Overview

overview

8

Static

static

3

SteamtoolsSetup.exe

windows7-x64

3

SteamtoolsSetup.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    1716s
  • max time network
    1774s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-11-2024 07:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SteamtoolsSetup.exe

  • Size

    978KB

  • MD5

    bbf15e65d4e3c3580fc54adf1be95201

  • SHA1

    79091be8f7f7a6e66669b6a38e494cf7a62b5117

  • SHA256

    c9f2e2abb046ff2535537182edf9a9b748aa10a22e98a1d8c948d874f4ffb304

  • SHA512

    9bb261b4ed84af846e07ffb6352960687e59428fd497faa0a37d70b57a1a7430d48ac350fbb0c3f0f11e4231a98ebca4d6923deba0949fdd7a247a3c02737355

  • SSDEEP

    24576:4Fa9OUi2VoN2gZ1M8UQag3BXrYZt+GgGTfG74T+TRcL:Z9OUiTN2gZ1MExEZkkf+4TARg

Score
8/10
steamdiscoveryphishing

Malware Config

Signatures

  • Downloads MZ/PE file
  • Detected potential entity reuse from brand STEAM.
    phishingsteam
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs
  • Suspicious use of FindShellTrayWindow 32 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SteamtoolsSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\SteamtoolsSetup.exe"
    1⤵
      PID:1944
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
      1⤵
      • Enumerates system info in registry
      • NTFS ADS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:4200
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff917bd46f8,0x7ff917bd4708,0x7ff917bd4718
        2⤵
          PID:5068
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,17672992964998094657,10939681502502402443,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2020 /prefetch:2
          2⤵
            PID:4784
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1984,17672992964998094657,10939681502502402443,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2448 /prefetch:3
            2⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:1260
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1984,17672992964998094657,10939681502502402443,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8
            2⤵
              PID:1848
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,17672992964998094657,10939681502502402443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
              2⤵
                PID:4312
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,17672992964998094657,10939681502502402443,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
                2⤵
                  PID:3000
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,17672992964998094657,10939681502502402443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
                  2⤵
                    PID:4380
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,17672992964998094657,10939681502502402443,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
                    2⤵
                      PID:3312
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,17672992964998094657,10939681502502402443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1
                      2⤵
                        PID:2448
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1984,17672992964998094657,10939681502502402443,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:8
                        2⤵
                          PID:1564
                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1984,17672992964998094657,10939681502502402443,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:8
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:2844
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,17672992964998094657,10939681502502402443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=212 /prefetch:1
                          2⤵
                            PID:2508
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,17672992964998094657,10939681502502402443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
                            2⤵
                              PID:4308
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,17672992964998094657,10939681502502402443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
                              2⤵
                                PID:3284
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,17672992964998094657,10939681502502402443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
                                2⤵
                                  PID:388
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,17672992964998094657,10939681502502402443,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
                                  2⤵
                                    PID:2724
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,17672992964998094657,10939681502502402443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
                                    2⤵
                                      PID:3172
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,17672992964998094657,10939681502502402443,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
                                      2⤵
                                        PID:1128
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,17672992964998094657,10939681502502402443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
                                        2⤵
                                          PID:464
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1984,17672992964998094657,10939681502502402443,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5632 /prefetch:8
                                          2⤵
                                            PID:4588
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,17672992964998094657,10939681502502402443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
                                            2⤵
                                              PID:116
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1984,17672992964998094657,10939681502502402443,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6544 /prefetch:8
                                              2⤵
                                                PID:3360
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,17672992964998094657,10939681502502402443,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5400 /prefetch:2
                                                2⤵
                                                • Suspicious behavior: EnumeratesProcesses
                                                PID:4308
                                            • C:\Windows\System32\CompPkgSrv.exe
                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                              1⤵
                                                PID:4220
                                              • C:\Windows\System32\CompPkgSrv.exe
                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                1⤵
                                                  PID:5080

                                                Network

                                                MITRE ATT&CK Enterprise v15

                                                Replay Monitor

                                                Loading Replay Monitor...

                                                Downloads

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                  Filesize

                                                  152B

                                                  MD5

                                                  fab8d8d865e33fe195732aa7dcb91c30

                                                  SHA1

                                                  2637e832f38acc70af3e511f5eba80fbd7461f2c

                                                  SHA256

                                                  1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

                                                  SHA512

                                                  39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                  Filesize

                                                  152B

                                                  MD5

                                                  36988ca14952e1848e81a959880ea217

                                                  SHA1

                                                  a0482ef725657760502c2d1a5abe0bb37aebaadb

                                                  SHA256

                                                  d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

                                                  SHA512

                                                  d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                  Filesize

                                                  1KB

                                                  MD5

                                                  cf507a464732b728b73fc1573b83fb88

                                                  SHA1

                                                  7282bc02c020bbd2bce73e14b2235271f1d3224b

                                                  SHA256

                                                  4366bdb3ca7ad176f0d49c362829f70d05d86fab8203ad429ff14d6483d60755

                                                  SHA512

                                                  9b2f2ad5f5bd55afce4bec309e17a5ff361c8ab678fb85137a283dd99c3ec2e6a00cc19dbbdebd7c73bb0f45d922f7c97c40a78118a443404843918d5e806858

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                  Filesize

                                                  1KB

                                                  MD5

                                                  c0b75bda2da60fb1141219b074a75b22

                                                  SHA1

                                                  5762b3922e8202c08689cc6ab8925292e1af9b9b

                                                  SHA256

                                                  ce5a94e17cef56caabce41b48402961678a39f584452e8b8d357cdba18fe733d

                                                  SHA512

                                                  23a81cb52917a3abdcf6ed614356d46ef953774be38ff3847a1f9e663d459d6bc5e9c20f0f6995c0cd129f22bbf32a8c21cc26f37ef9bc65b2d7d761de9d6fcd

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                  Filesize

                                                  1KB

                                                  MD5

                                                  d3370109e806dbd0a6e424ee23567156

                                                  SHA1

                                                  43320a71242ea77996f68f13ebea131faf835bda

                                                  SHA256

                                                  ad9f8a7636a22e5e5ff535e001f780fe315408639b7cab025b91933b043d658a

                                                  SHA512

                                                  448cc37a5807d6d64e5976e3eaac33f2fdd16cae7079491c3eaf283c85694c9faff4fcfc2ee6892c11bf1f1ccce213e6f150183efef42722de50db917acf7b93

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                  Filesize

                                                  1KB

                                                  MD5

                                                  9b58836c0657c98d6098eac2235be9bc

                                                  SHA1

                                                  199d95f49d2ed088c3ac4f516fd822b1f9033b11

                                                  SHA256

                                                  e999f6cd6b3d4bbef80ec01ec648c0db4b16cec600623e6294904447c5c7f183

                                                  SHA512

                                                  79ec89b4815d75333e53782fe88cca8f29f97c30d2f0b3c50d5db541f1ec84acba663186b28ba6b3f560d421a75d56ddf3f84474cff6426cca49c0f1a3cc85e0

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                  Filesize

                                                  807B

                                                  MD5

                                                  bef4f6f878056ade706b22e49235d4a7

                                                  SHA1

                                                  b0f0cfebdf6d6b8ba5c29486ee122649d8633236

                                                  SHA256

                                                  d020364dc51250e9fea9b0966c53eb65e71a7cd6f5c6c9ddf7eb949436a08eef

                                                  SHA512

                                                  21cd30e67683da00c68302ddd6dd3ae4d6db21cb09999c6246e52774ed8d4da031bf1a5683d0c67b31d740802e737ac16ebbd0e503f3d40fc9243445d50fdad7

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                  Filesize

                                                  1KB

                                                  MD5

                                                  30f82942beda488a3d8424b6d11247db

                                                  SHA1

                                                  3924114f58825a5b090624dcb1d58412a9e44f44

                                                  SHA256

                                                  b370301b5788627789da20691f5ac2fb6b1b4ab896ca478fc738cd7df5601dbb

                                                  SHA512

                                                  9a1fbb0e8a1b2a95e1d9eda0b07b9aea1756c0ffd7196e248287b29e154971c4f105fe0247179061176b8097c1bbdef0d4f878cceec378e68d9ed832e8bd9678

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                  Filesize

                                                  5KB

                                                  MD5

                                                  e672c5f6681d0e078ec1d227eef7237b

                                                  SHA1

                                                  17ffbbcc5e9467a10d0b4ea44da82d76e989e402

                                                  SHA256

                                                  d3e2d9513a87afdfb9a7f07757ec768d8992cb982609d7dfd551f1f73519d784

                                                  SHA512

                                                  f220801f632f5809ce5a4a64b8758b06a4a31667b605397baf74fd2b35742a610358e1b81724d5f7e2df1997a501490a0d272b3ff2022589955d32b2809ec6fa

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                  Filesize

                                                  6KB

                                                  MD5

                                                  c252d4c38324f71abcf2e14ac3146491

                                                  SHA1

                                                  9f3e1108bb5ab4bc62a833580e056277d91f9d9f

                                                  SHA256

                                                  3f8d570cbb8e2f7b3a109eea89e7d6eb83fe7d6d79b828e6e1288f79f8159f8f

                                                  SHA512

                                                  4d9ceb2b5dfe05ac60deac394b20afd49a3b809a95b6863c8d21ac1b91a0477d633c68f9c5fca1043a18ec7718b6a78fcb11d7b93d0e67dbfdf4e58634d132fa

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                  Filesize

                                                  6KB

                                                  MD5

                                                  81cbaa4a60fe6f22053de24d5bf0e4fa

                                                  SHA1

                                                  38b27f6ced2bae5e6b05aedadaa3bbc6c916d032

                                                  SHA256

                                                  fa4cad9df08b9cb94f4166e7424bce173580cdc796f0a341bd1fde6f94920b76

                                                  SHA512

                                                  28bec22d0ce2bf0044ddc1d97cacc4df86d6b91d926e714a4786c9932229d575af8291beef9a6d2acb4a587c5d3c9afb4b445d4495aa5315f451f55d36c1f476

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                  Filesize

                                                  16B

                                                  MD5

                                                  6752a1d65b201c13b62ea44016eb221f

                                                  SHA1

                                                  58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                  SHA256

                                                  0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                  SHA512

                                                  9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                  Filesize

                                                  10KB

                                                  MD5

                                                  291dff970e969571d6666590be4306cc

                                                  SHA1

                                                  12376e306d8f64b5b2935aedc436c482a58741f1

                                                  SHA256

                                                  a5ea1aafc4e323b6cab1eb23e2fc75e1d8d3716121f5dc2d11ddf82ea559044c

                                                  SHA512

                                                  340afafa99dddb3286b2a72d9a5d424705a27004f9bf6e19a90beae3189a701f4012bc483bcf950805db218c8692003389243a0f1d8cc4fc9244c021abed4bf9

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                  Filesize

                                                  10KB

                                                  MD5

                                                  a9f287ce8b4de7e6210f795d663a53ec

                                                  SHA1

                                                  82d7d70a39320e89eb92e3c66e3cdd7d0a4d158b

                                                  SHA256

                                                  59426fa3586937ef4d734b5a00ee7f89e5a1ebb872fee35463511d71ee67312e

                                                  SHA512

                                                  fb8140978016720ee853eb3ec258fc5b97e15a0a9c29d00d7d8711890927fb0d7e74dd571298f7d5092e0630da3e1888e77c3fb60b33c48db82a8aa482f83a90

                                                  Download Submit

                                                • C:\Users\Admin\Downloads\Unconfirmed 536672.crdownload
                                                  Filesize

                                                  2.3MB

                                                  MD5

                                                  1b54b70beef8eb240db31718e8f7eb5d

                                                  SHA1

                                                  da5995070737ec655824c92622333c489eb6bce4

                                                  SHA256

                                                  7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb

                                                  SHA512

                                                  fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb

                                                  Download Submit

                                                • \??\pipe\LOCAL\crashpad_4200_EBWJLXSXFCANNGUS
                                                  MD5

                                                  d41d8cd98f00b204e9800998ecf8427e

                                                  SHA1

                                                  da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                  SHA256

                                                  e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                  SHA512

                                                  cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                  Download Submit