Analysis

  • max time kernel
    154s
  • max time network
    156s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    03-01-2025 18:29

General

  • Target

    cs2go.exe

  • Size

    2.0MB

  • MD5

    4847c81a02753c1035b3e79a8336898e

  • SHA1

    a44103fc0b941a2e32df4ae5c4ea647627ffeead

  • SHA256

    c2d1f2a32a49b9b5432d783c627cb0bfd17fafad4b55a39377e659d032b21d2d

  • SHA512

    4276affc21b5c40e184685dd17f52270f607e3b425f8899d078f6340cad6c1606d5c2aae5acf69dc9bec53f6e142a17043fbad8f0bf45d35cf0ddd56e9ea130b

  • SSDEEP

    24576:FP5vSkbLNsz7AmAAwjjxVqzMRoR02jdhhUZtkEpKWi:vTbLNS79qjjx4A+/hUXw

Malware Config

Signatures

  • Downloads MZ/PE file
  • Detected potential entity reuse from brand STEAM.
  • Drops file in Windows directory 4 IoCs
  • Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

    When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 36 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cs2go.exe
    "C:\Users\Admin\AppData\Local\Temp\cs2go.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:3540
  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe"
    1⤵
    • Drops file in Windows directory
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3476
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd0923cc40,0x7ffd0923cc4c,0x7ffd0923cc58
      2⤵
        PID:228
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1836,i,8220192363475817702,7138411086643329223,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1832 /prefetch:2
        2⤵
          PID:3776
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2108,i,8220192363475817702,7138411086643329223,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2124 /prefetch:3
          2⤵
            PID:3580
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2188,i,8220192363475817702,7138411086643329223,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2204 /prefetch:8
            2⤵
              PID:3932
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,8220192363475817702,7138411086643329223,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3264 /prefetch:1
              2⤵
                PID:2120
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3140,i,8220192363475817702,7138411086643329223,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3308 /prefetch:1
                2⤵
                  PID:656
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4480,i,8220192363475817702,7138411086643329223,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3544 /prefetch:1
                  2⤵
                    PID:908
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4772,i,8220192363475817702,7138411086643329223,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4780 /prefetch:8
                    2⤵
                      PID:2224
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4800,i,8220192363475817702,7138411086643329223,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4812 /prefetch:8
                      2⤵
                        PID:1528
                      • C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
                        "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
                        2⤵
                        • Drops file in Windows directory
                        PID:2668
                        • C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
                          "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff694cf4698,0x7ff694cf46a4,0x7ff694cf46b0
                          3⤵
                          • Drops file in Windows directory
                          PID:4292
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4216,i,8220192363475817702,7138411086643329223,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3788 /prefetch:8
                        2⤵
                          PID:5020
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4728,i,8220192363475817702,7138411086643329223,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4348 /prefetch:8
                          2⤵
                            PID:2856
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5064,i,8220192363475817702,7138411086643329223,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3580 /prefetch:8
                            2⤵
                              PID:776
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5072,i,8220192363475817702,7138411086643329223,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4684 /prefetch:8
                              2⤵
                                PID:4172
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5184,i,8220192363475817702,7138411086643329223,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5056 /prefetch:2
                                2⤵
                                  PID:3536
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4980,i,8220192363475817702,7138411086643329223,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4988 /prefetch:1
                                  2⤵
                                    PID:4812
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3788,i,8220192363475817702,7138411086643329223,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5236 /prefetch:1
                                    2⤵
                                      PID:784
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3512,i,8220192363475817702,7138411086643329223,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5040 /prefetch:8
                                      2⤵
                                        PID:1916
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5008,i,8220192363475817702,7138411086643329223,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3304 /prefetch:1
                                        2⤵
                                          PID:2024
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5048,i,8220192363475817702,7138411086643329223,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5416 /prefetch:8
                                          2⤵
                                            PID:1108
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5016,i,8220192363475817702,7138411086643329223,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5664 /prefetch:8
                                            2⤵
                                              PID:2452
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5324,i,8220192363475817702,7138411086643329223,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5656 /prefetch:8
                                              2⤵
                                              • Subvert Trust Controls: Mark-of-the-Web Bypass
                                              • NTFS ADS
                                              PID:1016
                                          • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                            "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                            1⤵
                                              PID:1676
                                            • C:\Windows\system32\svchost.exe
                                              C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                              1⤵
                                                PID:2912
                                              • C:\Windows\system32\AUDIODG.EXE
                                                C:\Windows\system32\AUDIODG.EXE 0x000000000000049C 0x00000000000004DC
                                                1⤵
                                                  PID:2328
                                                • C:\Windows\System32\rundll32.exe
                                                  C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                  1⤵
                                                    PID:2376

                                                  Network

                                                  MITRE ATT&CK Enterprise v15

                                                  Replay Monitor

                                                  Loading Replay Monitor...

                                                  Downloads

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\4a867d4b-4ece-4704-941e-54e93668565b.tmp

                                                    Filesize

                                                    231KB

                                                    MD5

                                                    291213c09c6b73e6b68495eacca9d5cc

                                                    SHA1

                                                    74e6d5a923e37c66cbed8b5981b25b8e61612a15

                                                    SHA256

                                                    f4d0e96c7a8d52713eaa084c726a949ddf803a96e79f12c723f045ba24013744

                                                    SHA512

                                                    0db05c1b43488d109ac190050a2f4fb3d787d16ae161b5d4d3fd819e2ad9d825d6e66ff211dd5b31753ee959a6e0657b402fc49f02ddd7a923a77a333af03d39

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

                                                    Filesize

                                                    649B

                                                    MD5

                                                    7cb4eb263f9c8a82fdf18ad7408eef99

                                                    SHA1

                                                    280cd23642398b33c693e1bc91a322a677741b99

                                                    SHA256

                                                    32514177ed531a5ced02ce3df46f694f8bb28a9e414a524e855c024bd6f4541b

                                                    SHA512

                                                    b4de0967538b9811a167467c90fca0fafb377ae48ae9f387e09573595f4128b44a17068773bf6cf37f47e61c5a63eeb2b91bdecfd1587e5a5e33744d8911e69e

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

                                                    Filesize

                                                    215KB

                                                    MD5

                                                    d79b35ccf8e6af6714eb612714349097

                                                    SHA1

                                                    eb3ccc9ed29830df42f3fd129951cb8b791aaf98

                                                    SHA256

                                                    c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

                                                    SHA512

                                                    f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                    Filesize

                                                    216B

                                                    MD5

                                                    e01061056a456933806f43ff98a90eba

                                                    SHA1

                                                    3d33a99ab06ba2ff5582d9500d30622e6fa5f0fd

                                                    SHA256

                                                    b0fabc6a3afe9df3e78cb6cd212ee21872714559ab13f0973225b2a7b1c10796

                                                    SHA512

                                                    9e90daffc34a29eed4f8664242a159db637e610c75db138a2c517a7db0c925a87dfcf34f31b988a1ec0e13bfe25e17e4bc6c79c885aa96b35ca4a918917c20c4

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                    Filesize

                                                    2KB

                                                    MD5

                                                    0fb4317167805d01d4dfb9b3eb1da690

                                                    SHA1

                                                    3a06af56ae7c836eb79f7a8c82ef0d7455a7cdc5

                                                    SHA256

                                                    7562e8b27556cf62a6c7651d99aac7529dd3eae43d5d61181067a8d37aaba38e

                                                    SHA512

                                                    8706630ce71f1da5b1dfe162883e5fe9a7558a588eb13456727060b86d212ce198100f06a4865049b79129342866e9abba26181b0f51435d5c08115113fd7c0a

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

                                                    Filesize

                                                    264KB

                                                    MD5

                                                    475a63bf5bf7bdc69fe1267bac10a62b

                                                    SHA1

                                                    0ff36ebb4d20358d94444672c2ca38f9a5f0e311

                                                    SHA256

                                                    25c0949a1230fd5dbde143f8648ee11ce1ff8faddc20d85f0020ea03c3b4bf3c

                                                    SHA512

                                                    fcedc46e54c052caa187153ee9f66d6c29fe6f3ba431bf71c7dcc256ccfc4a6d4933cca98a768bcdbcf85920863a7e6428e301d88e50fa8404bccab45e0e9e1d

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

                                                    Filesize

                                                    851B

                                                    MD5

                                                    07ffbe5f24ca348723ff8c6c488abfb8

                                                    SHA1

                                                    6dc2851e39b2ee38f88cf5c35a90171dbea5b690

                                                    SHA256

                                                    6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

                                                    SHA512

                                                    7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

                                                    Filesize

                                                    854B

                                                    MD5

                                                    4ec1df2da46182103d2ffc3b92d20ca5

                                                    SHA1

                                                    fb9d1ba3710cf31a87165317c6edc110e98994ce

                                                    SHA256

                                                    6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

                                                    SHA512

                                                    939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                    Filesize

                                                    2KB

                                                    MD5

                                                    32388936760725474028146a9521819e

                                                    SHA1

                                                    f1684471af83e1cb6f55546c6ce3aec753b33670

                                                    SHA256

                                                    3b338060f806e412a6dbf90de1bc8aeb5603e61849a0db63b0aa175594fc3ae2

                                                    SHA512

                                                    7df6fbc5a52a1cad04e012726a769bedb15699fe394461b32f8ccb268f26bb94751388017d46e2c8c5dc421f29c4af85df6aaf2bd8c0b80b8b6efac6c48bc57f

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                    Filesize

                                                    5KB

                                                    MD5

                                                    0a5492945096f7285f8576b4aa35721f

                                                    SHA1

                                                    647d84d190b5fa22159b4386787f26882005d0f5

                                                    SHA256

                                                    e4a16ebb2e6815415606df4b895b3e705e42a07a4c52ebb26ab2880d3fba857e

                                                    SHA512

                                                    b30b4921e95dedc5c325226157cf42cfd0ee7f5d53a6c2f8db97e396c4498d14a945c110e9918fdb7845a60c3b137bbade200b587183693b9ce8955e21c189a8

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                                    Filesize

                                                    2B

                                                    MD5

                                                    d751713988987e9331980363e24189ce

                                                    SHA1

                                                    97d170e1550eee4afc0af065b78cda302a97674c

                                                    SHA256

                                                    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                    SHA512

                                                    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                    Filesize

                                                    354B

                                                    MD5

                                                    1c03677a2c87d7974052a6a041e1eaa4

                                                    SHA1

                                                    641c14c4639a0f9bc3584b67d57c6d5f1ce4fc4b

                                                    SHA256

                                                    8f8217caa83913d100ac0afbb44de7b949b9258104a1e8766969d98c84fa3fca

                                                    SHA512

                                                    1c81c89ecad8760628a693aafb8546fdc3ac0a4669e29925f628b42a4dbd76db2d9eddada15f14aeefe2c6cf0532e70f0d6e2d30a340529b174d0fdb45b40c91

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                    Filesize

                                                    684B

                                                    MD5

                                                    3f53ab4c4f5c8ec0e4f0b3bfeda89451

                                                    SHA1

                                                    96e9a2f47467f201ed2349d007afd1a89aa337be

                                                    SHA256

                                                    7e7c6329348ec13e2e91d5eadbb786c120baaf38bf5690efd395979febd658f2

                                                    SHA512

                                                    9680a93e476fb86a410328e98e4e3817ab2ea368558d3f5ee49d7104a40edc2de5a774635813703cf90ab575df3bc5e77f696eef251443e195f3e87d09b2c19d

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                    Filesize

                                                    684B

                                                    MD5

                                                    9f22d483f0c38ba82b886138c3e40f82

                                                    SHA1

                                                    a4672ab7b2f87b0c4281caa264674adac8cb3f93

                                                    SHA256

                                                    20d1f38895edfcbbe2b40b4d284a1f9576fec4eea1ba7cb9e51c2bd025ecefd0

                                                    SHA512

                                                    0b158bf41c8f25a8736a27d708e8dd46eda319f6310e1af257bf96f7ac0eb828a0cfb45039427e0d96ce9d4d941016d9c3b256884c3de90ce36b33c7d3fc0f50

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                    Filesize

                                                    9KB

                                                    MD5

                                                    23019ef21e39c9da0525d366b33d8b17

                                                    SHA1

                                                    24d3602eac9554f44460b27f4df94e3d9acf29e6

                                                    SHA256

                                                    ff8991f6f1385f0d7d3d0f13473711bbd12dd701cda4e7933096c3f8d8460f51

                                                    SHA512

                                                    e2b13a4d4b9ed390999f2ae1c56fe0ba6b30c0ec700924322aa7e2e5a9d181bfe15e82e1a171cbd859200fd17416882927277aba409e2bd513bd13282d4a3216

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                    Filesize

                                                    9KB

                                                    MD5

                                                    c7b04c89af0be1b5600b067f0310de94

                                                    SHA1

                                                    f6cb107198e1f8abbac0bd9bb46173a69be855b8

                                                    SHA256

                                                    8098bccaf590cd8e58d5b180dfa9e09d39f397bdca9001b1bc457ae4f6dfad5f

                                                    SHA512

                                                    f7d5e6b8f9ad09a86ee000a60edca51c8b4f9737bfbab1a107352412495c38eefb0f2fe484ba18826c2cd083ddb6e406a0addc0353e05dbb052aa3d7d7e90543

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                    Filesize

                                                    9KB

                                                    MD5

                                                    3aa3d1eacfec6e90ea74a126e0a7c031

                                                    SHA1

                                                    47f57f0e8142f121426829f93c8b6cff19ba1ac8

                                                    SHA256

                                                    eef52b9e8e09c717c13b4a798f5e9acd3609cfc6557c3c987d5ae81ea47758c4

                                                    SHA512

                                                    b18586aba6726b00bc7d9454c71e9fb945355be2f4cef6fcc303a12c0ba76e80473f9f523d09f8fad2d0062791991923d1462e5ccf0d22f84a4ffbd26528dcd4

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                    Filesize

                                                    10KB

                                                    MD5

                                                    3866ae2a0a17cecaa2c9d531709ff9c6

                                                    SHA1

                                                    64010f92a5f3fd406c10304c8bbfa0231616e87b

                                                    SHA256

                                                    c5e6980fa61f848cc6b4d1b54ae9c71439c49b6d469834619ba3cf001dd4f449

                                                    SHA512

                                                    9d05065eb1baa625440131b5d17d5dd547a79e81a3b2421694da374a1c14299bef694abdb8a4e3e4f2f2516d710ca286d7304ececd9f3b1e778bd3b21d51e944

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                    Filesize

                                                    10KB

                                                    MD5

                                                    29be362f30b54fe10e6f2cf1ff4cc060

                                                    SHA1

                                                    cb7a375216c573a4284475d46aa8c946f921f232

                                                    SHA256

                                                    6c7ac4980733ac082ac0a2e3c3e2d7dc36c62e728b7b180711665e06ca944350

                                                    SHA512

                                                    be6331baa3004e6214cc8acf7a29294855a33800b9135852ae8c64b39c6cba93bd7eb4c303565d719fe5fbd74197ea62adf519d7c2c0274c171791afe7d2a6e8

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                    Filesize

                                                    9KB

                                                    MD5

                                                    b9ce785745b4fdd21ae9bd58c51784a0

                                                    SHA1

                                                    effa68bd2d8c25b05409c73329454ab4dc898af6

                                                    SHA256

                                                    bce4265c91ff295f14bc3d9530d559020b2623c3a654b4eb94db9277167f6cbd

                                                    SHA512

                                                    1dfbe6f85b5480c3f24b6271534a60407fa576ce41b2276db7ddafb082589039708efb856cca92c0063be0dbbca539f0a856ced044ab0b0f19c61700cd1426ee

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                                    Filesize

                                                    15KB

                                                    MD5

                                                    3f226d3e3d98b23e079eee21acec0c7a

                                                    SHA1

                                                    d103baa1fb2d586b49d57b0254e904e2a28028f6

                                                    SHA256

                                                    93c7f818bb4a02bf979c40071d5e24fbae7cd8e050667e740e4d7e672076a215

                                                    SHA512

                                                    0456d4a87788be5e54ab079a7183357fbdb2f36798a67fe9422a2aa5df49580ae054790c61f5d081b690d469b782acece4887929ed190f5e873cc847cc3652a6

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                                    Filesize

                                                    72B

                                                    MD5

                                                    a95635ec4e897116b77ac04988d728ef

                                                    SHA1

                                                    af75521636e1b987f3a1ce35f9a915d211f95972

                                                    SHA256

                                                    3f3ddb736a9fc251b5b3fd00187c58945d353c569f7696cd9fa5bf46955f3e02

                                                    SHA512

                                                    087ee78818a38a4871c3ef3ed2996f527f1e3275b15089698a66f349203d31409b5594d58a0b4591f2c3280689a8c45a1f5300e3605f06949ad3275f146972b0

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                    Filesize

                                                    231KB

                                                    MD5

                                                    849b24cc7da40027e4ee07633f2c1d12

                                                    SHA1

                                                    638a3b64772e8857256b632af060a0597691fc8d

                                                    SHA256

                                                    f153ef2ac8f6a57015bb2956300cdd4e1c3d6fdac0dd8c449698fb9aede48c57

                                                    SHA512

                                                    c051ce2f91faf9a77a07c102f85ba8081968275621acee19d7e455315085ed93f6fb5d8fb62c5db3e307e29b2d6b006292401db0470119077511166817b3e981

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                    Filesize

                                                    231KB

                                                    MD5

                                                    37dfaf03f712e15565fc1f7b4a9ee49f

                                                    SHA1

                                                    9513cfdcb0f9ac361a93c41c21b727f10aa71638

                                                    SHA256

                                                    d9d08701ca620525a4dea182c03eb18d4cd0be34d072a41989fa1f9cecf0c3d3

                                                    SHA512

                                                    232b92a98c3ba470bd737c8dcf5dde08116586427f200d79e0d67592f607968583817f5757d0af204f70bd2648040429ffb6ba1affc2b78ccd73200c2ac7c983

                                                  • C:\Users\Admin\AppData\Local\Temp\scoped_dir3476_745763947\35aa491b-af3d-4eed-84d3-0fc477a789ec.tmp

                                                    Filesize

                                                    150KB

                                                    MD5

                                                    14937b985303ecce4196154a24fc369a

                                                    SHA1

                                                    ecfe89e11a8d08ce0c8745ff5735d5edad683730

                                                    SHA256

                                                    71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

                                                    SHA512

                                                    1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

                                                  • C:\Users\Admin\AppData\Local\Temp\scoped_dir3476_745763947\CRX_INSTALL\_locales\en\messages.json

                                                    Filesize

                                                    711B

                                                    MD5

                                                    558659936250e03cc14b60ebf648aa09

                                                    SHA1

                                                    32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

                                                    SHA256

                                                    2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

                                                    SHA512

                                                    1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

                                                  • C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier

                                                    Filesize

                                                    26B

                                                    MD5

                                                    fbccf14d504b7b2dbcb5a5bda75bd93b

                                                    SHA1

                                                    d59fc84cdd5217c6cf74785703655f78da6b582b

                                                    SHA256

                                                    eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

                                                    SHA512

                                                    aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

                                                  • C:\Users\Admin\Downloads\Unconfirmed 370789.crdownload

                                                    Filesize

                                                    2.3MB

                                                    MD5

                                                    1b54b70beef8eb240db31718e8f7eb5d

                                                    SHA1

                                                    da5995070737ec655824c92622333c489eb6bce4

                                                    SHA256

                                                    7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb

                                                    SHA512

                                                    fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb