 17504 wrote to memory of 18008	17504	steamwebhelper.exe	87
PID 8220 wrote to memory of 18180	8220	Steam.exe	88
PID 8220 wrote to memory of 18180	8220	Steam.exe	88
PID 17504 wrote to memory of 18568	17504	steamwebhelper.exe	90
PID 17504 wrote to memory of 18568	17504	steamwebhelper.exe	90
PID 17504 wrote to memory of 18568	17504	steamwebhelper.exe	90
PID 17504 wrote to memory of 18568	17504	steamwebhelper.exe	90
PID 17504 wrote to memory of 18568	17504	steamwebhelper.exe	90
PID 17504 wrote to memory of 18568	17504	steamwebhelper.exe	90
PID 17504 wrote to memory of 18568	17504	steamwebhelper.exe	90
PID 17504 wrote to memory of 18568	17504	steamwebhelper.exe	90
PID 17504 wrote to memory of 18568	17504	steamwebhelper.exe	90
PID 17504 wrote to memory of 18568	17504	steamwebhelper.exe	90
PID 17504 wrote to memory of 18568	17504	steamwebhelper.exe	90
PID 17504 wrote to memory of 18568	17504	steamwebhelper.exe	90
PID 17504 wrote to memory of 18568	17504	steamwebhelper.exe	90
PID 17504 wrote to memory of 18568	17504	steamwebhelper.exe	90
PID 17504 wrote to memory of 18568	17504	steamwebhelper.exe	90
PID 17504 wrote to memory of 18568	17504	steamwebhelper.exe	90
PID 17504 wrote to memory of 18568	17504	steamwebhelper.exe	90
PID 17504 wrote to memory of 18568	17504	steamwebhelper.exe	90
PID 17504 wrote to memory of 18568	17504	steamwebhelper.exe	90
PID 17504 wrote to memory of 18568	17504	steamwebhelper.exe	90

C:\Users\Admin\AppData\Local\Temp\Steam.exe
"C:\Users\Admin\AppData\Local\Temp\Steam.exe"
1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies system certificate store
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:2020
- C:\Users\Admin\AppData\Local\Temp\Steam.exe
  C:\Users\Admin\AppData\Local\Temp\Steam.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:8220
- - C:\Users\Admin\AppData\Local\Temp\steamsysinfo.exe
    C:\Users\Admin\AppData\Local\Temp\steamsysinfo.exe -steamid 0 -buildid 1741737356 -logdir C:\Users\Admin\AppData\Local\Temp\logs -query 1 -out-file C:\Users\Admin\AppData\Local\Temp\E788.tmp
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:17428
- - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
    C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe -nocrashdialog "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=8220" "-buildid=1741737356" "-steamid=0" "-logdir=C:\Users\Admin\AppData\Local\Temp\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Users\Admin\AppData\Local\Temp\clientui" "-steampath=C:\Users\Admin\AppData\Local\Temp\Steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"
    3⤵
    - Drops file in Windows directory
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:17504
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\dumps "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1741737356 --initial-client-data=0x28c,0x290,0x294,0x288,0x298,0x7ffc6d7daf00,0x7ffc6d7daf0c,0x7ffc6d7daf18
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:17576
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1741737356 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1548,i,1512476370485853090,15774426741408095880,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1552 --mojo-platform-channel-handle=1544 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:17800
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1741737356 --steamid=0 --field-trial-handle=2144,i,1512476370485853090,15774426741408095880,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2148 --mojo-platform-channel-handle=2136 /prefetch:11
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:18008
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1741737356 --steamid=0 --field-trial-handle=2828,i,1512476370485853090,15774426741408095880,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2832 --mojo-platform-channel-handle=2824 /prefetch:13
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:18568
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1741737356 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3288,i,1512476370485853090,15774426741408095880,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3292 --mojo-platform-channel-handle=3284 /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:18872
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1741737356 --steamid=0 --field-trial-handle=3844,i,1512476370485853090,15774426741408095880,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3848 --mojo-platform-channel-handle=3840 /prefetch:14
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:6116
  - - C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1741737356 --steamid=0 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3992,i,1512476370485853090,15774426741408095880,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3996 --mojo-platform-channel-handle=3988 /prefetch:10
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      PID:5432
- - C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery64.exe
    .\bin\gldriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:18180
- - C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery.exe
    .\bin\gldriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:19632
- - C:\Users\Admin\AppData\Local\Temp\bin\vulkandriverquery64.exe
    .\bin\vulkandriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:19856
- - C:\Users\Admin\AppData\Local\Temp\bin\vulkandriverquery.exe
    .\bin\vulkandriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:20124

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004CC 0x00000000000004B8
1⤵
PID:17984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
6d9517adce5c3d966ea25463ae57f25f

SHA1
b5b77031f0478f2e6e72a40904276ffb462c35f5

SHA256
00a0e02824648d9141059d5b49e72da9fc066b21505f042f594c93f9950de9d8

SHA512
8f74843b020d9936a3fad60cac65b416e1109e79e02c001b9c3a1c694e45abe253ae0059f25af26fad8c193f2987947ce6144a481ffd51cf129995fb453bdc56

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\wasm\index-dir\temp-index

Filesize
48B

MD5
2968d946b94e49a2409c39de3ca0594c

SHA1
a8a664327a8976ec114bb30bec7372cfeb132d82

SHA256
07168b12e5cfa0673ccfcd7ddd0788b15bdd716ee779f8ae61f3c24189bb460c

SHA512
72591ce87e2c77722c93fd05847fa720c00ec4adace9a0e1cb4bcfae9c7bf6d28e36a98bebee5826d6a9a735bed407227ffeb0b2584030587466846f713702d3

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Local Storage\leveldb\000001.dbtmp

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
710B

MD5
26c915617d61bb2fc01bae83b1f0a3cb

SHA1
0a6bcc246f6959e94f61cabcd0fdfe3b04680e01

SHA256
8daf0273422faa55ddb35b70d180629cb0e476186a07881c5cdeaa23e0b91bcc

SHA512
1c0b24aad2054646d62872aa67711d82dfa0df8c703966bfdb3e8a14f8137de1b8f029bc6626fe26b192b63b392051f554caac59869512ae475236080f818ce6

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
822B

MD5
5c9fe2d3b23ac5573f28cc384384686a

SHA1
6416526ef6ade3f9dfc94e8c9a18249efcf2aff1

SHA256
12f0cf0e9280b689c8af9d4b7755450a7bc0849e6b9bc1de84647a11f8bba01d

SHA512
80b54226bb2a3d48b64812d9b93d844aa4338864c9c094682c3cd84f5f338facaa16861877629bbcca23b0bf1cfe3e8631592f719bd7d4debc512e70b8f0443f

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json~RFe5b01e1.TMP

Filesize
529B

MD5
febc4e57f8ba1c5097dc4dcc7b559f93

SHA1
12130e140912378c00421ef14c11ebc2a00783de

SHA256
6341ef74c3b907dc8dd6631b6841858c6a78e731ddeb49a01354c6efc66f07d0

SHA512
9019dc303e15d031e476f1c4b71accdba8508fdf2855f041e4a616f1e202ef0f1343365f293ad448cab04abf1b890c266883c3d7c341d0834f25d04eaeab9b29

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
300B

MD5
9230353ae20b6c2a222f0a77f3866b64

SHA1
e5d44adcb5d676a31f70f1cfbb93cf5b99eaea8c

SHA256
fa5fb8f79e20923e192816a2063f95df3acbd1d4aaa99883efa5a8024dec74ba

SHA512
7b497edb3813047dacb6990c74995a3595a402fc90e000560a4075066186a3b0d608a14559320a50664f3ee2ebd6762e5266c08446dc64392b7c91aa419c0676

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State~RFe5b1588.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\SDL3.dll

Filesize
2.1MB

MD5
9af79dbd72239de84ef1ebd6a2cc0de0

SHA1
cb44a8d6086cdb4ae46a1513879135b3c5a3773a

SHA256
78363a2b9645eb0e8c02fea4c0586d16937f934e7780982a348714a47bbd5b53

SHA512
4501fbfd6f9fa6e4a4a2ddf2d50de780ce25a22bc4775640ddd96265f21707cc634423b235d40eb7cc6f74c4126f1b9a8f289c2ef3e175f1eea097fb9b826e1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\SDL3.dll

Filesize
2.5MB

MD5
56df193fbdb4082a1b14c7a047f93fa4

SHA1
76a398371d322c09b19049eefe2335fdd795fb8e

SHA256
40feab77ac72eb4f7700d5d9d037230d2f17f2e31add29f101ea8227ef98d111

SHA512
7c21f39ec7882e7ebe3b81aa11094017ff19048973ee5699f7e9587ed8fe68dbfc9e7a065112158bc6866a4b526391ba04b8871f839fb3a2cc42e34044864a1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\chrome_100_percent.pak

Filesize
665KB

MD5
ba24f7efcb97f1ecd06f71a4e38d9554

SHA1
d3cc1139e276bce735c6335e6b8eabf95c15e783

SHA256
5bae7e1edacb8da2abb5c64853ffd3d5be0f2f495ce9d45364c313390db78e0f

SHA512
963ba34897812f409d2b4898bd3307725164e9f59b2b3e10b7d04a1a31452096237aef6ee4c89885c96eb82e003f53c58881300810106c6bab12b9937e747b53

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\chrome_200_percent.pak

Filesize
1.0MB

MD5
16e85e5e11ef09e3a9c671952931e266

SHA1
140729a22beb3a3760ab14b65252446c34db00ec

SHA256
708180733b8f697c433329a07453a93995d4dfce09faf41e51697695ad7a8f4c

SHA512
0515d5fa9acf143ce7d14b59b80dedbd8d5c2f9f8a4b55d834fd4ef4c491f587f99384256c2dbf45f84a4b4eb44dd72e86557bf3e966b80550700e59854b0270

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\chrome_elf.dll

Filesize
1.3MB

MD5
ec6fc0fec2b1ad49563384e6e44dfea8

SHA1
5ae50588330661aa3a42d45eaa8a5ef6d88db480

SHA256
e110ed6991fef2590b44c2b038bd675701690d9565d156656c015c18af78367a

SHA512
150fcfd54632f1a2780c8d345a27be452c8c8f6fcacec2dcbc25fda61b21e2a26239944e95551a74393b14fd4cee8dd723395f0ca8289a0b9bbf4a2b7d3b4719

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\crash_reporter.cfg

Filesize
378B

MD5
7c01a72366527ef0b29a4c5c1261828a

SHA1
8074b1825d3b61cbdba8eb4b5582548ac46a3c90

SHA256
e2a5bdc16e549bcead4addca465011c05df7f161ef88a854a70dc11999200138

SHA512
ebea073b355d53b988b683c44d27cc0748255648763cd7f69dcd5ffb802dab4be38519e87af9f3437574527831b95611532d26385aa2b276d8bb13739893e34a

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\icudtl.dat

Filesize
10.0MB

MD5
ffd67c1e24cb35dc109a24024b1ba7ec

SHA1
99f545bc396878c7a53e98a79017d9531af7c1f5

SHA256
9ae98c06cbb0ea43c5cd6b5725310c008c65e46072421a1118cb88e1de9a8b92

SHA512
e1a865e685d2d3bacd0916d4238a79462519d887feb273a251120bb6af2b4481d025f3b21ce9a1a95a49371a0aa3ecf072175ba756974e831dbfde1f0feaeb79

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\locales\en-US.pak

Filesize
467KB

MD5
796cf132ed80eee3dff08c20554156cf

SHA1
0941cdd68c45d32dc8b6aff229f2fee37299825c

SHA256
ec3bf34eaa69c30da913923aa5e86866934e8cdfc60f14018d9e2a7244b864ae

SHA512
207478bffb429362e857abc21cfeff7d40054dbe670ba8a445047b54c93c6dfe0061fe6d44970c82b7eb1df7e6c84b275383b6a69dbedf5777ef901e4aa9e9d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\resources.pak

Filesize
8.3MB

MD5
f6785e7ef79adb7e54cf19e788ceb44d

SHA1
938b489d9f61c52e5445b6c0b31139b4a40f7796

SHA256
eb6a49f1c000e866ddd9535fde1b9f17a9c7be8a121acf92fd353812c0ce8a93

SHA512
11cf41e27c59c9f2e8f875416d9d68901460d7cab9ba0653e9423f0f26d64895d53da0fc398d011fbc8652708f5faf24c0f46fec6fb01dc6254af820f4affd7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe

Filesize
7.4MB

MD5
b247a04202aa348c8aa08642476b22c9

SHA1
f298fb55f271cf8858f21b182ad1c9a3a3ed98a0

SHA256
c178d31fbd980c56f4905196c0d0ca823af2d58c7435e05230737788cb99c5af

SHA512
ae0799e4216e737d6b8522bd9caf5bb326c81cbe22c48fb8650da9dd65992510f86627887bc7405210ebaabd2402b71e20050029a6fc027613e1196abc0b9bea

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\chromehtml.dll

Filesize
1.4MB

MD5
a263ea02ce79bfc9545c0d47932c1ced

SHA1
27eabb45544337c5182f87c6583a1a428e9f66e2

SHA256
5fc8cf4f9d03a91ed5dfccfce68fd3d10b96e752851fc70c76f195e902265a9d

SHA512
78c8c1ae8fcf58e8743fc0c331032071b3d9ddaf1c60e86a78aef3b591fe6f40e8ae40995a36e300978f0a5553b81576b41e30a6f836e410a00b124c702cda01

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\filesystem_stdio.dll

Filesize
208KB

MD5
f37d26e32d5d28d62ff9ff2f4010e8f7

SHA1
0f156278458aa01b662b3ac00aa5c862a6fb767c

SHA256
4296fd28b3d86a088e54557eb79f8f5fcbbb8c3b26985dc67a3a55ee117a7166

SHA512
6cca6c15308b29602c13bbc66e5e2625aa1e9b6f34da303ff78fe24aa719c5fbad1cb006b67599962f6d91aa5cc82d27f9193f347d4bc74609c5e4d0d7d1eab6

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\vgui2_s.dll

Filesize
856KB

MD5
7a7216cff1cbe9f6f0d294596b4accae

SHA1
b3a8ea312a9129f981f890829af4c15555dc8bd0

SHA256
ecee12fab2894cc38b3788fb4acc0cbc94760aa54af5da1eacd924ddca6a5b82

SHA512
9aead4bbed47ed7b0bd34c244a0b88c9229930c250f6100860c8d95eadc1550a232f9546b7b8e6fefa80c65f1b7ad727a62fec802890663505a2daa73aa41a2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\config\config.vdf

Filesize
12KB

MD5
c6a9fb49ff095e17fb5a30ec372b33dc

SHA1
22f04fc535eabc54a45fc5aee4d04de27d86bec2

SHA256
b976615e97358d18247264dfa76e6665b6c0a68332592168d0325329b22520c1

SHA512
8d1658a7e8db8f058f9ff7e94e407320ab21d863dc345dfbc62b98fd0f8fce1a1a38398305378371ea260cab98669cf54667e152a84ea68c818f3d36ea554059

Download Submit
C:\Users\Admin\AppData\Local\Temp\config\config.vdf

Filesize
23KB

MD5
1234704f4f696d59d29749737ac95dbd

SHA1
022949fba28f3e2c5ef931871c3f742e7205ae33

SHA256
6da9f2aefbfb21197d001453174488130afe3f841bcbceb52d3701eabb94e054

SHA512
9523091a2056ce99ce6babc3083f6490890c907d0a844c4682777e92aed309fe11946fec20106a6e7d614f9359edacb28b9a4cc3d5cf45fb560b3e507660536b

Download Submit
C:\Users\Admin\AppData\Local\Temp\config\config.vdf

Filesize
21KB

MD5
1a548ad276f7c221d51f97d0a103fe67

SHA1
fc12d723167bce269a7f793dd46f226f3215fd7e

SHA256
0bb6e3d899381ea3f53370aa887b49da3a2ee2ef2c00367fbf9b43e47c50c28e

SHA512
6007c27a7785532f95136486786268792b4bdfcdd2cbecda5e00503769726fed6c949e21f5c00b902f23079d735149e84a3432dbbb4c71e4ae0f6c71897b6e91

Download Submit
C:\Users\Admin\AppData\Local\Temp\config\config.vdf

Filesize
25KB

MD5
b47461264ba5c66306cbfd2129de65b0

SHA1
56a688153f3a93c64739360039d2736370621923

SHA256
9959b8f464a577fee57d729dedac9c758909324cfe574b5a10f2753b86a2279b

SHA512
e942ab190ce22a46625c186820ae9deafe993d591ac8dea7499b5b19391c7863c497953fd41f5816ccc797d6ba75f790349d5659be5394a173e89e7f509e6903

Download Submit
C:\Users\Admin\AppData\Local\Temp\config\config.vdf

Filesize
20KB

MD5
7d0d59c7314871cf419551c6ae3162b6

SHA1
70d62fb2abf4aa078cb3f80103f55bc028a44c0e

SHA256
026aca6a8287c0cc413ff5faffd60e12a03fafc86af9b610cf0d51e6fcf9944e

SHA512
48caee7dfb11b9b14725770ad2f907c12d36effa2090a6e1a569fc6182cc17d7089b7a86c38732f0b703abc61e721a8127f346885573adc29dadd8676c494a63

Download Submit
C:\Users\Admin\AppData\Local\Temp\config\config.vdf

Filesize
25KB

MD5
41ca4dff5e6ba1fe97ef83b67848f433

SHA1
42b381f8a33ee0d43a0cf5a8e287bcee4243aebb

SHA256
b299ac88d2d9706f68daec748f69153dad856ed45e1508623a7f8bf06d072636

SHA512
af097d072a12cf113585b4b4b93ac3e79b44856346fb20be0a416b7c81f56cb243a16e8f61c881543306feae8bacd671329baf8dbbf28aab5e6ba4f3c98189d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\config\config.vdf

Filesize
24KB

MD5
04858c93930bebbe5d00dd0af0c83967

SHA1
f795b4acef714827ff6a892145d48219a455132a

SHA256
87652dd9200d0f9b9942d0080fdacca78c4e7a04d2c96d8c8b9a1b2e9ead7794

SHA512
38cf1924b0adf17f2792857e4a713c15e6f2cb0b31e284f1d55d8139a35adf94907c58c75adad851c7997a35b5351cd3d501e4361fe5d4b47ae1a7d4e01f7073

Download Submit
C:\Users\Admin\AppData\Local\Temp\config\config.vdf

Filesize
22KB

MD5
9735ab8f839b0a3bcdb5d95a4ca88f5f

SHA1
616dd18f43b2f7cddc022b1490078c04f0c8de8d

SHA256
e3d863aac997395372f7ae660cf9c8a5e68bba5f5de4246cf266f45f1203b704

SHA512
4f7f20f82b43e2b00a97733ce783ea6708a77bfb26ae9d96e20741397544e2d9147a4cbe0378584f9dbbe8ce84e30dc8cefa58f7734e70a3002ea45530664eeb

Download Submit
C:\Users\Admin\AppData\Local\Temp\config\config.vdf

Filesize
18KB

MD5
3feb8c99c16e389b1b888bad7c443be4

SHA1
fb3b7c675923da31a6f8893efcb51ac27848a54e

SHA256
f5aa8269a6e4f853466b5eff76b23e109067a5631b6964b8b7f3dc622cb40e85

SHA512
cb01f657e8bed3165e3f9c47171d5e678c12055d1fbb4e3c1a9f75396964fd610a838c049a50f2f64a61a6d7c687371cb7ce51c162be242f3144a2333ce71ae7

Download Submit
C:\Users\Admin\AppData\Local\Temp\config\config.vdf

Filesize
20KB

MD5
d79fd2602b13a3199c3e7e3f918103f4

SHA1
c0501ce637c041b722158c2311161d44911cd421

SHA256
ad302e80aae2b2b9aa64bf1df3ecd4c17fdc7ff5c0797be2fa24ac997db25b71

SHA512
20550b184f0589b4c0cdc775106f68bcb9edd3641e721c503e27d98aab40ee87389c6ef2d2c521687a605fe2fe9efb85711344e70d505c4502e7b186f5f8bc7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\config\config.vdf

Filesize
18KB

MD5
df064172e6f6f79e71c0ba8ded98609c

SHA1
e1b7844a65db7ff1212defe7fc83e4d83b56487c

SHA256
aaa170e198705464169f4a6256cfb37642c1cca96928396ff59069eb2515232c

SHA512
c9f425047974da5c87349e82d972010774821238a793842a94275badae14492089e767513141478a8bfca5e3df7a26893b17a277a45bc1a444f86909be1e5b4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\config\config.vdf

Filesize
18KB

MD5
503fe023ff1e83e559ba14aa8fb124c6

SHA1
850ec284472222dc0204d455c39e1d71729ae7e4

SHA256
363ff58f80e52e118222dd2457700bc65150f2f1503339783f75141ff0892a5e

SHA512
c5f0f2de232fa6bdb9d2bd18d6e65e88d6f65e56969da4f7fdd0de8c29319af4413191ccbf89ae0aeaf0411107a05443c9061feef7059f80789902762299d294

Download Submit
C:\Users\Admin\AppData\Local\Temp\config\config.vdf

Filesize
1KB

MD5
6e6a2b18264504cc084caa3ad0bfc6ae

SHA1
b177d719bd3c1bc547d5c97937a584b8b7d57196

SHA256
f3847b5e4a40d9cf76df35398bb555117dfe3626c00a91f2babdedb619d6ad53

SHA512
74199ff275400b451642cde0a13b56709735676959d65da11ac76dd645ab11dac5de048ff7ede0cb8adb3a3056b3ecbeb3dc7481bac3768d02051e564c74b679

Download Submit
C:\Users\Admin\AppData\Local\Temp\config\config.vdf

Filesize
1KB

MD5
a2ec2e91c3ef8c42e22c4887d032b333

SHA1
e2c738a2e9400535b74e2263c7e7d1ecefe575f2

SHA256
8f9f970835f133258a7f740126012439385bbaa5a1d6a9d0d967a390977441c3

SHA512
b069d241efb19e09ec8b5e60ef6c43e00d5cc0f774b9340127c2180356dd1964ac625c1afdfaee5f99e72b26f56046fc329aadbbc365b403af765a55e9c9aab3

Download Submit
C:\Users\Admin\AppData\Local\Temp\config\config.vdf~RFe59f34f.TMP

Filesize
184B

MD5
3cdebc58a05cdd75f14e64fb0d971370

SHA1
edf2d4a8a5fc017e29bf9fb218db7dd8b2be84fe

SHA256
661f122934bbc692266940a1fe2e5e51d4d460efb29d75695b8d5241c6e11da7

SHA512
289c40fae5ec1d3dd8b5b00dd93cf9cada2cb5c12bcfefea8c862ddf0a16dced15d6814dad771af9103b3a5d3016d301ee40058edde3fdea30d9767146d11cd6

Download Submit
C:\Users\Admin\AppData\Local\Temp\crashhandler.dll

Filesize
362KB

MD5
18c70c5b8ed1c928dfbeff58babf8432

SHA1
a0f8a3247d05c375444feb7ab9c62989c9b28cb4

SHA256
5c6cfdc5d514856e5f2c830007988dd2486cf4b8997f2b0ef2869a648f960d61

SHA512
493e580e5aeb23a896259200dd3123c247febc2de0f33c4e76e6fdf0dfcef99ce4703030a37aabb717e1d1d632c08ffab037bd6cbd198f2c8e4a5391770a6dec

Download Submit
C:\Users\Admin\AppData\Local\Temp\crashhandler64.dll

Filesize
465KB

MD5
88545b3ce8490b480ed6e6cdc9409252

SHA1
3eeb89125f459e4cd2835220df51c5d1cfdf2dd4

SHA256
847b8ca1b7072dc8b7d47a5ae5ff2cb49939e18d7cd1faab24ac17a97d5d0d8e

SHA512
12a99546838c6d9b1108874d6f82a06ef0c19a6ba8e0d042a56e7b389ec78cd8a04e18f1529c703837eb2621efa7cc0187b58328f40842ead125e747756b3e16

Download Submit
C:\Users\Admin\AppData\Local\Temp\dumps\settings.dat

Filesize
56B

MD5
9f830a045f0a0f80aeaa4b9284618b85

SHA1
e226b2d13937202426a4c45f450f377a6078f9b5

SHA256
c522f69914b03acae178bbd8d67559e4bb930e440c2725eff2a71899aba2e8b8

SHA512
7c2a692ef99bd9cbec818bdcfe51ffaf462669edc7a8922d7e9fa76a59f3a6f450d866512d42289b49f7391af963e9f3daafcc4f3b739c5c4db31d0805955432

Download Submit
C:\Users\Admin\AppData\Local\Temp\libavcodec-61.dll

Filesize
5.1MB

MD5
567fbbd3a1b0a9b1400806eb1451e479

SHA1
7aa2d284be74f90ab4281070c63068a3a5ecd55e

SHA256
6f7fd80cd9ff14e8384f2c3c18bd7032be0d03c1f7b3d373081fc317c5e9e9a6

SHA512
65a55a40747b3eb699b9fc4811ed7163afbed1d7bc9c242c1e9f45ec87f2c7767f8001de294b67e63fc2c1de1585a52b7c70e6f23d4c503e7992ae20c89651d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\libavfilter-10.dll

Filesize
854KB

MD5
d57b00c64eee6a0e9af815af77d5e770

SHA1
4be4b06f699d747a4c1228c13206749db86bb58f

SHA256
8af2e9b0a22eb0060264248786ce70410b842d2cf3905251564197d97450fa0f

SHA512
8efe442f97da8010db0989d7c2cf4b34cebc40bc098c14e528e96bbc7581e01ffd864658b005d945a7fb22908ad84688bf98e4e5cacb5384b9887fd99211c370

Download Submit
C:\Users\Admin\AppData\Local\Temp\libavformat-61.dll

Filesize
1.6MB

MD5
1fd84a8ae4fe03565591ae8bae43c211

SHA1
0e6584df35539c91ffcf89d877190c68ba0dea01

SHA256
87767e2da0efa6b453258313a3f27a3b8e8663766846751cb57760c697ccf338

SHA512
0a574cd05b5db4116f4bc33877169c94d633bd9b82f2540cc7e8b3f9f0fb6eb4077078b19d98cd0156be7d13bf528a22fbd37ba5b7a71305a4dd139ff47bc222

Download Submit
C:\Users\Admin\AppData\Local\Temp\libavutil-59.dll

Filesize
1.6MB

MD5
49d6d80897b14798e0231d6b4b106ef2

SHA1
9aa670938ed421c1aa7c9add5bea872d04d1e83f

SHA256
1c981bce42e5058c7c9e5a593ec44bba3e0b39f6378781950c32d982c648b914

SHA512
ca0b78b9eb17cc15cad289b281f8efb118c9d9135cbb25a6b77a200fc5c4df9eff9a50d3a664624013e597c98223af3ce650f7b1df6fa607f64c702a732c51d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\libswresample-5.dll

Filesize
615KB

MD5
eb068dd26a2891c59131ec64631ecefa

SHA1
4efe84d3aab4d33fdb85938c1ad634c27a6c131b

SHA256
b3cafcc16f6a5ef6bf18f411d3c2e3c9ee5cfd83b770cf14bb77411dafce1d38

SHA512
5ff1ad49467d602de5cf514023151e8590536d397a3f08117c699e35ad3c3a3f9b7909166547b1416c393e41bfabc72fc6fa84108c75f30cbd351d8695fee149

Download Submit
C:\Users\Admin\AppData\Local\Temp\libswscale-8.dll

Filesize
1.0MB

MD5
2d45d3e79fb29610e9afe585c3d2b9d5

SHA1
6e8baa2e1beb682a7cd0e3d8a7429d6ee106c871

SHA256
b80dd69f7c0879a950928a7e1a43aa08349ddb8d804332b7cc633d8a40166136

SHA512
2034f941cf0441d64058765694f1c5893ff322bed531f3e9a52ec963793a5ba9039b6f65afe767f1f98cd874affeebfec25cd8c898bb0efbb6bff4d5cd91f10d

Download Submit
C:\Users\Admin\AppData\Local\Temp\logs\bootstrap_log.txt

Filesize
24KB

MD5
d5eaba6d399c4eacba7f66c7d1f8cdae

SHA1
122ac44448ecba6c545a43c3872d70089799ed93

SHA256
2b488891bb495fc75224fce090799db1aa91fc3f9d5bbb6635c8521c53c4212c

SHA512
6af5e36955d4b3834a4deb5bf5deb58778c9bde6c0d79e628febe8e1a83f0d84e17977c218bdd1532e9fc9a33804ffddb08aba3659b649ef4649c439f85311cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\steam_client_metrics.bin

Filesize
3KB

MD5
e7e02fa17486bb67fee02c09eeec1173

SHA1
61004cb8dcf0070f350743f8c041034b8c6aab40

SHA256
b5f60dce977129d04f20545e5b42630194b216d01b8b257d1a8f661ac4ae3ba2

SHA512
0e44d360f47f9266a3dfb8a26e0be806358f7079fcaf1cade81edf03c4a2d902f25d3f7af83f65c3fde0ed6f30d10cf66861dd1c16d453e605bee4bdc2ca2f5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\steam_client_win32.installed

Filesize
467KB

MD5
cd2ba38c1a8717e870ecd45141cfd92f

SHA1
be7745f45ab8d8cbf3dee7e9737c4ee05a152c6e

SHA256
9b9029dc5b6449a34b79d4590b2f2e97f2be829053689a28e9698b6542afd76c

SHA512
0e0637676477b040fcfd260609cb3e03664c6e2ba114b0605cdae89134490f847edf0974cd785e435c192117eaab05989c4860bca0a5f7d9b15a3fcd9f23b2ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\steam_client_win32.manifest

Filesize
8KB

MD5
772711e8958b5e8ca19fb178f606c116

SHA1
872923ccf52941484a9562be13dbdacc8e20d3f5

SHA256
23167066211990a67e2efe6e710e06d88e9a7dcd5c0c7d0b68cf271c9e5edc7e

SHA512
679db527ce29066779c82ab7e653d1321ba2b845076b1d2b78c08e310da2048ee4dc468bf210296c6c42c118f694b2d6112729ab939deb461d77a173bbc67ed8

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\tmp\graphics\[email protected]_

Filesize
15KB

MD5
577b7286c7b05cecde9bea0a0d39740e

SHA1
144d97afe83738177a2dbe43994f14ec11e44b53

SHA256
983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824

SHA512
8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\tmp\graphics\icon_button_news_mousedown.tga_

Filesize
20KB

MD5
00bf35778a90f9dfa68ce0d1a032d9b5

SHA1
de6a3d102de9a186e1585be14b49390dcb9605d6

SHA256
cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2

SHA512
342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

Download Submit
C:\Users\Admin\AppData\Local\Temp\package\tmp\resource\filter_clean_bulgarian.txt.gz_

Filesize
23B

MD5
836dd6b25a8902af48cd52738b675e4b

SHA1
449347c06a872bedf311046bca8d316bfba3830b

SHA256
6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64

SHA512
6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

Download Submit
C:\Users\Admin\AppData\Local\Temp\public\steambootstrapper_english.txt

Filesize
4KB

MD5
27993eb75894ca4894db266ad9b5e61b

SHA1
4def653ee04b0514822b690052598435ec25e686

SHA256
fbc09c1b9a55d04b57be8fb2ad5ab58b38f76054ecd3d1b70440a2d08191b05b

SHA512
eaebeee5b1a7dfb9bdf661623554793d7ef7e15d9f9cf01f94da1eb0b84b88c8f24176463d15c407ebf670c5b7fd4052daea33ba43e75c1de2979487c4987bab

Download Submit
C:\Users\Admin\AppData\Local\Temp\steam.exe

Filesize
4.5MB

MD5
ba585333a881a59117edb7442425bce3

SHA1
3f98297c790b9d1551f1084105ed25d0a12601dc

SHA256
7f4902d1a881665576cf9e7a76695d73e8b4f76f17c8a7a38fdeae921cae1cfb

SHA512
2f2d8045d4108dba40107b7e8f0ca5adb287359a6e4358f2dde3b2d1104b25e8b42c837766700c0f8a5332022b49ca252f912775d74adec7b163e50023c5fa31

Download Submit
C:\Users\Admin\AppData\Local\Temp\steamsysinfo.exe

Filesize
1.1MB

MD5
cf9a2e68c55f6e69cba27556a44655f8

SHA1
b16816e82d7293bd548d248344fbf8b652984234

SHA256
85a1369bc2d1207ad7f9405e7dd77bf5c64199c387066f52e0eb05089c0b15eb

SHA512
25409acfd84fdb7b008012778ebc1c5efc017ceb648a1e006d4656c8236b43bcd8999a4dae8d3c8dd26d56013f1179e474917d286f451a76815089f2b9426a5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\steamui.dll

Filesize
13.6MB

MD5
889da285d6f1d0de04887eb1790c94e0

SHA1
643f32c5eb9803719d88b1ca57543a67b96fa15a

SHA256
aa956d1c2f0695e2552439cf59f604d713781d6e267fce4e4f58e3e7e2c35c76

SHA512
0f6039366e2324a22ca4f54f40d2e4acc980c1b157830e77a6da69e2874eec21f03d692ea10de917fdbe73a250f804ae3074f03dd8c7895d01d9fde4bcf20af6

Download Submit
C:\Users\Admin\AppData\Local\Temp\tier0_s.dll

Filesize
351KB

MD5
a70d4acb2d9cd5e1aeb27682c6eb0acb

SHA1
a474fec49bc6f8cf28a409d1c2bb51557d424b61

SHA256
cdda33a2e1b6bffa1d9442481ee107dbb4f675a7203485e6788372afea99a11c

SHA512
fc3cd47c8d6983ed959d4fa458cbdde5a35a663b2afa2ba346b3a5fe2bf2222064b1b54b233c64d1d0d15ce523a3e3cb4aeb0d9ecb7e32545b29c3089d64eab1

Download Submit
C:\Users\Admin\AppData\Local\Temp\video.dll

Filesize
4.0MB

MD5
2f396e5051c4fba837d2c65c8908a6d3

SHA1
0be2723f57cd2d64804c0934db514713dedaf6a0

SHA256
bd9cbeefdb025af278802bbe107a864c5c8934b40394b0a0dbd2dae6c9d17285

SHA512
8bc5f9ab38a3618ea8803f5771a795feb68f6e904a939f818161d609346ddd5a04555db30894751e64dafd903f02b79639a2365e49de6063725813c77eb368bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\vstdlib_s.dll

Filesize
565KB

MD5
f2c496a5ecc63ee30b43aa861f083f2e

SHA1
651f48ad88714fced0ac24d888fc2b7ab780113c

SHA256
a5041753aed5be1c512c7f31843fd73d83f4a2ad873a7aee74109ad49a1a4594

SHA512
30de10e92e6240e9af81f8b75aa9173ba2d2c09383946c94959d65fd6bec7043a848596e29060e02e2b45cbf089f837ece560cf1753aca943c7342740d971c9c

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping17504_1701566452\LICENSE

Filesize
473B

MD5
f6719687bed7403612eaed0b191eb4a9

SHA1
dd03919750e45507743bd089a659e8efcefa7af1

SHA256
afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59

SHA512
dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping17504_1701566452\manifest.json

Filesize
1001B

MD5
32aeacedce82bafbcba8d1ade9e88d5a

SHA1
a9b4858d2ae0b6595705634fd024f7e076426a24

SHA256
4ed3c6389f6f7cd94db5cd0f870c34a296fc0de3b1e707fccf01645b455790ce

SHA512
67dfe5632188714ec87f3c79dbe217a0ae4dfb784f3fac63affd20fef8b8ef1978c28b3bf7955f3daaf3004ac5316b1ffa964683b0676841bab4274c325c6e2b

Download Submit
\??\c:\users\admin\appdata\local\temp\resource\steamscheme.res

Filesize
14KB

MD5
2cf39cb82fad9fb79130cd76394a627d

SHA1
0592b391e4cebae722ecae3957e30dd8161e6ddd

SHA256
69dfa517ab922d579dacf49fb80c5cb66958a03c3d8513109a9466e1d1133e0b

SHA512
0c9d825ebaebd4c1fe949b59edcd914f6ffb70636a6f6e0d295f9f0528b0c51e8dedc43d14e04f31700a5e9619ca0dd18ac62df890156cd88ed58ce840b50edb

Download Submit
\??\c:\users\admin\appdata\local\temp\resource\styles\steam.styles

Filesize
76KB

MD5
d627e08303a3736dc2679e9f52f209d4

SHA1
98f2f7f48063653ce8496ac9d66f82e90e62bd19

SHA256
2414ec8b97c2bb0c336d13411dcc63fb4fb2a661eef74594878c24d50173e549

SHA512
4ec4e9ad6337d269d34f3931ce471d7c11c58ebd97bce497df4d25de08bd492302d9c59221062ea17215fd1c8c63cfb0201a89c8051a2c8b8bf0f3fecc929f8b

Download Submit
memory/2020-12197-0x0000000000470000-0x0000000000922000-memory.dmp

Filesize
4.7MB

Download
memory/5432-12551-0x000001C4319E0000-0x000001C4319E1000-memory.dmp

Filesize
4KB

Download
memory/5432-12549-0x000001C4319E0000-0x000001C4319E1000-memory.dmp

Filesize
4KB

Download
memory/5432-12553-0x000001C4319E0000-0x000001C4319E1000-memory.dmp

Filesize
4KB

Download
memory/5432-12554-0x000001C4319E0000-0x000001C4319E1000-memory.dmp

Filesize
4KB

Download
memory/5432-12552-0x000001C4319E0000-0x000001C4319E1000-memory.dmp

Filesize
4KB

Download
memory/5432-12542-0x000001C4319E0000-0x000001C4319E1000-memory.dmp

Filesize
4KB

Download
memory/5432-12544-0x000001C4319E0000-0x000001C4319E1000-memory.dmp

Filesize
4KB

Download
memory/5432-12543-0x000001C4319E0000-0x000001C4319E1000-memory.dmp

Filesize
4KB

Download
memory/5432-12550-0x000001C4319E0000-0x000001C4319E1000-memory.dmp

Filesize
4KB

Download
memory/5432-12548-0x000001C4319E0000-0x000001C4319E1000-memory.dmp

Filesize
4KB

Download
memory/8220-12595-0x000000006E130000-0x000000006F4FA000-memory.dmp

Filesize
19.8MB

Download
memory/8220-12603-0x000000006E130000-0x000000006F4FA000-memory.dmp

Filesize
19.8MB

Download
memory/8220-12540-0x000000006E130000-0x000000006F4FA000-memory.dmp

Filesize
19.8MB

Download
memory/8220-12538-0x000000006E130000-0x000000006F4FA000-memory.dmp

Filesize
19.8MB

Download
memory/8220-12488-0x000000006E130000-0x000000006F4FA000-memory.dmp

Filesize
19.8MB

Download
memory/8220-12562-0x000000006E130000-0x000000006F4FA000-memory.dmp

Filesize
19.8MB

Download
memory/8220-12564-0x000000006E130000-0x000000006F4FA000-memory.dmp

Filesize
19.8MB

Download
memory/8220-12566-0x000000006E130000-0x000000006F4FA000-memory.dmp

Filesize
19.8MB

Download
memory/8220-12442-0x000000006E130000-0x000000006F4FA000-memory.dmp

Filesize
19.8MB

Download
memory/8220-12527-0x000000006E130000-0x000000006F4FA000-memory.dmp

Filesize
19.8MB

Download
memory/8220-12597-0x000000006E130000-0x000000006F4FA000-memory.dmp

Filesize
19.8MB

Download
memory/8220-12599-0x000000006E130000-0x000000006F4FA000-memory.dmp

Filesize
19.8MB

Download
memory/8220-12601-0x000000006E130000-0x000000006F4FA000-memory.dmp

Filesize
19.8MB

Download
memory/8220-12462-0x000000006E130000-0x000000006F4FA000-memory.dmp

Filesize
19.8MB

Download
memory/8220-12605-0x000000006E130000-0x000000006F4FA000-memory.dmp

Filesize
19.8MB

Download
memory/8220-12607-0x000000006E130000-0x000000006F4FA000-memory.dmp

Filesize
19.8MB

Download
memory/8220-12439-0x000000006E130000-0x000000006F4FA000-memory.dmp

Filesize
19.8MB

Download
memory/8220-12627-0x000000006E130000-0x000000006F4FA000-memory.dmp

Filesize
19.8MB

Download
memory/8220-12629-0x000000006E130000-0x000000006F4FA000-memory.dmp

Filesize
19.8MB

Download
memory/8220-12437-0x000000006E130000-0x000000006F4FA000-memory.dmp

Filesize
19.8MB

Download
memory/8220-12435-0x000000006E130000-0x000000006F4FA000-memory.dmp

Filesize
19.8MB

Download
memory/8220-12433-0x000000006E130000-0x000000006F4FA000-memory.dmp

Filesize
19.8MB

Download
memory/8220-12422-0x000000006E130000-0x000000006F4FA000-memory.dmp

Filesize
19.8MB

Download
memory/8220-12412-0x000000006E130000-0x000000006F4FA000-memory.dmp

Filesize
19.8MB

Download
memory/17504-12413-0x000001B6142E0000-0x000001B615A3C000-memory.dmp

Filesize
23.4MB

Download
memory/18568-12304-0x00007FFC7B740000-0x00007FFC7B741000-memory.dmp

Filesize
4KB

Download
memory/18568-12305-0x00007FFC7C980000-0x00007FFC7C981000-memory.dmp

Filesize
4KB

Download