Analysis Overview
SHA256
ade6b6e09ec807df13e6128b48461ff279967f72bd12cfc777d7114e44b1219c
Threat Level: Known bad
The file loader_prod.exe was found to be: Known bad.
Malicious Activity Summary
Modifies visiblity of hidden/system files in Explorer
Downloads MZ/PE file
Reads user/profile data of web browsers
Loads dropped DLL
Executes dropped EXE
Checks computer location settings
Adds Run key to start application
Checks installed software on the system
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in System32 directory
Detected potential entity reuse from brand STEAM.
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Browser Information Discovery
Unsigned PE
Suspicious use of SetWindowsHookEx
Checks processor information in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: GetForegroundWindowSpam
Modifies registry class
Modifies data under HKEY_USERS
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Modifies system certificate store
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-11-03 09:23
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-03 09:23
Reported
2024-11-03 09:29
Platform
win10v2004-20241007-en
Max time kernel
300s
Max time network
305s
Command Line
Signatures
Modifies visiblity of hidden/system files in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" | \??\c:\windows\resources\themes\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" | \??\c:\windows\resources\svchost.exe | N/A |
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\_MEI27242\PyQt5\Qt5\bin\QtWebEngineProcess.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\_MEI54042\PyQt5\Qt5\bin\QtWebEngineProcess.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Explorer = "c:\\windows\\resources\\themes\\explorer.exe RO" | \??\c:\windows\resources\themes\explorer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Svchost = "c:\\windows\\resources\\svchost.exe RO" | \??\c:\windows\resources\themes\explorer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Explorer = "c:\\windows\\resources\\themes\\explorer.exe RO" | \??\c:\windows\resources\svchost.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Svchost = "c:\\windows\\resources\\svchost.exe RO" | \??\c:\windows\resources\svchost.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Steam = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent" | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
Checks installed software on the system
Detected potential entity reuse from brand STEAM.
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\explorer.exe | \??\c:\windows\resources\themes\explorer.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\explorer.exe | \??\c:\windows\resources\svchost.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\loader_prod.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\loader_prod.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\loader_prod.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\loader_prod.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\loader_prod.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\loader_prod.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\loader_prod.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\loader_prod.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Steam\public\steambootstrapper_portuguese.txt | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| File created | C:\Program Files (x86)\Steam\uninstall.exe | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\steamui_websrc_movies_all.zip.4d2183b0476852dfb695b8d70192a0ccece8c7d0 | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\public\steambootstrapper_finnish.txt | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| File created | C:\Program Files (x86)\Steam\public\steambootstrapper_russian.txt | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| File created | C:\Program Files (x86)\Steam\public\steambootstrapper_schinese.txt | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| File created | C:\Program Files (x86)\Steam\public\steambootstrapper_turkish.txt | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| File created | C:\Program Files (x86)\Steam\public\steambootstrapper_ukrainian.txt | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| File created | C:\Program Files (x86)\Steam\public\steambootstrapper_english.txt | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| File created | C:\Program Files (x86)\Steam\public\steambootstrapper_tchinese.txt | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Steam\steamservice.exe | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| File created | C:\Program Files (x86)\Steam\public\steambootstrapper_hungarian.txt | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| File created | C:\Program Files (x86)\Steam\public\steambootstrapper_polish.txt | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| File created | C:\Program Files (x86)\Steam\public\steambootstrapper_vietnamese.txt | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\bins_codecs_win32.zip.vz.629e5d8457eb779707b2c7fdb6ab79d77b56a47f_5198191 | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\public\steambootstrapper_danish.txt | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| File created | C:\Program Files (x86)\Steam\public\steambootstrapper_dutch.txt | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| File created | C:\Program Files (x86)\Steam\public\steambootstrapper_koreana.txt | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Steam\steamservice.exe | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\bins_webhelpers_win32_win7-64.zip.vz.0da5ede22e4bad36241161cb2db4710e969ebabd_3004275 | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\public\steambootstrapper_greek.txt | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| File created | C:\Program Files (x86)\Steam\public\steambootstrapper_italian.txt | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| File created | C:\Program Files (x86)\Steam\public\steambootstrapper_korean.txt | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\public_all.zip.vz.b0ad1267ec973fc34840c92ebbf4b35b0c40cc17_23591292 | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\steamui_websrc_all.zip.vz.deeae77fea80a3110c15d0e9a63c2a95ab6ab647_24679493 | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\public\steambootstrapper_spanish.txt | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| File created | C:\Program Files (x86)\Steam\.writable | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\steam_win32_steamrow.zip.vz.d81a7f9deb044005d1091df24c139c43fcdfc529_1808064 | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\public\steambootstrapper_latam.txt | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| File created | C:\Program Files (x86)\Steam\public\steambootstrapper_norwegian.txt | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\strings_en_all.zip.a1d7ed1cbfa3d83fe07a903083b74d814867e6a8 | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\public\steambootstrapper_french.txt | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| File created | C:\Program Files (x86)\Steam\public\steambootstrapper_swedish.txt | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\steamui_websrc_sounds_all.zip.vz.a2b25775b33d943e54c45d176558de379111ef5f_3220470 | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\Steam.exe | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| File created | C:\Program Files (x86)\Steam\public\steambootstrapper_czech.txt | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\bins_misc_win32.zip.vz.2c6245572e523b9a524178572567f5fa0f563ec1_10681071 | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\public\steambootstrapper_brazilian.txt | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\bins_win32.zip.vz.d449a4adb4ed31f04d253558e934dfc1f53f25ff_28960273 | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Steam\logs\bootstrap_log.txt | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\logs\bootstrap_log.txt | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\resources_misc_all.zip.vz.e86a975545f3ab21a77373870cb311ef93934b8c_2224876 | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\bin\SteamService.exe | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| File created | C:\Program Files (x86)\Steam\public\steambootstrapper_romanian.txt | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\resources_all.zip.vz.3d492fce87e5ccddbb855f26680b0c6798901010_2867227 | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Steam\.crash | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tenfoot_images_all.zip.vz.193cb8c4eb4446698ea2c0a9e8c4e6b6a623dac7_5572671 | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\public\steambootstrapper_bulgarian.txt | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| File created | C:\Program Files (x86)\Steam\public\steambootstrapper_german.txt | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| File created | C:\Program Files (x86)\Steam\public\steambootstrapper_indonesian.txt | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| File created | C:\Program Files (x86)\Steam\public\steambootstrapper_japanese.txt | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| File created | C:\Program Files (x86)\Steam\public\steambootstrapper_thai.txt | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\resources_hidpi_all.zip.vz.3de815c3117712cb9eeb7ea4c8b275faf481dcfd_56342 | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\strings_all.zip.vz.2bee49ebaa1cf153bea903b50ecdaaeb6770168f_2006028 | C:\Program Files (x86)\Steam\steam.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Resources\Themes\icsys.icn.exe | C:\Users\Admin\Desktop\CS2 Hub Tool.exe | N/A |
| File opened for modification | \??\c:\windows\resources\themes\explorer.exe | C:\Windows\Resources\Themes\icsys.icn.exe | N/A |
| File opened for modification | \??\c:\windows\resources\spoolsv.exe | \??\c:\windows\resources\themes\explorer.exe | N/A |
| File opened for modification | \??\c:\windows\resources\svchost.exe | \??\c:\windows\resources\spoolsv.exe | N/A |
| File opened for modification | C:\Windows\Resources\Themes\icsys.icn.exe | C:\Users\Admin\Desktop\CS2 Hub Tool.exe | N/A |
| File opened for modification | C:\Windows\Resources\tjud.exe | \??\c:\windows\resources\themes\explorer.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\CS2 Hub Tool.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Resources\Themes\icsys.icn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | \??\c:\windows\resources\themes\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | \??\c:\windows\resources\spoolsv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Resources\Themes\icsys.icn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | \??\c:\windows\resources\themes\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | \??\c:\windows\resources\spoolsv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | \??\c:\windows\resources\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\CS2 Hub Tool.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Steam\steam.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133750994489174454" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\steam | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\steamlink\ = "URL:steamlink protocol" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\steam\DefaultIcon\ = "steam.exe" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\steam\Shell\Open\Command | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\steam\Shell\Open | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\steamlink\Shell\Open\Command | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\steam | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\steam | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\steam\DefaultIcon | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\steam\Shell | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\steamlink | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1045960512-3948844814-3059691613-1000\{401586C3-5ADF-4308-BC69-C1634F43CBD0} | \??\c:\users\admin\desktop\cs2 hub tool.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1045960512-3948844814-3059691613-1000\{883EE56F-EC05-47FD-BA29-F3571E5E1305} | \??\c:\users\admin\desktop\cs2 hub tool.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\steamlink\DefaultIcon | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\steamlink\DefaultIcon\ = "steam.exe" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\steamlink\Shell | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\steam\URL Protocol | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\steamlink\URL Protocol | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\steamlink\Shell\Open | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\steamlink | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\steam\ = "URL:steam protocol" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\MY\Keys | C:\Users\Admin\AppData\Local\Temp\loader_prod.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\MY\Keys\CA40D84EB7D86EA92142A849471A4D1DB03B46A4 | C:\Users\Admin\AppData\Local\Temp\loader_prod.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\MY\Keys\CA40D84EB7D86EA92142A849471A4D1DB03B46A4\Blob = 02000000000000006c0000001c000000000000000100000020000000000000000000000002000000640031003600640031006300630062002d0033006600640031002d0034006300360033002d0038006400630033002d006400390039003700340030006400380065006300360036000000000000000000230000000000000014000000ca40d84eb7d86ea92142a849471a4d1db03b46a4 | C:\Users\Admin\AppData\Local\Temp\loader_prod.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Program Files (x86)\Steam\steam.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | \??\c:\users\admin\desktop\cs2 hub tool.exe | N/A |
| N/A | N/A | \??\c:\users\admin\desktop\cs2 hub tool.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | \??\c:\windows\resources\themes\explorer.exe | N/A |
| N/A | N/A | \??\c:\windows\resources\svchost.exe | N/A |
| N/A | N/A | \??\c:\users\admin\desktop\cs2 hub tool.exe | N/A |
| N/A | N/A | \??\c:\users\admin\desktop\cs2 hub tool.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Users\Admin\AppData\Local\Temp\loader_prod.exe
"C:\Users\Admin\AppData\Local\Temp\loader_prod.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff8f760cc40,0x7ff8f760cc4c,0x7ff8f760cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1876,i,16339804672340762036,15349498841342743710,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1872 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2148,i,16339804672340762036,15349498841342743710,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2212 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2252,i,16339804672340762036,15349498841342743710,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2220 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3168,i,16339804672340762036,15349498841342743710,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3176 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3208,i,16339804672340762036,15349498841342743710,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3200 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4568,i,16339804672340762036,15349498841342743710,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4564 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4736,i,16339804672340762036,15349498841342743710,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3888 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4824,i,16339804672340762036,15349498841342743710,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4840 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5020,i,16339804672340762036,15349498841342743710,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4888 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4852,i,16339804672340762036,15349498841342743710,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4424 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5148,i,16339804672340762036,15349498841342743710,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4032 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4700,i,16339804672340762036,15349498841342743710,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5152 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3240,i,16339804672340762036,15349498841342743710,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3188 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5292,i,16339804672340762036,15349498841342743710,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4684 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Desktop\CS2 Hub Tool.exe
"C:\Users\Admin\Desktop\CS2 Hub Tool.exe"
\??\c:\users\admin\desktop\cs2 hub tool.exe
"c:\users\admin\desktop\cs2 hub tool.exe "
\??\c:\users\admin\desktop\cs2 hub tool.exe
"c:\users\admin\desktop\cs2 hub tool.exe "
C:\Users\Admin\AppData\Local\Temp\_MEI27242\PyQt5\Qt5\bin\QtWebEngineProcess.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI27242\PyQt5\Qt5\bin\QtWebEngineProcess.exe" --type=utility --enable-features=AllowContentInitiatedDataUrlNavigations,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,FormControlsRefresh,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --lang=en-US --service-sandbox-type=network --use-gl=angle --application-name=cs2%20hub%20tool --webengine-schemes=qrc:sLV --mojo-platform-channel-handle=2656 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\_MEI27242\PyQt5\Qt5\bin\QtWebEngineProcess.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI27242\PyQt5\Qt5\bin\QtWebEngineProcess.exe" --type=renderer --disable-speech-api --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,FormControlsRefresh,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --lang=en-US --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --mojo-platform-channel-handle=2764 /prefetch:1
C:\Windows\Resources\Themes\icsys.icn.exe
C:\Windows\Resources\Themes\icsys.icn.exe
\??\c:\windows\resources\themes\explorer.exe
c:\windows\resources\themes\explorer.exe
\??\c:\windows\resources\spoolsv.exe
c:\windows\resources\spoolsv.exe SE
\??\c:\windows\resources\svchost.exe
c:\windows\resources\svchost.exe
\??\c:\windows\resources\spoolsv.exe
c:\windows\resources\spoolsv.exe PR
C:\Users\Admin\Desktop\CS2 Hub Tool.exe
"C:\Users\Admin\Desktop\CS2 Hub Tool.exe"
\??\c:\users\admin\desktop\cs2 hub tool.exe
"c:\users\admin\desktop\cs2 hub tool.exe "
\??\c:\users\admin\desktop\cs2 hub tool.exe
"c:\users\admin\desktop\cs2 hub tool.exe "
C:\Users\Admin\AppData\Local\Temp\_MEI54042\PyQt5\Qt5\bin\QtWebEngineProcess.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI54042\PyQt5\Qt5\bin\QtWebEngineProcess.exe" --type=renderer --disable-speech-api --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,FormControlsRefresh,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --lang=en-US --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --mojo-platform-channel-handle=2712 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\_MEI54042\PyQt5\Qt5\bin\QtWebEngineProcess.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI54042\PyQt5\Qt5\bin\QtWebEngineProcess.exe" --type=utility --enable-features=AllowContentInitiatedDataUrlNavigations,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,FormControlsRefresh,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --lang=en-US --service-sandbox-type=network --use-gl=angle --application-name=cs2%20hub%20tool --webengine-schemes=qrc:sLV --mojo-platform-channel-handle=2572 /prefetch:8
C:\Windows\Resources\Themes\icsys.icn.exe
C:\Windows\Resources\Themes\icsys.icn.exe
\??\c:\windows\resources\themes\explorer.exe
c:\windows\resources\themes\explorer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8f760cc40,0x7ff8f760cc4c,0x7ff8f760cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2008,i,15889330038346561262,5490083279450914107,262144 --variations-seed-version=20241101-130115.507000 --mojo-platform-channel-handle=2004 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1892,i,15889330038346561262,5490083279450914107,262144 --variations-seed-version=20241101-130115.507000 --mojo-platform-channel-handle=2052 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2256,i,15889330038346561262,5490083279450914107,262144 --variations-seed-version=20241101-130115.507000 --mojo-platform-channel-handle=2224 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3160,i,15889330038346561262,5490083279450914107,262144 --variations-seed-version=20241101-130115.507000 --mojo-platform-channel-handle=3196 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3168,i,15889330038346561262,5490083279450914107,262144 --variations-seed-version=20241101-130115.507000 --mojo-platform-channel-handle=3228 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3700,i,15889330038346561262,5490083279450914107,262144 --variations-seed-version=20241101-130115.507000 --mojo-platform-channel-handle=4536 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4576,i,15889330038346561262,5490083279450914107,262144 --variations-seed-version=20241101-130115.507000 --mojo-platform-channel-handle=4552 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4720,i,15889330038346561262,5490083279450914107,262144 --variations-seed-version=20241101-130115.507000 --mojo-platform-channel-handle=4864 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3152,i,15889330038346561262,5490083279450914107,262144 --variations-seed-version=20241101-130115.507000 --mojo-platform-channel-handle=4452 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4868,i,15889330038346561262,5490083279450914107,262144 --variations-seed-version=20241101-130115.507000 --mojo-platform-channel-handle=3376 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3268,i,15889330038346561262,5490083279450914107,262144 --variations-seed-version=20241101-130115.507000 --mojo-platform-channel-handle=4784 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5056,i,15889330038346561262,5490083279450914107,262144 --variations-seed-version=20241101-130115.507000 --mojo-platform-channel-handle=3456 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5188,i,15889330038346561262,5490083279450914107,262144 --variations-seed-version=20241101-130115.507000 --mojo-platform-channel-handle=3328 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x410 0x150
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5332,i,15889330038346561262,5490083279450914107,262144 --variations-seed-version=20241101-130115.507000 --mojo-platform-channel-handle=3192 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5524,i,15889330038346561262,5490083279450914107,262144 --variations-seed-version=20241101-130115.507000 --mojo-platform-channel-handle=5544 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5532,i,15889330038346561262,5490083279450914107,262144 --variations-seed-version=20241101-130115.507000 --mojo-platform-channel-handle=5676 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5388,i,15889330038346561262,5490083279450914107,262144 --variations-seed-version=20241101-130115.507000 --mojo-platform-channel-handle=5852 /prefetch:8
C:\Users\Admin\Downloads\SteamSetup.exe
"C:\Users\Admin\Downloads\SteamSetup.exe"
C:\Program Files (x86)\Steam\bin\steamservice.exe
"C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install
C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3880,i,15889330038346561262,5490083279450914107,262144 --variations-seed-version=20241101-130115.507000 --mojo-platform-channel-handle=3432 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.178.10:443 | ogads-pa.googleapis.com | tcp |
| GB | 216.58.201.110:443 | apis.google.com | tcp |
| GB | 142.250.178.10:443 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 4.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| GB | 142.250.178.10:443 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.178.14:443 | clients2.google.com | udp |
| GB | 142.250.178.14:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 3.235.182.75:50554 | tcp | |
| US | 3.235.182.74:50550 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 75.182.235.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 3.235.182.72:50550 | tcp | |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 3.235.182.71:50550 | tcp | |
| US | 8.8.8.8:53 | gofile.io | udp |
| FR | 45.112.123.126:443 | gofile.io | tcp |
| FR | 45.112.123.126:443 | gofile.io | tcp |
| US | 8.8.8.8:53 | 126.123.112.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.gofile.io | udp |
| FR | 45.112.123.126:443 | api.gofile.io | tcp |
| US | 8.8.8.8:53 | s.gofile.io | udp |
| FR | 51.75.242.210:443 | s.gofile.io | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 172.217.16.234:443 | content-autofill.googleapis.com | tcp |
| FR | 51.75.242.210:443 | s.gofile.io | tcp |
| US | 8.8.8.8:53 | 210.242.75.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | store6.gofile.io | udp |
| FR | 31.14.70.249:443 | store6.gofile.io | tcp |
| FR | 31.14.70.249:443 | store6.gofile.io | tcp |
| US | 8.8.8.8:53 | 249.70.14.31.in-addr.arpa | udp |
| US | 3.235.182.76:50550 | tcp | |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.postimg.cc | udp |
| FR | 46.105.222.82:443 | i.postimg.cc | tcp |
| US | 8.8.8.8:53 | login-software-api.accountspider.com | udp |
| US | 172.67.68.71:443 | login-software-api.accountspider.com | tcp |
| US | 8.8.8.8:53 | 82.222.105.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.68.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | venx.club | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| FR | 46.105.222.82:443 | i.postimg.cc | tcp |
| US | 172.67.68.71:443 | login-software-api.accountspider.com | tcp |
| US | 8.8.8.8:53 | venx.club | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 142.250.178.10:443 | content-autofill.googleapis.com | udp |
| GB | 142.250.178.10:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | dns-tunnel-check.googlezip.net | udp |
| US | 8.8.8.8:53 | tunnel.googlezip.net | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| GB | 142.250.178.10:443 | content-autofill.googleapis.com | tcp |
| GB | 142.250.178.10:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.34.239.216.in-addr.arpa | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 142.250.178.14:443 | clients2.google.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| US | 8.8.8.8:53 | store.fastly.steamstatic.com | udp |
| US | 151.101.3.52:443 | store.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | store.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | store.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | store.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | store.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | store.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | store.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | store.fastly.steamstatic.com | tcp |
| US | 8.8.8.8:53 | cdn.fastly.steamstatic.com | udp |
| US | 8.8.8.8:53 | shared.fastly.steamstatic.com | udp |
| US | 151.101.3.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.67.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.67.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 52.3.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.67.101.151.in-addr.arpa | udp |
| US | 23.192.21.216:443 | store.steampowered.com | tcp |
| US | 8.8.8.8:53 | clan.fastly.steamstatic.com | udp |
| US | 151.101.3.52:443 | clan.fastly.steamstatic.com | tcp |
| US | 23.192.21.216:443 | store.steampowered.com | tcp |
| US | 8.8.8.8:53 | 216.21.192.23.in-addr.arpa | udp |
| US | 23.192.21.216:443 | store.steampowered.com | tcp |
| US | 23.192.21.216:443 | store.steampowered.com | tcp |
| US | 23.192.21.216:443 | store.steampowered.com | tcp |
| US | 23.192.21.216:443 | store.steampowered.com | tcp |
| US | 151.101.67.52:443 | clan.fastly.steamstatic.com | tcp |
| US | 151.101.67.52:443 | clan.fastly.steamstatic.com | tcp |
| US | 8.8.8.8:53 | cdn.steamstatic.com | udp |
| US | 151.101.195.52:443 | cdn.steamstatic.com | tcp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| GB | 2.23.210.82:80 | r11.o.lencr.org | tcp |
| US | 8.8.8.8:53 | 52.195.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.169.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.210.23.2.in-addr.arpa | udp |
| US | 151.101.195.52:443 | cdn.steamstatic.com | tcp |
| US | 151.101.195.52:443 | cdn.steamstatic.com | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.200.14:443 | google.com | tcp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | tcp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.213.58.216.in-addr.arpa | udp |
Files
\??\pipe\crashpad_2944_YIIBZDVSUEYFCBQI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
memory/1232-32-0x000000014021B000-0x0000000141441000-memory.dmp
memory/1232-33-0x00007FF906910000-0x00007FF906912000-memory.dmp
memory/1232-34-0x00007FF906920000-0x00007FF906922000-memory.dmp
memory/1232-39-0x0000000140000000-0x0000000142EA6000-memory.dmp
memory/1232-35-0x0000000140000000-0x0000000142EA6000-memory.dmp
memory/1232-48-0x0000000140000000-0x0000000142EA6000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 1d3e5ea71804e0e56c4f570a3d659d82 |
| SHA1 | 110bfe66d438b131dcd4c8d42c592614d3f14137 |
| SHA256 | b14be8b51c35b760d7e72ec7d24d2a5bac4315111766d89956407d1e339a6933 |
| SHA512 | beb5790cf40a46b1e49df1f984a6f76ee15764b35454d29d3594e411a201fca79a8dc50eb4769cb83a3d2050c838fa41bc49bbeb4c3e56a9b9bee295c1b31a89 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | ee2edd9f350b1ca720e4dcb303206b7e |
| SHA1 | 25625a00b350f8d6db9c5cce1ee476ba7a27aea7 |
| SHA256 | d0c21dda98cf934851853d75cc01826a68a6e64b569ad203416fe05893230a1f |
| SHA512 | 9b453b729df9487859e6b48b06487ed08fc6d5a9fc0bde571f05d0290d0760ea6ed87575c887995423155f1f543a59be555510b8adafa8caf69530d9b64234d3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1494c23c659848c96984cbc7ae8d1857 |
| SHA1 | cd7265922bae67a061d81c966d90e1ef313581eb |
| SHA256 | 9cd9ad8a1652d0af7f5d7b767fd82a46eb3cfc99b4a6951dbd54b9bb3c73b32a |
| SHA512 | afe63164e409809532bbfe49a2aac76e7f5fc0e71c7059dd3cda8b96db9a8099779c5f24f12d2f60ec8c17344a74c7f14e85c0936015b51e63f0c56a4941f119 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0a3e26a71ba90152f6bf4e389c1031f9 |
| SHA1 | 04ed869ffa51385be5ff3f5c30840f64110de065 |
| SHA256 | 5d5bb09d2583b7a4bdcd81868b4262a9c9bd03f9df54aba9c28d0676b4b3b0c3 |
| SHA512 | d58947f6b9db320fa6c5dcf798a7e00d120827093d3180ef5c859703294763772776519b951dc0cd8403ce278fd39bcdc5edf274f36ba14b5f9b14dd14296590 |
memory/1232-73-0x00007FF906710000-0x00007FF906905000-memory.dmp
memory/1232-75-0x00007FF905400000-0x00007FF9055A1000-memory.dmp
memory/1232-74-0x00007FF904C20000-0x00007FF904CDE000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | a6392dcf0c6a55a45614255fd0f81705 |
| SHA1 | 6eaef09d41b59d6d017b35e0db8c0fd30fd87997 |
| SHA256 | 7af82e2d2cdbf19bf8534027cdab83eea883e772580645f09f1c850c9807a886 |
| SHA512 | 9c6ce7a3c6be128178b3382adf6e312df9da0f094a4cbbe74ac40af277c620b8623c7273d3eeba5ee5a9cb74e28986fd7cad2246089b2088894b2099db2ca240 |
memory/1232-81-0x00007FF906710000-0x00007FF906905000-memory.dmp
memory/1232-84-0x000000014021B000-0x0000000141441000-memory.dmp
memory/1232-85-0x0000000140000000-0x0000000142EA6000-memory.dmp
memory/1232-86-0x00007FF906710000-0x00007FF906905000-memory.dmp
memory/1232-89-0x00007FF906710000-0x00007FF906905000-memory.dmp
memory/1232-92-0x0000000140000000-0x0000000142EA6000-memory.dmp
memory/1232-93-0x00007FF906710000-0x00007FF906905000-memory.dmp
memory/1232-96-0x00007FF906710000-0x00007FF906905000-memory.dmp
memory/1232-116-0x00007FF906710000-0x00007FF906905000-memory.dmp
memory/1232-119-0x00007FF906710000-0x00007FF906905000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6f777bd5f772e03b01a428c8ba0aed88 |
| SHA1 | aa069cc73523a0578fc005d68251e32e6069c6d0 |
| SHA256 | 1c4d969a1c2dcc61483a34b480596727a7f54ccd58e28d176adbee1d8341544a |
| SHA512 | ce126f1e4748b91624af738b778c994f1bea4dab9d0a398f7dfa9e42148306f5415bac03ada3ca4edf0f445c29dcae528bbc941c50bfba7c82e80e9373b38aa3 |
memory/1232-131-0x00007FF906710000-0x00007FF906905000-memory.dmp
memory/1232-134-0x00007FF906710000-0x00007FF906905000-memory.dmp
memory/1232-137-0x00007FF906710000-0x00007FF906905000-memory.dmp
memory/1232-140-0x00007FF906710000-0x00007FF906905000-memory.dmp
memory/1232-143-0x00007FF906710000-0x00007FF906905000-memory.dmp
memory/1232-184-0x00007FF906710000-0x00007FF906905000-memory.dmp
memory/1232-187-0x00007FF906710000-0x00007FF906905000-memory.dmp
memory/1232-190-0x00007FF906710000-0x00007FF906905000-memory.dmp
memory/1232-193-0x00007FF906710000-0x00007FF906905000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ee58f44c24a7c019fc53f47e6a45c487 |
| SHA1 | 594c9dffc685d7d39d474052acca425895eab00f |
| SHA256 | ad3fc6ef6788bb7435c3deed72e9211893a6bf3cbb5a8ecf81855f12d53651a1 |
| SHA512 | 995762a6aadc9a3b5cfa36920b4e0d3466389b28a5f77aae7e99d57586bb564b7bede679e8be85ef4616dfa6be21482be9f755abf91f1d19eb09f8d05d3604cd |
memory/1232-205-0x00007FF906710000-0x00007FF906905000-memory.dmp
memory/1232-208-0x00007FF906710000-0x00007FF906905000-memory.dmp
memory/1232-211-0x00007FF906710000-0x00007FF906905000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | bad6882d33d72a5d844141b476374a65 |
| SHA1 | a0ca89428618979ba38b36270e3d2f4a3cfa28ee |
| SHA256 | be845e60d6364d0228a22cbd2aed325f59551f3051f54c2cd0b7f06a488b30c6 |
| SHA512 | 3683d54eece520f4b5be039f5f977776d954486854a1219212abdeac5834b09c3579b2f133021b3f757e12d5e7663388b02cd0e686bd1b886d21019b974f1911 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 88babcec3837899ad892c802904a34e6 |
| SHA1 | fd3902ad7d551a538dc640a8943dc62c118088a9 |
| SHA256 | a47f39e322a5cb0def239b06c5428c4224264cecf614e5edeba33eb98ebd61e8 |
| SHA512 | 583e4d38be26377c55d385905f1cfa95d756298f7c40b93aa69ff5739915c42e494e22ff190cceb5fcb0548d470faf4d39d861fe8e8c87d6e8393cfec2a7f5d1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 44d452d739489d69fe9777c8a940f158 |
| SHA1 | 40ca321b22a733969e84a72cecdacb61ff2e578a |
| SHA256 | 47e2d712563875a209ffae336ad74b0f5f1f0a8abcbbb42e44171dde7c5481c3 |
| SHA512 | 1405a243fec0a37179c50b77c2b3f2bd6f16ba7f4c58594eadea213e5e8f76f697385d835772845f9b985d2fd7b9e821106a95962239e2404922170c2745d764 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7786b4620a672945ad4cbe272639bf38 |
| SHA1 | e1c70ca9792b3143be42710d7fecafabd165fc2e |
| SHA256 | 099285ae6b98f9acc8c98ea2caa24f1529e8b57066bef53f5a921d95c5ff73a9 |
| SHA512 | ffda7fe5b261779c519b7bcc8d420f37f210b76a6210f7a94768bb27fdca6003c824a0d92ba598d905bb64c3a2878d2362d7ed2a381c7b475740945bdfe70c0b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c9b514decf276ed5e39e2453fd15fa33 |
| SHA1 | 0ba7c4cc4707b51c984b711e5a62d416c526118e |
| SHA256 | 35e0d28225ed665f22d548715412d2165f6c52877136ac1da900aae8bc2ca138 |
| SHA512 | da2bd933ba1a408b2d1c9276516983637a63a596481e4fa6ee0f3f7e742ca83c0764a22d2ff1aa85fbeb654e2e856ce8d3bb50b7ae4dcba2dab036ce67ad07c0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 6085a3d79894adb12ae8d5fda020877b |
| SHA1 | b904b9e5abad5817583dd44f2ed0716f675a97d6 |
| SHA256 | 6e9025c00409e895ee9503471e9e01beb3bc3328a01a7e410d7679eb56e3e7aa |
| SHA512 | 705728ccb10e65f6a7d8380be1b21f0251fa7c772d8fd4b7a839abcf0c20baa9b51008dbb6ac66159fb09959ed1e1767c1cd9284e8cd860c3e42b25cc59907c1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 434837e243c795728da2a85a9f516a33 |
| SHA1 | 0ffa0768ec8c2079cc7a662e7e6d11c6364b8dd7 |
| SHA256 | 37e00545d26f689e651722c8ede78883d0618bfb92aee6ef50e6d318951185cf |
| SHA512 | 34cd7d616c07ebf287b38ddc323836da0f37b9b7374b8f28fd42677a133ccb6547d73a487b24e57b8f4a6414c5832d9b69e1e62ee4cb3205b8df6a471e31f323 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 3d2169b2fd364dd4e5fe632ac1ce03b7 |
| SHA1 | bc67391c385990f30d74e0390ab0f51ab39ddc48 |
| SHA256 | fd03a921b18282e58bb98ee0f39205dba8ad07558534d8254f4507ea653e1b48 |
| SHA512 | a8bedf1a7a4a30a19ac3e5406924afa3343917dbcd72169d255a806aa8fe8fe7431dea2631012600c19a9a69c576eb2ab070b475ab2fcdfa30c8230a376d3899 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | a54c07812639a0a6c608aedf944ff047 |
| SHA1 | 68700138b20f323f0077f22dbcb2bf2724739731 |
| SHA256 | dced9b4332ecd8fc557c84573c061c02b326ed452615ad86ce6308d1c4837406 |
| SHA512 | 5842b61af9acb10de8cf3bcd2e39db54fe21fca0e810cb9ed75e093d753206f4373840e4876cd2b9021576aa5d1e14e87929a66868ad9c468a323ff82e587598 |
memory/1232-1178-0x0000000140000000-0x0000000142EA6000-memory.dmp
memory/2220-1179-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI27242\PyQt5\Qt5\translations\qtlocation_en.qm
| MD5 | bcebcf42735c6849bdecbb77451021dd |
| SHA1 | 4884fd9af6890647b7af1aefa57f38cca49ad899 |
| SHA256 | 9959b510b15d18937848ad13007e30459d2e993c67e564badbfc18f935695c85 |
| SHA512 | f951b511ffb1a6b94b1bcae9df26b41b2ff829560583d7c83e70279d1b5304bde299b3679d863cad6bb79d0beda524fc195b7f054ecf11d2090037526b451b78 |
C:\Users\Admin\AppData\Local\Temp\_MEI27242\python312.dll
| MD5 | d521654d889666a0bc753320f071ef60 |
| SHA1 | 5fd9b90c5d0527e53c199f94bad540c1e0985db6 |
| SHA256 | 21700f0bad5769a1b61ea408dc0a140ffd0a356a774c6eb0cc70e574b929d2e2 |
| SHA512 | 7a726835423a36de80fb29ef65dfe7150bd1567cac6f3569e24d9fe091496c807556d0150456429a3d1a6fd2ed0b8ae3128ea3b8674c97f42ce7c897719d2cd3 |
C:\Users\Admin\AppData\Local\Temp\_MEI27242\VCRUNTIME140.dll
| MD5 | be8dbe2dc77ebe7f88f910c61aec691a |
| SHA1 | a19f08bb2b1c1de5bb61daf9f2304531321e0e40 |
| SHA256 | 4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83 |
| SHA512 | 0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655 |
C:\Users\Admin\AppData\Local\Temp\_MEI27242\python3.dll
| MD5 | a07661c5fad97379cf6d00332999d22c |
| SHA1 | dca65816a049b3cce5c4354c3819fef54c6299b0 |
| SHA256 | 5146005c36455e7ede4b8ecc0dc6f6fa8ea6b4a99fedbabc1994ae27dfab9d1b |
| SHA512 | 6ddeb9d89ccb4d2ec5d994d85a55e5e2cc7af745056dae030ab8d72ee7830f672003f4675b6040f123fc64c19e9b48cabd0da78101774dafacf74a88fbd74b4d |
C:\Users\Admin\AppData\Local\Temp\_MEI27242\_ctypes.pyd
| MD5 | fb454c5e74582a805bc5e9f3da8edc7b |
| SHA1 | 782c3fa39393112275120eaf62fc6579c36b5cf8 |
| SHA256 | 74e0e8384f6c2503215f4cf64c92efe7257f1aec44f72d67ad37dc8ba2530bc1 |
| SHA512 | 727ada80098f07849102c76b484e9a61fb0f7da328c0276d82c6ee08213682c89deeb8459139a3fbd7f561bffaca91650a429e1b3a1ff8f341cebdf0bfa9b65d |
C:\Users\Admin\AppData\Local\Temp\_MEI27242\base_library.zip
| MD5 | 43935f81d0c08e8ab1dfe88d65af86d8 |
| SHA1 | abb6eae98264ee4209b81996c956a010ecf9159b |
| SHA256 | c611943f0aeb3292d049437cb03500cc2f8d12f23faf55e644bca82f43679bc0 |
| SHA512 | 06a9dcd310aa538664b08f817ec1c6cfa3f748810d76559c46878ea90796804904d41ac79535c7f63114df34c0e5de6d0452bb30df54b77118d925f21cfa1955 |
C:\Users\Admin\AppData\Local\Temp\_MEI27242\libffi-8.dll
| MD5 | 0f8e4992ca92baaf54cc0b43aaccce21 |
| SHA1 | c7300975df267b1d6adcbac0ac93fd7b1ab49bd2 |
| SHA256 | eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a |
| SHA512 | 6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978 |
C:\Users\Admin\AppData\Local\Temp\_MEI27242\PyQt5\QtCore.pyd
| MD5 | 678fa1496ffdea3a530fa146dedcdbcc |
| SHA1 | c80d8f1de8ae06ecf5750c83d879d2dcc2d6a4f8 |
| SHA256 | d6e45fd8c3b3f93f52c4d1b6f9e3ee220454a73f80f65f3d70504bd55415ea37 |
| SHA512 | 8d9e3fa49fb42f844d8df241786ea9c0f55e546d373ff07e8c89aac4f3027c62ec1bd0c9c639afeabc034cc39e424b21da55a1609c9f95397a66d5f0d834e88e |
C:\Users\Admin\AppData\Local\Temp\_MEI27242\PyQt5\Qt5\bin\Qt5Core.dll
| MD5 | 817520432a42efa345b2d97f5c24510e |
| SHA1 | fea7b9c61569d7e76af5effd726b7ff6147961e5 |
| SHA256 | 8d2ff4ce9096ddccc4f4cd62c2e41fc854cfd1b0d6e8d296645a7f5fd4ae565a |
| SHA512 | 8673b26ec5421fce8e23adf720de5690673bb4ce6116cb44ebcc61bbbef12c0ad286dfd675edbed5d8d000efd7609c81aae4533180cf4ec9cd5316e7028f7441 |
C:\Users\Admin\AppData\Local\Temp\_MEI27242\_lzma.pyd
| MD5 | 195defe58a7549117e06a57029079702 |
| SHA1 | 3795b02803ca37f399d8883d30c0aa38ad77b5f2 |
| SHA256 | 7bf9ff61babebd90c499a8ed9b62141f947f90d87e0bbd41a12e99d20e06954a |
| SHA512 | c47a9b1066dd9744c51ed80215bd9645aab6cc9d6a3f9df99f618e3dd784f6c7ce6f53eabe222cf134ee649250834193d5973e6e88f8a93151886537c62e2e2b |
C:\Users\Admin\AppData\Local\Temp\_MEI27242\_bz2.pyd
| MD5 | 5bebc32957922fe20e927d5c4637f100 |
| SHA1 | a94ea93ee3c3d154f4f90b5c2fe072cc273376b3 |
| SHA256 | 3ed0e5058d370fb14aa5469d81f96c5685559c054917c7280dd4125f21d25f62 |
| SHA512 | afbe80a73ee9bd63d9ffa4628273019400a75f75454667440f43beb253091584bf9128cbb78ae7b659ce67a5faefdba726edb37987a4fe92f082d009d523d5d6 |
C:\Users\Admin\AppData\Local\Temp\_MEI27242\PyQt5\sip.cp312-win_amd64.pyd
| MD5 | f57134d35976c48ffb955df1739af5d4 |
| SHA1 | c1b3a81352e462d4ecc33ee5119b882d657bed2f |
| SHA256 | 9e91b237e2aa69c0c7e268f072999bb0319b04513c9fc97ab7c4371e642375d2 |
| SHA512 | db385592876f489460023f2d02fc80635fe4f9746ecd99c8c7622399a34ea43ef631d3668429ad4e8f69552a5c386bbf12f3805a9101f7eb70337ce23e65c80b |
C:\Users\Admin\AppData\Local\Temp\_MEI27242\PyQt5\Qt5\bin\VCRUNTIME140_1.dll
| MD5 | 6bc084255a5e9eb8df2bcd75b4cd0777 |
| SHA1 | cf071ad4e512cd934028f005cabe06384a3954b6 |
| SHA256 | 1f0f5f2ce671e0f68cf96176721df0e5e6f527c8ca9cfa98aa875b5a3816d460 |
| SHA512 | b822538494d13bda947655af791fed4daa811f20c4b63a45246c8f3befa3ec37ff1aa79246c89174fe35d76ffb636fa228afa4bda0bd6d2c41d01228b151fd89 |
C:\Users\Admin\AppData\Local\Temp\_MEI27242\PyQt5\Qt5\bin\MSVCP140_1.dll
| MD5 | 0fe6d52eb94c848fe258dc0ec9ff4c11 |
| SHA1 | 95cc74c64ab80785f3893d61a73b8a958d24da29 |
| SHA256 | 446c48c1224c289bd3080087fe15d6759416d64f4136addf30086abd5415d83f |
| SHA512 | c39a134210e314627b0f2072f4ffc9b2ce060d44d3365d11d8c1fe908b3b9403ebdd6f33e67d556bd052338d0ed3d5f16b54d628e8290fd3a155f55d36019a86 |
C:\Users\Admin\AppData\Local\Temp\_MEI27242\PyQt5\Qt5\bin\MSVCP140.dll
| MD5 | 01b946a2edc5cc166de018dbb754b69c |
| SHA1 | dbe09b7b9ab2d1a61ef63395111d2eb9b04f0a46 |
| SHA256 | 88f55d86b50b0a7e55e71ad2d8f7552146ba26e927230daf2e26ad3a971973c5 |
| SHA512 | 65dc3f32faf30e62dfdecb72775df870af4c3a32a0bf576ed1aaae4b16ac6897b62b19e01dc2bf46f46fbe3f475c061f79cbe987eda583fee1817070779860e5 |
C:\Users\Admin\AppData\Local\Temp\_MEI27242\_wmi.pyd
| MD5 | 8a9a59559c614fc2bcebb50073580c88 |
| SHA1 | 4e4ced93f2cb5fe6a33c1484a705e10a31d88c4d |
| SHA256 | 752fb80edb51f45d3cc1c046f3b007802432b91aef400c985640d6b276a67c12 |
| SHA512 | 9b17c81ff89a41307740371cb4c2f5b0cf662392296a7ab8e5a9eba75224b5d9c36a226dce92884591636c343b8238c19ef61c1fdf50cc5aa2da86b1959db413 |
C:\Users\Admin\AppData\Local\Temp\_MEI27242\_ssl.pyd
| MD5 | c87c5890039c3bdb55a8bc189256315f |
| SHA1 | 84ef3c2678314b7f31246471b3300da65cb7e9de |
| SHA256 | a5d361707f7a2a2d726b20770e8a6fc25d753be30bcbcbbb683ffee7959557c2 |
| SHA512 | e750dc36ae00249ed6da1c9d816f1bd7f8bc84ddea326c0cd0410dbcfb1a945aac8c130665bfacdccd1ee2b7ac097c6ff241bfc6cc39017c9d1cde205f460c44 |
C:\Users\Admin\AppData\Local\Temp\_MEI27242\_socket.pyd
| MD5 | dd8ff2a3946b8e77264e3f0011d27704 |
| SHA1 | a2d84cfc4d6410b80eea4b25e8efc08498f78990 |
| SHA256 | b102522c23dac2332511eb3502466caf842d6bcd092fbc276b7b55e9cc01b085 |
| SHA512 | 958224a974a3449bcfb97faab70c0a5b594fa130adc0c83b4e15bdd7aab366b58d94a4a9016cb662329ea47558645acd0e0cc6df54f12a81ac13a6ec0c895cd8 |
C:\Users\Admin\AppData\Local\Temp\_MEI27242\_queue.pyd
| MD5 | b7e5fbd7ef3eefff8f502290c0e2b259 |
| SHA1 | 9decba47b1cdb0d511b58c3146d81644e56e3611 |
| SHA256 | dbdabb5fe0ccbc8b951a2c6ec033551836b072cab756aaa56b6f22730080d173 |
| SHA512 | b7568b9df191347d1a8d305bd8ddd27cbfa064121c785fa2e6afef89ec330b60cafc366be2b22409d15c9434f5e46e36c5cbfb10783523fdcac82c30360d36f7 |
C:\Users\Admin\AppData\Local\Temp\_MEI27242\_hashlib.pyd
| MD5 | da02cefd8151ecb83f697e3bd5280775 |
| SHA1 | 1c5d0437eb7e87842fde55241a5f0ca7f0fc25e7 |
| SHA256 | fd77a5756a17ec0788989f73222b0e7334dd4494b8c8647b43fe554cf3cfb354 |
| SHA512 | a13bc5c481730f48808905f872d92cb8729cc52cfb4d5345153ce361e7d6586603a58b964a1ebfd77dd6222b074e5dcca176eaaefecc39f75496b1f8387a2283 |
C:\Users\Admin\AppData\Local\Temp\_MEI27242\_decimal.pyd
| MD5 | 492c0c36d8ed1b6ca2117869a09214da |
| SHA1 | b741cae3e2c9954e726890292fa35034509ef0f6 |
| SHA256 | b8221d1c9e2c892dd6227a6042d1e49200cd5cb82adbd998e4a77f4ee0e9abf1 |
| SHA512 | b8f1c64ad94db0252d96082e73a8632412d1d73fb8095541ee423df6f00bc417a2b42c76f15d7e014e27baae0ef50311c3f768b1560db005a522373f442e4be0 |
C:\Users\Admin\AppData\Local\Temp\_MEI27242\select.pyd
| MD5 | d0cc9fc9a0650ba00bd206720223493b |
| SHA1 | 295bc204e489572b74cc11801ed8590f808e1618 |
| SHA256 | 411d6f538bdbaf60f1a1798fa8aa7ed3a4e8fcc99c9f9f10d21270d2f3742019 |
| SHA512 | d3ebcb91d1b8aa247d50c2c4b2ba1bf3102317c593cbf6c63883e8bf9d6e50c0a40f149654797abc5b4f17aee282ddd972a8cd9189bfcd5b9cec5ab9c341e20b |
C:\Users\Admin\AppData\Local\Temp\_MEI27242\_cffi_backend.cp312-win_amd64.pyd
| MD5 | 0572b13646141d0b1a5718e35549577c |
| SHA1 | eeb40363c1f456c1c612d3c7e4923210eae4cdf7 |
| SHA256 | d8a76d1e31bbd62a482dea9115fc1a109cb39af4cf6d1323409175f3c93113a7 |
| SHA512 | 67c28432ca8b389acc26e47eb8c4977fddd4af9214819f89df07fecbc8ed750d5f35807a1b195508dd1d77e2a7a9d7265049dcfbfe7665a7fd1ba45da1e4e842 |
C:\Users\Admin\AppData\Local\Temp\_MEI27242\psutil\_psutil_windows.pyd
| MD5 | 3e579844160de8322d574501a0f91516 |
| SHA1 | c8de193854f7fc94f103bd4ac726246981264508 |
| SHA256 | 95f01ce7e37f6b4b281dbc76e9b88f28a03cb02d41383cc986803275a1cd6333 |
| SHA512 | ee2a026e8e70351d395329c78a07acb1b9440261d2557f639e817a8149ba625173ef196aed3d1c986577d78dc1a7ec9fed759c19346c51511474fe6d235b1817 |
C:\Users\Admin\AppData\Local\Temp\_MEI27242\VCRUNTIME140_1.dll
| MD5 | f8dfa78045620cf8a732e67d1b1eb53d |
| SHA1 | ff9a604d8c99405bfdbbf4295825d3fcbc792704 |
| SHA256 | a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5 |
| SHA512 | ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371 |
C:\Users\Admin\AppData\Local\Temp\_MEI27242\unicodedata.pyd
| MD5 | cc8142bedafdfaa50b26c6d07755c7a6 |
| SHA1 | 0fcab5816eaf7b138f22c29c6d5b5f59551b39fe |
| SHA256 | bc2cf23b7b7491edcf03103b78dbaf42afd84a60ea71e764af9a1ddd0fe84268 |
| SHA512 | c3b0c1dbe5bf159ab7706f314a75a856a08ebb889f53fe22ab3ec92b35b5e211edab3934df3da64ebea76f38eb9bfc9504db8d7546a36bc3cabe40c5599a9cbd |
C:\Users\Admin\AppData\Local\Temp\_MEI27242\libssl-3.dll
| MD5 | 19a2aba25456181d5fb572d88ac0e73e |
| SHA1 | 656ca8cdfc9c3a6379536e2027e93408851483db |
| SHA256 | 2e9fbcd8f7fdc13a5179533239811456554f2b3aa2fb10e1b17be0df81c79006 |
| SHA512 | df17dc8a882363a6c5a1b78ba3cf448437d1118ccc4a6275cc7681551b13c1a4e0f94e30ffb94c3530b688b62bff1c03e57c2c185a7df2bf3e5737a06e114337 |
C:\Users\Admin\AppData\Local\Temp\_MEI27242\libcrypto-3.dll
| MD5 | e547cf6d296a88f5b1c352c116df7c0c |
| SHA1 | cafa14e0367f7c13ad140fd556f10f320a039783 |
| SHA256 | 05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de |
| SHA512 | 9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d |
C:\Windows\Resources\Themes\explorer.exe
| MD5 | bf118de64ff865672d0d70bd4f2c3cee |
| SHA1 | e399544211c24d16757417a4b929eb8fc136e2c0 |
| SHA256 | e45e052d35a1b4017c53b4a54f97f7205c3486c4bcf19ee8e8f5af5bd1044fc5 |
| SHA512 | 6b7f8d3a9bdf4ae2154c3258ee2900d6a83b24ad9583e7206c49ab5e12e37c6967de34ebe5f4d88b4efe86b6371b0bfc3cb2b797879a5a11f5199e745f48406f |
memory/1032-2871-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2968-2872-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1292-2873-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2220-2874-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\cs2 hub tool\QtWebEngine\Default\Session Storage\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\cs2 hub tool\cache\QtWebEngine\Default\Cache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\cs2 hub tool\cache\QtWebEngine\Default\Cache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Local\cs2 hub tool\QtWebEngine\Default\Session Storage\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\cs2 hub tool\QtWebEngine\Default\00726ba7-4513-49ca-a562-3c7cd9ef20f0.tmp
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\cs2 hub tool\QtWebEngine\Default\Network Persistent State~RFe595318.TMP
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
memory/5360-4438-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI54042\PyQt5\Qt5\qml\QtQuick3D\Materials\maps\emissive_mask.png
| MD5 | 882310febbcd112f6416015145fd8c6d |
| SHA1 | e142d0ba597a2c773e6354673bbc4a760f8d963f |
| SHA256 | 03003aa01026e944b75447078f5758d0ffab854d03e9ce80780a174411073f7f |
| SHA512 | b21d8a189123c3019b5c99c1927d9eb10293cbe9321cb54d1fe183bf57efd22f778a61e47be27afb8f54d731ce17f96a6c6452dc76c3a8596b1bf1fdd532d4c4 |
C:\Users\Admin\AppData\Local\Temp\_MEI54042\PyQt5\Qt5\qml\QtQuick\Controls.2\designer\RadioDelegateSpecifics.qml
| MD5 | df7e32b0e18bd35fa8453cb1263886b9 |
| SHA1 | f4336c9380a7fbee4dfbc17c545b409364f7f8b3 |
| SHA256 | 8207c603c9de51d9954302dd9df559a1df70e0a9658af62637229b5a2437eec3 |
| SHA512 | 21d4e9b1d71c5ea9c7c66e5bacead5d4857ac109f7452d81c6d793f8843dd1d6f9194011e41259cdb9e3faecc04675a1433a2dfcbf0b758ff97cbd068fd95732 |
C:\Users\Admin\AppData\Local\Temp\_MEI54042\PyQt5\Qt5\qml\QtQuick\Controls.2\designer\SwitchSpecifics.qml
| MD5 | 95806d0bfadf617cdb91b9baacab5429 |
| SHA1 | 2102999ec25be88f138ea7c8fbf2a1bf4454c766 |
| SHA256 | 07911dff4b3128de29fb83223a78878f9e972f35a596429861c7ea7956923b2d |
| SHA512 | 00d3b1dd1d764859249a5997ec4b2ec68fdf7c245a3ad4276a81370b2f43090f41d32de48d94307703436e661ebaf64ff96332f109b0e611b74521f28c8f8004 |
C:\Users\Admin\AppData\Local\Temp\_MEI54042\PyQt5\Qt5\bin\QtWebEngineProcess.exe
| MD5 | 2922804fdb477055a5d640ba423735f5 |
| SHA1 | d661efa31292d718bd9c8e27cd7e022f87853de5 |
| SHA256 | 43535990da17776d53a0958b813b16604fd94b5fc7aa34cf2c0630f2624a976c |
| SHA512 | dac9e5f864ff53dba8c51d7ee7eae47bcf2196defc00955e74f337a622c46f7873b5717d68d5c131bb1342e8f77acada071b3134e56f8bef33bd2b71da21427f |
memory/3568-6049-0x0000000000400000-0x000000000041F000-memory.dmp
memory/4272-6050-0x0000000000400000-0x000000000041F000-memory.dmp
memory/5360-6051-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 9e930267525529064c3cccf82f7f630d |
| SHA1 | 9cdf349a8e5e2759aeeb73063a414730c40a5341 |
| SHA256 | 1cf7df0f74ee0baaaaa32e44c197edec1ae04c2191e86bf52373f2a5a559f1ac |
| SHA512 | dbc7db60f6d140f08058ba07249cc1d55127896b14663f6a4593f88829867063952d1f0e0dd47533e7e8532aa45e3acc90c117b8dd9497e11212ac1daa703055 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 27980e2d44f70d539f7ad2585d18cd52 |
| SHA1 | 9ee11359e373094cdfe7e63b729304f32f8b0153 |
| SHA256 | 628449d71c3dba150de7f2f4649a3fbea82c4e21203f988a653bae515ca1ae91 |
| SHA512 | 4d05e113c13604e0ed7be195bba637e49c3a2c9410e78761f87d33d002de06b6d6be5a02cadacd73cbcf760b81e8f24f57f2ffc4b72be80f27c46904682363d1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8d8ce611ace5d6e04979ffeb58e9400d |
| SHA1 | be7a48928e7e4a9fb353e2fcfd7127e910650194 |
| SHA256 | 62e5c252245e8e3695adfe51e4f7c0d33d0646b915226436ba9c80a80ee67067 |
| SHA512 | dd8aa9f5733644bf5d8b07c733540e5c43240f8192d27debb7371b883d2eff2061bf90b7baab9d957065b8762eb9acbcd2fc594713adb663d75c868d5e5e2e9c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000056
| MD5 | 1b54b70beef8eb240db31718e8f7eb5d |
| SHA1 | da5995070737ec655824c92622333c489eb6bce4 |
| SHA256 | 7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb |
| SHA512 | fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 718c83854a505909252d79388af46e91 |
| SHA1 | 126293d832f19ac3efd2cae0687556fd468ed7c1 |
| SHA256 | e79e5d4aaf482111b3d0dd2cb5871224e1c9eebe233347d0d11c85e087a3fd34 |
| SHA512 | ed4d9435eaecd5a6684145b0617f1ba73d75eee4b9a084457f41e47d0111a901de570b34ad331c83fa20f03d67c9b49f6434c407c290f61b446ecb1ed5b6dfbf |
C:\Users\Admin\AppData\Local\Temp\nsgF6CC.tmp\nsProcess.dll
| MD5 | 08072dc900ca0626e8c079b2c5bcfcf3 |
| SHA1 | 35f2bfa0b1b2a65b9475fb91af31f7b02aee4e37 |
| SHA256 | bb6ce83ddaad4f530a66a1048fac868dfc3b86f5e7b8e240d84d1633e385aee8 |
| SHA512 | 8981da7f225eb78c414e9fb3c63af0c4daae4a78b4f3033df11cce43c3a22fdbf3853425fe3024f68c73d57ffb128cba4d0db63eda1402212d1c7e0ac022353c |
C:\Program Files (x86)\Steam\Steam.exe
| MD5 | 33bcb1c8975a4063a134a72803e0ca16 |
| SHA1 | ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65 |
| SHA256 | 12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1 |
| SHA512 | 13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49 |
C:\Users\Admin\AppData\Local\Temp\nsgF6CC.tmp\modern-wizard.bmp
| MD5 | 3614a4be6b610f1daf6c801574f161fe |
| SHA1 | 6edee98c0084a94caa1fe0124b4c19f42b4e7de6 |
| SHA256 | 16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b |
| SHA512 | 06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281 |
C:\Users\Admin\AppData\Local\Temp\nsgF6CC.tmp\nsExec.dll
| MD5 | 2095af18c696968208315d4328a2b7fe |
| SHA1 | b1b0e70c03724b2941e92c5098cc1fc0f2b51568 |
| SHA256 | 3e2399ae5ce16dd69f7e2c71d928cf54a1024afced8155f1fd663a3e123d9226 |
| SHA512 | 60105dfb1cd60b4048bd7b367969f36ed6bd29f92488ba8cfa862e31942fd529cbc58e8b0c738d91d8bef07c5902ce334e36c66eae1bfe104b44a159b5615ae5 |
C:\Users\Admin\AppData\Local\Temp\nsgF6CC.tmp\nsDialogs.dll
| MD5 | 4e5bc4458afa770636f2806ee0a1e999 |
| SHA1 | 76dcc64af867526f776ab9225e7f4fe076487765 |
| SHA256 | 91a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0 |
| SHA512 | b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 798b3eb538d54077cfe790684885786a |
| SHA1 | 95ece4294f1a8517024af122ea2ae9b16a815cd4 |
| SHA256 | 0e34965f3b5a8fbd98dbe9b3e9d7e95077fcf546e8da3120d37b91f508ae9b4c |
| SHA512 | ecd3dbe2337267b001cff9dee1bf05db4d60ad5d77c7dee67d06eee6d4476e4c3d3438b79307f2a6c70d5249f5246eea977d223a4c25db9a59b418392ad5af97 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e4bf29ac2b6ce4b8cb4212d585cb610f |
| SHA1 | 6b5995f9cd1f81db85a42d56363bf6781622767d |
| SHA256 | b15e69a33d36fbc9b9547105017d26f52d275b06375a07c365b81f6a5d6027eb |
| SHA512 | 4dfc124c51abd06852b6bb76937b57905bf07f04a6e0d5c8d45f09faee887a4b804e1a7cba9d0b692125eb13a5e2bf78c6ca9624cd770f8a7f8567a3e2229dd6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3e91a0cb1bdc76782f6c478a13d48c20 |
| SHA1 | 4bacfb3b63c8a5e800eb0b795db038b1f4eb6e28 |
| SHA256 | d092b01665963a7839d46c571455053dc7de5db5e6490bd0367c9816ea8e66e0 |
| SHA512 | 777ff28e71506eea1938419f1a969b841dcaa89cec6fa86cfbb504bdfa3a32a76d4f457ec523ba7c1c423743eb0205cd12af210405ec5c8d53506fe6340d0c99 |
memory/4396-6478-0x0000000000400000-0x000000000041F000-memory.dmp
memory/4368-6479-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bb52fe4fc67a700d9bd4f20575020d6c |
| SHA1 | b15bba2fa7bf5af73b43169d4182b01a26a2a326 |
| SHA256 | 40d829df37f2fafd414a5dd30133cca556ad78c7b25a2167ab87f84f0a052e64 |
| SHA512 | 03963459a30447344ac855a0b6664c345a1e7673a4545d6abe26b8e40a266274e0d1725a0760bb4ae4c6294bd82cd22a47641d6ff31072296e2f12f0a5e572b2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 65130b1a9a5b06c6e4d956bebd46a340 |
| SHA1 | 7d7d98a70afda60b26a2c5073e19cedb48f44722 |
| SHA256 | e5c04f9447286616af0756a63e5d08c0c32782e2af52293b677a3bafd933f90d |
| SHA512 | c87eb626713ac1bcae029c4a1c305cef590ab74cddd77c552771b2c6d45d024ee20b426166ae0466e8e3d7149604d4c4f284e4185bce39ba35c67be6228fc54b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\bd59695b-1712-4e6a-a0b1-5d3a00c26ed9.tmp
| MD5 | 762a7559475882c84db46184128d9293 |
| SHA1 | 1fa8af0968486219596cf515691616e23fd24230 |
| SHA256 | 679d8d36304e3a7e39245987d273a499612c38632fbc1ad9b21cbdd595e4977a |
| SHA512 | 6d9626f5c6faef8978d9c45edc76986fd80d41d782b67f0c9f8181d0c3b2017db77d02b884e118a5cbb74cf061985167852d444c400f865e40b161cfd0813fb8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8651a0c579f5ab2ce731f126ee167d0f |
| SHA1 | a0a5117847af7577403b07d61bad2e8117c9dd7e |
| SHA256 | d1684b61382285fdc93b4be002266bdab60395812ea301bf6dff18f2783209d1 |
| SHA512 | 6a654476a7ef3de91a8700fd4193463a1ca8cac78bc8c92a2cc7a7962ef895c24ea2d3ccdcf1e526cf6a71ab178a1238901a4cb4805316f931f592496275bd56 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c7c333f75de3fa547d32f739e38680e9 |
| SHA1 | 191214fbd560c2b8eea33472b7a3fa7ba3dbc979 |
| SHA256 | f9c391f367c013ac1b0db5c555660fcf503cafd0908338fd716fa0fc3d2c4c47 |
| SHA512 | 79375aa1b33ebaf0d18b17e33db6f5f26d58b50360eb722fb3c6dcaa89bc746c9dd25249b3be8329e5ab2384dd7840a0f717594347bc2a201e32846c48d577e4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 533f71c618ed092f410b9824ef76ead5 |
| SHA1 | 4886dfdf7f9f090fb1bd723aa37edf007206350a |
| SHA256 | b5551f399903b5d90fd44705785519d5393993c873c5e9f2c1850795eb485941 |
| SHA512 | 8c42a3a14b0b40cdfb2f8b4ec2d06d466855045c538f319fbdd5e5f8d5ab5c34f2cb7f6914182fd412dbc28208823592342bc236f0109f3a12b89f63d402cdec |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 97acb41613c4208d827e5249e0380cad |
| SHA1 | 957e0d1006de740bf08c1859381010d6b716284a |
| SHA256 | c24264f3221221c47ef8316e2bd9c2c041e8edb0240961ef03c5c5c1412ba7aa |
| SHA512 | b507f05ec6686c13c6f903d57ca7fdad0d4541fe948e6f3392b96b967b51df80d359a26e5755919bf0f77fb75817d85fac0e4edc85c29aae98cb78a2b97054d8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4fc7388d894f6224e4561f61e46bd0f0 |
| SHA1 | 211a4a2f16a0405367a9100095ed284793d173b6 |
| SHA256 | 404503dd8854ab0d2e5ffc11d28cd279ffd8da89966243068fee41d747dadce7 |
| SHA512 | 73d6f5fd4ddc4e55a700a2b43177385c21711a091a3797c1f1576213c201ca5d54328d28bd992a61bdbfe56c5e3406c7a85e821b646bbe8dc18aefb92b5728f4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3cc835f10e8e2d6f7524a1e82a2d8234 |
| SHA1 | 8abe24208a35ed8f5a659e5b498d57cf46a5248d |
| SHA256 | 13de46cccd805b4aed956c78bea6318bdbe945e8fe21f9c78f2d7e6b2c0abe4f |
| SHA512 | e7a473ca95b18d0c54a4b748c08a03a21bde133beaebd32c4a634ed979e0f6985cdd6d7ba84e231134319becd3608210c2e6d300c2d4cf98df0c75c2358e57b1 |