Malware Analysis Report

2024-12-07 02:00

Sample ID 241111-wl7wksskb1
Target https://cs-proof.net/
Tags
bootkit defense_evasion discovery evasion persistence phishing privilege_escalation
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://cs-proof.net/ was found to be: Likely malicious.

Malicious Activity Summary

bootkit defense_evasion discovery evasion persistence phishing privilege_escalation

Modifies Windows Firewall

Loads dropped DLL

Executes dropped EXE

A potential corporate email address has been identified in the URL: [email protected]

Writes to the Master Boot Record (MBR)

Enumerates connected drives

Drops desktop.ini file(s)

Network Service Discovery

Checks installed software on the system

Subvert Trust Controls: Mark-of-the-Web Bypass

Enumerates physical storage devices

Browser Information Discovery

System Location Discovery: System Language Discovery

Event Triggered Execution: Netsh Helper DLL

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Modifies registry class

Enumerates system info in registry

Checks processor information in registry

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: GetForegroundWindowSpam

NTFS ADS

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-11 18:01

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-11 18:01

Reported

2024-11-11 18:06

Platform

win11-20241007-en

Max time kernel

299s

Max time network

302s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://cs-proof.net/

Signatures

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A

A potential corporate email address has been identified in the URL: [email protected]

phishing

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\cs16-eng.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9SJ3G.tmp\cs16-eng.tmp N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A

Checks installed software on the system

discovery

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Users\Admin\Videos\Captures\desktop.ini C:\Windows\system32\svchost.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\D: C:\Games\Counter-Strike 1.6\hl.exe N/A

Network Service Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Windows\System32\GameBarPresenceWriter.exe N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Games\Counter-Strike 1.6\hl.exe N/A

Subvert Trust Controls: Mark-of-the-Web Bypass

defense_evasion
Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\cs16-eng.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

Event Triggered Execution: Netsh Helper DLL

persistence privilege_escalation
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Games\Counter-Strike 1.6\hl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\cs16-eng.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-9SJ3G.tmp\cs16-eng.tmp N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Games\Counter-Strike 1.6\hl.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Games\Counter-Strike 1.6\hl.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\system32\svchost.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2410826464-2353372766-2364966905-1000\{23562B8D-6709-4026-AEEB-4A725BBBB05F} C:\Windows\system32\svchost.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 210814.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\cs16-eng.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9SJ3G.tmp\cs16-eng.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9SJ3G.tmp\cs16-eng.tmp N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Games\Counter-Strike 1.6\hl.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1084 wrote to memory of 5280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1084 wrote to memory of 5280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1084 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1084 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1084 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1084 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1084 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1084 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1084 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1084 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1084 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1084 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1084 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1084 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1084 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1084 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1084 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1084 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1084 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1084 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1084 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1084 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1084 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1084 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1084 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1084 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1084 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1084 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1084 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1084 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1084 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1084 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1084 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1084 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1084 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1084 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1084 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1084 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1084 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1084 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1084 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1084 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1084 wrote to memory of 240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1084 wrote to memory of 240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1084 wrote to memory of 1844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1084 wrote to memory of 1844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1084 wrote to memory of 1844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1084 wrote to memory of 1844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1084 wrote to memory of 1844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1084 wrote to memory of 1844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1084 wrote to memory of 1844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1084 wrote to memory of 1844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1084 wrote to memory of 1844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1084 wrote to memory of 1844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1084 wrote to memory of 1844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1084 wrote to memory of 1844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1084 wrote to memory of 1844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1084 wrote to memory of 1844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1084 wrote to memory of 1844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1084 wrote to memory of 1844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1084 wrote to memory of 1844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1084 wrote to memory of 1844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1084 wrote to memory of 1844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1084 wrote to memory of 1844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://cs-proof.net/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc68203cb8,0x7ffc68203cc8,0x7ffc68203cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,15057370587508833516,355720637968289012,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,15057370587508833516,355720637968289012,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,15057370587508833516,355720637968289012,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15057370587508833516,355720637968289012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15057370587508833516,355720637968289012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1916 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1912,15057370587508833516,355720637968289012,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5052 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004C4 0x000000000000049C

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,15057370587508833516,355720637968289012,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5780 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15057370587508833516,355720637968289012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1912,15057370587508833516,355720637968289012,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6060 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,15057370587508833516,355720637968289012,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15057370587508833516,355720637968289012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15057370587508833516,355720637968289012,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15057370587508833516,355720637968289012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15057370587508833516,355720637968289012,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6500 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15057370587508833516,355720637968289012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1912,15057370587508833516,355720637968289012,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3460 /prefetch:8

C:\Users\Admin\Downloads\cs16-eng.exe

"C:\Users\Admin\Downloads\cs16-eng.exe"

C:\Users\Admin\AppData\Local\Temp\is-9SJ3G.tmp\cs16-eng.tmp

"C:\Users\Admin\AppData\Local\Temp\is-9SJ3G.tmp\cs16-eng.tmp" /SL5="$A02F6,274289404,145920,C:\Users\Admin\Downloads\cs16-eng.exe"

C:\Windows\SysWOW64\netsh.exe

"C:\Windows\system32\netsh.exe" firewall add allowedprogram "C:\Games\Counter-Strike 1.6\hl.exe" "Counter-Strike 1.6" ENABLE ALL

C:\Windows\SysWOW64\netsh.exe

"C:\Windows\system32\netsh.exe" advfirewall firewall add rule name="Counter-Strike 1.6" dir=in action=allow program="C:\Games\Counter-Strike 1.6\hl.exe" enable=yes

C:\Windows\SysWOW64\netsh.exe

"C:\Windows\system32\netsh.exe" advfirewall firewall add rule name="Counter-Strike 1.6" dir=out action=allow program="C:\Games\Counter-Strike 1.6\hl.exe" enable=yes

C:\Games\Counter-Strike 1.6\hl.exe

"C:\Games\Counter-Strike 1.6\hl.exe" -noforcemparms -noforcemaccel -noforcemspd -language en

C:\Windows\System32\GameBarPresenceWriter.exe

"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,15057370587508833516,355720637968289012,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5224 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 cs-proof.net udp
US 104.21.3.117:443 cs-proof.net tcp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 151.101.193.229:443 cdn.jsdelivr.net tcp
US 151.101.193.229:443 cdn.jsdelivr.net tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 35.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 229.193.101.151.in-addr.arpa udp
RU 87.250.250.119:443 mc.yandex.com tcp
N/A 224.0.0.251:5353 udp
NL 45.82.69.27:80 msg1.lite-monitoring.ru tcp
NL 45.82.69.27:80 msg1.lite-monitoring.ru tcp
NL 45.82.69.27:8880 msg1.lite-monitoring.ru tcp
RU 37.230.162.164:27015 udp
RU 194.93.2.151:27015 udp
RU 46.174.50.10:27264 udp
RU 46.174.54.38:27015 udp
RU 46.174.54.37:27015 udp
RU 185.9.145.160:36961 udp
RU 62.122.214.57:27015 udp
RU 152.89.199.84:27037 udp
RU 194.93.2.191:27015 udp
RU 46.174.50.225:27015 udp
RU 152.89.199.134:27015 udp
PL 146.59.16.189:27015 udp
RU 46.174.52.5:27280 udp
RU 46.174.55.183:27015 udp
RU 46.174.49.29:27206 udp
RU 46.174.48.204:27015 udp
KZ 79.143.20.201:27016 udp
RU 46.174.52.13:27208 udp
RU 46.174.52.151:27015 udp
RU 37.230.210.153:27015 udp
RU 152.89.199.137:27015 udp
RU 95.181.158.211:27015 udp
RU 46.174.50.245:27015 udp
RU 87.251.78.237:27011 udp
RU 45.136.204.210:27015 udp
RU 188.35.185.185:27016 udp
RU 95.163.229.115:27015 udp
RU 46.174.50.10:27208 udp
RU 37.230.228.135:27015 udp
UA 91.211.118.32:27016 udp
PL 51.83.134.2:27015 udp
RU 46.174.52.51:27015 udp
RU 46.8.29.170:27015 udp
RU 46.174.48.101:27015 udp
RU 46.174.55.11:27015 udp
N/A 127.0.0.1:63237 tcp
N/A 127.0.0.1:63239 tcp
RU 46.174.52.22:27313 udp
UA 91.211.118.118:27015 udp
RU 62.122.215.3:27023 udp
RU 37.230.210.62:27528 udp
RU 62.122.215.89:27015 udp
RU 62.122.215.3:27016 udp
RU 46.174.54.40:27015 udp
RU 62.122.214.197:27015 udp
RU 46.174.48.174:27015 udp
RU 152.89.199.84:27070 udp
RU 62.122.215.3:27017 udp
RU 62.122.213.77:27015 udp
RU 37.230.210.120:27015 udp
RU 62.122.213.160:27015 udp
RU 194.93.2.113:27015 udp
RU 62.122.215.22:27015 udp
RU 62.122.215.3:27022 udp
RU 46.174.52.250:27015 udp
RU 37.230.162.108:27015 udp
UA 91.211.118.154:27015 udp
RU 37.230.162.219:27015 udp
RU 62.122.215.3:27021 udp
RU 45.136.205.56:27015 udp
RU 62.122.214.189:27015 udp
RU 46.174.52.241:27015 udp
RU 46.174.53.83:27015 udp
RU 62.122.215.3:27015 udp
RU 62.122.215.226:27015 udp
RU 46.174.54.128:27015 udp
UA 91.211.118.103:27015 udp
RU 46.174.50.10:27237 udp
RU 37.230.137.159:37059 udp
RU 37.230.228.233:27015 udp
RU 193.164.17.188:27025 udp
UA 91.211.118.31:27015 udp
UA 91.211.118.47:27015 udp
KZ 79.143.20.197:27051 udp
RU 46.174.55.101:27015 udp
RU 37.230.228.73:27015 udp
RU 185.248.103.206:27777 udp
UA 91.211.118.13:27015 udp
RU 152.89.199.91:27027 udp
RU 195.62.52.53:22222 udp
KZ 79.143.20.194:27118 udp
RU 152.89.199.83:27015 udp
RU 62.122.215.200:27015 udp
RU 37.230.137.75:27015 udp
RU 37.230.137.9:27015 udp
RU 37.230.162.85:27015 udp
RU 37.230.137.45:27015 udp
UA 91.211.118.10:27015 udp
RU 46.174.52.199:27015 udp
RU 62.122.213.44:27015 udp
UA 91.211.118.35:27015 udp
RU 46.174.54.49:27015 udp
RU 37.230.137.60:27015 udp
RU 193.19.119.166:27030 udp
RU 46.174.52.158:27015 udp
UA 91.211.118.49:27018 udp
RU 37.230.210.63:27015 udp
RU 46.174.52.22:27202 udp
RU 194.93.2.116:27015 udp
RU 95.167.216.178:27015 udp
RU 37.230.228.27:27015 udp
RU 46.174.54.237:27015 udp
RU 46.174.48.48:27211 udp
UA 91.211.118.115:27015 udp
RU 46.174.48.127:27015 udp
RU 46.174.49.113:27015 udp
RU 46.174.50.188:27015 udp
RU 62.122.215.226:27016 udp
RU 185.158.113.60:27023 udp
RU 37.230.162.232:27015 udp
RU 37.230.228.126:27015 udp
RU 152.89.199.81:27015 udp
RU 152.89.199.131:27015 udp
RU 46.174.55.60:27015 udp
US 8.8.8.8:53 120.210.230.37.in-addr.arpa udp
US 8.8.8.8:53 160.213.122.62.in-addr.arpa udp
US 8.8.8.8:53 113.2.93.194.in-addr.arpa udp
US 8.8.8.8:53 22.215.122.62.in-addr.arpa udp
US 8.8.8.8:53 250.52.174.46.in-addr.arpa udp
US 8.8.8.8:53 108.162.230.37.in-addr.arpa udp
US 8.8.8.8:53 154.118.211.91.in-addr.arpa udp
US 8.8.8.8:53 219.162.230.37.in-addr.arpa udp
US 8.8.8.8:53 56.205.136.45.in-addr.arpa udp
US 8.8.8.8:53 189.214.122.62.in-addr.arpa udp
US 8.8.8.8:53 241.52.174.46.in-addr.arpa udp
US 8.8.8.8:53 83.53.174.46.in-addr.arpa udp
US 8.8.8.8:53 226.215.122.62.in-addr.arpa udp
US 8.8.8.8:53 128.54.174.46.in-addr.arpa udp
US 8.8.8.8:53 103.118.211.91.in-addr.arpa udp
US 8.8.8.8:53 159.137.230.37.in-addr.arpa udp
US 8.8.8.8:53 233.228.230.37.in-addr.arpa udp
US 8.8.8.8:53 188.17.164.193.in-addr.arpa udp
US 8.8.8.8:53 31.118.211.91.in-addr.arpa udp
US 8.8.8.8:53 47.118.211.91.in-addr.arpa udp
US 8.8.8.8:53 197.20.143.79.in-addr.arpa udp
US 8.8.8.8:53 101.55.174.46.in-addr.arpa udp
US 8.8.8.8:53 73.228.230.37.in-addr.arpa udp
US 8.8.8.8:53 206.103.248.185.in-addr.arpa udp
US 8.8.8.8:53 13.118.211.91.in-addr.arpa udp
US 8.8.8.8:53 91.199.89.152.in-addr.arpa udp
US 8.8.8.8:53 53.52.62.195.in-addr.arpa udp
US 8.8.8.8:53 194.20.143.79.in-addr.arpa udp
US 8.8.8.8:53 83.199.89.152.in-addr.arpa udp
US 8.8.8.8:53 200.215.122.62.in-addr.arpa udp
US 8.8.8.8:53 75.137.230.37.in-addr.arpa udp
US 8.8.8.8:53 9.137.230.37.in-addr.arpa udp
US 8.8.8.8:53 85.162.230.37.in-addr.arpa udp
US 8.8.8.8:53 45.137.230.37.in-addr.arpa udp
US 8.8.8.8:53 199.52.174.46.in-addr.arpa udp
US 8.8.8.8:53 44.213.122.62.in-addr.arpa udp
US 8.8.8.8:53 10.118.211.91.in-addr.arpa udp
US 8.8.8.8:53 35.118.211.91.in-addr.arpa udp
US 8.8.8.8:53 60.137.230.37.in-addr.arpa udp
US 8.8.8.8:53 49.54.174.46.in-addr.arpa udp
US 8.8.8.8:53 166.119.19.193.in-addr.arpa udp
US 8.8.8.8:53 158.52.174.46.in-addr.arpa udp
US 8.8.8.8:53 63.210.230.37.in-addr.arpa udp
US 8.8.8.8:53 116.2.93.194.in-addr.arpa udp
US 8.8.8.8:53 49.118.211.91.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 1fc959921446fa3ab5813f75ca4d0235
SHA1 0aeef3ba7ba2aa1f725fca09432d384b06995e2a
SHA256 1b1e89d3b2f3da84cc8494d07cf0babc472c426ccb1c4ae13398243360c9d02c
SHA512 899d1e1b0feece25ac97527daddcaaeb069cb428532477849eba43a627502c590261f2c26fef31e4e20efd3d7eb0815336a784c4d2888e05afcf5477af872b06

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a2c784e6d797d91d4b8612e14d51bd
SHA1 25e2b07c396ee82e4404af09424f747fc05f04c2
SHA256 18ddbb93c981d8006071f9d26924ce3357cad212cbb65f48812d4a474c197ce6
SHA512 fc35688ae3cd448ed6b2069d39ce1219612c54f5bb0dd7b707c9e6f39450fe9fb1338cf5bd0b82a45207fac2fbab1e0eae77e5c9e6488371390eab45f76a5df1

\??\pipe\LOCAL\crashpad_1084_ZOOHIGDHMRWUILNE

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5313af4b16e2a2f808bde7f35712aba3
SHA1 07d091b82c4d62110504419593d11e01eebf68d2
SHA256 b9e8d5b93a0b52962a44406fb47b15f2cb3fed06a949c4c3bc53c97dc4c9a4e0
SHA512 dbbb2d164e0ae490c41057e7e677870cbcb36066354d7ef99710c3726a4400f09a8c1067a534f72e20f3ed241069fa9d1e9bd05692deae5f840eeb05b3ac7ce0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 fb7b08d484cf9955e25890e58b3ee778
SHA1 3070bfa3dddbfaaf697278b331bc0f5923084e13
SHA256 fbd6afbf4a4c77ec0b22a37538eb4754498ef24e638708cbc064ccbcad41ecf9
SHA512 a9303fdc25824c8ded85cee6ce68b7abf4c35bf64d2973524bace45a8b4cdf972f773d506dd7036b93321b7ad9cb9079e0bf42fb1868e551353c8482d7754fc0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\f7306d3c-cf1b-4bcb-afeb-208ba5cfd76b.tmp

MD5 7d1feb3a5db9b616d7a238ad794d6ecc
SHA1 b117dbe2f9e0de0a3e5f879cf4534dfdb0a0df3a
SHA256 80fe9ea5626b9cbf6ecf29f636cfed6d6621c6a2e0b9ac98a7dd7bb0e7600193
SHA512 cd1996c8fb854c15c319f1c47b5dcbb59e58e470bbde5c5c25f3676eb3e439b6b2f287f2599edd950a1d0a0958045e17f90bc75668f7b69ed3913d321a30e844

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1c0b177e53eb7a55dc35ecd3f4dff939
SHA1 a82b1964f79b8ed92d55b098b06ac7476fe2bee3
SHA256 2cc656bb6c42505195045cb6a8f1a5e231aa37a3e920d64096ee82138d5bb0e2
SHA512 3791f42f8003b8653f7f3a075bae453300f2a0eb2ed4b3b909e3ec417e3810592e5f428629831750a3e19c742c6e103ab8e90a2727a45c433c15412f3b156d4d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 84704da87b5cbaa2baf6c1b991d2d804
SHA1 db1c9bc19ae9913de0b1887eaf49ee36ece3b372
SHA256 1797b43232679847cf5b2f6bb2699172d38137fab8c7ac15191c2c958f0b3b00
SHA512 ccc00e53f1d526fcc0626586d2845d19e89c842ef164fd7f0cbfdddf98c55b72950fdfb71a1a826093db81f5d5e07cbd8012b19bb3a5ef8aea66be76b369e060

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2bd71d22eb8242506c63a3d37208bd7b
SHA1 94ce86a144a0221ccc544bd42a5deeaeb5265974
SHA256 cd7553c922f5d54784460b5e9826978a7434fb577d099e24121af378b1a27035
SHA512 8f728002f4cca03a89adfbf9ea58727caa69b9e1f4a8f106e9d67780580f64e2476f7803fc68c822e4b5411e66921062e7f63b91688300cbe7c1ab783e4881ee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5c86b8a4790ac813b137d3e488d8b24b
SHA1 153909727015ea2955e57f6909f56c82de559409
SHA256 b7277d7a7d31725977d22fe25b1954710d7e5ab2b8ff5ee426b93c7fa74d01fd
SHA512 bc2c01f620d411202a1df90c22d715eecf787337c94d277281f8dc757955672a0b86f301fb9b9f23350499425ce55dc7afba1ca091b238fe026d50c59b22591a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581661.TMP

MD5 179fb390a85f129a347c19219d7890e8
SHA1 5dd8c7cd5e1de2146d133cfc690c769d3eac323e
SHA256 9f0deb555427f53e3b2d2f161974b246fcb360b0e17c68ba00439b210c0327f6
SHA512 5064b533356e009fe8cde03e59ba8b1b48446a4c4086407b1138178909da2c839be418c194b02b4507945e234ff151b43b5aaeb20d3164c8ce28a44028a2ba88

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e645542a6dd83ac147710084f8abe5cb
SHA1 1b23cf024f750c65000f4905318701123c322ef7
SHA256 546327d07eb4263a2d8f1b0caf3ac861d43f5c0813559619adf9d437722dbe08
SHA512 dab5ecd9e0b2eb50eff849f2036fc747def60a226e2636a75b590fad76d88b2630466b5dec7addbd075d1fb6ac69505e22ed56fa982c280cef59ea8aab1418e0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 cae69cc18497a3532253ca5960447edb
SHA1 74bfc7fe4d68b859d5225fa2834d49a156386ea4
SHA256 e631569680ad4ef0cd169a7c314965e6e78dcf6f3f783fc7f66c4c2c405bf377
SHA512 123946a5b5539fc8343029d2eb06ed2c561841770b7fbe1689fa57405176ff09e9f3a2ec87ab402d32b300def5d3a36fc2722688c379704e0dff16e1b6495025

C:\Users\Admin\Downloads\cs16-eng.exe:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

memory/680-212-0x0000000000400000-0x000000000042E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-9SJ3G.tmp\cs16-eng.tmp

MD5 38500580ebb2187f95ba2116f236732d
SHA1 cf63a5fc216da7e7497f9b6126d5d994aab1f74c
SHA256 4d69ee6465dc04230d80fa5bd82fa522c784bfdd5be515109e9a80e75ffe195a
SHA512 05ddb22d74da9cc5e634ac9dc388049f94a57728fde95cb08992c7e1a03902b76640794666bf174b8421ed2231a6a853c6d30941a23ecdd5324bffa24f845aef

memory/680-591-0x0000000000400000-0x000000000042E000-memory.dmp

memory/952-754-0x0000000000400000-0x0000000000533000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 8d2a8cb440b9a99960308c03cf0c0cb2
SHA1 3c065166edb9bd163f53b84cf97077cf88d48983
SHA256 be67ba5e816fb862b2358aefa3ced9a979b2a964ab7498c580c63906ec696cfb
SHA512 c9486e17da2b10bc5f5657d5f7e98986bb94cf41dd0a9bbe185cff54d225c0ff72b41425d8c390d1f833203a2b2a8b2323829441115ca25f67660e5023dc179f

C:\Games\Counter-Strike 1.6\valve\models\is-PDTDI.tmp

MD5 5f394d005ec12f63949d0c6a62c1b7b3
SHA1 957d1d0598c7bd0079db345db2006d8e4b755096
SHA256 47b5e88f5cc25627e8dc76b85eb6ad64d8613b00838d0cca6a85f118af81c7b0
SHA512 c51142a1e7902d720154378a7b8e01808fb4683e5a12c77516fa474b4eb05c0d2cc37aaf1b3b0a33757aecdc9ff8008333df66ed0e254b01cb5640b8646e6fb7

C:\Games\Counter-Strike 1.6\valve\models\is-4A6O0.tmp

MD5 ab9f1bf1f7d14ca0032df954e1dd5212
SHA1 d51ab73cb33e1737b86ea0bf6db28aa895bb86ab
SHA256 748e6fb4465843238519d56774643c2d4fb3f77131ba49ee9ca2d700c42acb70
SHA512 c5dcb61363551755beaa4732a21ec870c9b077a44eb0e810029f056a7c89b7be4d6e2d4e48b860a4eedc707d057ba55b2b45c238cf4a99ec167a1c07686710bb

C:\Games\Counter-Strike 1.6\cstrike\events\is-GG7UI.tmp

MD5 d14f11b47b92d829b6ec4912ca7349e8
SHA1 86b8dd77a055a3d1d154022492ed7d7e4ca371a5
SHA256 89a0f0c5f04ea6da99b4a48fb642b968d32350aa3e6697da24d2736b7bb195d0
SHA512 f19f860c86297921b972338dd0ee73241b3b822d1b9d977cee39e45891f1d57bf144cd676eb2e7e35985969613dff0896473dd8e89ad07c66e79ac94510fb5d7

C:\Games\Counter-Strike 1.6\cstrike\events\is-DA7MR.tmp

MD5 e41aa21f57500b1b71802b76fcaaecd1
SHA1 554eaebf267f8aaceb4e9b18e28dfa5131168a09
SHA256 2092e6c9862b42fe817a552f0ecf05a58a2609b2424402404a796c325bdf2098
SHA512 4c2b2e183bb68c16b383532aa03d5dbaebebde35b843ff442b84f6c9dba655868e7e7ba76b5b92d003db1ac73ebdd2aed5933595b35d073c702b1e841d94269d

C:\Games\Counter-Strike 1.6\valve\events\is-NER33.tmp

MD5 8cfcc0a84d0b6b51995ce17bc9f194f2
SHA1 f86d5edad7e5a3e2d994517da5ebd7d748a8c666
SHA256 2c7d43b8dc6ea01a32acddb7798b9dabf0ec44c7a6dcf75160539a7fe53e029d
SHA512 5f75243ff3e13b557859d89593432f5e29f014f2bc527bee363be3369e884feccb15ee593094c7eb0f8e4786b6a352cdf9fc6039636782cd23712cadc114ee1b

C:\Games\Counter-Strike 1.6\cstrike\sprites\is-A0SHK.tmp

MD5 324aa00f639ff5f9cef8797a1f862ceb
SHA1 38d8564d31e700625ef0ce35cb681f5a6a34e070
SHA256 aae249f31605fdf3773d0753764dd4865873dca48a58108579923af755122fe5
SHA512 d37195b2033c064cf1396e02f9e01f63399196c4de290b0630cb252bc54f9685be98431d0df3ab3c8239b9a585373ae21c224d04d713e20e2b4d21b1720ef34b

C:\Games\Counter-Strike 1.6\valve\sprites\spotlight04.spr

MD5 30c0c19f5c5226225ac3959dfe1f1428
SHA1 5c7be5173586da26dd730a790a151b8a16611106
SHA256 5603d52c5f089950f372e2b00845738746abebaa2796b0b3e2f6d8d2f4111760
SHA512 c71799d84798c2e2a82dbde7ffa5a2c8698eaac615e77d337de7dafc9239c4b59bc2794b2ccd5740d3e19957549257bcd468660d0696f09fdca37485150c233b

C:\Games\Counter-Strike 1.6\cstrike\gfx\env\is-ETC6Q.tmp

MD5 9eda1bf021904ceaf1a8c50a76741eb5
SHA1 38f004101eb47ed0dffff757488263d9a2523bbf
SHA256 cdf4b2c96b5d1366fecdfa2aa764fcfc8d084bc5a682e2a10c41a03ed3ed3661
SHA512 aead546626ef7dc5a75348760b26f8e187a61b62c7a0a49bda16cf68b280749dfbc87974d05201dcefe6b4fd89401c3537b4f179f3ac5bda161066ae3ca0efbf

C:\Games\Counter-Strike 1.6\cstrike\gfx\vgui\is-0P64F.tmp

MD5 1f10813901e2bd255a5ae21026de8b48
SHA1 03a1f78e07952f1876dd431ba4406b534435b920
SHA256 348584b23c63388045342dc0b79bdd37a8cff904a84215c386492e33273ab725
SHA512 b3fa7d1c675c4ae53ebc506d39234e166392bf6a0f6fa651b4c1a19240915f2423c9b150ccbe429159cebc0fa92135a9940cbfc8c79fa9fa3b353580f93342be

C:\Games\Counter-Strike 1.6\cstrike\gfx\vgui\is-KIH27.tmp

MD5 8c3ff438e747a73255ddb8c3ccbebbc2
SHA1 e81ddb67229feefece8cc5ff4d1b12c4b75cc103
SHA256 4a2460747b60d4b5843bf22a459f6c17f16a9664305b4b4bda182041a0fdebfa
SHA512 869270e4c6adbe4e914c07bc459a7858c50988ede0e75a02ce51a18080f9ba4bc4c483c4ee646e22fed948dafe388e7b908f58b09528b93eb1a87ef57a278b62

C:\Games\Counter-Strike 1.6\cstrike\gfx\vgui\is-JUTVV.tmp

MD5 13b3a5cf4af8f97cd8a8328ef9952b7f
SHA1 253105b008a8ce333a64f5a66e4b2da0e3a3cb52
SHA256 9d8e087dd823e63f7009907ff1761e620dc5ee64db6a527e2d0ec830d4152437
SHA512 77f76cb9bb4edadecce9bfcd05031e1def1f4b967b58d8078bb9e6c3b03e3db9917bd2a77314553fb8ee233981683e9b0bad5af30c094344350ad2a1dd034667

C:\Games\Counter-Strike 1.6\cstrike_hd\gfx\vgui\is-A48UC.tmp

MD5 ab95d42bb5bbabc27cfdb914dd354811
SHA1 19046a370c3abf6813b7473651134983eb135143
SHA256 c07530ca596e9a10496f5774fc6fe9253e392600c3cfe77a6567d355d3f54a0f
SHA512 74eebbbb1a2e6f1d22590596f42e5ade832453f1f72d5e0aaf38bec14692b257c424fad2ffd92748e336dddea63dc63b49a04b82f1db202a12fcf88072989332

C:\Games\Counter-Strike 1.6\cstrike_hd\gfx\vgui\is-2CM67.tmp

MD5 4f8c877590d5d625b5fa252e6cd3101c
SHA1 2048a8b614270517a82aa826b557aaf32c18817f
SHA256 664264946b90b3ec23cf5e97c7096e60170e1a1c0a9b6bc4eb8c78633699af55
SHA512 4927aeb1098fa300dfc7a7237f5a8d3731e9b4356813d8ac1fb5e6c79b39232c6b68131088074742725283a5182b3fe8f285fdc59bddc673094c9246e1f0ab57

C:\Games\Counter-Strike 1.6\cstrike_hd\gfx\vgui\buy_presets\is-QLM5O.tmp

MD5 3a0ee184782f3bab5f604dd55f5b011f
SHA1 af87160bf8b136da3243b89f4c8197614d6824b1
SHA256 60fe19c7f1e2929356c9d26987e2ebd9878456c0797db579e3e56d4501c0b05c
SHA512 e183fe6279e05aa539a43ce63cb06988ea6cc647671bbefb37e4d3d7c7a5f3e438079f18a55148d450a22ebb880e80a619779ac45208d0c5e1ef6a42b2c17fdf

memory/952-3685-0x0000000000400000-0x0000000000533000-memory.dmp

C:\Games\Counter-Strike 1.6\valve\gfx\vgui\is-75O11.tmp

MD5 6deae390d10e5faef07cb793138a4ea2
SHA1 0e1b89e5e5e61f5e8959d3d6e17fc874f3d14a8e
SHA256 1efacc8931f4e6558fc9f854527e25e004d8c3fd90f1f5209273236924a9241b
SHA512 70c1ab592e46440f759ffdaa2ba1bbb9206212670762fbdbeb04f85da2304120e0a052ea4164fc0e0326e82c013924d0db0ea27fc21041489fc6d6d69b69d93a

C:\Games\Counter-Strike 1.6\valve\gfx\vgui\is-GC0F5.tmp

MD5 1926ecbcf1b403f0c4a30426ea74276c
SHA1 24d8e0d5f3477f85e76985a0fc579e392482c402
SHA256 99986396ea8ebd9ab4eb1221b52db2a8a024e67c748e0b8080d8dad24e4e9cd2
SHA512 8e944a0304620fb7428acbe883049167c0bc1596d8f294b1ebcb383899e6881c5e54221ea5a60fa7c14210e5cfd91831a8481020608c22747f43c2f9d7e45060

C:\Games\Counter-Strike 1.6\valve\gfx\vgui\fonts\is-DTVMI.tmp

MD5 46f3cc3d5ca0f0e80d30ec38a3ed9702
SHA1 2b7902e73522c60bb4e5a6d7905f91967ec54b46
SHA256 824ad8824e4d05319556d9c08dd0d4c90fecd6150a0dbcae8c946740cb4e2c56
SHA512 9f85b11a9479af47963155fc823a9390794b3db05fb50011efaa87e1adcf772d18fdc1bd57f3ca556ded84d5fc5671236ee0705043771c83663612cd2b0f16d3

C:\Games\Counter-Strike 1.6\valve\gfx\vgui\fonts\is-RCJ6J.tmp

MD5 bca82506d597eed9b5507ff7ba16567b
SHA1 55ad94cc92b95ce8e2adf62df94a6a8244980e8f
SHA256 4eb392f4136f1a4b255ab26772947e62b80615ca8b1ccea93563c3f33539a8bd
SHA512 e817036968d39d3f86c2f6f241c6f80756bf139a700adf018feb870542331b230cad6369652eb2a26b26e94b14c3e27dc0112d3ccd1c512f73e8b056ddeb12fc

C:\Games\Counter-Strike 1.6\valve\gfx\vgui\fonts\is-P3468.tmp

MD5 910e7f920f59348e20f787d9240fe2a7
SHA1 9f85998b0a73efbf34b2e732942a0caada57925d
SHA256 93eba9e5ba94654d73d76944cb9860e4fe8db92a6c734fcbc57864cb766caf1d
SHA512 a19fad5b08875df9f16993d48562cc2cb4bf5d918b5f102b0439c6d6d6fdb862783762d586393b0e0b6c324de3c38c27fbf09d4b48c55affd44aad2c1ee9726d

C:\Games\Counter-Strike 1.6\valve\gfx\vgui\fonts\is-R524M.tmp

MD5 d3d6c70dd23590745a0f691c28f88848
SHA1 b46b4a8427c59e590f8adace2ab659da2f4f4e9d
SHA256 f472485bdddb0f7acdce7ba6dfb1520dfdab6b2e870b37f77f61714533c5fe79
SHA512 06a400b5462c9a307bb281cf725358a8bc64a27e34b5f6b95748d3006703e66c4a756ad86fc5e2de9c2a2eba534921234fc2ec422b6107ef7264f7344a258a92

C:\Games\Counter-Strike 1.6\valve\gfx\vgui\fonts\is-V8G0P.tmp

MD5 ebc1b6a271bf99cdadc78dae5e9a29c4
SHA1 afddb10163d0cacf30f7a2e9f9e4f534c8425586
SHA256 3988ddbea3e6fd927933a698d28d66572d51e59938ea16624f644afe2021818d
SHA512 ccbc9f59f59c46187954d5e8a70513542471a40e8653f59c8d58279777c9c378f2e1891c4949d8d5b104117410e991f756d768932fd5353dfcbdca3c37d6ac1a

C:\Games\Counter-Strike 1.6\valve\gfx\vgui\fonts\is-VT0BT.tmp

MD5 07306c3fa68e4b5bb4fd4da515adfdc1
SHA1 ae0203c50a3ef107992d61f4b135efd6fdc809ba
SHA256 fad8e72511e03ea0b215e491da1ada731d7474a03d43c26a2f858c8fcee9beac
SHA512 d6d1b8f13d9263932f8757fed790dcbcdca681ca51a7581ca552631409b8c65de212436f8e161c60463edf8589067118d15537789e8aead85eeb156af5c29a7a

C:\Games\Counter-Strike 1.6\valve\gfx\vgui\fonts\is-PL4KQ.tmp

MD5 ec8766ea06b999dab276c2ed85397067
SHA1 d043859519210810ab69bc4172406511b0391728
SHA256 dff807e488eee92c3f841de1f330bac00b42c36e34320e6335ed6e5d926243a8
SHA512 5b69d36450816306ba280d2690c65f7478b84a4b1d8eba37b8a4baf8631d767859599e1b20bcabb930dbb7ebbfd07d89bb3336c9999809c50e20fc0661cfb77c

C:\Games\Counter-Strike 1.6\valve\gfx\vgui\fonts\is-LC2KO.tmp

MD5 8148e0f0a6679ced3ca04fd6c258d478
SHA1 9afc1daad5e004bb9481147ec5fac15693897f2c
SHA256 60946960e36a56fe17b02ab7c618e3ca0d61b7412acbb9967271ff309a76b5e0
SHA512 918c03891b46c645ff9b1a497a77bfee752befdbc2e82b882ca3d665dea21d3de1b112848ebb9b996b201c14bc14a70231838eece3df04a431becd0852417bed

memory/952-5465-0x0000000000400000-0x0000000000533000-memory.dmp

C:\Games\Counter-Strike 1.6\cstrike\sound\weapons\is-GK5R6.tmp

MD5 7e7c4656f8ef80a72ef0d1e41317f511
SHA1 775a6ec4f092b3e8bcb59c21787ef33e9237ae48
SHA256 ffdaf0a862ce1f47615dc1ac59af868010796eeef50de895414c40a04da3680e
SHA512 a257ce57532a8497f8df5860ae08729c78f90477f0b96264f2f98dc31ee034ec2679ace4ddf1ed4ad14ba08170354fa00e984e2dae4a17491fb5f8b7e009391b

C:\Games\Counter-Strike 1.6\cstrike\sound\weapons\is-RAD40.tmp

MD5 2876bbba2adae9cf3456ea95a2c0b546
SHA1 737a3eff26b380e189ada33a028f63d75b8f0e8a
SHA256 2ebbea31183105b5d305027e960bb89dc2e2582b81ba712b01b1851501b6092d
SHA512 5423d77697905521a1718b2209a7e29fc34c94f481bf093f2ea45c3c43eb9dfce38fc8c87802c221a1813c582b626fd84446540178cba918d8e021d1b4b5dcfb

C:\Games\Counter-Strike 1.6\cstrike\sound\weapons\is-R794C.tmp

MD5 3d352efef15d6f7019168991cff7cf32
SHA1 10030aa93a41d80b35d39e59dda86e4c164f1a5f
SHA256 616e07c58c0d3d332c3c7fe65c1b7e6ef49d5c26d09d8132d1e7c36c3899ea46
SHA512 bc51565450631d2954c0736c7899aa7111aa1584b0cd20ad239a765662d5935aec7fc7b33f3fcb2d43e5a69b1a9c9728a63a5a82134ee4dce7740cfa22e9480f

C:\Games\Counter-Strike 1.6\valve\sound\fvox\is-QMGCL.tmp

MD5 299c3e28a49757ecab2e84ca9b220e62
SHA1 850cbc182e7000b6caa8b6af9986161a2554dbce
SHA256 0ffbcdb3466691fbc1043c69abe50434df646f997c52856a509de43cae501eee
SHA512 2caa0f84686df85905b355107ce2d50c1b8b6debadc50d49327330855e3ed2cea05768c1394cec746ddf90f7087a08ff98eda51272f89d7450923a5e41a13bf8

C:\Games\Counter-Strike 1.6\valve\sound\plats\is-D42C7.tmp

MD5 811989e09124f54cb27fe6154b0f1018
SHA1 90c22fc3b248588e2d9759e6ef395303a86b7b60
SHA256 5271b9aa2961809f47fadecb693be2eebde2dbed62fbc4f5f4889fcd8c4a65f8
SHA512 560d26fdbec34ab687e40b8be6144b0f586449bd3a0eaf286ab972ad60b1eb1fe002649daacad36039a298ad24aae96e3531404ac2d0d7b0b47e194b8169e18b

memory/952-11421-0x0000000000400000-0x0000000000533000-memory.dmp

C:\Games\Counter-Strike 1.6\hl.exe

MD5 1281f7c1a493c43c8cc5c6b854ec0341
SHA1 c20b53746e9df1fc2008fa39ddd4cb3880470d57
SHA256 08ae290d025e3e3000f5264dce450e78d25ba1d931ff10f3e7992addbf44791a
SHA512 eb725a7ad92b75f27c1bf70d2d1d3af57fcc7ef8d77a7322a30c34f5dffce53b5d84edc1a2b544f2c0a141e4cb0c1b7cfff960f6f15f23dcfb5009d25f38801f

C:\Games\Counter-Strike 1.6\appcore.dll

MD5 2cdb963eed545f996b5277f5f6b5eb91
SHA1 855712a0d1fc1cd2a803eef7a8556f380c1985f0
SHA256 bb45f585abf4d3c8e3fa54a26f61be16f94c64504f37724bc6ff1cffe1eb14c9
SHA512 e15a6d4e9477e1b52117bcd80bc10fa41321d49cd9e51054eca061e52869cacb6342f392e6b2141bd554e39697349dafe1427a5c206f5d79ace41bb48b5bb846

C:\Games\Counter-Strike 1.6\libcurl.dll

MD5 252d8c90e0c012f3eebe05ccd509843c
SHA1 f9ca71fe4423bc4b6d58acf7a4d8926ec1c4cb69
SHA256 e3265f20be304e7d940ff8b4455da8c444b4085361b23f1e817fe34a1f3e8dc0
SHA512 c373eb742713d11d5f80e576c7c0e8d32f4c81642d876e3bb03503818e898c8ceb357495a03eb558fc8bd8456622287e8ab7c71d820a14cee2eb8aa5afb00827

C:\Games\Counter-Strike 1.6\hw.dll

MD5 95d94dc2309fd03c38384feb48929b8a
SHA1 905e80119cd0c01103175186b6713c92bae7eb0f
SHA256 e798fbcb909c225e06f1d04a25fe6b2f3c96f549a272cf557007ab315d184544
SHA512 41867df94e418978d1acdf724e0c92a0024ac8dcc1025e154bf33d18a697d771a8bedcfd5fdf19fe5cb7a352ec730aee892a258d4c605111dbe25ddbc3bfb173

C:\Games\Counter-Strike 1.6\FileSystem_Stdio.dll

MD5 b7d1d8fa0ce9d98aed92a65891c7ef6c
SHA1 a6d6a6ab938a61fcf8fa6aee383777dd37a1d4e0
SHA256 a08c15c978e037228ea569b0df3f57df91c23db46d18d4d11fa6665d6a7ea36c
SHA512 2689a22c24106d4009ba5ba2ce5621e9af65e6ad5c716343e943968e93f53104d7502b5906f70d00a38052442438b5a5d70e29476c222062c7edf05ce1923dd7

C:\Games\Counter-Strike 1.6\appcache\packageinfo4.vdf

MD5 acbc38a51cee411580034df32ba10df0
SHA1 c970a4b0084187bcd79ee55149cb50e161418a73
SHA256 fe08f6ffaf231fb02ee379d6fe3bd3f5fcd038394854c2445ec4c55b06234a3c
SHA512 54beb86eea88b60a03f2a64d81f00a931713d39a8b6d6c8999e22b478c00450fcf5e0344b7f70a96ce5038ba3c5b3386891f7c314d0fd6f52f7c0b318d1ca1a3

C:\Games\Counter-Strike 1.6\appinfo.vdf

MD5 aff36a02940f5de9b471daa2e4a942f7
SHA1 4fc9d61104e4dcc8ba6518d8846814da9ccd55e0
SHA256 4f947e47bbfef5355ffbb03c6d98d7bd4ecf8aadf0684fc322a270e880efdcfc
SHA512 11e64e96ca1aeaca1f1c55ad8b4500fe73e31cafcb2c076dce96b9c420e45046a84740d9bb953e0dba3f22fe6d5a8576b1e75ba6579699c6683f689daec4981f

C:\Games\Counter-Strike 1.6\cstrike\models\player\arctic\arctic.mdl

MD5 85a5375e674423a323745e6ca348285d
SHA1 7a903e11d9a421eb5971c87f8bc96db0038fcae8
SHA256 c81ec2842d0391023377d451e756e2084d06dd5d4194354f84f3e75f5a673ea3
SHA512 7128143b76fbdd74861bd8d785f17f2223c26c29ce5e2d4f4bf9fb0f3a6d211fa69a3e9ebc966faf16b2d3939bb65b5e276f29d1bbd30a82187eab5221e5bc64

C:\Games\Counter-Strike 1.6\cstrike\models\player\gign\gign.mdl

MD5 52d571170973589af13778226ec1c2e4
SHA1 37ff26b8601b2983a67ff85634ed64dc5fa56cdb
SHA256 939d4c34cb8b7339afc286feddd45c5d88f103e3a9ae69066ab372da276f3b0e
SHA512 f84808140913810fd11de6005cdd6186152c17fbe65ad099cca6092b3c8ad3e4d56de590220c39a86f0e6f12a67a38da9cfe0c0de40cd28015ecf71feac0d749

C:\Games\Counter-Strike 1.6\cstrike\gfx\shell\kb_def.lst

MD5 26dc8a3d615e3127cac8a3a2b3692ee7
SHA1 8a6777bf978c4a89c8a00ec3ba7ee583853e63e3
SHA256 dd0844d9df1bbacf765a7400bbfd494cab723fb604f01623203b9e02c80d24e6
SHA512 0de7705ef955ca7640aa09e6d0725dfad6c892a6d5fba08e36cecca40b4f024a182f22efd00385510f55f04480bae759cb14ffcdbf22bf9cad211ee3768784ee

C:\Games\Counter-Strike 1.6\cstrike\gfx\shell\kb_act.lst

MD5 d3475ea34d3431d911ae757468958e84
SHA1 18f8f51e437618e8b7337897a05c1ab1ac01a19e
SHA256 87ce910f29e2be24561bc467ef7a9923ea1c09daf035d89968c81d65ea2d4c30
SHA512 30eb0f8ff6c775fba6e90d4cc012e83713f6cdbc66fa51cfb343e89bda2fd024958c2a98d0d14ffc4dd95c341fd52fc82271a441d959c8ba02f51542762960a3

C:\Games\Counter-Strike 1.6\cstrike\user.scr

MD5 0bd3df50669b709c3c2fd8f0bc317074
SHA1 3d6e1c2a77f77ee3d25f15fd4782ea5c06f33f8b
SHA256 fa468fe4593c0e5010ef99788b042e087769a1a5053aa4ddb3e8d67d662b866d
SHA512 0aaaa7850719a1c7442b5da12ff460ca38f5354a626081ddddf87c755eea89369260fd1357f1440efc7a72616269cd2422c081d55c1aad5693dcc6c356b8dc67

C:\Games\Counter-Strike 1.6\cstrike\titles.txt

MD5 087e912e3ac67e344a68bdb00d10cc68
SHA1 8a4606d1e2c8fa5b467a2e75b4b410b3f7a20540
SHA256 1959a13990235f7155801cd5e20b94f757e5e6e8858c3ff5ae9548c6c40729c6
SHA512 4b474b5370e9d3fff4e61eef0147b85acb7faa7b4a7851994bef43898ac1a756acc7d767aa51c679ead1662fb21e9b87232dca5fd6ad57fde20f0871e6e86811

C:\Games\Counter-Strike 1.6\cstrike\steam.inf

MD5 c436559cf4f96a9e61eb79c6d8742e12
SHA1 973cb52a2567d7fc8500e446381af475df2ef2b8
SHA256 4baf2f8f56189cfa4e534d571fdf8f01494bc68ab279ecbb9fc9f4aa1d1031d9
SHA512 aecbaf7451c9d64143892f37aa42b5923f52c24228a39315e833d2d79100b838a995c5d2e5f31b3f1defcc87ea841946a0700f6e49932406f06cfe9cb312b1ea

C:\Games\Counter-Strike 1.6\cstrike\settings.scr

MD5 dc060436c9d7873efb6831b663f8edab
SHA1 1cafe0eaf271274297553675ea68b5c12ee6a714
SHA256 2e6bc358f1c319a05fc44cee608b5557d14847339c5a0916784f07540178e60d
SHA512 af6094696f8488ab548d9476cc356a7d780c8088da840409af1c2f01f0b6fd011f4b35f71ce393ff019f386745d58aa517278536f90afc0c01cad5b434cfa1df

C:\Games\Counter-Strike 1.6\cstrike\liblist.gam

MD5 3d740e5f197e1368a8044edbbc08ebd5
SHA1 d2fe24fdc961901230b9bbdcf9b978fbb1450c35
SHA256 3cf2efdaa1d84010bdfac8d0b76de61ac03f3f64ef1dcb3e0ea68610f608e44a
SHA512 ec82fbda187b35276a90916b38ea73e30a1d27087379176df7e81c30acee44a9ae691cf9e39da86025dea20e6c3bdebd3c9534c209280b5869b1be8599d85794

C:\Games\Counter-Strike 1.6\cstrike\game_init.cfg

MD5 f7be1c8dacdb6b77b5a2fdebcdeb199a
SHA1 abc525babd88c850d424b23a8083decf49dd297c
SHA256 b23492923004bf70976a13d671009ce5d26beb81e9002ab676aa39875fa7d638
SHA512 0adbd77aed2d459fac2465ce18bf6d670dbf77ab51bfd501239703541b78cf6659310265322fbd75358936e57c268d5750064eb2001d411bd882e38d9231208f

C:\Games\Counter-Strike 1.6\cstrike\game.tga

MD5 456ca4222ef1dafc6751334154959b43
SHA1 095da3211f741060cfbfab6661f8c75c48e937b7
SHA256 b82228f00fd2c8bc58facad8d1d5d32c482f7b5d5d1ab9d1784fc09828c60a96
SHA512 447b84310ee3359d3f7d0b0e4b8c6dff32a371b1c7e2f89212c85069427b2f1aa632da8c0c1b8bd143cb6c8acba14009ff90b005d688b136aa85d123d6b9e484

C:\Games\Counter-Strike 1.6\cstrike\game.ico

MD5 0301e355a149034eafa5d83a5406cb39
SHA1 f394de8a3116bcad23341a8c3e98f850cb643f68
SHA256 0a70de50a4cb58911c451aef78c024eb889fc5fa3b3d127e0a148015255ad457
SHA512 98629b96e1d0ff370a40514d2ebaa64b9de8d62cdf13c2ce694891f527a6d78401da7218774d0401e781cac3ddca49916a5f1cfbeffb34625a253b004bbd720d

C:\Games\Counter-Strike 1.6\cstrike\game.icns

MD5 9d767de203849d82c0c39608ac0a3dd0
SHA1 ef2d37a6d159f600fc5e4f80e1e2637403833856
SHA256 13e0bc69b4e08111fbe02dd81d70222397cdd2e3849eccee5b99d564c606b22e
SHA512 f21ec6b94eb5c628ec28a5478c7d10e5f753c6241f93b39bb7be4ebd6380a01df9b913719fa58fb27664c7a2b32ab0a11c281355df02b9c4bc7ad0349a7675b0

C:\Games\Counter-Strike 1.6\cstrike\game.cfg

MD5 82e433156c9d9ffd2113a152f381d635
SHA1 6ef48ea5fc48eada4dc790468721d61ccd7dc99c
SHA256 10d830add1515281e28feee5f7b4a0fb059b122af4041b640c1b7f85c2e38b30
SHA512 b33935a31d59f21374f999b2740bece06aed0618832315e383f187c5748e33ff273d2ccd9123cf6571ab10593d9ee6b2560e44d326d6cd5fd9de18c06997c64b

C:\Games\Counter-Strike 1.6\cstrike\delta.lst

MD5 71e875fb3cbb8476c141babca0f6c706
SHA1 d247df645c202ea1808f8fa99f6b8cb63e2fac23
SHA256 4743466dde309ad1ad324c7762f4c6f087c31c93867d8113323ec45fe503db1d
SHA512 b52748da988daecdf814452bcd286ed28e204c429222bd937ab1c110cae026826bd3f55b76d9c00f3d4854888b03a272db79e81b600ba8e274499dec392f10cb

C:\Games\Counter-Strike 1.6\cstrike\config.cfg

MD5 71ae72fd350142b2ad4469dfa1d341c7
SHA1 bc53ecceec4503cfc9002e995a4ce4737277fdf7
SHA256 5a6af0fe3b7b17c675be7c7dadc761f6ac50f185ceb8053e3757d0c38d932a41
SHA512 6b81c6de4861a1bc989aba29496d1ab702d378fad263a5315c971635827ffbd647aa264e8acea64ab2680aff9b80814e717b8144433982ebd18e3674cc544ee3

C:\Games\Counter-Strike 1.6\cstrike\commandmenu.txt

MD5 855446108d4d10dd94a7c2cbe125456b
SHA1 fb846071f25256f1f2edf66e3e8fe480221e7d82
SHA256 ad57945d5295e0aa57d1531a030e1a82cfb5740ca0954c6c0417a0c5ef48c715
SHA512 b882c0ded57687cd9f7736112570f058e72e689d64d1015e3c7f747109eb263a5828739fcc4e495093205e3fd89b4763e083692d21589f39b7bf14e2962f4935

C:\Games\Counter-Strike 1.6\cstrike\autobuy.txt

MD5 c299d179793d5e0c0a6ff42634221b50
SHA1 6b3beb12b1f5705af8736434f5fad39663727a67
SHA256 bc167758d54b394bf5ef66413223469e670c5ddea9389d4c464ca8e8431a89cc
SHA512 612e37d4f3f6df2a2247e12bc0eb5ee0adcee1dda8227b9bd2d649d6236b37e5befb26158b449d7f0569c73590616dd94fd8e02b39054dc51c90062430c106f9

C:\Games\Counter-Strike 1.6\cstrike\BotProfile.db

MD5 e5e0e5a1c81b9152e7193edcdfd3302b
SHA1 47dc3b09576fc9ad3f483b3e92f11dcdaafaa42a
SHA256 b1ee270d717d7bef6b2cd53e851cf1b558cd2ecdde89a4e45267481183673fba
SHA512 f164a45bcfab0164d4d879dbd03ae1cb1cb3b2924d23c0b4129a647b95e82c8db2073d17b5cc33e4cbac1406d2648a069aa3776b23e7073c7f0ac5e10a7e33c0

C:\Games\Counter-Strike 1.6\cstrike\BotChatter.db

MD5 aee2696d4d88d010cd308cae215aa319
SHA1 c854024a9b147dab97b03572931b0cd56448ef37
SHA256 d371bafbb585db3bdf25eed889095d66af9159685437e3087448a050890da302
SHA512 8b33c663458cd0f418614d1fa1c87c6879820d0a421b159deb74d7b5363e15b051444e22e9877408c481a3c6d3623f2047c9dce4ddae7b68ddedcacfcacab7c3

C:\Games\Counter-Strike 1.6\cstrike\BotCampaignProfile.db

MD5 0f3243bc82f9b1bb920889ce041bb34d
SHA1 d119f9fe740bc62108d821b5aedb3dd5ddaf56dc
SHA256 8c9d1421493ac6757364195b79e45e70e4fb2c44afcb26c190e5ea1807ad1d58
SHA512 f14fd6ea841113dcb634e1209a5c22351dccd53512f7072eaa62e29675d6dce533b3687ae654149f480fe5e2cabb3756dadf5c249e8270c5368909d18538e31d

C:\Games\Counter-Strike 1.6\language.inf

MD5 c754dc22669532620b48b3fe9d299d7c
SHA1 30ba7e97152c8b271b592819ed427f892347e6cf
SHA256 c537b5aeaa536e0e71f9b1ee9b70300883d81e4b874dd36196581581b9e11207
SHA512 de34ba5f60d0d5df9d069461f5c201ab13273dacbb86141db3edde934481998ea5feb7e49c4983030f0d85414ba411912ad03228e672898617349d4c06da482e

C:\Games\Counter-Strike 1.6\cstrike\models\player\guerilla\guerilla.mdl

MD5 f759f6d24cfedc4e11207b687c7dff5b
SHA1 9bfebc572fe8745de00d1a3cebae16c9e7ccb549
SHA256 d963ad1fd103ba37f5d844e0c437cb8ea82fb23f649cc79d2346226d682a46f0
SHA512 229e730ead296ad84314e65921ec802925bde993746c62dade184612fe2a3296953f7f45296799952a9d056b80801f85d6731a04cb32bbd5cad1dfcd23ae8cb8

C:\Games\Counter-Strike 1.6\cstrike\models\player\sas\sas.mdl

MD5 467b15f2f6fa5f534cd907e024120ef6
SHA1 9cd3a189728255f6ee8a4fba7e2b62ee2a4db63b
SHA256 89a7f748f08913ea16ef8318fd0483155056e2877c95087f5590aa5c414fc41e
SHA512 2036c6e5739b52f82311c53a68f0b203c3d793f5c195302f7faa5cd10134be80ca67f891177b51d27ed871f1cbba54164e043de2b682c56d256611aaa584955c

C:\Games\Counter-Strike 1.6\cstrike\models\player\terror\terror.mdl

MD5 18a2e940a8041eea6b3a56adaa0dd0cb
SHA1 2cb48c4e51ccbaafb9096e7fe090e0a55fbc1d7c
SHA256 f2cca62fb9dd22c49c8421b2a89bb6ca92a1fbd08733ddfb75baebe6f3c37ca5
SHA512 2e06378836ca52462d50bf1966f8249fced95d21c4d81f407a51e05cb4b887b47593517503f8d0cc31881884f850511077d0eb75cfcfd9a9ad6b1e51cdaa0167

C:\Games\Counter-Strike 1.6\cstrike\models\player\urban\urban.mdl

MD5 44718fbdd2dba087a15c2270ba1ea8be
SHA1 caef3b124ce3d7f76551ceb230289bf1ffa5e901
SHA256 5a369b9657705a5283a918685ead66ee3ffed78bb463d18713cda0a3aa27dc8c
SHA512 b36676d0b094a6b7ff648c23d9ff9fd39bb88fc89965d75cddd614b4c2597aa7f7b32a29cfed31457b221f0f7bd27fdf1bac05355b3d816c908dd381f98343a1

C:\Games\Counter-Strike 1.6\cstrike\models\player\leet\leet.mdl

MD5 0241dbb5a93c8694d21fb9980af17d8c
SHA1 5d8435ab3ee7178063b0295fc0cebbcbd659501c
SHA256 2fd40dd9e3261b60a72a0e465f4a65d800e926def6d56be2307a0ef08f0cd819
SHA512 fa49872e5a6148b06e6adf3ee6de6d6861afadf6cb3e1394f4dc35da7515a32ccc78a6ef8d5a851c00debf508272310bdcfb022658db2c39fffa968d74dfa493

C:\Games\Counter-Strike 1.6\cstrike\models\player\gsg9\gsg9.mdl

MD5 b2c61468e60d7cf70d230cd8c956fd8e
SHA1 e9aba3831c104b6bb1a5c8d24edd619adcab01a0
SHA256 9feba8f068e1bebbaac6c8bf856c520cca92c9046d275f1d7107aed4343e68e8
SHA512 68b42f9ff9efb31a988fee5530b177f87831724f562c25412d27f398f340814b5546ea9c62cd3c4ee9984acbaa69536b7d8ac067f4ad6ee7f3af681130c7291f

C:\Games\Counter-Strike 1.6\cstrike\resource\CreateMultiplayerGameBotPage.res

MD5 a2a8dba6efc75f7ce373d1ef05e51b8c
SHA1 ba0fba3b443dc0041000b593450725298de9c9da
SHA256 ca87d6987fd92444b4243c4678f37c67a0529a4fb487aa1b596c13e328b29a3a
SHA512 06c46f40df199a8f287dad961208960f4d6fb8d77b98abe09409080c483b1c55911879c5109f04f4a10b624699d0c93f19ccef178fdba246e5d82cc0e253c09e

C:\Games\Counter-Strike 1.6\cstrike\resource\ClientScheme.res

MD5 b788b8f78a3bfc1ce8d4423d8217418d
SHA1 19d509d683f8be3d214e58586e9f2e52d44252a8
SHA256 ece1aae091a9afe549b554f0fa81c4adeafcf73f8d242e3bd89a274ced98652b
SHA512 40b58685f328ba61d4630516afdaac79367b998b3c32d0a91223307570eca863cb7afa3a818e68bd206baf696a96edf5c03e2cb28e1a95ca8646e2dbef93b451

C:\Games\Counter-Strike 1.6\cstrike\models\player\vip\vip.mdl

MD5 dda8ae43070fddc3bc13da2d787ba807
SHA1 fd8960fac667fafb6b2dd88740dd7dbadc2372b3
SHA256 6370945e7cc884d4624876ebbc2b41c062fd8e28601add5508ddd186b2726c01
SHA512 624f07f3dc7a8f985b77f601df308284a074299424b8368af30f2c40fde5809ee697baebd953f2d369e2612ba65f9c4f026de0c20069b20957f84ac1d8f35896

memory/952-13462-0x0000000000400000-0x0000000000533000-memory.dmp

memory/680-13463-0x0000000000400000-0x000000000042E000-memory.dmp

memory/5876-13473-0x0000000014840000-0x0000000015A98000-memory.dmp

memory/5876-13503-0x000000006F5C0000-0x000000006F772000-memory.dmp

memory/5876-13521-0x000000006F5C0000-0x000000006F772000-memory.dmp

memory/5876-13528-0x000000006F550000-0x000000006F583000-memory.dmp

memory/5876-13527-0x000000006F550000-0x000000006F583000-memory.dmp

memory/5876-13526-0x000000006F550000-0x000000006F583000-memory.dmp

memory/5876-13525-0x000000006F550000-0x000000006F583000-memory.dmp

memory/5876-13524-0x000000006F550000-0x000000006F583000-memory.dmp

memory/5876-13530-0x0000000024180000-0x00000000241CC000-memory.dmp

memory/5876-13529-0x0000000024130000-0x0000000024158000-memory.dmp

memory/5876-13523-0x000000006F550000-0x000000006F583000-memory.dmp

memory/5876-13522-0x000000006F550000-0x000000006F583000-memory.dmp

memory/5876-13520-0x000000006F5C0000-0x000000006F772000-memory.dmp

memory/5876-13519-0x000000006F5C0000-0x000000006F772000-memory.dmp

memory/5876-13518-0x000000006F5C0000-0x000000006F772000-memory.dmp

memory/5876-13517-0x000000006F5C0000-0x000000006F772000-memory.dmp

memory/5876-13516-0x000000006F5C0000-0x000000006F772000-memory.dmp

memory/5876-13515-0x000000006F5C0000-0x000000006F772000-memory.dmp

memory/5876-13514-0x000000006F5C0000-0x000000006F772000-memory.dmp

memory/5876-13513-0x000000006F5C0000-0x000000006F772000-memory.dmp

memory/5876-13512-0x000000006F5C0000-0x000000006F772000-memory.dmp

memory/5876-13511-0x000000006F5C0000-0x000000006F772000-memory.dmp

memory/5876-13510-0x000000006F5C0000-0x000000006F772000-memory.dmp

memory/5876-13509-0x000000006F5C0000-0x000000006F772000-memory.dmp

memory/5876-13508-0x000000006F5C0000-0x000000006F772000-memory.dmp

memory/5876-13507-0x000000006F5C0000-0x000000006F772000-memory.dmp

memory/5876-13506-0x000000006F5C0000-0x000000006F772000-memory.dmp

memory/5876-13505-0x000000006F5C0000-0x000000006F772000-memory.dmp

memory/5876-13502-0x000000006F5C0000-0x000000006F772000-memory.dmp

memory/5876-13501-0x000000006F5C0000-0x000000006F772000-memory.dmp

memory/5876-13500-0x000000006F5C0000-0x000000006F772000-memory.dmp

memory/5876-13499-0x000000006F5C0000-0x000000006F772000-memory.dmp

memory/5876-13498-0x000000006F5C0000-0x000000006F772000-memory.dmp

memory/5876-13497-0x000000006F5C0000-0x000000006F772000-memory.dmp

memory/5876-13496-0x000000006F5C0000-0x000000006F772000-memory.dmp

memory/5876-13495-0x000000006F5C0000-0x000000006F772000-memory.dmp

memory/5876-13494-0x000000006F5C0000-0x000000006F772000-memory.dmp

memory/5876-13492-0x000000006F5C0000-0x000000006F772000-memory.dmp

memory/5876-13490-0x000000006F5C0000-0x000000006F772000-memory.dmp

memory/5876-13488-0x000000006F5C0000-0x000000006F772000-memory.dmp

memory/5876-13487-0x0000000017BD0000-0x0000000017C0D000-memory.dmp

memory/5876-13485-0x00000000183E0000-0x00000000184C3000-memory.dmp

memory/5876-13484-0x0000000017B70000-0x0000000017B85000-memory.dmp

memory/5876-13478-0x0000000018280000-0x00000000183DF000-memory.dmp

memory/5876-13504-0x000000006F5C0000-0x000000006F772000-memory.dmp

memory/5876-13493-0x000000006F5C0000-0x000000006F772000-memory.dmp

memory/5876-13491-0x000000006F5C0000-0x000000006F772000-memory.dmp

memory/5876-13489-0x000000006F5C0000-0x000000006F772000-memory.dmp

C:\Users\Admin\Videos\Captures\desktop.ini

MD5 b0d27eaec71f1cd73b015f5ceeb15f9d
SHA1 62264f8b5c2f5034a1e4143df6e8c787165fbc2f
SHA256 86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2
SHA512 7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

memory/5876-13548-0x000000006F5C0000-0x000000006F772000-memory.dmp

C:\Games\Counter-Strike 1.6\cstrike\custom.hp2

MD5 b00c7aa21ed6f495a5989e5da3893d57
SHA1 282dd8b89aa59c131fad9c2cda370034e607fdc6
SHA256 870e9da2ee616e339bf1bfebfbd9d063969193c5692848df91690bfb403aac6e
SHA512 ade46371cbe466e2a98962dff3619ad8100d60648122557de14ca6b660ea88d3e70abc75aab5a4c54a39ee84a5bd10636118a4141e6f37a9ee1b9fed98a862e1