6413b835503a6c77f347a262f0ce18de15ea59608658aa8c2e51a3433ffe1624

Resubmissions

15/01/2023, 00:36

230115-aybg9abe6s 8

15/01/2023, 00:11

230115-agp93sfe58 8

15/01/2023, 00:06

230115-ad4y3abc3t 8

Analysis

max time kernel
528s
max time network
539s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
15/01/2023, 00:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

interium/crack/v4.exe
Size

5KB
MD5

67601d1b4381c7dafe8e7ad94f38a142
SHA1

16e6e3a8f666429c1a4941e9c0945a22afd6377a
SHA256

04a007a31de14d111ec54030e3646422d5ee224177dae95795ac2826a55336f7
SHA512

63b4666f7212f08c8c9ae24cf914d1694dec5a1daacad0e9e742c0dc39662cc97f1c66722dce99656d3a70277485b25374eb5abad06821c55e73b7f3be7172a3
SSDEEP

48:C7zRekJFF6G3N1zcuzrRr1nnzrQYAPSC1iF9vhAHyhdUXhQB8sXlE6mN0F3ybCV3:Kjd6uzrh1nf2PSCA3vhghQK+l2K3iw

Score

8^/10

bootkit discovery evasion persistence trojan vmprotect

Malware Config

Signatures

Executes dropped EXE 5 IoCs

pid	Process
5580	CS16Russian.exe
5308	hl.exe
4364	hl.exe
1660	hl.exe
5864	hl.exe

VMProtect packed file 9 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral2/files/0x0006000000022dda-137.dat	vmprotect
behavioral2/memory/5308-139-0x0000000072820000-0x000000007466C000-memory.dmp	vmprotect
behavioral2/memory/5308-154-0x0000000072820000-0x000000007466C000-memory.dmp	vmprotect
behavioral2/memory/5308-157-0x0000000072820000-0x000000007466C000-memory.dmp	vmprotect
behavioral2/memory/5308-158-0x0000000072820000-0x000000007466C000-memory.dmp	vmprotect
behavioral2/memory/1660-329-0x0000000070360000-0x00000000721AC000-memory.dmp	vmprotect
behavioral2/memory/1660-337-0x0000000070360000-0x00000000721AC000-memory.dmp	vmprotect
behavioral2/memory/5864-392-0x0000000071020000-0x0000000072E6C000-memory.dmp	vmprotect
behavioral2/memory/5864-400-0x0000000071020000-0x0000000072E6C000-memory.dmp	vmprotect

Loads dropped DLL 64 IoCs

pid	Process
5308	hl.exe
4364	hl.exe
4364	hl.exe
4364	hl.exe
4364	hl.exe
4364	hl.exe
4364	hl.exe
4364	hl.exe
4364	hl.exe
4364	hl.exe
4364	hl.exe
4364	hl.exe
4364	hl.exe
4364	hl.exe
4364	hl.exe
4364	hl.exe
4364	hl.exe
4364	hl.exe
4364	hl.exe
1660	hl.exe
1660	hl.exe
1660	hl.exe
1660	hl.exe
1660	hl.exe
1660	hl.exe
1660	hl.exe
1660	hl.exe
1660	hl.exe
1660	hl.exe
1660	hl.exe
1660	hl.exe
1660	hl.exe
1660	hl.exe
1660	hl.exe
1660	hl.exe
1660	hl.exe
1660	hl.exe
1660	hl.exe
1660	hl.exe
1660	hl.exe
1660	hl.exe
1660	hl.exe
1660	hl.exe
1660	hl.exe
1660	hl.exe
1660	hl.exe
1660	hl.exe
1660	hl.exe
1660	hl.exe
1660	hl.exe
1660	hl.exe
1660	hl.exe
1660	hl.exe
1660	hl.exe
1660	hl.exe
1660	hl.exe
1660	hl.exe
1660	hl.exe
1660	hl.exe
1660	hl.exe
1660	hl.exe
1660	hl.exe
1660	hl.exe
1660	hl.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 2 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	hl.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	hl.exe

Enumerates connected drives 3 TTPs 2 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	hl.exe
File opened (read-only)	\??\D:	hl.exe

Writes to the Master Boot Record (MBR) 1 TTPs 3 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1067

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	hl.exe
File opened for modification	\??\PhysicalDrive0	hl.exe
File opened for modification	\??\PhysicalDrive0	hl.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs

pid	Process
5308	hl.exe
1660	hl.exe
5864	hl.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\cstrike\gfx\vgui\icon_!-bigger.tga	CS16Russian.exe
File opened for modification	C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\valve\sound\vox\g.wav	CS16Russian.exe
File opened for modification	C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\valve\sound\vox\superconducting.wav	CS16Russian.exe
File opened for modification	C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\Uninstall.exe	CS16Russian.exe
File opened for modification	C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\cstrike\sound\items\nvg_on.wav	CS16Russian.exe
File opened for modification	C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\platform\AddOns\go\board_go_LR.tga	CS16Russian.exe
File opened for modification	C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\platform\Steam\cached\accepted_cards.tga	CS16Russian.exe
File opened for modification	C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\valve\sound\vox\bravo.wav	CS16Russian.exe
File opened for modification	C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\valve\sprites\camera.spr	CS16Russian.exe
File opened for modification	C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\cstrike\gfx\env\morningdewup.tga	CS16Russian.exe
File opened for modification	C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\valve\models\w_gauss.mdl	CS16Russian.exe
File opened for modification	C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\valve\sound\vox\area.wav	CS16Russian.exe
File opened for modification	C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\valve\sound\vox\rads.wav	CS16Russian.exe
File opened for modification	C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\cstrike\sound\weapons\g3sg1_slide.wav	CS16Russian.exe
File opened for modification	C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\valve\sound\ambience\steamburst1.wav	CS16Russian.exe
File opened for modification	C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\cstrike\gfx\env\backalleydn.tga	CS16Russian.exe
File opened for modification	C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\cstrike\sound\radio\bot\Reallite\Clear\nobomb1.wav	CS16Russian.exe
File opened for modification	C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\cstrike\sound\radio\bot\Reallite\iwaithere\iwaithere8.wav	CS16Russian.exe
File opened for modification	C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\cstrike\sound\radio\bot\Reallite\ups\ups2.wav	CS16Russian.exe
File opened for modification	C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\cstrike\sound\weapons\aug_boltslap.wav	CS16Russian.exe
File opened for modification	C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\platform\Steam\cached\CDKeyReceipt.html	CS16Russian.exe
File opened for modification	C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\valve\sound\vox\quick.wav	CS16Russian.exe
File opened for modification	C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\valve\models\w_9mmhandgunt.mdl	CS16Russian.exe
File opened for modification	C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\valve\resource\icon_stop.tga	CS16Russian.exe
File opened for modification	C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\valve\sound\player\pl_slosh4.wav	CS16Russian.exe
File opened for modification	C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\cstrike\sound\radio\bot\Reallite\itakehost\itakehost.wav	CS16Russian.exe
File opened for modification	C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\cstrike\sound\radio\bot\Reallite\_Places\na_blizhnem.wav	CS16Russian.exe
File opened for modification	C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\valve\sound\vox\ass.wav	CS16Russian.exe
File opened for modification	C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\valve\sound\ambience\des_wind2.wav	CS16Russian.exe
File opened for modification	C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\valve\sound\gman\gman_nowork.wav	CS16Russian.exe
File opened for modification	C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\valve\sprites\bubble.spr	CS16Russian.exe
File opened for modification	C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\cstrike\classes\kevlar_helmet.res	CS16Russian.exe
File opened for modification	C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\cstrike\overviews\as_oilrig.bmp	CS16Russian.exe
File opened for modification	C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\cstrike\sound\radio\bot\Reallite\campbplace\campbplace4.wav	CS16Russian.exe
File opened for modification	C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\valve\models\w_357ammoboxt.mdl	CS16Russian.exe
File opened for modification	C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\valve\resource\menu_steam_no_icon.tga	CS16Russian.exe
File opened for modification	C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\valve\sound\player\pl_metal1.wav	CS16Russian.exe
File opened for modification	C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\valve\sound\vox\woop.wav	CS16Russian.exe
File opened for modification	C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\cstrike\sound\radio\bot\Reallite\icome\icome5.wav	CS16Russian.exe
File opened for modification	C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\cstrike\sound\radio\position.wav	CS16Russian.exe
File opened for modification	C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\cstrike\sound\weapons\awp_clipin.wav	CS16Russian.exe
File opened for modification	C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\valve\sound\vox\inches.wav	CS16Russian.exe
File opened for modification	C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\valve\sound\vox\medical.wav	CS16Russian.exe
File opened for modification	C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\valve\sound\vox\exterminate.wav	CS16Russian.exe
File opened for modification	C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\valve\sound\vox\pain.wav	CS16Russian.exe
File opened for modification	C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\cstrike\gfx\vgui\round_corner_small_ne.tga	CS16Russian.exe
File opened for modification	C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\platform\AddOns\hearts\hearts_koreana.txt	CS16Russian.exe
File opened for modification	C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\platform\Friends\servers.vdf	CS16Russian.exe
File opened for modification	C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\platform\materials\debug\debugmrmwireframe.vmt	CS16Russian.exe
File opened for modification	C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\valve\models\pipe_bubbles.mdl	CS16Russian.exe
File opened for modification	C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\platform\AddOns\common\piece_red_selected.tga	CS16Russian.exe
File opened for modification	C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\cstrike\sound\ambience\waterrun.wav	CS16Russian.exe
File opened for modification	C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\platform\Admin\server_english.txt	CS16Russian.exe
File opened for modification	C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\valve\sound\vox\us.wav	CS16Russian.exe
File opened for modification	C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\valve\sound\vox\walk.wav	CS16Russian.exe
File opened for modification	C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\platform\AddOns\go\go_portuguese.txt	CS16Russian.exe
File opened for modification	C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\valve\gfx\env\morningup.bmp	CS16Russian.exe
File opened for modification	C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\valve\gfx\vgui\fonts\640_Basic Text.tga	CS16Russian.exe
File opened for modification	C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\cstrike\classes\famas.res	CS16Russian.exe
File opened for modification	C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\cstrike\gfx\vgui\arctic.tga	CS16Russian.exe
File opened for modification	C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\cstrike\sound\radio\bot\Reallite\planting\planting3.wav	CS16Russian.exe
File opened for modification	C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\cstrike\sound\radio\bot\Reallite\ups\ups3.wav	CS16Russian.exe
File opened for modification	C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\cstrike\sound\radio\bot\Reallite\_Places\na_yaschike.wav	CS16Russian.exe
File opened for modification	C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\valve\sound\hassault\hw_shoot1.wav	CS16Russian.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Program crash 5 IoCs

pid	pid_target	Process	procid_target
3036	5308	WerFault.exe	113
5356	5308	WerFault.exe	113
5536	4364	WerFault.exe	122
5016	1660	WerFault.exe	125
3456	5864	WerFault.exe	132

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\CS16Russian.exe:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3184	v4.exe
3184	v4.exe
3184	v4.exe
3184	v4.exe
3184	v4.exe
3184	v4.exe
3184	v4.exe
3184	v4.exe
3184	v4.exe
3184	v4.exe
3184	v4.exe
3184	v4.exe
3184	v4.exe
3184	v4.exe
3184	v4.exe
3184	v4.exe
3184	v4.exe
3184	v4.exe
3184	v4.exe
3184	v4.exe
3184	v4.exe
3184	v4.exe
3184	v4.exe
3184	v4.exe
3184	v4.exe
3184	v4.exe
3184	v4.exe
3184	v4.exe
3184	v4.exe
3184	v4.exe
3184	v4.exe
3184	v4.exe
3184	v4.exe
3184	v4.exe
3184	v4.exe
3184	v4.exe
3184	v4.exe
3184	v4.exe
3184	v4.exe
3184	v4.exe
3184	v4.exe
3184	v4.exe
3184	v4.exe
3184	v4.exe
3184	v4.exe
3184	v4.exe
3184	v4.exe
3184	v4.exe
3184	v4.exe
3184	v4.exe
3184	v4.exe
3184	v4.exe
3184	v4.exe
3184	v4.exe
3184	v4.exe
3184	v4.exe
3184	v4.exe
3184	v4.exe
3184	v4.exe
3184	v4.exe
3184	v4.exe
3184	v4.exe
3184	v4.exe
3184	v4.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
1660	hl.exe
4240	taskmgr.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
652	Process not Found

Suspicious use of AdjustPrivilegeToken 22 IoCs

description	pid	Process
Token: SeDebugPrivilege	2600	firefox.exe
Token: SeDebugPrivilege	2600	firefox.exe
Token: SeDebugPrivilege	2600	firefox.exe
Token: SeDebugPrivilege	2600	firefox.exe
Token: SeDebugPrivilege	3184	v4.exe
Token: SeDebugPrivilege	2600	firefox.exe
Token: SeDebugPrivilege	4240	taskmgr.exe
Token: SeSystemProfilePrivilege	4240	taskmgr.exe
Token: SeCreateGlobalPrivilege	4240	taskmgr.exe
Token: 33	4744	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4744	AUDIODG.EXE
Token: SeDebugPrivilege	632	v4.exe
Token: SeDebugPrivilege	2600	firefox.exe
Token: 33	4240	taskmgr.exe
Token: SeIncBasePriorityPrivilege	4240	taskmgr.exe
Token: SeDebugPrivilege	4652	v4.exe
Token: SeDebugPrivilege	5420	taskmgr.exe
Token: SeSystemProfilePrivilege	5420	taskmgr.exe
Token: SeCreateGlobalPrivilege	5420	taskmgr.exe
Token: 33	5420	taskmgr.exe
Token: SeIncBasePriorityPrivilege	5420	taskmgr.exe
Token: SeDebugPrivilege	2600	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2600	firefox.exe
2600	firefox.exe
2600	firefox.exe
2600	firefox.exe
2600	firefox.exe
2600	firefox.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2600	firefox.exe
2600	firefox.exe
2600	firefox.exe
2600	firefox.exe
2600	firefox.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe
4240	taskmgr.exe

Suspicious use of SetWindowsHookEx 24 IoCs

pid	Process
2600	firefox.exe
2600	firefox.exe
2600	firefox.exe
2600	firefox.exe
2600	firefox.exe
2600	firefox.exe
2600	firefox.exe
2600	firefox.exe
2600	firefox.exe
2600	firefox.exe
2600	firefox.exe
2600	firefox.exe
2600	firefox.exe
5580	CS16Russian.exe
5308	hl.exe
4364	hl.exe
1660	hl.exe
1660	hl.exe
1660	hl.exe
1660	hl.exe
1660	hl.exe
5864	hl.exe
5864	hl.exe
5864	hl.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4220 wrote to memory of 2600	4220	firefox.exe	85
PID 4220 wrote to memory of 2600	4220	firefox.exe	85
PID 4220 wrote to memory of 2600	4220	firefox.exe	85
PID 4220 wrote to memory of 2600	4220	firefox.exe	85
PID 4220 wrote to memory of 2600	4220	firefox.exe	85
PID 4220 wrote to memory of 2600	4220	firefox.exe	85
PID 4220 wrote to memory of 2600	4220	firefox.exe	85
PID 4220 wrote to memory of 2600	4220	firefox.exe	85
PID 4220 wrote to memory of 2600	4220	firefox.exe	85
PID 2600 wrote to memory of 4084	2600	firefox.exe	86
PID 2600 wrote to memory of 4084	2600	firefox.exe	86
PID 2600 wrote to memory of 732	2600	firefox.exe	89
PID 2600 wrote to memory of 732	2600	firefox.exe	89
PID 2600 wrote to memory of 732	2600	firefox.exe	89
PID 2600 wrote to memory of 732	2600	firefox.exe	89
PID 2600 wrote to memory of 732	2600	firefox.exe	89
PID 2600 wrote to memory of 732	2600	firefox.exe	89
PID 2600 wrote to memory of 732	2600	firefox.exe	89
PID 2600 wrote to memory of 732	2600	firefox.exe	89
PID 2600 wrote to memory of 732	2600	firefox.exe	89
PID 2600 wrote to memory of 732	2600	firefox.exe	89
PID 2600 wrote to memory of 732	2600	firefox.exe	89
PID 2600 wrote to memory of 732	2600	firefox.exe	89
PID 2600 wrote to memory of 732	2600	firefox.exe	89
PID 2600 wrote to memory of 732	2600	firefox.exe	89
PID 2600 wrote to memory of 732	2600	firefox.exe	89
PID 2600 wrote to memory of 732	2600	firefox.exe	89
PID 2600 wrote to memory of 732	2600	firefox.exe	89
PID 2600 wrote to memory of 732	2600	firefox.exe	89
PID 2600 wrote to memory of 732	2600	firefox.exe	89
PID 2600 wrote to memory of 732	2600	firefox.exe	89
PID 2600 wrote to memory of 732	2600	firefox.exe	89
PID 2600 wrote to memory of 732	2600	firefox.exe	89
PID 2600 wrote to memory of 732	2600	firefox.exe	89
PID 2600 wrote to memory of 732	2600	firefox.exe	89
PID 2600 wrote to memory of 732	2600	firefox.exe	89
PID 2600 wrote to memory of 732	2600	firefox.exe	89
PID 2600 wrote to memory of 732	2600	firefox.exe	89
PID 2600 wrote to memory of 732	2600	firefox.exe	89
PID 2600 wrote to memory of 732	2600	firefox.exe	89
PID 2600 wrote to memory of 732	2600	firefox.exe	89
PID 2600 wrote to memory of 732	2600	firefox.exe	89
PID 2600 wrote to memory of 732	2600	firefox.exe	89
PID 2600 wrote to memory of 732	2600	firefox.exe	89
PID 2600 wrote to memory of 732	2600	firefox.exe	89
PID 2600 wrote to memory of 732	2600	firefox.exe	89
PID 2600 wrote to memory of 732	2600	firefox.exe	89
PID 2600 wrote to memory of 732	2600	firefox.exe	89
PID 2600 wrote to memory of 732	2600	firefox.exe	89
PID 2600 wrote to memory of 732	2600	firefox.exe	89
PID 2600 wrote to memory of 732	2600	firefox.exe	89
PID 2600 wrote to memory of 732	2600	firefox.exe	89
PID 2600 wrote to memory of 732	2600	firefox.exe	89
PID 2600 wrote to memory of 732	2600	firefox.exe	89
PID 2600 wrote to memory of 4156	2600	firefox.exe	90
PID 2600 wrote to memory of 4156	2600	firefox.exe	90
PID 2600 wrote to memory of 4156	2600	firefox.exe	90
PID 2600 wrote to memory of 4156	2600	firefox.exe	90
PID 2600 wrote to memory of 4156	2600	firefox.exe	90
PID 2600 wrote to memory of 4156	2600	firefox.exe	90
PID 2600 wrote to memory of 4156	2600	firefox.exe	90
PID 2600 wrote to memory of 4156	2600	firefox.exe	90
PID 2600 wrote to memory of 4156	2600	firefox.exe	90
PID 2600 wrote to memory of 4156	2600	firefox.exe	90

C:\Users\Admin\AppData\Local\Temp\interium\crack\v4.exe
"C:\Users\Admin\AppData\Local\Temp\interium\crack\v4.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3184

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4220
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2600
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2600.0.301173167\910647063" -parentBuildID 20200403170909 -prefsHandle 1700 -prefMapHandle 1692 -prefsLen 1 -prefMapSize 219944 -appdir "C:\Program Files\Mozilla Firefox\browser" - 2600 "\\.\pipe\gecko-crash-server-pipe.2600" 1784 gpu
    3⤵
    PID:4084
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2600.3.1530771211\1686200802" -childID 1 -isForBrowser -prefsHandle 2380 -prefMapHandle 2252 -prefsLen 112 -prefMapSize 219944 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 2600 "\\.\pipe\gecko-crash-server-pipe.2600" 2340 tab
    3⤵
    PID:732
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2600.13.921442183\1124210918" -childID 2 -isForBrowser -prefsHandle 3660 -prefMapHandle 3656 -prefsLen 6894 -prefMapSize 219944 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 2600 "\\.\pipe\gecko-crash-server-pipe.2600" 3672 tab
    3⤵
    PID:4156

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3068

C:\Users\Admin\Downloads\CS16Russian.exe
"C:\Users\Admin\Downloads\CS16Russian.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
PID:5580
- C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\hl.exe
  "C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\hl.exe" -game cstrike
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious use of SetWindowsHookEx
  PID:5308
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5308 -s 484
    3⤵
    - Program crash
    PID:3036
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5308 -s 504
    3⤵
    - Program crash
    PID:5356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5308 -ip 5308
1⤵
PID:4772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 5308 -ip 5308
1⤵
PID:5048

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4240

C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\hl.exe
"C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\hl.exe" -game cstrike
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
PID:4364
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4364 -s 348
  2⤵
  - Program crash
  PID:5536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 4364 -ip 4364
1⤵
PID:5512

C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\hl.exe
"C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\hl.exe" -game cstrike
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Enumerates connected drives
- Writes to the Master Boot Record (MBR)
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1660
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 2780
  2⤵
  - Program crash
  PID:5016

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x300 0x504
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4744

C:\Users\Admin\AppData\Local\Temp\interium\crack\v4.exe
"C:\Users\Admin\AppData\Local\Temp\interium\crack\v4.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 1660 -ip 1660
1⤵
PID:5660

C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\hl.exe
"C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\hl.exe" -game cstrike
1⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Enumerates connected drives
- Writes to the Master Boot Record (MBR)
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetWindowsHookEx
PID:5864
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5864 -s 2468
  2⤵
  - Program crash
  PID:3456

C:\Users\Admin\AppData\Local\Temp\interium\crack\v4.exe
"C:\Users\Admin\AppData\Local\Temp\interium\crack\v4.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 5864 -ip 5864
1⤵
PID:5540

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:5420

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\FileSystem_Stdio.dll

Filesize
116KB

MD5
d9c4a776f838733c64331db0c87af459

SHA1
480aedeccdf5845de06c7bf39f59783a8fe92b1a

SHA256
4f7dca9537cdf20b65da599ffc33ea69e8a132239cfb6a3d0b1b623359dcda85

SHA512
5996c9a5cc5bc459b4dcdd7961690cbefdb741dd19338bfb4d1a864ce265e623f4e204dc6f1d4b0b84e66d0ae2f56b4f9bdb3cd7355f8a450703d0a2614d8d82

Download Submit
C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\FileSystem_Stdio.dll

Filesize
116KB

MD5
d9c4a776f838733c64331db0c87af459

SHA1
480aedeccdf5845de06c7bf39f59783a8fe92b1a

SHA256
4f7dca9537cdf20b65da599ffc33ea69e8a132239cfb6a3d0b1b623359dcda85

SHA512
5996c9a5cc5bc459b4dcdd7961690cbefdb741dd19338bfb4d1a864ce265e623f4e204dc6f1d4b0b84e66d0ae2f56b4f9bdb3cd7355f8a450703d0a2614d8d82

Download Submit
C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\Mss32.dll

Filesize
340KB

MD5
9e9d108524bfc8ac279d0511aed29523

SHA1
7a9bf3140ea0235ae306320087288e17f631862f

SHA256
5e1e2de449db99edeffdc66d042335911bd49ab824f383f9a7570e88e499bd42

SHA512
a1da34d25de2aa10c368206b81eca055ac3954eebd5117637faf86776681cd3b6f7309d913364923de013c77ae3f5181e6aa6913a6fab906017f53c0dc8b5f40

Download Submit
C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\Mss32.dll

Filesize
340KB

MD5
9e9d108524bfc8ac279d0511aed29523

SHA1
7a9bf3140ea0235ae306320087288e17f631862f

SHA256
5e1e2de449db99edeffdc66d042335911bd49ab824f383f9a7570e88e499bd42

SHA512
a1da34d25de2aa10c368206b81eca055ac3954eebd5117637faf86776681cd3b6f7309d913364923de013c77ae3f5181e6aa6913a6fab906017f53c0dc8b5f40

Download Submit
C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\Steam.dll

Filesize
322KB

MD5
2fc02d8b4137bff3430fc1555ee6d72c

SHA1
6029fbc64efb7a27d7439bb7bf885fd0cb66af10

SHA256
5d4f80190a41cd98242bc8f4cb4eafa7a477b150206462e4b695078bf18f2b7e

SHA512
a056779f6f15e076f44ee8d24c7baae42b403549cfac86247389dde3936b7671666a6daa08af1a26161c0e4866cf26e9e6de22f0504e5924f7948ecf30ed337c

Download Submit
C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\Steam.dll

Filesize
322KB

MD5
2fc02d8b4137bff3430fc1555ee6d72c

SHA1
6029fbc64efb7a27d7439bb7bf885fd0cb66af10

SHA256
5d4f80190a41cd98242bc8f4cb4eafa7a477b150206462e4b695078bf18f2b7e

SHA512
a056779f6f15e076f44ee8d24c7baae42b403549cfac86247389dde3936b7671666a6daa08af1a26161c0e4866cf26e9e6de22f0504e5924f7948ecf30ed337c

Download Submit
C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\config\rev_MasterServers.vdf

Filesize
209B

MD5
5f46e5a210aaa2f779cf95fadc530876

SHA1
ba74b8c54431d4abc5bda111f2cea4442b1884db

SHA256
7909be80988a702b941be83a96779a1eecd4b010dcbfc516cc4973934410e234

SHA512
ac8d2f3b02524743ca6daf18587c7529806c377474cb141a002ea8be05bcf1738a750fd3cc0f6d82284a9a4198d70446624fffda6a1a290b8ec8de02db55a294

Download Submit
C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\cstrike\resource\GameMenu.res

Filesize
776B

MD5
96aea70447def0dbe016f3515c5a37af

SHA1
8064ccc84b334bc4cf0d59626c56de69a073af08

SHA256
5b6c9699b9780836b851808443ddef4b243ccb28671411c70df562db81dd7597

SHA512
8259b3e7776c64c8ed8cc256e72326cb41e3648a78b142b42af9f2b1a562ee683f5bf448ecb7ca2e0d5e8a6a47c5499cee78ef45d424fcabe87557696bf595cd

Download Submit
C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\engine.dll

Filesize
117KB

MD5
90e191fb04c0f3288041eb4821f6b74e

SHA1
64b537fe0cfde327df20abeae8bde9572df7709f

SHA256
8460c878d5fcceaafe6b9382bff608580e49d1649e2d73e2bd395b0177615f5f

SHA512
c63d1a29dfc6f820ebb9299be9129493540f5b8251ba0fc781ec978c1edc40949946911351d9b1a95fa637eb302f918e1d4fec1c49c8facc27ffb131902b7aa0

Download Submit
C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\engine.dll

Filesize
117KB

MD5
90e191fb04c0f3288041eb4821f6b74e

SHA1
64b537fe0cfde327df20abeae8bde9572df7709f

SHA256
8460c878d5fcceaafe6b9382bff608580e49d1649e2d73e2bd395b0177615f5f

SHA512
c63d1a29dfc6f820ebb9299be9129493540f5b8251ba0fc781ec978c1edc40949946911351d9b1a95fa637eb302f918e1d4fec1c49c8facc27ffb131902b7aa0

Download Submit
C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\engine.dll

Filesize
117KB

MD5
90e191fb04c0f3288041eb4821f6b74e

SHA1
64b537fe0cfde327df20abeae8bde9572df7709f

SHA256
8460c878d5fcceaafe6b9382bff608580e49d1649e2d73e2bd395b0177615f5f

SHA512
c63d1a29dfc6f820ebb9299be9129493540f5b8251ba0fc781ec978c1edc40949946911351d9b1a95fa637eb302f918e1d4fec1c49c8facc27ffb131902b7aa0

Download Submit
C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\filesystem_stdio.dll

Filesize
116KB

MD5
d9c4a776f838733c64331db0c87af459

SHA1
480aedeccdf5845de06c7bf39f59783a8fe92b1a

SHA256
4f7dca9537cdf20b65da599ffc33ea69e8a132239cfb6a3d0b1b623359dcda85

SHA512
5996c9a5cc5bc459b4dcdd7961690cbefdb741dd19338bfb4d1a864ce265e623f4e204dc6f1d4b0b84e66d0ae2f56b4f9bdb3cd7355f8a450703d0a2614d8d82

Download Submit
C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\guard.ini

Filesize
8KB

MD5
b56cc1f0f4a4649b57cd46d2dc5dde4f

SHA1
0a5f966d294ef4cc7373130b2bd065e75071a925

SHA256
744e04a3f3ca9787d87309f8e75ac1f0fb49f9b6691eedcb63183ef233187bc2

SHA512
506e7ad2fae089b84a7b1809e9990cfaecf832bb79d4098dcf49489b0d019ff9cb96d989c1845ce6903e656402c10e39aec3d8035e6779621e7c9abd28f18957

Download Submit
C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\hl.exe

Filesize
84KB

MD5
2098ccf443433129b556c2849fe99e26

SHA1
074ddbaff48c88b3b5c8f881c35d2be2bb19a249

SHA256
4a899986a879ffd4b7e2d819c49b47cb362d849e86917da1f1931ef476b414af

SHA512
fb4dcfd5371c89af775367d9f2ba72bfd42f8b483ba31b0e839b66f065e5e7a1ec34bf4504aaad17e38502be6917f0b3e415add81dc84fc6942996c0a8f95a10

Download Submit
C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\hl.exe

Filesize
84KB

MD5
2098ccf443433129b556c2849fe99e26

SHA1
074ddbaff48c88b3b5c8f881c35d2be2bb19a249

SHA256
4a899986a879ffd4b7e2d819c49b47cb362d849e86917da1f1931ef476b414af

SHA512
fb4dcfd5371c89af775367d9f2ba72bfd42f8b483ba31b0e839b66f065e5e7a1ec34bf4504aaad17e38502be6917f0b3e415add81dc84fc6942996c0a8f95a10

Download Submit
C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\hl.exe

Filesize
84KB

MD5
2098ccf443433129b556c2849fe99e26

SHA1
074ddbaff48c88b3b5c8f881c35d2be2bb19a249

SHA256
4a899986a879ffd4b7e2d819c49b47cb362d849e86917da1f1931ef476b414af

SHA512
fb4dcfd5371c89af775367d9f2ba72bfd42f8b483ba31b0e839b66f065e5e7a1ec34bf4504aaad17e38502be6917f0b3e415add81dc84fc6942996c0a8f95a10

Download Submit
C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\hl.exe

Filesize
84KB

MD5
2098ccf443433129b556c2849fe99e26

SHA1
074ddbaff48c88b3b5c8f881c35d2be2bb19a249

SHA256
4a899986a879ffd4b7e2d819c49b47cb362d849e86917da1f1931ef476b414af

SHA512
fb4dcfd5371c89af775367d9f2ba72bfd42f8b483ba31b0e839b66f065e5e7a1ec34bf4504aaad17e38502be6917f0b3e415add81dc84fc6942996c0a8f95a10

Download Submit
C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\hw.dll

Filesize
1.8MB

MD5
5d6ea160e24e193ce6fb697c39d7ce7f

SHA1
de1605036b5018aba20d6173ebad10ad7016b1c4

SHA256
e091efd0fe66efdacc04270a1bf9db85b38d0bebd20b27c0a9388767cbf1b20d

SHA512
a9cb41c3892efe89d0ca2293500975ca24d9b782f445e3737422e9831e1d4d815757b47276d380ce43dc792c310fd7fa3dac4e2275969145d95de3d9eac57ae4

Download Submit
C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\hw.dll

Filesize
1.8MB

MD5
5d6ea160e24e193ce6fb697c39d7ce7f

SHA1
de1605036b5018aba20d6173ebad10ad7016b1c4

SHA256
e091efd0fe66efdacc04270a1bf9db85b38d0bebd20b27c0a9388767cbf1b20d

SHA512
a9cb41c3892efe89d0ca2293500975ca24d9b782f445e3737422e9831e1d4d815757b47276d380ce43dc792c310fd7fa3dac4e2275969145d95de3d9eac57ae4

Download Submit
C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\hw.dll

Filesize
1.8MB

MD5
5d6ea160e24e193ce6fb697c39d7ce7f

SHA1
de1605036b5018aba20d6173ebad10ad7016b1c4

SHA256
e091efd0fe66efdacc04270a1bf9db85b38d0bebd20b27c0a9388767cbf1b20d

SHA512
a9cb41c3892efe89d0ca2293500975ca24d9b782f445e3737422e9831e1d4d815757b47276d380ce43dc792c310fd7fa3dac4e2275969145d95de3d9eac57ae4

Download Submit
C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\hwpatcher.dll

Filesize
136KB

MD5
e234cd91a43561690479124e52995732

SHA1
14399f4a0c1fc6f8a42afa7302578bf7bdfe43a9

SHA256
ff0eab0171830f48cdb2812ae4e4408a67de3e9d2ef971b511901534797bc660

SHA512
74849a5bd6451d63e1796def06aa7f471e3f07171118fa27bfc2292a737548c2f0301cd357c8c9c445ac81099cb4165307aff0eb6e8d6ecd52d0c05f4bddd134

Download Submit
C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\hwpatcher.dll

Filesize
136KB

MD5
e234cd91a43561690479124e52995732

SHA1
14399f4a0c1fc6f8a42afa7302578bf7bdfe43a9

SHA256
ff0eab0171830f48cdb2812ae4e4408a67de3e9d2ef971b511901534797bc660

SHA512
74849a5bd6451d63e1796def06aa7f471e3f07171118fa27bfc2292a737548c2f0301cd357c8c9c445ac81099cb4165307aff0eb6e8d6ecd52d0c05f4bddd134

Download Submit
C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\j6A2cJQg.dat

Filesize
40KB

MD5
e1cd35bbc28f73b7481e8835ee0f0b13

SHA1
ef40d489c61b178b54f8116548662ee876e0133f

SHA256
6ecef9ef0f62491d595b2f32c69b53c53a1b3a8a7c9dea39d56c6861f5b93bdf

SHA512
baf6f9063f95e6d699088ec4c0611825e030382ff913084feb7f913cc8f011d079b6c7143359391d8e30a5e26ac5a5358882b20e3ac31c5afdbe8867ff6f62a3

Download Submit
C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\j6A2cJQg.dat

Filesize
40KB

MD5
e1cd35bbc28f73b7481e8835ee0f0b13

SHA1
ef40d489c61b178b54f8116548662ee876e0133f

SHA256
6ecef9ef0f62491d595b2f32c69b53c53a1b3a8a7c9dea39d56c6861f5b93bdf

SHA512
baf6f9063f95e6d699088ec4c0611825e030382ff913084feb7f913cc8f011d079b6c7143359391d8e30a5e26ac5a5358882b20e3ac31c5afdbe8867ff6f62a3

Download Submit
C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\mexSJn4Y.dat

Filesize
40KB

MD5
e1cd35bbc28f73b7481e8835ee0f0b13

SHA1
ef40d489c61b178b54f8116548662ee876e0133f

SHA256
6ecef9ef0f62491d595b2f32c69b53c53a1b3a8a7c9dea39d56c6861f5b93bdf

SHA512
baf6f9063f95e6d699088ec4c0611825e030382ff913084feb7f913cc8f011d079b6c7143359391d8e30a5e26ac5a5358882b20e3ac31c5afdbe8867ff6f62a3

Download Submit
C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\mexSJn4Y.dat

Filesize
40KB

MD5
e1cd35bbc28f73b7481e8835ee0f0b13

SHA1
ef40d489c61b178b54f8116548662ee876e0133f

SHA256
6ecef9ef0f62491d595b2f32c69b53c53a1b3a8a7c9dea39d56c6861f5b93bdf

SHA512
baf6f9063f95e6d699088ec4c0611825e030382ff913084feb7f913cc8f011d079b6c7143359391d8e30a5e26ac5a5358882b20e3ac31c5afdbe8867ff6f62a3

Download Submit
C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\mss32.dll

Filesize
340KB

MD5
9e9d108524bfc8ac279d0511aed29523

SHA1
7a9bf3140ea0235ae306320087288e17f631862f

SHA256
5e1e2de449db99edeffdc66d042335911bd49ab824f383f9a7570e88e499bd42

SHA512
a1da34d25de2aa10c368206b81eca055ac3954eebd5117637faf86776681cd3b6f7309d913364923de013c77ae3f5181e6aa6913a6fab906017f53c0dc8b5f40

Download Submit
C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\platform\hwpatcher.ini

Filesize
59B

MD5
137a27daf09a69f863356e9776175dfe

SHA1
863b4837b51a2211b3a1685447ed9c7e26757b8a

SHA256
7c68f1bdbd583987194055b547f828464996cb5aa674d52dddc0112f1bd255f9

SHA512
0796933b525821da8c78205f893cfc880003b073dd0643ab9e5c33c489c5d2c28392e22c0db0fd2f91fd4433f90eb90c165f5baa065f4e88a981438bbd1246e9

Download Submit
C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\revSrvBrowser.dll

Filesize
145KB

MD5
ca9fcc27610ca2e6d0ffd9580f2856c1

SHA1
7dd3ca61de3c5f6421d63d32c9ea8985b51eb51c

SHA256
fe0a229de50f31349ab4bd99d0d4e907371e77b1f06e7abd7217176e9c30405c

SHA512
1bff5e955fd41a56da8c7a42a3f53a33f774f9c88033c49687d84fcc2b64d8cf455d742ac8d2edfd9e7cdbad653870c924e14378d6cd421ebee23a9dd3369d17

Download Submit
C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\revSrvBrowser.dll

Filesize
145KB

MD5
ca9fcc27610ca2e6d0ffd9580f2856c1

SHA1
7dd3ca61de3c5f6421d63d32c9ea8985b51eb51c

SHA256
fe0a229de50f31349ab4bd99d0d4e907371e77b1f06e7abd7217176e9c30405c

SHA512
1bff5e955fd41a56da8c7a42a3f53a33f774f9c88033c49687d84fcc2b64d8cf455d742ac8d2edfd9e7cdbad653870c924e14378d6cd421ebee23a9dd3369d17

Download Submit
C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\steam_api_c.dll

Filesize
68KB

MD5
24e0f2298014291decb033e2813a2c8a

SHA1
8b206a6e16b56f2a3ccdca2241cc3d4ec79c8011

SHA256
7143e265f1371e3f2ac9ad2f041640a9e1574d91c1fc3914e6b28685f8c3606a

SHA512
c84905a445e11855e50096afb849cc4d7bc2edaff110d5dcb6c4b18c9e8a45584d47f30b3fad906bfa9056cab8aa63ac21e585f1ce8127ee36cad6e7ea0c09d7

Download Submit
C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\steam_api_c.dll

Filesize
68KB

MD5
24e0f2298014291decb033e2813a2c8a

SHA1
8b206a6e16b56f2a3ccdca2241cc3d4ec79c8011

SHA256
7143e265f1371e3f2ac9ad2f041640a9e1574d91c1fc3914e6b28685f8c3606a

SHA512
c84905a445e11855e50096afb849cc4d7bc2edaff110d5dcb6c4b18c9e8a45584d47f30b3fad906bfa9056cab8aa63ac21e585f1ce8127ee36cad6e7ea0c09d7

Download Submit
C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\steam_api_c.dll

Filesize
68KB

MD5
24e0f2298014291decb033e2813a2c8a

SHA1
8b206a6e16b56f2a3ccdca2241cc3d4ec79c8011

SHA256
7143e265f1371e3f2ac9ad2f041640a9e1574d91c1fc3914e6b28685f8c3606a

SHA512
c84905a445e11855e50096afb849cc4d7bc2edaff110d5dcb6c4b18c9e8a45584d47f30b3fad906bfa9056cab8aa63ac21e585f1ce8127ee36cad6e7ea0c09d7

Download Submit
C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\steam_appid.txt

Filesize
2B

MD5
d3d9446802a44259755d38e6d163e820

SHA1
b1d5781111d84f7b3fe45a0852e59758cd7a87e5

SHA256
4a44dc15364204a80fe80e9039455cc1608281820fe2b24f1e5233ade6af1dd5

SHA512
3c11e4f316c956a27655902dc1a19b925b8887d59eff791eea63edc8a05454ec594d5eb0f40ae151df87acd6e101761ecc5bb0d3b829bf3a85f5432493b22f37

Download Submit
C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\steamclient.dll

Filesize
383KB

MD5
3681b36899ba9c8e6c27b16ab54b8e8c

SHA1
094a8a18e9afab3143d1d35157e987d61bf7f507

SHA256
4f80c5e97a2c4ab5a192abaa9953029fdaeb035829015ce2f01dcf8cfb73ec48

SHA512
59460d2a305e8b99eef7c9af1825f7886cabcdced3630b273fafa595d60eb81d1165bde413fea46e1a0245b4db02abf595bc6f241f5cecfce75d3113bf6b116b

Download Submit
C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\steamclient.dll

Filesize
383KB

MD5
3681b36899ba9c8e6c27b16ab54b8e8c

SHA1
094a8a18e9afab3143d1d35157e987d61bf7f507

SHA256
4f80c5e97a2c4ab5a192abaa9953029fdaeb035829015ce2f01dcf8cfb73ec48

SHA512
59460d2a305e8b99eef7c9af1825f7886cabcdced3630b273fafa595d60eb81d1165bde413fea46e1a0245b4db02abf595bc6f241f5cecfce75d3113bf6b116b

Download Submit
C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\sw.dll

Filesize
1.6MB

MD5
06bb446c2209d6299eb1f86b952f911c

SHA1
f6d051a748492cadc494504c3d86238ad90dd4c9

SHA256
33013d52cfb2f418ee41f9810c9d3b644744ec99d0587b40ef48e8fe5635120f

SHA512
8f0fb392cf2986a0865725ce5299123991c8a4155dc7ecc6baa08823b8522025954a94555c14318bea76779f73c86d8c1986ab9cd8b2c29d791e1b726fa05fc8

Download Submit
C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\sw.dll

Filesize
1.6MB

MD5
06bb446c2209d6299eb1f86b952f911c

SHA1
f6d051a748492cadc494504c3d86238ad90dd4c9

SHA256
33013d52cfb2f418ee41f9810c9d3b644744ec99d0587b40ef48e8fe5635120f

SHA512
8f0fb392cf2986a0865725ce5299123991c8a4155dc7ecc6baa08823b8522025954a94555c14318bea76779f73c86d8c1986ab9cd8b2c29d791e1b726fa05fc8

Download Submit
C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\sw.dll

Filesize
1.6MB

MD5
06bb446c2209d6299eb1f86b952f911c

SHA1
f6d051a748492cadc494504c3d86238ad90dd4c9

SHA256
33013d52cfb2f418ee41f9810c9d3b644744ec99d0587b40ef48e8fe5635120f

SHA512
8f0fb392cf2986a0865725ce5299123991c8a4155dc7ecc6baa08823b8522025954a94555c14318bea76779f73c86d8c1986ab9cd8b2c29d791e1b726fa05fc8

Download Submit
C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\vgui.dll

Filesize
344KB

MD5
d44ee82601ae62ede3e224269a0bbf53

SHA1
2d00b1d5e052584c6c86ec08795d56d2181a91ee

SHA256
0d4472d21443de839080860a300cca6b9436508f329d33d712e5c9bc07d4d998

SHA512
00dba1a1d88bbc8f77f86ac45068d3f071805a13bf30c7f5c3f3168d3b799e773a1a3a7decab7931a9104bfe91dc8d60cc54b9e82a12e01b29dfe13c4fd1d398

Download Submit
C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\vgui.dll

Filesize
344KB

MD5
d44ee82601ae62ede3e224269a0bbf53

SHA1
2d00b1d5e052584c6c86ec08795d56d2181a91ee

SHA256
0d4472d21443de839080860a300cca6b9436508f329d33d712e5c9bc07d4d998

SHA512
00dba1a1d88bbc8f77f86ac45068d3f071805a13bf30c7f5c3f3168d3b799e773a1a3a7decab7931a9104bfe91dc8d60cc54b9e82a12e01b29dfe13c4fd1d398

Download Submit
C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\vgui.dll

Filesize
344KB

MD5
d44ee82601ae62ede3e224269a0bbf53

SHA1
2d00b1d5e052584c6c86ec08795d56d2181a91ee

SHA256
0d4472d21443de839080860a300cca6b9436508f329d33d712e5c9bc07d4d998

SHA512
00dba1a1d88bbc8f77f86ac45068d3f071805a13bf30c7f5c3f3168d3b799e773a1a3a7decab7931a9104bfe91dc8d60cc54b9e82a12e01b29dfe13c4fd1d398

Download Submit
C:\Program Files (x86)\Counter Strike 1.6 ðóññêàÿ âåðñèÿ\vgui.dll

Filesize
344KB

MD5
d44ee82601ae62ede3e224269a0bbf53

SHA1
2d00b1d5e052584c6c86ec08795d56d2181a91ee

SHA256
0d4472d21443de839080860a300cca6b9436508f329d33d712e5c9bc07d4d998

SHA512
00dba1a1d88bbc8f77f86ac45068d3f071805a13bf30c7f5c3f3168d3b799e773a1a3a7decab7931a9104bfe91dc8d60cc54b9e82a12e01b29dfe13c4fd1d398

Download Submit
C:\Users\Admin\AppData\Local\Temp\interium\crack\v4.dll

Filesize
14.7MB

MD5
4b25ddde53db2c330ba626907a215567

SHA1
d9b91e07b7c865d665c1304bcb6c5f6c23e21458

SHA256
71030519768ec7c316add9d354df5d05c307218c459acf6b57f1d8cf3007f7aa

SHA512
f193bd0d6ecb0f27e3c37acfb64ab6a0658ad88d42b15655be6f42bf83b6aa202088acb9d4e590fb76263d88926f9b063bb25c1593b2bfcaa3018220a433aef7

Download Submit
C:\Users\Admin\Downloads\CS16Russian.exe

Filesize
203.8MB

MD5
89dfae9f150e1a9ec305df7dade77a84

SHA1
de1822f7e0947c8fb35904e3d4b998bcd7b676c8

SHA256
0dc721060d5e7bc3b478e97b97b34cfd4b523073aa07c0389913507205d3ff95

SHA512
07c1d793af04d4071ef72cafd03d64f733bf7e795255c815b8d56ead1283e64c9be8846879ff76a871346093377a4b59c264afd7912468f89854c89293de1254

Download Submit
C:\Users\Admin\Downloads\CS16Russian.exe

Filesize
203.8MB

MD5
89dfae9f150e1a9ec305df7dade77a84

SHA1
de1822f7e0947c8fb35904e3d4b998bcd7b676c8

SHA256
0dc721060d5e7bc3b478e97b97b34cfd4b523073aa07c0389913507205d3ff95

SHA512
07c1d793af04d4071ef72cafd03d64f733bf7e795255c815b8d56ead1283e64c9be8846879ff76a871346093377a4b59c264afd7912468f89854c89293de1254

Download Submit
\??\c:\program files (x86)\counter strike 1.6 ðóññêàÿ âåðñèÿ\cstrike\game.ico

Filesize
7KB

MD5
4335bd4014d837b4c94896ce8833be2a

SHA1
f16b5951eed02e3c3516389031374e95268d9ce7

SHA256
13a9046a55d6059bbf1df982569ca56a6e6d48f70917103fb71256b41e473168

SHA512
38f1b35e0689e753c673464905dd3c9f23766cfbe6e76e1fc1a47633cfe614992e964c18fe30332b658c6e4d741e9da995b16e246ce0e1d7eb1e63d49abb121f

Download Submit
\??\c:\program files (x86)\counter strike 1.6 ðóññêàÿ âåðñèÿ\cstrike\liblist.gam

Filesize
275B

MD5
aed5dea894eb6a9ce9717e377c989dfb

SHA1
6b061b18490f67db43c0e5c612954cc1c63d38a0

SHA256
44b44b2842c225fdf746e6d2b5df9861109524c78e0d041049a0f5cbd60a294d

SHA512
c8587a087aac61d30d47dbeb9d616ed6450e0fb25901d12af56960132c16f42be6c1a5692b5cafe76f15ad06a6cf1b81f7986d0ac02175f64a3f9a9e1c93df07

Download Submit
\??\c:\program files (x86)\counter strike 1.6 ðóññêàÿ âåðñèÿ\cstrike\resource\background\800_1_a_loading.tga

Filesize
192KB

MD5
b7a56d00124b089cd1633632478a12ae

SHA1
fd4fca3aad970868a209f13204b09ba56f1df575

SHA256
c55efedcae6fc7782889166b4727b7189bd6e9d721ffb1e1c9bfaec861f60f69

SHA512
d75147f3704409128a3cfb39c20f423008b87b7a0e8dfc2f0da88751a287b661e1a7319c15bea102071c0e260d360b480dbc9e393593fe13e16bc8bb330e98a9

Download Submit
\??\c:\program files (x86)\counter strike 1.6 ðóññêàÿ âåðñèÿ\cstrike\resource\background\800_1_b_loading.tga

Filesize
192KB

MD5
81560a6be0a3ff694650c60150bb0580

SHA1
5d724329ad04ff85fafd6a40aa45e1b1e8a2e084

SHA256
7f36623408898201fa6ee836aa13c91a2d1436e0b846f2994fc7238bb255e0f0

SHA512
16751f050b5038485ebf3eae94afd649d978f2bf6ff6baefb1f62c6b1c6170a18fb06ad07f5cee09779184e4f284d087c20032e081b8051e01a0b408b5f00bb5

Download Submit
\??\c:\program files (x86)\counter strike 1.6 ðóññêàÿ âåðñèÿ\cstrike\resource\background\800_1_c_loading.tga

Filesize
192KB

MD5
1e97021c25463fa222206730f49bd096

SHA1
7b8e51cee73981db0c208dbd6d860aeb10066756

SHA256
80e9489996b9979c8565d1197a089adb12ae35592ff46fc63b960edfd109bb07

SHA512
683cdd3e97db8ac14a8c4892bccf4b9bd3853c7b9599e5cc647332c19970380a9b2baa3b20262921ba81a5a48298e1521a5753f4bb72ffdefe4b87da8f272699

Download Submit
\??\c:\program files (x86)\counter strike 1.6 ðóññêàÿ âåðñèÿ\cstrike\resource\background\800_1_d_loading.tga

Filesize
24KB

MD5
5e7d7efd31feb731b23301e861863483

SHA1
ebbe1eceb733d22cf7138ed64d49192f53d8ef46

SHA256
c762fdd3e790069866aff6e4701707ce03dfe5f5012ffc75f8a47c897f306a3c

SHA512
1e22b36823b9d0fcdd73a646a85b9c5d05645f1ddb95983e232e9fa61bdaf9c331e84ec5576c26103be917b9316a9a861bdc01645c2296fb3665f8df79ff0e2e

Download Submit
\??\c:\program files (x86)\counter strike 1.6 ðóññêàÿ âåðñèÿ\cstrike\resource\background\800_2_a_loading.tga

Filesize
192KB

MD5
9ea7c4380d1ec52794d7dc127955ce18

SHA1
f6dba12782153b96845f3ba03d87c4012119ba68

SHA256
fe52e1f9ba55d2dcc780909af0ad800f165421c79ad3712ac64c8e1a59a783e1

SHA512
76420eb37381b9cabd807d72c98c62506ac65a4d5715c88426f9fccefdb048fc98afdecdfce59642bb934c5b3d0809c25144f825fc672aa2cc5254da429ab626

Download Submit
\??\c:\program files (x86)\counter strike 1.6 ðóññêàÿ âåðñèÿ\cstrike\resource\background\800_2_b_loading.tga

Filesize
192KB

MD5
298275828b9ce5cf05ed5dbfffa06c41

SHA1
e0401f626dd43a725e997b47e04a4ce961d9fb30

SHA256
5e00d24840241f8f92fe9bd6bb43095677d17294d727ab21dc16df728c1f58fb

SHA512
fcaf359ea5a5cc2a6c5f7584dd6e48dff10069935b47efec2f525ddf1d016712721e5f90722fb99372b736b96f8de9d6f1127da1942fdb9a27f3845af5b0e520

Download Submit
\??\c:\program files (x86)\counter strike 1.6 ðóññêàÿ âåðñèÿ\cstrike\resource\background\800_2_c_loading.tga

Filesize
192KB

MD5
a388fe91133ccf4471f801a5cbf26af7

SHA1
85c497beb9892fdc6ef05bbc55c24d6b86775a47

SHA256
0cf3b4414d91dc4bc61e460bb2ab99ab4bc7a2a357f0be625df3274704e799a8

SHA512
a60888b0ae2fa46115686bc605351e48832e9979cc006e7082c894ac7d19f99297c3fb031222f29ab707c5273bdc2353efed1c52cb96b5a2a509fcee04a0f08e

Download Submit
\??\c:\program files (x86)\counter strike 1.6 ðóññêàÿ âåðñèÿ\cstrike\resource\background\800_2_d_loading.tga

Filesize
24KB

MD5
6eac2d343d58d358c4488aa0d1136225

SHA1
bcdaeaae85e85502fcfbc977c4b6696790f03357

SHA256
6d7160deb904ef2f4ebbb6c9b1569630203c93ebce69d8ce204ffc57d05a55f7

SHA512
d6d239b4395f14bf91c2ddd72b99bd8189cc83883851e451470b2195641572b5e8dd68ac017981d4b87bd5bcb66fee6fa2e6fa0a28d1a8b3ff595fc0ccda73f5

Download Submit
\??\c:\program files (x86)\counter strike 1.6 ðóññêàÿ âåðñèÿ\cstrike\resource\background\800_3_a_loading.tga

Filesize
66KB

MD5
3d5514aaacb2bfe1fb2f78be9b998b97

SHA1
4e45110d525bae8e531b6ffcb2025e8b6412facf

SHA256
30d02365383affb1baab87cc4be50fc20c91928bdad7a226c8740d059792c34e

SHA512
b657142d2b4bd00a87a23b68354400d7a615a54a31a3d444d7d51b7dcd4d4bcafec87d5c7f8ab7dd904f776503bb9ae95de2627ffec0c235f111d695acae0b2f

Download Submit
\??\c:\program files (x86)\counter strike 1.6 ðóññêàÿ âåðñèÿ\cstrike\resource\background\800_3_b_loading.tga

Filesize
66KB

MD5
f6d8acbc7b9dca0c0b509153aaf6c4bb

SHA1
c7b2632a1e60b2c7b253358d5e4f547129319c42

SHA256
305add1f2876ff296c015d8ffd65c44ad75b38bdbbac196d97c7b20e6bff0c58

SHA512
29d12c83da901c9a438ccd4c0f06e4bbfabd4c9c47295a633b29226a8848b6961c392579badf1506c3a68645ca19f1172c22b38f27960086ceba879bc9631f50

Download Submit
\??\c:\program files (x86)\counter strike 1.6 ðóññêàÿ âåðñèÿ\cstrike\resource\background\800_3_c_loading.tga

Filesize
66KB

MD5
386221efc38d174504d844527fbe5a7c

SHA1
05869b2726c5146649a28775aab3f68677fea8b4

SHA256
55f325a2f6d03e2fc976927d2a87a50b2d03de7fc32e7a349773b739df4cbd19

SHA512
b50b20e4b62e274618ff85a92989f72f070fff579f971104c077f7c5a74a52a6360814c2b5b23cc5a6fb983354d9400f2bfe753f646d538e1a06d7c240cdb894

Download Submit
\??\c:\program files (x86)\counter strike 1.6 ðóññêàÿ âåðñèÿ\cstrike\resource\background\800_3_d_loading.tga

Filesize
8KB

MD5
2b4f20924c00865da19989829f130f08

SHA1
3ad9336f4055ba3009507ccbec9fc1b498330f2e

SHA256
9ed9b9792bfbe068e3386075a8978adaf027bbd3eaccdead447f20d44a085d33

SHA512
069b833539aacf556b15300f40fc51a856ef242fe5a0e7e5aa530276a7e8c98c7626e28b9cacb07b00219b1472d0e63f31adc6b058d49896c6c858b4af4a71b3

Download Submit
\??\c:\program files (x86)\counter strike 1.6 ðóññêàÿ âåðñèÿ\cstrike\sound\sentences.txt

Filesize
21KB

MD5
2e1f0d6eceae61d0285ca51932277491

SHA1
e4543e52bcd806dfb3ed83adc769e1c578022768

SHA256
ea850d30fc680f87c0cd09684e910ed75c174c28fdf1944725a924c43c4bc8f0

SHA512
06295dbddd1b939c228e34664f59abcdda249f96dc24f38801871dc12568f44e05fb76d55642a86ed806cabac83bbbacbe10910e1f841bfe75a6f353dc9c0f32

Download Submit
\??\c:\program files (x86)\counter strike 1.6 ðóññêàÿ âåðñèÿ\rev.ini

Filesize
282B

MD5
b580c2ca495fe733f5941a8aa54dd795

SHA1
e2637e0edb0dd57a46ac22921bd156b7068289da

SHA256
8177c99d5636ecb51d1b98a2fead085c8d3a2fc5d7a4f969a9701a31f90ae6d6

SHA512
2b6f6d64a11e00f8180ebee921a70033498f05ad0530aa47164425893f687625aa4073929e5d2bc3e48f7d50dd7450dffd5b8ae36bfbe851adc421173cd1686a

Download Submit
\??\c:\program files (x86)\counter strike 1.6 ðóññêàÿ âåðñèÿ\valve\resource\BackgroundLoadingLayout.txt

Filesize
714B

MD5
11136b7cff2358ebf01fb0d8783fa793

SHA1
05f5a267828975d2c43f90b73962b971b9672954

SHA256
f1d2461e3936ab6397a852f4efb971ad807bea0c6c99ca8377886ccd88ada750

SHA512
b8dbb295b7d5a9b5f811d4c63f9dfd6dba232269f5b04c259f817ed7c915bfd12d2df0b71efc2442b40db677f3c16a8c12e8135da7b76dc55a607949599caee4

Download Submit
memory/1660-248-0x0000000004931000-0x0000000004A5E000-memory.dmp

Filesize
1.2MB

Download
memory/1660-256-0x0000000004931000-0x0000000004A5E000-memory.dmp

Filesize
1.2MB

Download
memory/1660-338-0x0000000006664000-0x000000000698D000-memory.dmp

Filesize
3.2MB

Download
memory/1660-337-0x0000000070360000-0x00000000721AC000-memory.dmp

Filesize
30.3MB

Download
memory/1660-336-0x0000000008C10000-0x0000000008D97000-memory.dmp

Filesize
1.5MB

Download
memory/1660-332-0x0000000006664000-0x000000000698D000-memory.dmp

Filesize
3.2MB

Download
memory/1660-329-0x0000000070360000-0x00000000721AC000-memory.dmp

Filesize
30.3MB

Download
memory/1660-328-0x0000000008C10000-0x0000000008D97000-memory.dmp

Filesize
1.5MB

Download
memory/1660-327-0x0000000008C10000-0x0000000008D97000-memory.dmp

Filesize
1.5MB

Download
memory/1660-243-0x0000000004931000-0x0000000004A5E000-memory.dmp

Filesize
1.2MB

Download
memory/1660-245-0x0000000004931000-0x0000000004A5E000-memory.dmp

Filesize
1.2MB

Download
memory/1660-246-0x0000000004931000-0x0000000004A5E000-memory.dmp

Filesize
1.2MB

Download
memory/1660-247-0x0000000005490000-0x0000000005494000-memory.dmp

Filesize
16KB

Download
memory/1660-222-0x0000000004930000-0x0000000005483000-memory.dmp

Filesize
11.3MB

Download
memory/1660-226-0x0000000001110000-0x0000000001168000-memory.dmp

Filesize
352KB

Download
memory/1660-249-0x0000000004931000-0x0000000004A5E000-memory.dmp

Filesize
1.2MB

Download
memory/1660-228-0x00000000005F0000-0x0000000000630000-memory.dmp

Filesize
256KB

Download
memory/1660-227-0x00000000004A0000-0x00000000004B5000-memory.dmp

Filesize
84KB

Download
memory/1660-250-0x0000000004931000-0x0000000004A5E000-memory.dmp

Filesize
1.2MB

Download
memory/1660-230-0x00000000005C0000-0x00000000005CF000-memory.dmp

Filesize
60KB

Download
memory/1660-231-0x0000000001350000-0x000000000135F000-memory.dmp

Filesize
60KB

Download
memory/1660-234-0x0000000005780000-0x0000000005795000-memory.dmp

Filesize
84KB

Download
memory/1660-233-0x00000000055A0000-0x00000000055B5000-memory.dmp

Filesize
84KB

Download
memory/1660-232-0x0000000008D40000-0x0000000008E9B000-memory.dmp

Filesize
1.4MB

Download
memory/1660-235-0x0000000008FD0000-0x0000000009010000-memory.dmp

Filesize
256KB

Download
memory/1660-237-0x000000000BD00000-0x000000000BE87000-memory.dmp

Filesize
1.5MB

Download
memory/1660-238-0x000000000DBF0000-0x000000000DBFF000-memory.dmp

Filesize
60KB

Download
memory/1660-239-0x000000000D1D0000-0x000000000D1EE000-memory.dmp

Filesize
120KB

Download
memory/1660-240-0x000000000DC20000-0x000000000DC68000-memory.dmp

Filesize
288KB

Download
memory/1660-241-0x0000000004931000-0x0000000004A5E000-memory.dmp

Filesize
1.2MB

Download
memory/1660-242-0x0000000004931000-0x0000000004A5E000-memory.dmp

Filesize
1.2MB

Download
memory/1660-244-0x0000000004931000-0x0000000004A5E000-memory.dmp

Filesize
1.2MB

Download
memory/1660-251-0x0000000004931000-0x0000000004A5E000-memory.dmp

Filesize
1.2MB

Download
memory/1660-262-0x0000000004931000-0x0000000004A5E000-memory.dmp

Filesize
1.2MB

Download
memory/1660-261-0x0000000005490000-0x0000000005494000-memory.dmp

Filesize
16KB

Download
memory/1660-260-0x0000000004931000-0x0000000004A5E000-memory.dmp

Filesize
1.2MB

Download
memory/1660-259-0x0000000005490000-0x0000000005494000-memory.dmp

Filesize
16KB

Download
memory/1660-258-0x0000000004931000-0x0000000004A5E000-memory.dmp

Filesize
1.2MB

Download
memory/1660-257-0x0000000004931000-0x0000000004A5E000-memory.dmp

Filesize
1.2MB

Download
memory/1660-255-0x0000000004931000-0x0000000004A5E000-memory.dmp

Filesize
1.2MB

Download
memory/1660-254-0x0000000004931000-0x0000000004A5E000-memory.dmp

Filesize
1.2MB

Download
memory/1660-253-0x0000000004931000-0x0000000004A5E000-memory.dmp

Filesize
1.2MB

Download
memory/1660-252-0x0000000004931000-0x0000000004A5E000-memory.dmp

Filesize
1.2MB

Download
memory/4364-180-0x0000000000740000-0x0000000000780000-memory.dmp

Filesize
256KB

Download
memory/4364-175-0x00000000006C0000-0x0000000000718000-memory.dmp

Filesize
352KB

Download
memory/4364-177-0x0000000000720000-0x0000000000735000-memory.dmp

Filesize
84KB

Download
memory/4364-199-0x0000000005C70000-0x0000000005C7F000-memory.dmp

Filesize
60KB

Download
memory/4364-165-0x0000000004930000-0x0000000005B5A000-memory.dmp

Filesize
18.2MB

Download
memory/4364-186-0x0000000000B20000-0x0000000000B2F000-memory.dmp

Filesize
60KB

Download
memory/5308-152-0x0000000004934000-0x0000000004C5D000-memory.dmp

Filesize
3.2MB

Download
memory/5308-139-0x0000000072820000-0x000000007466C000-memory.dmp

Filesize
30.3MB

Download
memory/5308-154-0x0000000072820000-0x000000007466C000-memory.dmp

Filesize
30.3MB

Download
memory/5308-158-0x0000000072820000-0x000000007466C000-memory.dmp

Filesize
30.3MB

Download
memory/5308-146-0x0000000004930000-0x00000000051AF000-memory.dmp

Filesize
8.5MB

Download
memory/5308-148-0x0000000004930000-0x00000000051AF000-memory.dmp

Filesize
8.5MB

Download
memory/5308-138-0x0000000004930000-0x00000000051AF000-memory.dmp

Filesize
8.5MB

Download
memory/5308-157-0x0000000072820000-0x000000007466C000-memory.dmp

Filesize
30.3MB

Download
memory/5864-390-0x000000000BAB0000-0x000000000BC37000-memory.dmp

Filesize
1.5MB

Download
memory/5864-391-0x000000000BAB0000-0x000000000BC37000-memory.dmp

Filesize
1.5MB

Download
memory/5864-392-0x0000000071020000-0x0000000072E6C000-memory.dmp

Filesize
30.3MB

Download
memory/5864-395-0x0000000006744000-0x0000000006A6D000-memory.dmp

Filesize
3.2MB

Download
memory/5864-399-0x000000000BAB0000-0x000000000BC37000-memory.dmp

Filesize
1.5MB

Download
memory/5864-400-0x0000000071020000-0x0000000072E6C000-memory.dmp

Filesize
30.3MB

Download
memory/5864-401-0x0000000006744000-0x0000000006A6D000-memory.dmp

Filesize
3.2MB

Download