Malware Analysis Report

2025-01-18 23:45

Sample ID 241103-lctx9atkhr
Target loader_prod.exe
SHA256 ade6b6e09ec807df13e6128b48461ff279967f72bd12cfc777d7114e44b1219c
Tags
steam discovery evasion persistence phishing spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

ade6b6e09ec807df13e6128b48461ff279967f72bd12cfc777d7114e44b1219c

Threat Level: Known bad

The file loader_prod.exe was found to be: Known bad.

Malicious Activity Summary

steam discovery evasion persistence phishing spyware stealer

Modifies visiblity of hidden/system files in Explorer

Downloads MZ/PE file

Reads user/profile data of web browsers

Loads dropped DLL

Executes dropped EXE

Checks computer location settings

Adds Run key to start application

Checks installed software on the system

Suspicious use of NtSetInformationThreadHideFromDebugger

Drops file in System32 directory

Detected potential entity reuse from brand STEAM.

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Browser Information Discovery

Unsigned PE

Suspicious use of SetWindowsHookEx

Checks processor information in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: GetForegroundWindowSpam

Modifies registry class

Modifies data under HKEY_USERS

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Modifies system certificate store

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-03 09:23

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-03 09:23

Reported

2024-11-03 09:29

Platform

win10v2004-20241007-en

Max time kernel

300s

Max time network

305s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe"

Signatures

Modifies visiblity of hidden/system files in Explorer

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" \??\c:\windows\resources\themes\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" \??\c:\windows\resources\svchost.exe N/A

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\_MEI27242\PyQt5\Qt5\bin\QtWebEngineProcess.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\_MEI54042\PyQt5\Qt5\bin\QtWebEngineProcess.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Explorer = "c:\\windows\\resources\\themes\\explorer.exe RO" \??\c:\windows\resources\themes\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Svchost = "c:\\windows\\resources\\svchost.exe RO" \??\c:\windows\resources\themes\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Explorer = "c:\\windows\\resources\\themes\\explorer.exe RO" \??\c:\windows\resources\svchost.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Svchost = "c:\\windows\\resources\\svchost.exe RO" \??\c:\windows\resources\svchost.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Steam = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent" C:\Users\Admin\Downloads\SteamSetup.exe N/A

Checks installed software on the system

discovery

Detected potential entity reuse from brand STEAM.

phishing steam

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\explorer.exe \??\c:\windows\resources\themes\explorer.exe N/A
File opened for modification C:\Windows\SysWOW64\explorer.exe \??\c:\windows\resources\svchost.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Steam\public\steambootstrapper_portuguese.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files (x86)\Steam\uninstall.exe C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files (x86)\Steam\package\steamui_websrc_movies_all.zip.4d2183b0476852dfb695b8d70192a0ccece8c7d0 C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\public\steambootstrapper_finnish.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files (x86)\Steam\public\steambootstrapper_russian.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files (x86)\Steam\public\steambootstrapper_schinese.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files (x86)\Steam\public\steambootstrapper_turkish.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files (x86)\Steam\public\steambootstrapper_ukrainian.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files (x86)\Steam\public\steambootstrapper_english.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files (x86)\Steam\public\steambootstrapper_tchinese.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Steam\steamservice.exe C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
File created C:\Program Files (x86)\Steam\public\steambootstrapper_hungarian.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files (x86)\Steam\public\steambootstrapper_polish.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files (x86)\Steam\public\steambootstrapper_vietnamese.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files (x86)\Steam\package\bins_codecs_win32.zip.vz.629e5d8457eb779707b2c7fdb6ab79d77b56a47f_5198191 C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\public\steambootstrapper_danish.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files (x86)\Steam\public\steambootstrapper_dutch.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files (x86)\Steam\public\steambootstrapper_koreana.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files (x86)\Common Files\Steam\steamservice.exe C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
File created C:\Program Files (x86)\Steam\package\bins_webhelpers_win32_win7-64.zip.vz.0da5ede22e4bad36241161cb2db4710e969ebabd_3004275 C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\public\steambootstrapper_greek.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files (x86)\Steam\public\steambootstrapper_italian.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files (x86)\Steam\public\steambootstrapper_korean.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files (x86)\Steam\package\public_all.zip.vz.b0ad1267ec973fc34840c92ebbf4b35b0c40cc17_23591292 C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\steamui_websrc_all.zip.vz.deeae77fea80a3110c15d0e9a63c2a95ab6ab647_24679493 C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\public\steambootstrapper_spanish.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files (x86)\Steam\.writable C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\steam_win32_steamrow.zip.vz.d81a7f9deb044005d1091df24c139c43fcdfc529_1808064 C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\public\steambootstrapper_latam.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files (x86)\Steam\public\steambootstrapper_norwegian.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files (x86)\Steam\package\strings_en_all.zip.a1d7ed1cbfa3d83fe07a903083b74d814867e6a8 C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\public\steambootstrapper_french.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files (x86)\Steam\public\steambootstrapper_swedish.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files (x86)\Steam\package\steamui_websrc_sounds_all.zip.vz.a2b25775b33d943e54c45d176558de379111ef5f_3220470 C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\Steam.exe C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files (x86)\Steam\public\steambootstrapper_czech.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files (x86)\Steam\package\bins_misc_win32.zip.vz.2c6245572e523b9a524178572567f5fa0f563ec1_10681071 C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\public\steambootstrapper_brazilian.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files (x86)\Steam\package\bins_win32.zip.vz.d449a4adb4ed31f04d253558e934dfc1f53f25ff_28960273 C:\Program Files (x86)\Steam\steam.exe N/A
File opened for modification C:\Program Files (x86)\Steam\logs\bootstrap_log.txt C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\logs\bootstrap_log.txt C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\resources_misc_all.zip.vz.e86a975545f3ab21a77373870cb311ef93934b8c_2224876 C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\bin\SteamService.exe C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files (x86)\Steam\public\steambootstrapper_romanian.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files (x86)\Steam\package\resources_all.zip.vz.3d492fce87e5ccddbb855f26680b0c6798901010_2867227 C:\Program Files (x86)\Steam\steam.exe N/A
File opened for modification C:\Program Files (x86)\Steam\.crash C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tenfoot_images_all.zip.vz.193cb8c4eb4446698ea2c0a9e8c4e6b6a623dac7_5572671 C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\public\steambootstrapper_bulgarian.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files (x86)\Steam\public\steambootstrapper_german.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files (x86)\Steam\public\steambootstrapper_indonesian.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files (x86)\Steam\public\steambootstrapper_japanese.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files (x86)\Steam\public\steambootstrapper_thai.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files (x86)\Steam\package\resources_hidpi_all.zip.vz.3de815c3117712cb9eeb7ea4c8b275faf481dcfd_56342 C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\strings_all.zip.vz.2bee49ebaa1cf153bea903b50ecdaaeb6770168f_2006028 C:\Program Files (x86)\Steam\steam.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Resources\Themes\icsys.icn.exe C:\Users\Admin\Desktop\CS2 Hub Tool.exe N/A
File opened for modification \??\c:\windows\resources\themes\explorer.exe C:\Windows\Resources\Themes\icsys.icn.exe N/A
File opened for modification \??\c:\windows\resources\spoolsv.exe \??\c:\windows\resources\themes\explorer.exe N/A
File opened for modification \??\c:\windows\resources\svchost.exe \??\c:\windows\resources\spoolsv.exe N/A
File opened for modification C:\Windows\Resources\Themes\icsys.icn.exe C:\Users\Admin\Desktop\CS2 Hub Tool.exe N/A
File opened for modification C:\Windows\Resources\tjud.exe \??\c:\windows\resources\themes\explorer.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\CS2 Hub Tool.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Resources\Themes\icsys.icn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language \??\c:\windows\resources\themes\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\SteamSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language \??\c:\windows\resources\spoolsv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Resources\Themes\icsys.icn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language \??\c:\windows\resources\themes\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language \??\c:\windows\resources\spoolsv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language \??\c:\windows\resources\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\CS2 Hub Tool.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\steam.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\steam.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133750994489174454" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\steam C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\steamlink\ = "URL:steamlink protocol" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\steam\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\steam\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\steam\Shell\Open C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\steamlink\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steam C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\steam\DefaultIcon C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\steam\Shell C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\steamlink C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1045960512-3948844814-3059691613-1000\{401586C3-5ADF-4308-BC69-C1634F43CBD0} \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1045960512-3948844814-3059691613-1000\{883EE56F-EC05-47FD-BA29-F3571E5E1305} \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\steamlink\DefaultIcon C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\steamlink\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\steamlink\Shell C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\steam\URL Protocol C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\steamlink\URL Protocol C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\steamlink\Shell\Open C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steamlink C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\steam\ = "URL:steam protocol" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell C:\Program Files (x86)\Steam\bin\steamservice.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\MY\Keys C:\Users\Admin\AppData\Local\Temp\loader_prod.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\MY\Keys\CA40D84EB7D86EA92142A849471A4D1DB03B46A4 C:\Users\Admin\AppData\Local\Temp\loader_prod.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\MY\Keys\CA40D84EB7D86EA92142A849471A4D1DB03B46A4\Blob = 02000000000000006c0000001c000000000000000100000020000000000000000000000002000000640031003600640031006300630062002d0033006600640031002d0034006300360033002d0038006400630033002d006400390039003700340030006400380065006300360036000000000000000000230000000000000014000000ca40d84eb7d86ea92142a849471a4d1db03b46a4 C:\Users\Admin\AppData\Local\Temp\loader_prod.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 C:\Program Files (x86)\Steam\steam.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Program Files (x86)\Steam\steam.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\loader_prod.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\loader_prod.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\loader_prod.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\loader_prod.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\loader_prod.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\loader_prod.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\loader_prod.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\loader_prod.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\loader_prod.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\loader_prod.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\loader_prod.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\loader_prod.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\loader_prod.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\loader_prod.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\loader_prod.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\loader_prod.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\loader_prod.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\loader_prod.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\loader_prod.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\loader_prod.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\loader_prod.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\loader_prod.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\loader_prod.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\loader_prod.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\loader_prod.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\loader_prod.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\loader_prod.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\loader_prod.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\loader_prod.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\loader_prod.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\loader_prod.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\loader_prod.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\loader_prod.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\loader_prod.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\loader_prod.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\loader_prod.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\loader_prod.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\loader_prod.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\loader_prod.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\loader_prod.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\loader_prod.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\loader_prod.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\loader_prod.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\loader_prod.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\loader_prod.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\loader_prod.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\loader_prod.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\loader_prod.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\loader_prod.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\loader_prod.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\loader_prod.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\loader_prod.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\loader_prod.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\loader_prod.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\loader_prod.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\loader_prod.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\loader_prod.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\loader_prod.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\loader_prod.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\loader_prod.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\loader_prod.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\loader_prod.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A \??\c:\windows\resources\themes\explorer.exe N/A
N/A N/A \??\c:\windows\resources\svchost.exe N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\loader_prod.exe N/A
N/A N/A C:\Users\Admin\Desktop\CS2 Hub Tool.exe N/A
N/A N/A C:\Users\Admin\Desktop\CS2 Hub Tool.exe N/A
N/A N/A C:\Users\Admin\Desktop\CS2 Hub Tool.exe N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27242\PyQt5\Qt5\bin\QtWebEngineProcess.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A \??\c:\windows\resources\themes\explorer.exe N/A
N/A N/A \??\c:\windows\resources\themes\explorer.exe N/A
N/A N/A \??\c:\windows\resources\themes\explorer.exe N/A
N/A N/A \??\c:\windows\resources\spoolsv.exe N/A
N/A N/A \??\c:\windows\resources\spoolsv.exe N/A
N/A N/A \??\c:\windows\resources\spoolsv.exe N/A
N/A N/A \??\c:\windows\resources\svchost.exe N/A
N/A N/A \??\c:\windows\resources\svchost.exe N/A
N/A N/A \??\c:\windows\resources\svchost.exe N/A
N/A N/A \??\c:\windows\resources\spoolsv.exe N/A
N/A N/A \??\c:\windows\resources\spoolsv.exe N/A
N/A N/A \??\c:\windows\resources\spoolsv.exe N/A
N/A N/A C:\Users\Admin\Desktop\CS2 Hub Tool.exe N/A
N/A N/A C:\Users\Admin\Desktop\CS2 Hub Tool.exe N/A
N/A N/A C:\Users\Admin\Desktop\CS2 Hub Tool.exe N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI54042\PyQt5\Qt5\bin\QtWebEngineProcess.exe N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A \??\c:\users\admin\desktop\cs2 hub tool.exe  N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A \??\c:\windows\resources\themes\explorer.exe N/A
N/A N/A \??\c:\windows\resources\themes\explorer.exe N/A
N/A N/A \??\c:\windows\resources\themes\explorer.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2944 wrote to memory of 5028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 5028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 5020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 5020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 5020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 5020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 5020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 5020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 5020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 5020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 5020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 5020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 5020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 5020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 5020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 5020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 5020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 5020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 5020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 5020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 5020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 5020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 5020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 5020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 5020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 5020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 5020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 5020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 5020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 5020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 5020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 5020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 2860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 2860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 2860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 2860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 2860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 2860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 2860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 2860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 2860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 2860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 2860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 2860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 2860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 2860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 2860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 2860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 2860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 2860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 2860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 2860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 2860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 2860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 2860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 2860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 2860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 2860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 2860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 2860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 2860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 2860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Users\Admin\AppData\Local\Temp\loader_prod.exe

"C:\Users\Admin\AppData\Local\Temp\loader_prod.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff8f760cc40,0x7ff8f760cc4c,0x7ff8f760cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1876,i,16339804672340762036,15349498841342743710,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1872 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2148,i,16339804672340762036,15349498841342743710,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2212 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2252,i,16339804672340762036,15349498841342743710,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2220 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3168,i,16339804672340762036,15349498841342743710,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3176 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3208,i,16339804672340762036,15349498841342743710,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3200 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4568,i,16339804672340762036,15349498841342743710,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4564 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4736,i,16339804672340762036,15349498841342743710,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3888 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4824,i,16339804672340762036,15349498841342743710,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4840 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5020,i,16339804672340762036,15349498841342743710,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4888 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4852,i,16339804672340762036,15349498841342743710,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4424 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5148,i,16339804672340762036,15349498841342743710,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4032 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4700,i,16339804672340762036,15349498841342743710,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5152 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3240,i,16339804672340762036,15349498841342743710,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3188 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5292,i,16339804672340762036,15349498841342743710,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4684 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Desktop\CS2 Hub Tool.exe

"C:\Users\Admin\Desktop\CS2 Hub Tool.exe"

\??\c:\users\admin\desktop\cs2 hub tool.exe 

"c:\users\admin\desktop\cs2 hub tool.exe "

\??\c:\users\admin\desktop\cs2 hub tool.exe 

"c:\users\admin\desktop\cs2 hub tool.exe "

C:\Users\Admin\AppData\Local\Temp\_MEI27242\PyQt5\Qt5\bin\QtWebEngineProcess.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27242\PyQt5\Qt5\bin\QtWebEngineProcess.exe" --type=utility --enable-features=AllowContentInitiatedDataUrlNavigations,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,FormControlsRefresh,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --lang=en-US --service-sandbox-type=network --use-gl=angle --application-name=cs2%20hub%20tool --webengine-schemes=qrc:sLV --mojo-platform-channel-handle=2656 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\_MEI27242\PyQt5\Qt5\bin\QtWebEngineProcess.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27242\PyQt5\Qt5\bin\QtWebEngineProcess.exe" --type=renderer --disable-speech-api --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,FormControlsRefresh,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --lang=en-US --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --mojo-platform-channel-handle=2764 /prefetch:1

C:\Windows\Resources\Themes\icsys.icn.exe

C:\Windows\Resources\Themes\icsys.icn.exe

\??\c:\windows\resources\themes\explorer.exe

c:\windows\resources\themes\explorer.exe

\??\c:\windows\resources\spoolsv.exe

c:\windows\resources\spoolsv.exe SE

\??\c:\windows\resources\svchost.exe

c:\windows\resources\svchost.exe

\??\c:\windows\resources\spoolsv.exe

c:\windows\resources\spoolsv.exe PR

C:\Users\Admin\Desktop\CS2 Hub Tool.exe

"C:\Users\Admin\Desktop\CS2 Hub Tool.exe"

\??\c:\users\admin\desktop\cs2 hub tool.exe 

"c:\users\admin\desktop\cs2 hub tool.exe "

\??\c:\users\admin\desktop\cs2 hub tool.exe 

"c:\users\admin\desktop\cs2 hub tool.exe "

C:\Users\Admin\AppData\Local\Temp\_MEI54042\PyQt5\Qt5\bin\QtWebEngineProcess.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI54042\PyQt5\Qt5\bin\QtWebEngineProcess.exe" --type=renderer --disable-speech-api --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,FormControlsRefresh,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --lang=en-US --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --mojo-platform-channel-handle=2712 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\_MEI54042\PyQt5\Qt5\bin\QtWebEngineProcess.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI54042\PyQt5\Qt5\bin\QtWebEngineProcess.exe" --type=utility --enable-features=AllowContentInitiatedDataUrlNavigations,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,FormControlsRefresh,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --lang=en-US --service-sandbox-type=network --use-gl=angle --application-name=cs2%20hub%20tool --webengine-schemes=qrc:sLV --mojo-platform-channel-handle=2572 /prefetch:8

C:\Windows\Resources\Themes\icsys.icn.exe

C:\Windows\Resources\Themes\icsys.icn.exe

\??\c:\windows\resources\themes\explorer.exe

c:\windows\resources\themes\explorer.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8f760cc40,0x7ff8f760cc4c,0x7ff8f760cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2008,i,15889330038346561262,5490083279450914107,262144 --variations-seed-version=20241101-130115.507000 --mojo-platform-channel-handle=2004 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1892,i,15889330038346561262,5490083279450914107,262144 --variations-seed-version=20241101-130115.507000 --mojo-platform-channel-handle=2052 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2256,i,15889330038346561262,5490083279450914107,262144 --variations-seed-version=20241101-130115.507000 --mojo-platform-channel-handle=2224 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3160,i,15889330038346561262,5490083279450914107,262144 --variations-seed-version=20241101-130115.507000 --mojo-platform-channel-handle=3196 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3168,i,15889330038346561262,5490083279450914107,262144 --variations-seed-version=20241101-130115.507000 --mojo-platform-channel-handle=3228 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3700,i,15889330038346561262,5490083279450914107,262144 --variations-seed-version=20241101-130115.507000 --mojo-platform-channel-handle=4536 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4576,i,15889330038346561262,5490083279450914107,262144 --variations-seed-version=20241101-130115.507000 --mojo-platform-channel-handle=4552 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4720,i,15889330038346561262,5490083279450914107,262144 --variations-seed-version=20241101-130115.507000 --mojo-platform-channel-handle=4864 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3152,i,15889330038346561262,5490083279450914107,262144 --variations-seed-version=20241101-130115.507000 --mojo-platform-channel-handle=4452 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4868,i,15889330038346561262,5490083279450914107,262144 --variations-seed-version=20241101-130115.507000 --mojo-platform-channel-handle=3376 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3268,i,15889330038346561262,5490083279450914107,262144 --variations-seed-version=20241101-130115.507000 --mojo-platform-channel-handle=4784 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5056,i,15889330038346561262,5490083279450914107,262144 --variations-seed-version=20241101-130115.507000 --mojo-platform-channel-handle=3456 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5188,i,15889330038346561262,5490083279450914107,262144 --variations-seed-version=20241101-130115.507000 --mojo-platform-channel-handle=3328 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x410 0x150

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5332,i,15889330038346561262,5490083279450914107,262144 --variations-seed-version=20241101-130115.507000 --mojo-platform-channel-handle=3192 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5524,i,15889330038346561262,5490083279450914107,262144 --variations-seed-version=20241101-130115.507000 --mojo-platform-channel-handle=5544 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5532,i,15889330038346561262,5490083279450914107,262144 --variations-seed-version=20241101-130115.507000 --mojo-platform-channel-handle=5676 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5388,i,15889330038346561262,5490083279450914107,262144 --variations-seed-version=20241101-130115.507000 --mojo-platform-channel-handle=5852 /prefetch:8

C:\Users\Admin\Downloads\SteamSetup.exe

"C:\Users\Admin\Downloads\SteamSetup.exe"

C:\Program Files (x86)\Steam\bin\steamservice.exe

"C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install

C:\Program Files (x86)\Steam\steam.exe

"C:\Program Files (x86)\Steam\steam.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3880,i,15889330038346561262,5490083279450914107,262144 --variations-seed-version=20241101-130115.507000 --mojo-platform-channel-handle=3432 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.178.10:443 ogads-pa.googleapis.com tcp
GB 216.58.201.110:443 apis.google.com tcp
GB 142.250.178.10:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 4.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
GB 142.250.178.10:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.16.238:443 play.google.com udp
GB 172.217.16.238:443 play.google.com tcp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.178.14:443 clients2.google.com udp
GB 142.250.178.14:443 clients2.google.com tcp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 3.235.182.75:50554 tcp
US 3.235.182.74:50550 tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 75.182.235.3.in-addr.arpa udp
US 8.8.8.8:53 100.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 3.235.182.72:50550 tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 3.235.182.71:50550 tcp
US 8.8.8.8:53 gofile.io udp
FR 45.112.123.126:443 gofile.io tcp
FR 45.112.123.126:443 gofile.io tcp
US 8.8.8.8:53 126.123.112.45.in-addr.arpa udp
US 8.8.8.8:53 api.gofile.io udp
FR 45.112.123.126:443 api.gofile.io tcp
US 8.8.8.8:53 s.gofile.io udp
FR 51.75.242.210:443 s.gofile.io tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 172.217.16.234:443 content-autofill.googleapis.com tcp
FR 51.75.242.210:443 s.gofile.io tcp
US 8.8.8.8:53 210.242.75.51.in-addr.arpa udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 store6.gofile.io udp
FR 31.14.70.249:443 store6.gofile.io tcp
FR 31.14.70.249:443 store6.gofile.io tcp
US 8.8.8.8:53 249.70.14.31.in-addr.arpa udp
US 3.235.182.76:50550 tcp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 i.postimg.cc udp
FR 46.105.222.82:443 i.postimg.cc tcp
US 8.8.8.8:53 login-software-api.accountspider.com udp
US 172.67.68.71:443 login-software-api.accountspider.com tcp
US 8.8.8.8:53 82.222.105.46.in-addr.arpa udp
US 8.8.8.8:53 71.68.67.172.in-addr.arpa udp
US 8.8.8.8:53 venx.club udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
FR 46.105.222.82:443 i.postimg.cc tcp
US 172.67.68.71:443 login-software-api.accountspider.com tcp
US 8.8.8.8:53 venx.club udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:443 www.google.com udp
GB 142.250.178.10:443 content-autofill.googleapis.com udp
GB 142.250.178.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 play.google.com udp
GB 172.217.16.238:443 play.google.com udp
GB 172.217.16.238:443 play.google.com tcp
US 8.8.8.8:53 dns-tunnel-check.googlezip.net udp
US 8.8.8.8:53 tunnel.googlezip.net udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 142.250.178.10:443 content-autofill.googleapis.com tcp
GB 142.250.178.10:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 157.34.239.216.in-addr.arpa udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 172.217.16.238:443 play.google.com tcp
US 8.8.8.8:53 consent.google.com udp
GB 142.250.178.14:443 clients2.google.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 store.fastly.steamstatic.com udp
US 151.101.3.52:443 store.fastly.steamstatic.com tcp
US 151.101.3.52:443 store.fastly.steamstatic.com tcp
US 151.101.3.52:443 store.fastly.steamstatic.com tcp
US 151.101.3.52:443 store.fastly.steamstatic.com tcp
US 151.101.3.52:443 store.fastly.steamstatic.com tcp
US 151.101.3.52:443 store.fastly.steamstatic.com tcp
US 151.101.3.52:443 store.fastly.steamstatic.com tcp
US 151.101.3.52:443 store.fastly.steamstatic.com tcp
US 8.8.8.8:53 cdn.fastly.steamstatic.com udp
US 8.8.8.8:53 shared.fastly.steamstatic.com udp
US 151.101.3.52:443 shared.fastly.steamstatic.com tcp
US 151.101.3.52:443 shared.fastly.steamstatic.com tcp
US 151.101.3.52:443 shared.fastly.steamstatic.com tcp
US 151.101.3.52:443 shared.fastly.steamstatic.com tcp
US 151.101.3.52:443 shared.fastly.steamstatic.com tcp
US 151.101.3.52:443 shared.fastly.steamstatic.com tcp
US 151.101.3.52:443 shared.fastly.steamstatic.com tcp
US 151.101.67.52:443 shared.fastly.steamstatic.com tcp
US 151.101.67.52:443 shared.fastly.steamstatic.com tcp
US 8.8.8.8:53 52.3.101.151.in-addr.arpa udp
US 8.8.8.8:53 52.67.101.151.in-addr.arpa udp
US 23.192.21.216:443 store.steampowered.com tcp
US 8.8.8.8:53 clan.fastly.steamstatic.com udp
US 151.101.3.52:443 clan.fastly.steamstatic.com tcp
US 23.192.21.216:443 store.steampowered.com tcp
US 8.8.8.8:53 216.21.192.23.in-addr.arpa udp
US 23.192.21.216:443 store.steampowered.com tcp
US 23.192.21.216:443 store.steampowered.com tcp
US 23.192.21.216:443 store.steampowered.com tcp
US 23.192.21.216:443 store.steampowered.com tcp
US 151.101.67.52:443 clan.fastly.steamstatic.com tcp
US 151.101.67.52:443 clan.fastly.steamstatic.com tcp
US 8.8.8.8:53 cdn.steamstatic.com udp
US 151.101.195.52:443 cdn.steamstatic.com tcp
US 8.8.8.8:53 r11.o.lencr.org udp
GB 2.23.210.82:80 r11.o.lencr.org tcp
US 8.8.8.8:53 52.195.101.151.in-addr.arpa udp
US 8.8.8.8:53 32.169.19.2.in-addr.arpa udp
US 8.8.8.8:53 82.210.23.2.in-addr.arpa udp
US 151.101.195.52:443 cdn.steamstatic.com tcp
US 151.101.195.52:443 cdn.steamstatic.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 google.com udp
GB 142.250.200.14:443 google.com tcp
GB 216.58.213.3:443 beacons.gcp.gvt2.com tcp
GB 216.58.213.3:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.213.58.216.in-addr.arpa udp

Files

\??\pipe\crashpad_2944_YIIBZDVSUEYFCBQI

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

memory/1232-32-0x000000014021B000-0x0000000141441000-memory.dmp

memory/1232-33-0x00007FF906910000-0x00007FF906912000-memory.dmp

memory/1232-34-0x00007FF906920000-0x00007FF906922000-memory.dmp

memory/1232-39-0x0000000140000000-0x0000000142EA6000-memory.dmp

memory/1232-35-0x0000000140000000-0x0000000142EA6000-memory.dmp

memory/1232-48-0x0000000140000000-0x0000000142EA6000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 1d3e5ea71804e0e56c4f570a3d659d82
SHA1 110bfe66d438b131dcd4c8d42c592614d3f14137
SHA256 b14be8b51c35b760d7e72ec7d24d2a5bac4315111766d89956407d1e339a6933
SHA512 beb5790cf40a46b1e49df1f984a6f76ee15764b35454d29d3594e411a201fca79a8dc50eb4769cb83a3d2050c838fa41bc49bbeb4c3e56a9b9bee295c1b31a89

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 ee2edd9f350b1ca720e4dcb303206b7e
SHA1 25625a00b350f8d6db9c5cce1ee476ba7a27aea7
SHA256 d0c21dda98cf934851853d75cc01826a68a6e64b569ad203416fe05893230a1f
SHA512 9b453b729df9487859e6b48b06487ed08fc6d5a9fc0bde571f05d0290d0760ea6ed87575c887995423155f1f543a59be555510b8adafa8caf69530d9b64234d3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1494c23c659848c96984cbc7ae8d1857
SHA1 cd7265922bae67a061d81c966d90e1ef313581eb
SHA256 9cd9ad8a1652d0af7f5d7b767fd82a46eb3cfc99b4a6951dbd54b9bb3c73b32a
SHA512 afe63164e409809532bbfe49a2aac76e7f5fc0e71c7059dd3cda8b96db9a8099779c5f24f12d2f60ec8c17344a74c7f14e85c0936015b51e63f0c56a4941f119

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0a3e26a71ba90152f6bf4e389c1031f9
SHA1 04ed869ffa51385be5ff3f5c30840f64110de065
SHA256 5d5bb09d2583b7a4bdcd81868b4262a9c9bd03f9df54aba9c28d0676b4b3b0c3
SHA512 d58947f6b9db320fa6c5dcf798a7e00d120827093d3180ef5c859703294763772776519b951dc0cd8403ce278fd39bcdc5edf274f36ba14b5f9b14dd14296590

memory/1232-73-0x00007FF906710000-0x00007FF906905000-memory.dmp

memory/1232-75-0x00007FF905400000-0x00007FF9055A1000-memory.dmp

memory/1232-74-0x00007FF904C20000-0x00007FF904CDE000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 a6392dcf0c6a55a45614255fd0f81705
SHA1 6eaef09d41b59d6d017b35e0db8c0fd30fd87997
SHA256 7af82e2d2cdbf19bf8534027cdab83eea883e772580645f09f1c850c9807a886
SHA512 9c6ce7a3c6be128178b3382adf6e312df9da0f094a4cbbe74ac40af277c620b8623c7273d3eeba5ee5a9cb74e28986fd7cad2246089b2088894b2099db2ca240

memory/1232-81-0x00007FF906710000-0x00007FF906905000-memory.dmp

memory/1232-84-0x000000014021B000-0x0000000141441000-memory.dmp

memory/1232-85-0x0000000140000000-0x0000000142EA6000-memory.dmp

memory/1232-86-0x00007FF906710000-0x00007FF906905000-memory.dmp

memory/1232-89-0x00007FF906710000-0x00007FF906905000-memory.dmp

memory/1232-92-0x0000000140000000-0x0000000142EA6000-memory.dmp

memory/1232-93-0x00007FF906710000-0x00007FF906905000-memory.dmp

memory/1232-96-0x00007FF906710000-0x00007FF906905000-memory.dmp

memory/1232-116-0x00007FF906710000-0x00007FF906905000-memory.dmp

memory/1232-119-0x00007FF906710000-0x00007FF906905000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6f777bd5f772e03b01a428c8ba0aed88
SHA1 aa069cc73523a0578fc005d68251e32e6069c6d0
SHA256 1c4d969a1c2dcc61483a34b480596727a7f54ccd58e28d176adbee1d8341544a
SHA512 ce126f1e4748b91624af738b778c994f1bea4dab9d0a398f7dfa9e42148306f5415bac03ada3ca4edf0f445c29dcae528bbc941c50bfba7c82e80e9373b38aa3

memory/1232-131-0x00007FF906710000-0x00007FF906905000-memory.dmp

memory/1232-134-0x00007FF906710000-0x00007FF906905000-memory.dmp

memory/1232-137-0x00007FF906710000-0x00007FF906905000-memory.dmp

memory/1232-140-0x00007FF906710000-0x00007FF906905000-memory.dmp

memory/1232-143-0x00007FF906710000-0x00007FF906905000-memory.dmp

memory/1232-184-0x00007FF906710000-0x00007FF906905000-memory.dmp

memory/1232-187-0x00007FF906710000-0x00007FF906905000-memory.dmp

memory/1232-190-0x00007FF906710000-0x00007FF906905000-memory.dmp

memory/1232-193-0x00007FF906710000-0x00007FF906905000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ee58f44c24a7c019fc53f47e6a45c487
SHA1 594c9dffc685d7d39d474052acca425895eab00f
SHA256 ad3fc6ef6788bb7435c3deed72e9211893a6bf3cbb5a8ecf81855f12d53651a1
SHA512 995762a6aadc9a3b5cfa36920b4e0d3466389b28a5f77aae7e99d57586bb564b7bede679e8be85ef4616dfa6be21482be9f755abf91f1d19eb09f8d05d3604cd

memory/1232-205-0x00007FF906710000-0x00007FF906905000-memory.dmp

memory/1232-208-0x00007FF906710000-0x00007FF906905000-memory.dmp

memory/1232-211-0x00007FF906710000-0x00007FF906905000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 bad6882d33d72a5d844141b476374a65
SHA1 a0ca89428618979ba38b36270e3d2f4a3cfa28ee
SHA256 be845e60d6364d0228a22cbd2aed325f59551f3051f54c2cd0b7f06a488b30c6
SHA512 3683d54eece520f4b5be039f5f977776d954486854a1219212abdeac5834b09c3579b2f133021b3f757e12d5e7663388b02cd0e686bd1b886d21019b974f1911

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 88babcec3837899ad892c802904a34e6
SHA1 fd3902ad7d551a538dc640a8943dc62c118088a9
SHA256 a47f39e322a5cb0def239b06c5428c4224264cecf614e5edeba33eb98ebd61e8
SHA512 583e4d38be26377c55d385905f1cfa95d756298f7c40b93aa69ff5739915c42e494e22ff190cceb5fcb0548d470faf4d39d861fe8e8c87d6e8393cfec2a7f5d1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 44d452d739489d69fe9777c8a940f158
SHA1 40ca321b22a733969e84a72cecdacb61ff2e578a
SHA256 47e2d712563875a209ffae336ad74b0f5f1f0a8abcbbb42e44171dde7c5481c3
SHA512 1405a243fec0a37179c50b77c2b3f2bd6f16ba7f4c58594eadea213e5e8f76f697385d835772845f9b985d2fd7b9e821106a95962239e2404922170c2745d764

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7786b4620a672945ad4cbe272639bf38
SHA1 e1c70ca9792b3143be42710d7fecafabd165fc2e
SHA256 099285ae6b98f9acc8c98ea2caa24f1529e8b57066bef53f5a921d95c5ff73a9
SHA512 ffda7fe5b261779c519b7bcc8d420f37f210b76a6210f7a94768bb27fdca6003c824a0d92ba598d905bb64c3a2878d2362d7ed2a381c7b475740945bdfe70c0b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c9b514decf276ed5e39e2453fd15fa33
SHA1 0ba7c4cc4707b51c984b711e5a62d416c526118e
SHA256 35e0d28225ed665f22d548715412d2165f6c52877136ac1da900aae8bc2ca138
SHA512 da2bd933ba1a408b2d1c9276516983637a63a596481e4fa6ee0f3f7e742ca83c0764a22d2ff1aa85fbeb654e2e856ce8d3bb50b7ae4dcba2dab036ce67ad07c0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 6085a3d79894adb12ae8d5fda020877b
SHA1 b904b9e5abad5817583dd44f2ed0716f675a97d6
SHA256 6e9025c00409e895ee9503471e9e01beb3bc3328a01a7e410d7679eb56e3e7aa
SHA512 705728ccb10e65f6a7d8380be1b21f0251fa7c772d8fd4b7a839abcf0c20baa9b51008dbb6ac66159fb09959ed1e1767c1cd9284e8cd860c3e42b25cc59907c1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 434837e243c795728da2a85a9f516a33
SHA1 0ffa0768ec8c2079cc7a662e7e6d11c6364b8dd7
SHA256 37e00545d26f689e651722c8ede78883d0618bfb92aee6ef50e6d318951185cf
SHA512 34cd7d616c07ebf287b38ddc323836da0f37b9b7374b8f28fd42677a133ccb6547d73a487b24e57b8f4a6414c5832d9b69e1e62ee4cb3205b8df6a471e31f323

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3d2169b2fd364dd4e5fe632ac1ce03b7
SHA1 bc67391c385990f30d74e0390ab0f51ab39ddc48
SHA256 fd03a921b18282e58bb98ee0f39205dba8ad07558534d8254f4507ea653e1b48
SHA512 a8bedf1a7a4a30a19ac3e5406924afa3343917dbcd72169d255a806aa8fe8fe7431dea2631012600c19a9a69c576eb2ab070b475ab2fcdfa30c8230a376d3899

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 a54c07812639a0a6c608aedf944ff047
SHA1 68700138b20f323f0077f22dbcb2bf2724739731
SHA256 dced9b4332ecd8fc557c84573c061c02b326ed452615ad86ce6308d1c4837406
SHA512 5842b61af9acb10de8cf3bcd2e39db54fe21fca0e810cb9ed75e093d753206f4373840e4876cd2b9021576aa5d1e14e87929a66868ad9c468a323ff82e587598

memory/1232-1178-0x0000000140000000-0x0000000142EA6000-memory.dmp

memory/2220-1179-0x0000000000400000-0x000000000041F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI27242\PyQt5\Qt5\translations\qtlocation_en.qm

MD5 bcebcf42735c6849bdecbb77451021dd
SHA1 4884fd9af6890647b7af1aefa57f38cca49ad899
SHA256 9959b510b15d18937848ad13007e30459d2e993c67e564badbfc18f935695c85
SHA512 f951b511ffb1a6b94b1bcae9df26b41b2ff829560583d7c83e70279d1b5304bde299b3679d863cad6bb79d0beda524fc195b7f054ecf11d2090037526b451b78

C:\Users\Admin\AppData\Local\Temp\_MEI27242\python312.dll

MD5 d521654d889666a0bc753320f071ef60
SHA1 5fd9b90c5d0527e53c199f94bad540c1e0985db6
SHA256 21700f0bad5769a1b61ea408dc0a140ffd0a356a774c6eb0cc70e574b929d2e2
SHA512 7a726835423a36de80fb29ef65dfe7150bd1567cac6f3569e24d9fe091496c807556d0150456429a3d1a6fd2ed0b8ae3128ea3b8674c97f42ce7c897719d2cd3

C:\Users\Admin\AppData\Local\Temp\_MEI27242\VCRUNTIME140.dll

MD5 be8dbe2dc77ebe7f88f910c61aec691a
SHA1 a19f08bb2b1c1de5bb61daf9f2304531321e0e40
SHA256 4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83
SHA512 0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

C:\Users\Admin\AppData\Local\Temp\_MEI27242\python3.dll

MD5 a07661c5fad97379cf6d00332999d22c
SHA1 dca65816a049b3cce5c4354c3819fef54c6299b0
SHA256 5146005c36455e7ede4b8ecc0dc6f6fa8ea6b4a99fedbabc1994ae27dfab9d1b
SHA512 6ddeb9d89ccb4d2ec5d994d85a55e5e2cc7af745056dae030ab8d72ee7830f672003f4675b6040f123fc64c19e9b48cabd0da78101774dafacf74a88fbd74b4d

C:\Users\Admin\AppData\Local\Temp\_MEI27242\_ctypes.pyd

MD5 fb454c5e74582a805bc5e9f3da8edc7b
SHA1 782c3fa39393112275120eaf62fc6579c36b5cf8
SHA256 74e0e8384f6c2503215f4cf64c92efe7257f1aec44f72d67ad37dc8ba2530bc1
SHA512 727ada80098f07849102c76b484e9a61fb0f7da328c0276d82c6ee08213682c89deeb8459139a3fbd7f561bffaca91650a429e1b3a1ff8f341cebdf0bfa9b65d

C:\Users\Admin\AppData\Local\Temp\_MEI27242\base_library.zip

MD5 43935f81d0c08e8ab1dfe88d65af86d8
SHA1 abb6eae98264ee4209b81996c956a010ecf9159b
SHA256 c611943f0aeb3292d049437cb03500cc2f8d12f23faf55e644bca82f43679bc0
SHA512 06a9dcd310aa538664b08f817ec1c6cfa3f748810d76559c46878ea90796804904d41ac79535c7f63114df34c0e5de6d0452bb30df54b77118d925f21cfa1955

C:\Users\Admin\AppData\Local\Temp\_MEI27242\libffi-8.dll

MD5 0f8e4992ca92baaf54cc0b43aaccce21
SHA1 c7300975df267b1d6adcbac0ac93fd7b1ab49bd2
SHA256 eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a
SHA512 6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

C:\Users\Admin\AppData\Local\Temp\_MEI27242\PyQt5\QtCore.pyd

MD5 678fa1496ffdea3a530fa146dedcdbcc
SHA1 c80d8f1de8ae06ecf5750c83d879d2dcc2d6a4f8
SHA256 d6e45fd8c3b3f93f52c4d1b6f9e3ee220454a73f80f65f3d70504bd55415ea37
SHA512 8d9e3fa49fb42f844d8df241786ea9c0f55e546d373ff07e8c89aac4f3027c62ec1bd0c9c639afeabc034cc39e424b21da55a1609c9f95397a66d5f0d834e88e

C:\Users\Admin\AppData\Local\Temp\_MEI27242\PyQt5\Qt5\bin\Qt5Core.dll

MD5 817520432a42efa345b2d97f5c24510e
SHA1 fea7b9c61569d7e76af5effd726b7ff6147961e5
SHA256 8d2ff4ce9096ddccc4f4cd62c2e41fc854cfd1b0d6e8d296645a7f5fd4ae565a
SHA512 8673b26ec5421fce8e23adf720de5690673bb4ce6116cb44ebcc61bbbef12c0ad286dfd675edbed5d8d000efd7609c81aae4533180cf4ec9cd5316e7028f7441

C:\Users\Admin\AppData\Local\Temp\_MEI27242\_lzma.pyd

MD5 195defe58a7549117e06a57029079702
SHA1 3795b02803ca37f399d8883d30c0aa38ad77b5f2
SHA256 7bf9ff61babebd90c499a8ed9b62141f947f90d87e0bbd41a12e99d20e06954a
SHA512 c47a9b1066dd9744c51ed80215bd9645aab6cc9d6a3f9df99f618e3dd784f6c7ce6f53eabe222cf134ee649250834193d5973e6e88f8a93151886537c62e2e2b

C:\Users\Admin\AppData\Local\Temp\_MEI27242\_bz2.pyd

MD5 5bebc32957922fe20e927d5c4637f100
SHA1 a94ea93ee3c3d154f4f90b5c2fe072cc273376b3
SHA256 3ed0e5058d370fb14aa5469d81f96c5685559c054917c7280dd4125f21d25f62
SHA512 afbe80a73ee9bd63d9ffa4628273019400a75f75454667440f43beb253091584bf9128cbb78ae7b659ce67a5faefdba726edb37987a4fe92f082d009d523d5d6

C:\Users\Admin\AppData\Local\Temp\_MEI27242\PyQt5\sip.cp312-win_amd64.pyd

MD5 f57134d35976c48ffb955df1739af5d4
SHA1 c1b3a81352e462d4ecc33ee5119b882d657bed2f
SHA256 9e91b237e2aa69c0c7e268f072999bb0319b04513c9fc97ab7c4371e642375d2
SHA512 db385592876f489460023f2d02fc80635fe4f9746ecd99c8c7622399a34ea43ef631d3668429ad4e8f69552a5c386bbf12f3805a9101f7eb70337ce23e65c80b

C:\Users\Admin\AppData\Local\Temp\_MEI27242\PyQt5\Qt5\bin\VCRUNTIME140_1.dll

MD5 6bc084255a5e9eb8df2bcd75b4cd0777
SHA1 cf071ad4e512cd934028f005cabe06384a3954b6
SHA256 1f0f5f2ce671e0f68cf96176721df0e5e6f527c8ca9cfa98aa875b5a3816d460
SHA512 b822538494d13bda947655af791fed4daa811f20c4b63a45246c8f3befa3ec37ff1aa79246c89174fe35d76ffb636fa228afa4bda0bd6d2c41d01228b151fd89

C:\Users\Admin\AppData\Local\Temp\_MEI27242\PyQt5\Qt5\bin\MSVCP140_1.dll

MD5 0fe6d52eb94c848fe258dc0ec9ff4c11
SHA1 95cc74c64ab80785f3893d61a73b8a958d24da29
SHA256 446c48c1224c289bd3080087fe15d6759416d64f4136addf30086abd5415d83f
SHA512 c39a134210e314627b0f2072f4ffc9b2ce060d44d3365d11d8c1fe908b3b9403ebdd6f33e67d556bd052338d0ed3d5f16b54d628e8290fd3a155f55d36019a86

C:\Users\Admin\AppData\Local\Temp\_MEI27242\PyQt5\Qt5\bin\MSVCP140.dll

MD5 01b946a2edc5cc166de018dbb754b69c
SHA1 dbe09b7b9ab2d1a61ef63395111d2eb9b04f0a46
SHA256 88f55d86b50b0a7e55e71ad2d8f7552146ba26e927230daf2e26ad3a971973c5
SHA512 65dc3f32faf30e62dfdecb72775df870af4c3a32a0bf576ed1aaae4b16ac6897b62b19e01dc2bf46f46fbe3f475c061f79cbe987eda583fee1817070779860e5

C:\Users\Admin\AppData\Local\Temp\_MEI27242\_wmi.pyd

MD5 8a9a59559c614fc2bcebb50073580c88
SHA1 4e4ced93f2cb5fe6a33c1484a705e10a31d88c4d
SHA256 752fb80edb51f45d3cc1c046f3b007802432b91aef400c985640d6b276a67c12
SHA512 9b17c81ff89a41307740371cb4c2f5b0cf662392296a7ab8e5a9eba75224b5d9c36a226dce92884591636c343b8238c19ef61c1fdf50cc5aa2da86b1959db413

C:\Users\Admin\AppData\Local\Temp\_MEI27242\_ssl.pyd

MD5 c87c5890039c3bdb55a8bc189256315f
SHA1 84ef3c2678314b7f31246471b3300da65cb7e9de
SHA256 a5d361707f7a2a2d726b20770e8a6fc25d753be30bcbcbbb683ffee7959557c2
SHA512 e750dc36ae00249ed6da1c9d816f1bd7f8bc84ddea326c0cd0410dbcfb1a945aac8c130665bfacdccd1ee2b7ac097c6ff241bfc6cc39017c9d1cde205f460c44

C:\Users\Admin\AppData\Local\Temp\_MEI27242\_socket.pyd

MD5 dd8ff2a3946b8e77264e3f0011d27704
SHA1 a2d84cfc4d6410b80eea4b25e8efc08498f78990
SHA256 b102522c23dac2332511eb3502466caf842d6bcd092fbc276b7b55e9cc01b085
SHA512 958224a974a3449bcfb97faab70c0a5b594fa130adc0c83b4e15bdd7aab366b58d94a4a9016cb662329ea47558645acd0e0cc6df54f12a81ac13a6ec0c895cd8

C:\Users\Admin\AppData\Local\Temp\_MEI27242\_queue.pyd

MD5 b7e5fbd7ef3eefff8f502290c0e2b259
SHA1 9decba47b1cdb0d511b58c3146d81644e56e3611
SHA256 dbdabb5fe0ccbc8b951a2c6ec033551836b072cab756aaa56b6f22730080d173
SHA512 b7568b9df191347d1a8d305bd8ddd27cbfa064121c785fa2e6afef89ec330b60cafc366be2b22409d15c9434f5e46e36c5cbfb10783523fdcac82c30360d36f7

C:\Users\Admin\AppData\Local\Temp\_MEI27242\_hashlib.pyd

MD5 da02cefd8151ecb83f697e3bd5280775
SHA1 1c5d0437eb7e87842fde55241a5f0ca7f0fc25e7
SHA256 fd77a5756a17ec0788989f73222b0e7334dd4494b8c8647b43fe554cf3cfb354
SHA512 a13bc5c481730f48808905f872d92cb8729cc52cfb4d5345153ce361e7d6586603a58b964a1ebfd77dd6222b074e5dcca176eaaefecc39f75496b1f8387a2283

C:\Users\Admin\AppData\Local\Temp\_MEI27242\_decimal.pyd

MD5 492c0c36d8ed1b6ca2117869a09214da
SHA1 b741cae3e2c9954e726890292fa35034509ef0f6
SHA256 b8221d1c9e2c892dd6227a6042d1e49200cd5cb82adbd998e4a77f4ee0e9abf1
SHA512 b8f1c64ad94db0252d96082e73a8632412d1d73fb8095541ee423df6f00bc417a2b42c76f15d7e014e27baae0ef50311c3f768b1560db005a522373f442e4be0

C:\Users\Admin\AppData\Local\Temp\_MEI27242\select.pyd

MD5 d0cc9fc9a0650ba00bd206720223493b
SHA1 295bc204e489572b74cc11801ed8590f808e1618
SHA256 411d6f538bdbaf60f1a1798fa8aa7ed3a4e8fcc99c9f9f10d21270d2f3742019
SHA512 d3ebcb91d1b8aa247d50c2c4b2ba1bf3102317c593cbf6c63883e8bf9d6e50c0a40f149654797abc5b4f17aee282ddd972a8cd9189bfcd5b9cec5ab9c341e20b

C:\Users\Admin\AppData\Local\Temp\_MEI27242\_cffi_backend.cp312-win_amd64.pyd

MD5 0572b13646141d0b1a5718e35549577c
SHA1 eeb40363c1f456c1c612d3c7e4923210eae4cdf7
SHA256 d8a76d1e31bbd62a482dea9115fc1a109cb39af4cf6d1323409175f3c93113a7
SHA512 67c28432ca8b389acc26e47eb8c4977fddd4af9214819f89df07fecbc8ed750d5f35807a1b195508dd1d77e2a7a9d7265049dcfbfe7665a7fd1ba45da1e4e842

C:\Users\Admin\AppData\Local\Temp\_MEI27242\psutil\_psutil_windows.pyd

MD5 3e579844160de8322d574501a0f91516
SHA1 c8de193854f7fc94f103bd4ac726246981264508
SHA256 95f01ce7e37f6b4b281dbc76e9b88f28a03cb02d41383cc986803275a1cd6333
SHA512 ee2a026e8e70351d395329c78a07acb1b9440261d2557f639e817a8149ba625173ef196aed3d1c986577d78dc1a7ec9fed759c19346c51511474fe6d235b1817

C:\Users\Admin\AppData\Local\Temp\_MEI27242\VCRUNTIME140_1.dll

MD5 f8dfa78045620cf8a732e67d1b1eb53d
SHA1 ff9a604d8c99405bfdbbf4295825d3fcbc792704
SHA256 a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5
SHA512 ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371

C:\Users\Admin\AppData\Local\Temp\_MEI27242\unicodedata.pyd

MD5 cc8142bedafdfaa50b26c6d07755c7a6
SHA1 0fcab5816eaf7b138f22c29c6d5b5f59551b39fe
SHA256 bc2cf23b7b7491edcf03103b78dbaf42afd84a60ea71e764af9a1ddd0fe84268
SHA512 c3b0c1dbe5bf159ab7706f314a75a856a08ebb889f53fe22ab3ec92b35b5e211edab3934df3da64ebea76f38eb9bfc9504db8d7546a36bc3cabe40c5599a9cbd

C:\Users\Admin\AppData\Local\Temp\_MEI27242\libssl-3.dll

MD5 19a2aba25456181d5fb572d88ac0e73e
SHA1 656ca8cdfc9c3a6379536e2027e93408851483db
SHA256 2e9fbcd8f7fdc13a5179533239811456554f2b3aa2fb10e1b17be0df81c79006
SHA512 df17dc8a882363a6c5a1b78ba3cf448437d1118ccc4a6275cc7681551b13c1a4e0f94e30ffb94c3530b688b62bff1c03e57c2c185a7df2bf3e5737a06e114337

C:\Users\Admin\AppData\Local\Temp\_MEI27242\libcrypto-3.dll

MD5 e547cf6d296a88f5b1c352c116df7c0c
SHA1 cafa14e0367f7c13ad140fd556f10f320a039783
SHA256 05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de
SHA512 9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d

C:\Windows\Resources\Themes\explorer.exe

MD5 bf118de64ff865672d0d70bd4f2c3cee
SHA1 e399544211c24d16757417a4b929eb8fc136e2c0
SHA256 e45e052d35a1b4017c53b4a54f97f7205c3486c4bcf19ee8e8f5af5bd1044fc5
SHA512 6b7f8d3a9bdf4ae2154c3258ee2900d6a83b24ad9583e7206c49ab5e12e37c6967de34ebe5f4d88b4efe86b6371b0bfc3cb2b797879a5a11f5199e745f48406f

memory/1032-2871-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2968-2872-0x0000000000400000-0x000000000041F000-memory.dmp

memory/1292-2873-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2220-2874-0x0000000000400000-0x000000000041F000-memory.dmp

C:\Users\Admin\AppData\Local\cs2 hub tool\QtWebEngine\Default\Session Storage\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\cs2 hub tool\cache\QtWebEngine\Default\Cache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\cs2 hub tool\cache\QtWebEngine\Default\Cache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\cs2 hub tool\QtWebEngine\Default\Session Storage\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\cs2 hub tool\QtWebEngine\Default\00726ba7-4513-49ca-a562-3c7cd9ef20f0.tmp

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\cs2 hub tool\QtWebEngine\Default\Network Persistent State~RFe595318.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

memory/5360-4438-0x0000000000400000-0x000000000041F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI54042\PyQt5\Qt5\qml\QtQuick3D\Materials\maps\emissive_mask.png

MD5 882310febbcd112f6416015145fd8c6d
SHA1 e142d0ba597a2c773e6354673bbc4a760f8d963f
SHA256 03003aa01026e944b75447078f5758d0ffab854d03e9ce80780a174411073f7f
SHA512 b21d8a189123c3019b5c99c1927d9eb10293cbe9321cb54d1fe183bf57efd22f778a61e47be27afb8f54d731ce17f96a6c6452dc76c3a8596b1bf1fdd532d4c4

C:\Users\Admin\AppData\Local\Temp\_MEI54042\PyQt5\Qt5\qml\QtQuick\Controls.2\designer\RadioDelegateSpecifics.qml

MD5 df7e32b0e18bd35fa8453cb1263886b9
SHA1 f4336c9380a7fbee4dfbc17c545b409364f7f8b3
SHA256 8207c603c9de51d9954302dd9df559a1df70e0a9658af62637229b5a2437eec3
SHA512 21d4e9b1d71c5ea9c7c66e5bacead5d4857ac109f7452d81c6d793f8843dd1d6f9194011e41259cdb9e3faecc04675a1433a2dfcbf0b758ff97cbd068fd95732

C:\Users\Admin\AppData\Local\Temp\_MEI54042\PyQt5\Qt5\qml\QtQuick\Controls.2\designer\SwitchSpecifics.qml

MD5 95806d0bfadf617cdb91b9baacab5429
SHA1 2102999ec25be88f138ea7c8fbf2a1bf4454c766
SHA256 07911dff4b3128de29fb83223a78878f9e972f35a596429861c7ea7956923b2d
SHA512 00d3b1dd1d764859249a5997ec4b2ec68fdf7c245a3ad4276a81370b2f43090f41d32de48d94307703436e661ebaf64ff96332f109b0e611b74521f28c8f8004

C:\Users\Admin\AppData\Local\Temp\_MEI54042\PyQt5\Qt5\bin\QtWebEngineProcess.exe

MD5 2922804fdb477055a5d640ba423735f5
SHA1 d661efa31292d718bd9c8e27cd7e022f87853de5
SHA256 43535990da17776d53a0958b813b16604fd94b5fc7aa34cf2c0630f2624a976c
SHA512 dac9e5f864ff53dba8c51d7ee7eae47bcf2196defc00955e74f337a622c46f7873b5717d68d5c131bb1342e8f77acada071b3134e56f8bef33bd2b71da21427f

memory/3568-6049-0x0000000000400000-0x000000000041F000-memory.dmp

memory/4272-6050-0x0000000000400000-0x000000000041F000-memory.dmp

memory/5360-6051-0x0000000000400000-0x000000000041F000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 9e930267525529064c3cccf82f7f630d
SHA1 9cdf349a8e5e2759aeeb73063a414730c40a5341
SHA256 1cf7df0f74ee0baaaaa32e44c197edec1ae04c2191e86bf52373f2a5a559f1ac
SHA512 dbc7db60f6d140f08058ba07249cc1d55127896b14663f6a4593f88829867063952d1f0e0dd47533e7e8532aa45e3acc90c117b8dd9497e11212ac1daa703055

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 27980e2d44f70d539f7ad2585d18cd52
SHA1 9ee11359e373094cdfe7e63b729304f32f8b0153
SHA256 628449d71c3dba150de7f2f4649a3fbea82c4e21203f988a653bae515ca1ae91
SHA512 4d05e113c13604e0ed7be195bba637e49c3a2c9410e78761f87d33d002de06b6d6be5a02cadacd73cbcf760b81e8f24f57f2ffc4b72be80f27c46904682363d1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8d8ce611ace5d6e04979ffeb58e9400d
SHA1 be7a48928e7e4a9fb353e2fcfd7127e910650194
SHA256 62e5c252245e8e3695adfe51e4f7c0d33d0646b915226436ba9c80a80ee67067
SHA512 dd8aa9f5733644bf5d8b07c733540e5c43240f8192d27debb7371b883d2eff2061bf90b7baab9d957065b8762eb9acbcd2fc594713adb663d75c868d5e5e2e9c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000056

MD5 1b54b70beef8eb240db31718e8f7eb5d
SHA1 da5995070737ec655824c92622333c489eb6bce4
SHA256 7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb
SHA512 fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 718c83854a505909252d79388af46e91
SHA1 126293d832f19ac3efd2cae0687556fd468ed7c1
SHA256 e79e5d4aaf482111b3d0dd2cb5871224e1c9eebe233347d0d11c85e087a3fd34
SHA512 ed4d9435eaecd5a6684145b0617f1ba73d75eee4b9a084457f41e47d0111a901de570b34ad331c83fa20f03d67c9b49f6434c407c290f61b446ecb1ed5b6dfbf

C:\Users\Admin\AppData\Local\Temp\nsgF6CC.tmp\nsProcess.dll

MD5 08072dc900ca0626e8c079b2c5bcfcf3
SHA1 35f2bfa0b1b2a65b9475fb91af31f7b02aee4e37
SHA256 bb6ce83ddaad4f530a66a1048fac868dfc3b86f5e7b8e240d84d1633e385aee8
SHA512 8981da7f225eb78c414e9fb3c63af0c4daae4a78b4f3033df11cce43c3a22fdbf3853425fe3024f68c73d57ffb128cba4d0db63eda1402212d1c7e0ac022353c

C:\Program Files (x86)\Steam\Steam.exe

MD5 33bcb1c8975a4063a134a72803e0ca16
SHA1 ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65
SHA256 12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1
SHA512 13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49

C:\Users\Admin\AppData\Local\Temp\nsgF6CC.tmp\modern-wizard.bmp

MD5 3614a4be6b610f1daf6c801574f161fe
SHA1 6edee98c0084a94caa1fe0124b4c19f42b4e7de6
SHA256 16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b
SHA512 06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281

C:\Users\Admin\AppData\Local\Temp\nsgF6CC.tmp\nsExec.dll

MD5 2095af18c696968208315d4328a2b7fe
SHA1 b1b0e70c03724b2941e92c5098cc1fc0f2b51568
SHA256 3e2399ae5ce16dd69f7e2c71d928cf54a1024afced8155f1fd663a3e123d9226
SHA512 60105dfb1cd60b4048bd7b367969f36ed6bd29f92488ba8cfa862e31942fd529cbc58e8b0c738d91d8bef07c5902ce334e36c66eae1bfe104b44a159b5615ae5

C:\Users\Admin\AppData\Local\Temp\nsgF6CC.tmp\nsDialogs.dll

MD5 4e5bc4458afa770636f2806ee0a1e999
SHA1 76dcc64af867526f776ab9225e7f4fe076487765
SHA256 91a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0
SHA512 b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 798b3eb538d54077cfe790684885786a
SHA1 95ece4294f1a8517024af122ea2ae9b16a815cd4
SHA256 0e34965f3b5a8fbd98dbe9b3e9d7e95077fcf546e8da3120d37b91f508ae9b4c
SHA512 ecd3dbe2337267b001cff9dee1bf05db4d60ad5d77c7dee67d06eee6d4476e4c3d3438b79307f2a6c70d5249f5246eea977d223a4c25db9a59b418392ad5af97

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e4bf29ac2b6ce4b8cb4212d585cb610f
SHA1 6b5995f9cd1f81db85a42d56363bf6781622767d
SHA256 b15e69a33d36fbc9b9547105017d26f52d275b06375a07c365b81f6a5d6027eb
SHA512 4dfc124c51abd06852b6bb76937b57905bf07f04a6e0d5c8d45f09faee887a4b804e1a7cba9d0b692125eb13a5e2bf78c6ca9624cd770f8a7f8567a3e2229dd6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3e91a0cb1bdc76782f6c478a13d48c20
SHA1 4bacfb3b63c8a5e800eb0b795db038b1f4eb6e28
SHA256 d092b01665963a7839d46c571455053dc7de5db5e6490bd0367c9816ea8e66e0
SHA512 777ff28e71506eea1938419f1a969b841dcaa89cec6fa86cfbb504bdfa3a32a76d4f457ec523ba7c1c423743eb0205cd12af210405ec5c8d53506fe6340d0c99

memory/4396-6478-0x0000000000400000-0x000000000041F000-memory.dmp

memory/4368-6479-0x0000000000400000-0x000000000041F000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bb52fe4fc67a700d9bd4f20575020d6c
SHA1 b15bba2fa7bf5af73b43169d4182b01a26a2a326
SHA256 40d829df37f2fafd414a5dd30133cca556ad78c7b25a2167ab87f84f0a052e64
SHA512 03963459a30447344ac855a0b6664c345a1e7673a4545d6abe26b8e40a266274e0d1725a0760bb4ae4c6294bd82cd22a47641d6ff31072296e2f12f0a5e572b2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 65130b1a9a5b06c6e4d956bebd46a340
SHA1 7d7d98a70afda60b26a2c5073e19cedb48f44722
SHA256 e5c04f9447286616af0756a63e5d08c0c32782e2af52293b677a3bafd933f90d
SHA512 c87eb626713ac1bcae029c4a1c305cef590ab74cddd77c552771b2c6d45d024ee20b426166ae0466e8e3d7149604d4c4f284e4185bce39ba35c67be6228fc54b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\bd59695b-1712-4e6a-a0b1-5d3a00c26ed9.tmp

MD5 762a7559475882c84db46184128d9293
SHA1 1fa8af0968486219596cf515691616e23fd24230
SHA256 679d8d36304e3a7e39245987d273a499612c38632fbc1ad9b21cbdd595e4977a
SHA512 6d9626f5c6faef8978d9c45edc76986fd80d41d782b67f0c9f8181d0c3b2017db77d02b884e118a5cbb74cf061985167852d444c400f865e40b161cfd0813fb8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8651a0c579f5ab2ce731f126ee167d0f
SHA1 a0a5117847af7577403b07d61bad2e8117c9dd7e
SHA256 d1684b61382285fdc93b4be002266bdab60395812ea301bf6dff18f2783209d1
SHA512 6a654476a7ef3de91a8700fd4193463a1ca8cac78bc8c92a2cc7a7962ef895c24ea2d3ccdcf1e526cf6a71ab178a1238901a4cb4805316f931f592496275bd56

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c7c333f75de3fa547d32f739e38680e9
SHA1 191214fbd560c2b8eea33472b7a3fa7ba3dbc979
SHA256 f9c391f367c013ac1b0db5c555660fcf503cafd0908338fd716fa0fc3d2c4c47
SHA512 79375aa1b33ebaf0d18b17e33db6f5f26d58b50360eb722fb3c6dcaa89bc746c9dd25249b3be8329e5ab2384dd7840a0f717594347bc2a201e32846c48d577e4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 533f71c618ed092f410b9824ef76ead5
SHA1 4886dfdf7f9f090fb1bd723aa37edf007206350a
SHA256 b5551f399903b5d90fd44705785519d5393993c873c5e9f2c1850795eb485941
SHA512 8c42a3a14b0b40cdfb2f8b4ec2d06d466855045c538f319fbdd5e5f8d5ab5c34f2cb7f6914182fd412dbc28208823592342bc236f0109f3a12b89f63d402cdec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 97acb41613c4208d827e5249e0380cad
SHA1 957e0d1006de740bf08c1859381010d6b716284a
SHA256 c24264f3221221c47ef8316e2bd9c2c041e8edb0240961ef03c5c5c1412ba7aa
SHA512 b507f05ec6686c13c6f903d57ca7fdad0d4541fe948e6f3392b96b967b51df80d359a26e5755919bf0f77fb75817d85fac0e4edc85c29aae98cb78a2b97054d8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4fc7388d894f6224e4561f61e46bd0f0
SHA1 211a4a2f16a0405367a9100095ed284793d173b6
SHA256 404503dd8854ab0d2e5ffc11d28cd279ffd8da89966243068fee41d747dadce7
SHA512 73d6f5fd4ddc4e55a700a2b43177385c21711a091a3797c1f1576213c201ca5d54328d28bd992a61bdbfe56c5e3406c7a85e821b646bbe8dc18aefb92b5728f4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3cc835f10e8e2d6f7524a1e82a2d8234
SHA1 8abe24208a35ed8f5a659e5b498d57cf46a5248d
SHA256 13de46cccd805b4aed956c78bea6318bdbe945e8fe21f9c78f2d7e6b2c0abe4f
SHA512 e7a473ca95b18d0c54a4b748c08a03a21bde133beaebd32c4a634ed979e0f6985cdd6d7ba84e231134319becd3608210c2e6d300c2d4cf98df0c75c2358e57b1