Resubmissions

18-12-2024 12:18

241218-pgqceazlfn 7

18-12-2024 12:17

241218-pf4hmsylet 7

18-12-2024 12:16

241218-pfevaaylb1 7

18-12-2024 12:14

241218-pegbqazkhp 10

18-12-2024 12:09

241218-pbmdkayjf1 10

Analysis

  • max time kernel
    37s
  • max time network
    37s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-12-2024 12:17

General

  • Target

    https://gofile.io/d/kQoB54

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file 1 IoCs
  • Executes dropped EXE 4 IoCs
  • Drops desktop.ini file(s) 2 IoCs
  • Drops file in Windows directory 3 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 13 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 7 IoCs
  • Suspicious use of FindShellTrayWindow 35 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://gofile.io/d/kQoB54
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2444
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff160146f8,0x7fff16014708,0x7fff16014718
      2⤵
        PID:3616
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,14628866687827436472,16530987266149598596,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
        2⤵
          PID:3356
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,14628866687827436472,16530987266149598596,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2432 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1260
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,14628866687827436472,16530987266149598596,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2624 /prefetch:8
          2⤵
            PID:3612
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14628866687827436472,16530987266149598596,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
            2⤵
              PID:516
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14628866687827436472,16530987266149598596,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
              2⤵
                PID:1248
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14628866687827436472,16530987266149598596,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4620 /prefetch:1
                2⤵
                  PID:4408
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,14628866687827436472,16530987266149598596,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4840 /prefetch:8
                  2⤵
                    PID:2540
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,14628866687827436472,16530987266149598596,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4840 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:1832
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14628866687827436472,16530987266149598596,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
                    2⤵
                      PID:2552
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14628866687827436472,16530987266149598596,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:1
                      2⤵
                        PID:1768
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14628866687827436472,16530987266149598596,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
                        2⤵
                          PID:324
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2176,14628866687827436472,16530987266149598596,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3892 /prefetch:8
                          2⤵
                            PID:3212
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14628866687827436472,16530987266149598596,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
                            2⤵
                              PID:1648
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2176,14628866687827436472,16530987266149598596,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:3972
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14628866687827436472,16530987266149598596,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
                              2⤵
                                PID:4912
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14628866687827436472,16530987266149598596,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
                                2⤵
                                  PID:3300
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:2148
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:2436
                                  • C:\Windows\System32\rundll32.exe
                                    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                    1⤵
                                      PID:2796
                                    • C:\Program Files\7-Zip\7zG.exe
                                      "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Steam Checker by Mr.ViPER\" -ad -an -ai#7zMap18236:112:7zEvent7210
                                      1⤵
                                      • Drops desktop.ini file(s)
                                      • Suspicious use of AdjustPrivilegeToken
                                      • Suspicious use of FindShellTrayWindow
                                      PID:1004
                                    • C:\Users\Admin\Downloads\Steam Checker by Mr.ViPER\Steam Checker by Mr.ViPER\Steam API Cracker Coded by MR.ViPER - v3.0.exe
                                      "C:\Users\Admin\Downloads\Steam Checker by Mr.ViPER\Steam Checker by Mr.ViPER\Steam API Cracker Coded by MR.ViPER - v3.0.exe"
                                      1⤵
                                      • Checks computer location settings
                                      • Drops startup file
                                      • Executes dropped EXE
                                      • Drops file in Windows directory
                                      • System Location Discovery: System Language Discovery
                                      PID:3552
                                      • C:\Windows\Program Files (x86)\Microsoft Host Interface\Data\Microsoft Windows Protocol Services Host.exe
                                        "C:\Windows\Program Files (x86)\Microsoft Host Interface\Data\Microsoft Windows Protocol Services Host.exe" {Arguments If Needed}
                                        2⤵
                                        • Checks computer location settings
                                        • Executes dropped EXE
                                        • Suspicious behavior: AddClipboardFormatListener
                                        • Suspicious behavior: EnumeratesProcesses
                                        • Suspicious use of AdjustPrivilegeToken
                                        PID:1684
                                        • C:\Windows\Program Files (x86)\Microsoft Host Interface\Data\Microsoft Windows Protocol Monitor.exe
                                          "C:\Windows\Program Files (x86)\Microsoft Host Interface\Data\Microsoft Windows Protocol Monitor.exe"
                                          3⤵
                                          • Executes dropped EXE
                                          • System Location Discovery: System Language Discovery
                                          • Suspicious behavior: EnumeratesProcesses
                                          • Suspicious use of AdjustPrivilegeToken
                                          PID:4428
                                      • C:\Users\Admin\Downloads\Steam Checker by Mr.ViPER\Steam Checker by Mr.ViPER\Data\SteamApi.exe
                                        "C:\Users\Admin\Downloads\Steam Checker by Mr.ViPER\Steam Checker by Mr.ViPER\Data\SteamApi.exe" {Arguments If Needed}
                                        2⤵
                                        • Executes dropped EXE
                                        • System Location Discovery: System Language Discovery
                                        • Suspicious use of AdjustPrivilegeToken
                                        PID:4396

                                    Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                      Filesize

                                      152B

                                      MD5

                                      dc058ebc0f8181946a312f0be99ed79c

                                      SHA1

                                      0c6f376ed8f2d4c275336048c7c9ef9edf18bff0

                                      SHA256

                                      378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a

                                      SHA512

                                      36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                      Filesize

                                      152B

                                      MD5

                                      a0486d6f8406d852dd805b66ff467692

                                      SHA1

                                      77ba1f63142e86b21c951b808f4bc5d8ed89b571

                                      SHA256

                                      c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

                                      SHA512

                                      065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                      Filesize

                                      144B

                                      MD5

                                      94f193f626fcb62536c927ac17114599

                                      SHA1

                                      b624c44630c6d4ca4cbe2a19e36ea087c08c605b

                                      SHA256

                                      7659151ad533d38b93e3e75df767b65c2f5177ba6bc946b842c2b0b45eb30391

                                      SHA512

                                      e48c3aba39f6d3e58d9b936ef7019a90e9b53c33877af4ffd0e4d884dfc0741e2d37bf649851d5f5cf757d23118cfdb72aa151804b887cacc0e71aae5e59d127

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                      Filesize

                                      391B

                                      MD5

                                      5c859d9288a60d235b3cad2c36ab5670

                                      SHA1

                                      e51cad875defee4028accce6de5bde1b6ca94dc6

                                      SHA256

                                      3f28f1593628cfb46518b9252683e3a8b0bfb921021be4c6ae413f114ccbb517

                                      SHA512

                                      24c6cc4268ceff420cc3026217c35566680a05e584498278e7c479a03cf55f8461135c607a849600a117e1d59719e7eb6e289087575689556d90ca0a9671ea8e

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                      Filesize

                                      5KB

                                      MD5

                                      95d9d67592ccd2ef1301c9416f879219

                                      SHA1

                                      9fe820c7d7344429146806ec21be826afc6f5e99

                                      SHA256

                                      ddcf7164e17a27a0bbae24b165beced0f1d90fe4be3f9691670f1812ced1da4f

                                      SHA512

                                      bcd08710900a70f2ce2f33a914c1083b2f46c566a1ef579df8e421104f6524e3288029e8b2424636f2e724637b1c1314ed64c55ddfd9ff85fcf8e3e336fa994c

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                      Filesize

                                      6KB

                                      MD5

                                      4bb2a5efac2d10642b88f9d943c13ce3

                                      SHA1

                                      0d8a45cf50f2e82e6df0bf05c84a6867bfa8bd7e

                                      SHA256

                                      fe196f497a39d878f17dba47ee7d936f88ab8ba0efe0f9a409c287198144edff

                                      SHA512

                                      86f139497f555c478fc1365e4a40bb99f924b807c18c4c0510074dd3aa049650cb8299924ebfc538fe0637aa68f7f47a70a4602f175575e07dcd9cf277200ec7

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                      Filesize

                                      16B

                                      MD5

                                      6752a1d65b201c13b62ea44016eb221f

                                      SHA1

                                      58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                      SHA256

                                      0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                      SHA512

                                      9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                      Filesize

                                      10KB

                                      MD5

                                      619758ed8a601987aaa1b826e5b0e688

                                      SHA1

                                      134234b860c533ac4c0eab482c5c96ebf28bc665

                                      SHA256

                                      77d48a3cd046763bade288f51a928fc97097a5e0c9ca0bb227271beb283d2dab

                                      SHA512

                                      2e0688b619fde15540b19849f9e738aa846ff6a7cc640e39cfc9eb629a47ae7fb38d27dfd21f7a1b8d488f846034409131446f56427135490c676f4a076edafe

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                      Filesize

                                      10KB

                                      MD5

                                      4e42603b47b39a708ef10c1f6b8a892b

                                      SHA1

                                      183f8ab78893bd919eb3728a001a25e7ac2b7a97

                                      SHA256

                                      1c20cb3a7c1dbada89ebb9af87657e9bcc2595b49b5f8440abac9ece68791be0

                                      SHA512

                                      092bea7b315d89d47a69fe431269188e9532a5452d1b59d774165cb02d771d5603a9983345117895a6ed273104d30e91c49c4ea7d3a5138cc4e3c0b3dac5ee4c

                                    • C:\Users\Admin\Downloads\Steam Checker by Mr.ViPER.rar

                                      Filesize

                                      1.8MB

                                      MD5

                                      659ccac29a8ef6a918146e1585ed4288

                                      SHA1

                                      a06ebb0d13ea282bcc75b7bc8696cedc0a242696

                                      SHA256

                                      47715294a4a85e5308a26b046bc13768f3e300911875ad92b8506aa154ef1a61

                                      SHA512

                                      bb466106d7485dba2fb193186a771cfcbe85d2b6d1ec7a70040c8b4d4238b9ba7d101ca3aa6d294fd1f399b3596ce70902c72bd4407b1b7f0447b8166bbfc695

                                    • C:\Users\Admin\Downloads\Steam Checker by Mr.ViPER\Steam Checker by Mr.ViPER\Data\Microsoft Windows Protocol Monitor.exe

                                      Filesize

                                      9KB

                                      MD5

                                      61fce223872024b0ecb0bb2a7ffb7c47

                                      SHA1

                                      f893d620f9d843c8bdb86a0375f856508a6ce136

                                      SHA256

                                      4b5069b9708a8e97b17af6aa96cf2112877a675b4dbc1f6dbc2601b494b35d11

                                      SHA512

                                      8926a5f7d6aa862351044d79a634decda989b50ad422ba3e9a97c573ff618a8314607a7afe093925f56d87861eefb31d3820d9e02b1cf2847c0e6072880ac192

                                    • C:\Users\Admin\Downloads\Steam Checker by Mr.ViPER\Steam Checker by Mr.ViPER\Data\Microsoft Windows Protocol Services Host.exe

                                      Filesize

                                      9KB

                                      MD5

                                      b90f7cd95e2f8ffcf180a4c96be66014

                                      SHA1

                                      4fd7eeb26b6eb7227262d0d8cf6fac947a9ff231

                                      SHA256

                                      38a61d517c08fe4da2798c9a42d5bde4bbadf3758cf70638709a3eef5079e8e1

                                      SHA512

                                      e83d9d8971a2374d5694fd8a45814f1307f891b8dfb2bdda80911948b762bcedc9de236462caf88e3398c3287a00f08db9274f5739a1f9259ef8de0aea018795

                                    • C:\Users\Admin\Downloads\Steam Checker by Mr.ViPER\Steam Checker by Mr.ViPER\Data\SteamApi.exe

                                      Filesize

                                      1.1MB

                                      MD5

                                      428b193b299abf00ffb17a13e3485ca3

                                      SHA1

                                      d22e03b1abaff0e862bb371afade0a9103364e03

                                      SHA256

                                      07a95c611eeca43f18c36211ba9a710d5dbb59f4339ed1faac1523f31107a092

                                      SHA512

                                      42b007ff51052c5b643760fb8490bfe717fe9ee146be5b301db0df8dfa65ac61bfd1829445e0b0237150db003db1f5eb5e82fe3e47b26c5b337ae36d5a61de33

                                    • C:\Users\Admin\Downloads\Steam Checker by Mr.ViPER\Steam Checker by Mr.ViPER\Steam API Cracker Coded by MR.ViPER - v3.0.exe

                                      Filesize

                                      13KB

                                      MD5

                                      0bda6a46010a4798858b725d4fad4394

                                      SHA1

                                      056e416d1802f0b2a7618caaba58439dbc10ff5c

                                      SHA256

                                      b90901e5f167d0631bf924e4d616881c91a0f2cc3c6f498f4f0f896a6ffb46f9

                                      SHA512

                                      1bd6951193166cc661a0742c9b1c6a03c5f25a20d8185e2b307565822a06d01caf3efa8335d3b7f6ffc4bf3c9c02a22f46d42635f0a0c49279690d375d67c6e0

                                    • C:\Users\Admin\Downloads\Steam Checker by Mr.ViPER\Steam Checker by Mr.ViPER\xNet.dll

                                      Filesize

                                      116KB

                                      MD5

                                      3df8d87a482efad957d83819adb3020f

                                      SHA1

                                      f5b710581355ac5d0de7a36446b93533232144db

                                      SHA256

                                      2ac175b4d44245ee8e7aee9cc36df86925ef903d8516f20a2c51d84e35f23da4

                                      SHA512

                                      da28c34a85a6530b1c558fa11b0e71e70710d719cd8ceaf81f954d1fe3927ec139bee6c5f3135425cc5220905240f1a31d831611c46d18f5d52600b607ea59a6

                                    • memory/1684-237-0x0000000000080000-0x0000000000088000-memory.dmp

                                      Filesize

                                      32KB

                                    • memory/3552-215-0x00000000052D0000-0x00000000052DA000-memory.dmp

                                      Filesize

                                      40KB

                                    • memory/3552-212-0x0000000000900000-0x000000000090A000-memory.dmp

                                      Filesize

                                      40KB

                                    • memory/3552-220-0x00000000069E0000-0x0000000006A56000-memory.dmp

                                      Filesize

                                      472KB

                                    • memory/3552-221-0x0000000007030000-0x000000000704E000-memory.dmp

                                      Filesize

                                      120KB

                                    • memory/3552-214-0x0000000005310000-0x00000000053A2000-memory.dmp

                                      Filesize

                                      584KB

                                    • memory/3552-213-0x00000000057E0000-0x0000000005D84000-memory.dmp

                                      Filesize

                                      5.6MB

                                    • memory/4396-239-0x0000000000420000-0x000000000054A000-memory.dmp

                                      Filesize

                                      1.2MB

                                    • memory/4396-240-0x0000000004E10000-0x0000000004EAC000-memory.dmp

                                      Filesize

                                      624KB

                                    • memory/4396-244-0x00000000051D0000-0x0000000005226000-memory.dmp

                                      Filesize

                                      344KB

                                    • memory/4396-245-0x0000000005290000-0x00000000052AC000-memory.dmp

                                      Filesize

                                      112KB

                                    • memory/4428-243-0x0000000000B50000-0x0000000000B58000-memory.dmp

                                      Filesize

                                      32KB