Analysis

  • max time kernel
    297s
  • max time network
    300s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-11-2024 16:44

General

  • Target

    https://cdn.discordapp.com/attachments/1306307977728364556/1306343950625538078/SteamtoolsSetup.exe?ex=6736fbdc&is=6735aa5c&hm=e60e10920a20308b8e5c8be3d76a52325ba48959c97e37435ad40e67c9c66dd2&

Malware Config

Signatures

  • Detected potential entity reuse from brand STEAM.
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 32 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://cdn.discordapp.com/attachments/1306307977728364556/1306343950625538078/SteamtoolsSetup.exe?ex=6736fbdc&is=6735aa5c&hm=e60e10920a20308b8e5c8be3d76a52325ba48959c97e37435ad40e67c9c66dd2&
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2500
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ffeff8b46f8,0x7ffeff8b4708,0x7ffeff8b4718
      2⤵
        PID:4848
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
        2⤵
          PID:2900
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2516 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1260
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
          2⤵
            PID:1624
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
            2⤵
              PID:208
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
              2⤵
                PID:4644
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 /prefetch:8
                2⤵
                  PID:1772
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:3596
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2496 /prefetch:1
                  2⤵
                    PID:832
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
                    2⤵
                      PID:3364
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
                      2⤵
                        PID:2268
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
                        2⤵
                          PID:1020
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
                          2⤵
                            PID:3228
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
                            2⤵
                              PID:4824
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
                              2⤵
                                PID:4228
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
                                2⤵
                                  PID:1600
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
                                  2⤵
                                    PID:928
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
                                    2⤵
                                      PID:3948
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
                                      2⤵
                                        PID:4936
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
                                        2⤵
                                          PID:4228
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
                                          2⤵
                                            PID:3396
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
                                            2⤵
                                              PID:5592
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
                                              2⤵
                                                PID:5856
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3992 /prefetch:1
                                                2⤵
                                                  PID:4228
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5480 /prefetch:8
                                                  2⤵
                                                    PID:1784
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
                                                    2⤵
                                                      PID:1092
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
                                                      2⤵
                                                        PID:6072
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
                                                        2⤵
                                                          PID:5144
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1
                                                          2⤵
                                                            PID:4892
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6464 /prefetch:1
                                                            2⤵
                                                              PID:3196
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:1
                                                              2⤵
                                                                PID:4980
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:1
                                                                2⤵
                                                                  PID:5496
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6292 /prefetch:8
                                                                  2⤵
                                                                    PID:5472
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6708 /prefetch:8
                                                                    2⤵
                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                    PID:3944
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5772 /prefetch:8
                                                                    2⤵
                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                    PID:5716
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,17689443471867366376,3286045544536483807,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6540 /prefetch:2
                                                                    2⤵
                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                    PID:6032
                                                                • C:\Windows\System32\CompPkgSrv.exe
                                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                  1⤵
                                                                    PID:4200
                                                                  • C:\Windows\System32\CompPkgSrv.exe
                                                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                    1⤵
                                                                      PID:3200
                                                                    • C:\Windows\system32\AUDIODG.EXE
                                                                      C:\Windows\system32\AUDIODG.EXE 0x4ac 0x33c
                                                                      1⤵
                                                                        PID:5336
                                                                      • C:\Windows\system32\cmd.exe
                                                                        "C:\Windows\system32\cmd.exe"
                                                                        1⤵
                                                                          PID:1416
                                                                          • C:\Windows\system32\mountvol.exe
                                                                            mountvol.exe c: /D
                                                                            2⤵
                                                                              PID:5724

                                                                          Network

                                                                          MITRE ATT&CK Enterprise v15

                                                                          Replay Monitor

                                                                          Loading Replay Monitor...

                                                                          Downloads

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                            Filesize

                                                                            152B

                                                                            MD5

                                                                            b8880802fc2bb880a7a869faa01315b0

                                                                            SHA1

                                                                            51d1a3fa2c272f094515675d82150bfce08ee8d3

                                                                            SHA256

                                                                            467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

                                                                            SHA512

                                                                            e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                            Filesize

                                                                            152B

                                                                            MD5

                                                                            ba6ef346187b40694d493da98d5da979

                                                                            SHA1

                                                                            643c15bec043f8673943885199bb06cd1652ee37

                                                                            SHA256

                                                                            d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

                                                                            SHA512

                                                                            2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

                                                                            Filesize

                                                                            47KB

                                                                            MD5

                                                                            0d89f546ebdd5c3eaa275ff1f898174a

                                                                            SHA1

                                                                            339ab928a1a5699b3b0c74087baa3ea08ecd59f5

                                                                            SHA256

                                                                            939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e

                                                                            SHA512

                                                                            26edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

                                                                            Filesize

                                                                            62KB

                                                                            MD5

                                                                            c813a1b87f1651d642cdcad5fca7a7d8

                                                                            SHA1

                                                                            0e6628997674a7dfbeb321b59a6e829d0c2f4478

                                                                            SHA256

                                                                            df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

                                                                            SHA512

                                                                            af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

                                                                            Filesize

                                                                            67KB

                                                                            MD5

                                                                            b275fa8d2d2d768231289d114f48e35f

                                                                            SHA1

                                                                            bb96003ff86bd9dedbd2976b1916d87ac6402073

                                                                            SHA256

                                                                            1b36ed5c122ad5b79b8cc8455e434ce481e2c0faab6a82726910e60807f178a1

                                                                            SHA512

                                                                            d28918346e3fda06cd1e1c5c43d81805b66188a83e8ffcab7c8b19fe695c9ca5e05c7b9808599966df3c4cd81e73728189a131789c94df93c5b2500ce8ec8811

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

                                                                            Filesize

                                                                            19KB

                                                                            MD5

                                                                            1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

                                                                            SHA1

                                                                            6dd8803e59949c985d6a9df2f26c833041a5178c

                                                                            SHA256

                                                                            af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

                                                                            SHA512

                                                                            b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

                                                                            Filesize

                                                                            63KB

                                                                            MD5

                                                                            226541550a51911c375216f718493f65

                                                                            SHA1

                                                                            f6e608468401f9384cabdef45ca19e2afacc84bd

                                                                            SHA256

                                                                            caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

                                                                            SHA512

                                                                            2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

                                                                            Filesize

                                                                            25KB

                                                                            MD5

                                                                            8b06b747bf45671dbbfd53cdf42b39b7

                                                                            SHA1

                                                                            036ab57ac56e3e82e24d25b1e8fc3da0e758dff5

                                                                            SHA256

                                                                            77b7ba43678eb41699aadb083add7958be7f1a7d3bdeca68e356ce734bebb623

                                                                            SHA512

                                                                            d8545ae12e2ee9da79e099d02e94b227e79bd7d4b79ebb65fae983c68b1234d3556951805a659876e184db92c8575512e84fa850ff2f2f90bf93e8eb17aa7b32

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                            Filesize

                                                                            2KB

                                                                            MD5

                                                                            c24f335ef07c2ae897bcb42f343e34ae

                                                                            SHA1

                                                                            ba405c8f6919f5c52424fd28d44536d9e7667b39

                                                                            SHA256

                                                                            6c5fedeb2812751bb7bef801fd75de2614eb3f340623e8f3b6028e20879b6f28

                                                                            SHA512

                                                                            e6a0cd01b148cc3acf520792061ca6b2671b942250e97578a709bad88ddaf4055fb43425fe48e186e067c40ed3cb7f81214cae1e6e0263168a6db56c229e7ff8

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                            Filesize

                                                                            2KB

                                                                            MD5

                                                                            bc376bb32fb11cc8d808e09f04e7e75c

                                                                            SHA1

                                                                            6cd6962bd5196d6feeed78caf7811a787597ef64

                                                                            SHA256

                                                                            20e774b4b64f61c64296c147d87a79855c9c76846eb72a736cafc4b89621e5de

                                                                            SHA512

                                                                            c54aa8d0877c87414d72c4a7106a12033cf254f172719bb2d60da5cfe1ab3e3d1f0aba6be55c3459fdda6c3c5a5f3eb18d230b34fc880b866b9535a0459d4614

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                            Filesize

                                                                            2KB

                                                                            MD5

                                                                            ea00e920a079f2fb13e08ca0706ad507

                                                                            SHA1

                                                                            68808c378f4f4d5b5e680e01245a93d7d3b15d89

                                                                            SHA256

                                                                            714412290cfcf24230d775e46944242a7308a8d7296246f7d92b4ef883a1796e

                                                                            SHA512

                                                                            5e1dac0de5455440207a10c9dde62b286e851c1cf04f6b3927a39d7f53753984ad50ffd86d6961b31dfa303523d2775e5e91e07f8b6c7e00cf2e5ede7b599a6a

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                            Filesize

                                                                            7KB

                                                                            MD5

                                                                            7025dc99b7a245a08df77e13458edde4

                                                                            SHA1

                                                                            811ec1e864f1ad942579aef71a5d0432a05fbe03

                                                                            SHA256

                                                                            9a727425502e8356a790bd2c9d5957f4bfe59e91287c7ce5654f82f83507eeb1

                                                                            SHA512

                                                                            9d1c2e055f50c3a50f8be14f25139d37bbf064ec80a4f3e9fd70d075a03f8ba410d453b2b3ecdf2089fcef2e2465dbe29a0927eea81f53feea4e4bb4793e2679

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                            Filesize

                                                                            6KB

                                                                            MD5

                                                                            14180ce1344d657db30b94a526901095

                                                                            SHA1

                                                                            c7149d11426f72b4c3b5054be1cd6002d148311a

                                                                            SHA256

                                                                            964dce38fee2cfb945e4a7b54d31fea5104a5020e756a0255e0dc002e694c4e0

                                                                            SHA512

                                                                            90637bf9268130f1063d7a446aaf25acc225865c60718fb1100149a3bf3f75c77dbf898c573240132dfe7acd7743d7f7ecc5712ac2c8bda4c65833149e76b0b2

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                            Filesize

                                                                            5KB

                                                                            MD5

                                                                            35a83488bf3b3e3cc3d614f3c17a4354

                                                                            SHA1

                                                                            91b702348841ab4ac3deb83c8f66cc222a39dd34

                                                                            SHA256

                                                                            7304a823c88b1a2d9b055fa886e588d720077cd44d7634ed374a2ff10d8e74c4

                                                                            SHA512

                                                                            8b924e79966dca29e5e7cdab59d7ac5c1784cf696dc3e721513ff86d1ff73f472c881c2018c6f84c2eb59c8f67d10ff0ced6e7eda3aae31a31fa2820954ab5f0

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                            Filesize

                                                                            7KB

                                                                            MD5

                                                                            db116823d211c77161a4183637a9f72c

                                                                            SHA1

                                                                            a1e2b7a356bd0e474305ec82507823dd5979500d

                                                                            SHA256

                                                                            d00182d306a29a2783a505ed6ed61ea14e18ab7f64be994bb25732d3d6455cb3

                                                                            SHA512

                                                                            9efe7d323405394ac2045f20730abbc6b190470f46df5b6fafeb9547b37d300a72b8390da84f1ddc7a76545ec45e37c1f9489adb33d96ba43658a79604cff779

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                            Filesize

                                                                            8KB

                                                                            MD5

                                                                            3a65b311825bdc27ee5473ce3d48f267

                                                                            SHA1

                                                                            9f89eeef079882dc9e4ca6d9872c60e3a6bfa280

                                                                            SHA256

                                                                            9405d6e7f76a9cfb00e68722a00538d66a1f42b62c0b62007c4d66b4394b1fdb

                                                                            SHA512

                                                                            f9d24ce9d84b57ac0b74e08eaf5696c159d39dfad8099655919af4ef8601c9ec872aa0817dc9b822e0dc46a9acc3806d5759a098e03673097422dab0fee0de81

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                            Filesize

                                                                            7KB

                                                                            MD5

                                                                            1f624d750cd2afe2f401caca25d6e15f

                                                                            SHA1

                                                                            e4f81903c047e0ce4fca63ef4b8479595b85328d

                                                                            SHA256

                                                                            f042d9a7a85490933d96617d647e75c88ad4d2e6c575339a17dd96de0bf6855b

                                                                            SHA512

                                                                            22077fcd565a91501e6ba8e62e1f9e956b0c2e164adbed702b77ad27d474b93c3d3bb66b634d5254b91a3b6d40ffbdd8b83eccde36b7f72d183efdbd2c87dae2

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                            Filesize

                                                                            7KB

                                                                            MD5

                                                                            4216d64322db1b346b185399429c0228

                                                                            SHA1

                                                                            caa6cf20568df03585f248b5f40dc6e399825e52

                                                                            SHA256

                                                                            cde4e4cd1fea4d5e8cad09b889fe3e476721b6c97ee892813003f019af149f7b

                                                                            SHA512

                                                                            f414a68e2e550794feb810611181d90f5913dcd965f1b6128f61b5eadb32ac24fa1076e160e4a4159d7141f442c989c990eaafb1cab2f5b6b6d776d1c6f2b6a8

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                            Filesize

                                                                            7KB

                                                                            MD5

                                                                            d3d386d300856d5c2c9b2dd1de1e712c

                                                                            SHA1

                                                                            1030a7afc0530ce020a9709c650cded37a214141

                                                                            SHA256

                                                                            ee485427dc59693d1393eedd3f9fbef8c5e4fc04e86dca176a801ceca8cedb9e

                                                                            SHA512

                                                                            a15dbf05d4c21ced16c3d4ebdacb9aee413d042f7a6e9dc2c3fdad729c140b12f4cbe3e9798bd7d54cd4c9ead374f08f3710651bc2004bd77282661947e587ab

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                                                            Filesize

                                                                            72B

                                                                            MD5

                                                                            092ba38580ffa446bcb7ad8a171a7a88

                                                                            SHA1

                                                                            f5a1ac2abd4a5a2224625d0f658a2ac410dd3a13

                                                                            SHA256

                                                                            19a302631fffbf5eea502ecc3bb161dfdd0d3d18ee42840561153513ffd4b66b

                                                                            SHA512

                                                                            5103255d7e2012cbf4c071c241079a5ca5ef04353693cd1c9cee7b50fc8986086b4c1c2dcdd8d09f1fd83b49ef57d2e51fbc05a93ea347bc61af7f10ee46d974

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe592bd9.TMP

                                                                            Filesize

                                                                            48B

                                                                            MD5

                                                                            cd21411a6130757f66872ad09a13ce82

                                                                            SHA1

                                                                            c94799aa3bc92469f9a94ce5e66ba29ac5f472f7

                                                                            SHA256

                                                                            4f9b30f125c4aae9347dfbea03bc89eb81df460b437f02b59ea82b137d4c8040

                                                                            SHA512

                                                                            4a284b67320d0820244f269aad609f718a29e6068f0115370783757176fd8faa36c375af6655095f7aa0bebda6165eadd1a4d91ab24119b12d4fbb9c5876b4a7

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                            Filesize

                                                                            874B

                                                                            MD5

                                                                            8fd9a180037bb22a64c9b66cf1776e03

                                                                            SHA1

                                                                            f95da6e8ce34a455f1c50d92f283133fea021e36

                                                                            SHA256

                                                                            ed77f34dc35abedddacc2dce38c5084cf5007701e8aaf2d37051a58f08a59c78

                                                                            SHA512

                                                                            d8ac19d77e3886f907342f29ed02248bfabdcd12528c3196f20855553d9886ae7ec57316d0f62ba30645e96d49cd315c911a428a3a5324a81107d693cb13e183

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                            Filesize

                                                                            1KB

                                                                            MD5

                                                                            66a23e2e78ae686f6ddca87a1a8bb69f

                                                                            SHA1

                                                                            c99506804e2b903085958e6877fda2f073ccd27f

                                                                            SHA256

                                                                            820695b5b3f4e6eadcdf119509eecd23bfbaf8d976ff0af49bc75e90e11289b2

                                                                            SHA512

                                                                            b27445a354560bbdfa37d63a60168c7cc20665cff50ec09e03aea7d1b5d1c0017529ff626658072362eed1793902987283cc4e95477d98192746d775aaae5c5b

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                            Filesize

                                                                            874B

                                                                            MD5

                                                                            50e592b4d1665027e313fd95377114e0

                                                                            SHA1

                                                                            00ecab8ae2c02195fadd4c6c5839a8a54c7fd2b0

                                                                            SHA256

                                                                            450ab486169b63b79f96425a2f2019dff5c99b4857632afc87a91b60355f3ae5

                                                                            SHA512

                                                                            620f481ee9a757a36dd62394efa192c75b29874d9eca50c2c5097ea12ae946a1513fea05d4d745667ea70c7e484526e7eef262a9e774240b07631ad344a3ba3b

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58726c.TMP

                                                                            Filesize

                                                                            872B

                                                                            MD5

                                                                            47d32ce3bae981267b2560cee18a207a

                                                                            SHA1

                                                                            bb38c40a55c1fe661069e644d76cab5e8a5eb4c4

                                                                            SHA256

                                                                            0ecbab1071bf099d15054b466ea800da80acbfe9890c7c5cd101fd3460394407

                                                                            SHA512

                                                                            563c9d229d012622470587e439f787ded1d281f5f54de92c7cd2dcb68ad4658a1e7a3779c7350e96f1278419a35043a4a4dbb2cdf8a46b1ec4ec5c2c8cc2a6f4

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                            Filesize

                                                                            16B

                                                                            MD5

                                                                            46295cac801e5d4857d09837238a6394

                                                                            SHA1

                                                                            44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                            SHA256

                                                                            0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                            SHA512

                                                                            8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                            Filesize

                                                                            16B

                                                                            MD5

                                                                            206702161f94c5cd39fadd03f4014d98

                                                                            SHA1

                                                                            bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                                            SHA256

                                                                            1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                                            SHA512

                                                                            0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\fc111337-5854-4e69-ae3b-7ee6bc070a4d.tmp

                                                                            Filesize

                                                                            1KB

                                                                            MD5

                                                                            7d77e0dcbe5a80321c218cc9f888715c

                                                                            SHA1

                                                                            1179382f451b0aa0ccd1b61323b3497a38a25fbc

                                                                            SHA256

                                                                            c7b4fa8972fedbd699039b25113800f25f77e845458c398816153177a47acc09

                                                                            SHA512

                                                                            b094daa5ab3758c8f876eb747bcdbb2227fd0540af5b412af4517f0f822bad15233365f331bbe386d55809880c28cb4b3dcfe51688bbe69fbb9be4dcc1abb37f

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                            Filesize

                                                                            11KB

                                                                            MD5

                                                                            c68748c3f7360bb6b3e0bdf67680722c

                                                                            SHA1

                                                                            981ad7a1c08b1ce9f52533f7b8be9865bf40775f

                                                                            SHA256

                                                                            50b02a895535d6bc7644e7fa52a080eec6b8bf3f7b5dc9d6ad19aa2513752726

                                                                            SHA512

                                                                            f858fc98e270254da42eb6d0e3c2f6345150c466d0bbbaadb626595c17a85bb751eb6d89422e4febe9cb2babe604154485504981a27fe399e83efd6533132c6a

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                            Filesize

                                                                            10KB

                                                                            MD5

                                                                            8bf980feddddfc28b865252067ac712c

                                                                            SHA1

                                                                            7dd41ec7c0d70afa41cd101db832e45e7363df4e

                                                                            SHA256

                                                                            83a7075850324e056d3903255a757f89b739b3702442f8cbf09c0f4c0aa8eb9c

                                                                            SHA512

                                                                            9c1fa607e6d81a49872fc592b140cb1cb3d73d24cd6928ba233aafdadb38ed129b91e87c9aa84ac93473f0b5a22d56695f2364ad42ebe844e7f51393d7d640e9

                                                                          • C:\Users\Admin\Downloads\AME Wizard Beta.zip

                                                                            Filesize

                                                                            10.2MB

                                                                            MD5

                                                                            2be41db4186f769ff9108231e75c1da5

                                                                            SHA1

                                                                            935b4a8ec709220a43228aebb32c3eefc1a777d4

                                                                            SHA256

                                                                            c982b80cffb5cf6958cc145d4524e3d434d4047280e21eef6ee5770c3a50e435

                                                                            SHA512

                                                                            f0ba1d3f887e7f60ed8298a8d3b946098c5c77a889e45424f8feb29d23f06269fb05b7360d54cdcd48d71d75cab9b319a444e1af05fdc3d9838e853f43dd85cc

                                                                          • C:\Users\Admin\Downloads\Unconfirmed 757308.crdownload

                                                                            Filesize

                                                                            9.3MB

                                                                            MD5

                                                                            ab2f4dd1031ecee05b044d43919690c2

                                                                            SHA1

                                                                            7b2ff2e00c345840b17a551df3c6d206c9f2a475

                                                                            SHA256

                                                                            9f0cdfc1f23ad80609562f2ef6645b4f5ab8ddb746d6ab74483c784a5f31d56a

                                                                            SHA512

                                                                            0c631d2c9955f7d602b46b6da40191b5f6dce206319399abe49c307ae79285319dad6efaf2ad84a35e8a492207aa11ff7546aa43f207818ec0a4aeb5aca98d42