hxxps://gofile[.]io/d/mVRtyy

Analysis

max time kernel
1366s
max time network
1160s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
31/10/2023, 22:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gofile.io/d/mVRtyy

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
4744	unsteam_loader_x64.exe
3036	unsteam_loader_x64.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133432666498563124"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings	chrome.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
4304	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4812	chrome.exe
4812	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe

Suspicious use of AdjustPrivilegeToken 34 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeRestorePrivilege	3536	7zG.exe
Token: 35	3536	7zG.exe
Token: SeSecurityPrivilege	3536	7zG.exe
Token: SeSecurityPrivilege	3536	7zG.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
3536	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4812 wrote to memory of 4972	4812	chrome.exe	87
PID 4812 wrote to memory of 4972	4812	chrome.exe	87
PID 4812 wrote to memory of 4828	4812	chrome.exe	90
PID 4812 wrote to memory of 4828	4812	chrome.exe	90
PID 4812 wrote to memory of 4828	4812	chrome.exe	90
PID 4812 wrote to memory of 4828	4812	chrome.exe	90
PID 4812 wrote to memory of 4828	4812	chrome.exe	90
PID 4812 wrote to memory of 4828	4812	chrome.exe	90
PID 4812 wrote to memory of 4828	4812	chrome.exe	90
PID 4812 wrote to memory of 4828	4812	chrome.exe	90
PID 4812 wrote to memory of 4828	4812	chrome.exe	90
PID 4812 wrote to memory of 4828	4812	chrome.exe	90
PID 4812 wrote to memory of 4828	4812	chrome.exe	90
PID 4812 wrote to memory of 4828	4812	chrome.exe	90
PID 4812 wrote to memory of 4828	4812	chrome.exe	90
PID 4812 wrote to memory of 4828	4812	chrome.exe	90
PID 4812 wrote to memory of 4828	4812	chrome.exe	90
PID 4812 wrote to memory of 4828	4812	chrome.exe	90
PID 4812 wrote to memory of 4828	4812	chrome.exe	90
PID 4812 wrote to memory of 4828	4812	chrome.exe	90
PID 4812 wrote to memory of 4828	4812	chrome.exe	90
PID 4812 wrote to memory of 4828	4812	chrome.exe	90
PID 4812 wrote to memory of 4828	4812	chrome.exe	90
PID 4812 wrote to memory of 4828	4812	chrome.exe	90
PID 4812 wrote to memory of 4828	4812	chrome.exe	90
PID 4812 wrote to memory of 4828	4812	chrome.exe	90
PID 4812 wrote to memory of 4828	4812	chrome.exe	90
PID 4812 wrote to memory of 4828	4812	chrome.exe	90
PID 4812 wrote to memory of 4828	4812	chrome.exe	90
PID 4812 wrote to memory of 4828	4812	chrome.exe	90
PID 4812 wrote to memory of 4828	4812	chrome.exe	90
PID 4812 wrote to memory of 4828	4812	chrome.exe	90
PID 4812 wrote to memory of 4828	4812	chrome.exe	90
PID 4812 wrote to memory of 4828	4812	chrome.exe	90
PID 4812 wrote to memory of 4828	4812	chrome.exe	90
PID 4812 wrote to memory of 4828	4812	chrome.exe	90
PID 4812 wrote to memory of 4828	4812	chrome.exe	90
PID 4812 wrote to memory of 4828	4812	chrome.exe	90
PID 4812 wrote to memory of 4828	4812	chrome.exe	90
PID 4812 wrote to memory of 4828	4812	chrome.exe	90
PID 4812 wrote to memory of 1516	4812	chrome.exe	91
PID 4812 wrote to memory of 1516	4812	chrome.exe	91
PID 4812 wrote to memory of 4800	4812	chrome.exe	92
PID 4812 wrote to memory of 4800	4812	chrome.exe	92
PID 4812 wrote to memory of 4800	4812	chrome.exe	92
PID 4812 wrote to memory of 4800	4812	chrome.exe	92
PID 4812 wrote to memory of 4800	4812	chrome.exe	92
PID 4812 wrote to memory of 4800	4812	chrome.exe	92
PID 4812 wrote to memory of 4800	4812	chrome.exe	92
PID 4812 wrote to memory of 4800	4812	chrome.exe	92
PID 4812 wrote to memory of 4800	4812	chrome.exe	92
PID 4812 wrote to memory of 4800	4812	chrome.exe	92
PID 4812 wrote to memory of 4800	4812	chrome.exe	92
PID 4812 wrote to memory of 4800	4812	chrome.exe	92
PID 4812 wrote to memory of 4800	4812	chrome.exe	92
PID 4812 wrote to memory of 4800	4812	chrome.exe	92
PID 4812 wrote to memory of 4800	4812	chrome.exe	92
PID 4812 wrote to memory of 4800	4812	chrome.exe	92
PID 4812 wrote to memory of 4800	4812	chrome.exe	92
PID 4812 wrote to memory of 4800	4812	chrome.exe	92
PID 4812 wrote to memory of 4800	4812	chrome.exe	92
PID 4812 wrote to memory of 4800	4812	chrome.exe	92
PID 4812 wrote to memory of 4800	4812	chrome.exe	92
PID 4812 wrote to memory of 4800	4812	chrome.exe	92

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://gofile.io/d/mVRtyy
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc272d9758,0x7ffc272d9768,0x7ffc272d9778
  2⤵
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1768 --field-trial-handle=1780,i,18288573471097776275,13673085817376627946,131072 /prefetch:2
  2⤵
  PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1780,i,18288573471097776275,13673085817376627946,131072 /prefetch:8
  2⤵
  PID:1516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1780,i,18288573471097776275,13673085817376627946,131072 /prefetch:8
  2⤵
  PID:4800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3024 --field-trial-handle=1780,i,18288573471097776275,13673085817376627946,131072 /prefetch:1
  2⤵
  PID:2868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3012 --field-trial-handle=1780,i,18288573471097776275,13673085817376627946,131072 /prefetch:1
  2⤵
  PID:3224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4668 --field-trial-handle=1780,i,18288573471097776275,13673085817376627946,131072 /prefetch:1
  2⤵
  PID:3716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3868 --field-trial-handle=1780,i,18288573471097776275,13673085817376627946,131072 /prefetch:1
  2⤵
  PID:3328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5268 --field-trial-handle=1780,i,18288573471097776275,13673085817376627946,131072 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 --field-trial-handle=1780,i,18288573471097776275,13673085817376627946,131072 /prefetch:8
  2⤵
  PID:2696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 --field-trial-handle=1780,i,18288573471097776275,13673085817376627946,131072 /prefetch:8
  2⤵
  PID:1184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5692 --field-trial-handle=1780,i,18288573471097776275,13673085817376627946,131072 /prefetch:1
  2⤵
  PID:628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6116 --field-trial-handle=1780,i,18288573471097776275,13673085817376627946,131072 /prefetch:8
  2⤵
  PID:4608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5968 --field-trial-handle=1780,i,18288573471097776275,13673085817376627946,131072 /prefetch:1
  2⤵
  PID:5344

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4732

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5728

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap18155:100:7zEvent8690
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3536

C:\Users\Admin\Downloads\unsteam_loader_x64.exe
"C:\Users\Admin\Downloads\unsteam_loader_x64.exe"
1⤵
- Executes dropped EXE
PID:4744

C:\Users\Admin\Downloads\unsteam_loader_x64.exe
"C:\Users\Admin\Downloads\unsteam_loader_x64.exe"
1⤵
- Executes dropped EXE
PID:3036

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\unsteam.ini
1⤵
- Opens file in notepad (likely ransom note)
PID:4304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
113KB

MD5
f3a3516520962e01d804e9d64284dbe1

SHA1
5bda6a54907661a3d8ce5ea4732a5be8ff1ece91

SHA256
9b9c0d3c38fb04f7e9a71b7b73c6b633ce0345829eddce15e404783fb8c9a7ce

SHA512
d84c2eecdf8d733380f97e80fcd7d442b1b2ef4ee820fa69e0a807cbee32d6818e1d16122caa83146a3c1a9818117a6773302bfee7094e96564dd740ee1b412d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
bdddfc57c08ed9c60e742dba299f4c3c

SHA1
3c2b3105e652518d00fedf4de96e23711423fb33

SHA256
c93bfdd736d113065e9b924018466049727c514f18ee3fb3d1c7263f4f2bb390

SHA512
0d71f637e74d757852cbd33c4d0f6ac57b4f20969fb19c9d21bb7cde7d4979985d9be328632140993fb34833e5a43b3fce67ebab50d9a25f18bf165bdbe0f15e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
64e2f5749f308eed669b852d3883ebb7

SHA1
3571997274c50c1dd07d9dff0b1ef564738e9e7d

SHA256
e9263ce7babfded4ad7fc4c63703c0f3bb35d5fd72bafb0c7003bb7b3cb80eb2

SHA512
24032bff74821778914abbcd174bc73edfb8a5a3dab1e63688679d21c23edc3e75e20e225f615e0ac6fa9df60eb154db7b4c4cdfa210ae53ff4539417cd92152

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
094115dc2a4abce8fa7f6c6c38ae5d39

SHA1
8d57eda28734476d02d567591634952b851314be

SHA256
aaf8dadf63c76147a280f5f1fed92d0f153c46d33596c2deed051abf3f92150a

SHA512
1a500cc95b013cbbb173db465e4f42352b24412ced48e1961e190a89d93a7358a03052c8c830c01626b37e54f1585bf40090b46abc7d102ea8f693e22cdaba94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
0e4a235166c542d9ecc493ed2809ccf8

SHA1
9491197440d4567e4e1a0cea9e2dc5609f19a6cb

SHA256
5738d80713b3447d1365394e5dac1caf313c1135aefb8f07a56d54ffb2f30e16

SHA512
88b897c43127c02c20710942e7039aefac9d12bf8a5574ecc68480418d3842f763939b36cf31c92cfa36d76f965a3decce82156bf9d943861084949ffef00fd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
951a2b18bce50f96c29ea7d2ca5abc78

SHA1
b6b8edf245dd529330a93a1e615a0e4b327b09b4

SHA256
00eb44224d67e6891ee79b38f71de2272d5ad6b111367a1cd84cb92582ff22c9

SHA512
a6833e6a365eff2b5db49a10f32559b869c37ebeedb4ef781beffb8c3a290eb6c182581dcfb4f18f497190c2bd0c08adb6fed2acd0920dd40e2a38dfd7d6bace

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
fec0db5f799992cb24b6ef4e95cc1477

SHA1
a4df91d4cae0f7cca9b2a5386b33de4e3cdbc098

SHA256
77cfeeaf8e50989c2dd419a307e3427ecf729e629c06935b3ed12962445b8c21

SHA512
9665bea364358fa1d239d598eb31584240129bfe70aa8beb160714524f2c6595f0d92bfc5ff32a7ca222347351d97856e571d7b3e30b4ce122c4b1de6b184f94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
3ead8d56417d8ec01ef0d5362b72e111

SHA1
e7f9ec94f735994fccfe19f8ffcd716af4723e25

SHA256
5a2612b3e4e8039c055d9415962590c689d1b2b13ab3a81a1441a47578ec68af

SHA512
6be58bc12223003f733f80c5d23bfe0cb2d461a2f869171eb0777add17a93d14497b04382911ab54aa53d36861057849aadb02a3cbb22638d090bb10e3e3efe7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
ee1023b9ccff89f5fc5954dac52ee81d

SHA1
cea5468a01ac7b42d92b8c5e8fd38c036cb6b840

SHA256
96f4bec2cf16d5403585e8acc1d8d712b6e38850b256b428786a4d9632fe8653

SHA512
75d1e734ab487bba023b1dcdfe0fa4bb9cc470a1a2419fe42ca49e53dc39c4a22b86940bd1adf034c3553ba2be7c0ad36c61528b772d4d7fbd4a6e835c287a2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\Unsteam_x64_Release.zip

Filesize
113KB

MD5
f3a3516520962e01d804e9d64284dbe1

SHA1
5bda6a54907661a3d8ce5ea4732a5be8ff1ece91

SHA256
9b9c0d3c38fb04f7e9a71b7b73c6b633ce0345829eddce15e404783fb8c9a7ce

SHA512
d84c2eecdf8d733380f97e80fcd7d442b1b2ef4ee820fa69e0a807cbee32d6818e1d16122caa83146a3c1a9818117a6773302bfee7094e96564dd740ee1b412d

Download Submit
C:\Users\Admin\Downloads\unsteam.ini

Filesize
820B

MD5
37f713b1f9cb2c190abf41edc40c531c

SHA1
53c13fa022800e5c416a445d0d761a0e8f111fbb

SHA256
08f53e910a86fa2afc3c73578cf809df064e0a9869ba0864dd4fd821bc373b14

SHA512
291d2b1b1602dd125e3b11531f0424d77ab0e13267af6dc937d202628d9d3febf6176705778dfcd7de2fb7cbaf7776c0632142b3ce90d6ff2204d93f830c715d

Download Submit
C:\Users\Admin\Downloads\unsteam_loader_x64.exe

Filesize
92KB

MD5
7888e67145a049aae0b9d6baa0e92e32

SHA1
e53398d261be1cdce8f93508881ec4f9f1626b67

SHA256
ac433d44250b787742ba85199528fb08d747a4dc845ab07a1339fdd3144aaba8

SHA512
3ec63049a851917e3307682b248096054fe7c1185f7b89885c4818e1de3fbc1afbcb85a148b4077c55a2a37a2255c0b4d7dc3aac58fbe40c883353715c74fa46

Download Submit
C:\Users\Admin\Downloads\unsteam_loader_x64.exe

Filesize
92KB

MD5
7888e67145a049aae0b9d6baa0e92e32

SHA1
e53398d261be1cdce8f93508881ec4f9f1626b67

SHA256
ac433d44250b787742ba85199528fb08d747a4dc845ab07a1339fdd3144aaba8

SHA512
3ec63049a851917e3307682b248096054fe7c1185f7b89885c4818e1de3fbc1afbcb85a148b4077c55a2a37a2255c0b4d7dc3aac58fbe40c883353715c74fa46

Download Submit
C:\Users\Admin\Downloads\unsteam_loader_x64.exe

Filesize
92KB

MD5
7888e67145a049aae0b9d6baa0e92e32

SHA1
e53398d261be1cdce8f93508881ec4f9f1626b67

SHA256
ac433d44250b787742ba85199528fb08d747a4dc845ab07a1339fdd3144aaba8

SHA512
3ec63049a851917e3307682b248096054fe7c1185f7b89885c4818e1de3fbc1afbcb85a148b4077c55a2a37a2255c0b4d7dc3aac58fbe40c883353715c74fa46

Download Submit