f6e85a09d34fee8569e913af2a11addf2a6a640e22f2a92e691576bbc89de411

Analysis

max time kernel
147s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
18-03-2023 00:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Undertale/UTES_v1.exe
Size

8.9MB
MD5

b42583feeb7a6b516e0ef812d31c58c4
SHA1

f62bd9c28da1b25e2ab9288262f21727f7c47742
SHA256

7b58472a5047d32efffabd53ac8a2353e4977fec9a5701904e179ed65dc73e88
SHA512

2c2ea550ec993332749ea97e8f9ad0fd17ebbe1a9b9f2d323e4b3540446bab555dd35e88c706bd68e5cb669cf6bcaccc32961d789a49840c1a00e8fa7c271ff9
SSDEEP

196608:oUgcIDYt5/Sac35dAlmnJyu8Fk/qKMSPEeSTLy33Hb:onTDy5/S15dhn0wqK5PyLynH

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\f410b986-2b31-46b9-9a43-a37404dec84c.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230318012841.pma	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4140	msedge.exe
4140	msedge.exe
1400	msedge.exe
1400	msedge.exe
4756	identity_helper.exe
4756	identity_helper.exe
4248	msedge.exe
4248	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2776	UTES_v1.exe

Suspicious use of FindShellTrayWindow 13 IoCs

pid	Process
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2776 wrote to memory of 1400	2776	UTES_v1.exe	93
PID 2776 wrote to memory of 1400	2776	UTES_v1.exe	93
PID 1400 wrote to memory of 3932	1400	msedge.exe	94
PID 1400 wrote to memory of 3932	1400	msedge.exe	94
PID 1400 wrote to memory of 5076	1400	msedge.exe	95
PID 1400 wrote to memory of 5076	1400	msedge.exe	95
PID 1400 wrote to memory of 5076	1400	msedge.exe	95
PID 1400 wrote to memory of 5076	1400	msedge.exe	95
PID 1400 wrote to memory of 5076	1400	msedge.exe	95
PID 1400 wrote to memory of 5076	1400	msedge.exe	95
PID 1400 wrote to memory of 5076	1400	msedge.exe	95
PID 1400 wrote to memory of 5076	1400	msedge.exe	95
PID 1400 wrote to memory of 5076	1400	msedge.exe	95
PID 1400 wrote to memory of 5076	1400	msedge.exe	95
PID 1400 wrote to memory of 5076	1400	msedge.exe	95
PID 1400 wrote to memory of 5076	1400	msedge.exe	95
PID 1400 wrote to memory of 5076	1400	msedge.exe	95
PID 1400 wrote to memory of 5076	1400	msedge.exe	95
PID 1400 wrote to memory of 5076	1400	msedge.exe	95
PID 1400 wrote to memory of 5076	1400	msedge.exe	95
PID 1400 wrote to memory of 5076	1400	msedge.exe	95
PID 1400 wrote to memory of 5076	1400	msedge.exe	95
PID 1400 wrote to memory of 5076	1400	msedge.exe	95
PID 1400 wrote to memory of 5076	1400	msedge.exe	95
PID 1400 wrote to memory of 5076	1400	msedge.exe	95
PID 1400 wrote to memory of 5076	1400	msedge.exe	95
PID 1400 wrote to memory of 5076	1400	msedge.exe	95
PID 1400 wrote to memory of 5076	1400	msedge.exe	95
PID 1400 wrote to memory of 5076	1400	msedge.exe	95
PID 1400 wrote to memory of 5076	1400	msedge.exe	95
PID 1400 wrote to memory of 5076	1400	msedge.exe	95
PID 1400 wrote to memory of 5076	1400	msedge.exe	95
PID 1400 wrote to memory of 5076	1400	msedge.exe	95
PID 1400 wrote to memory of 5076	1400	msedge.exe	95
PID 1400 wrote to memory of 5076	1400	msedge.exe	95
PID 1400 wrote to memory of 5076	1400	msedge.exe	95
PID 1400 wrote to memory of 5076	1400	msedge.exe	95
PID 1400 wrote to memory of 5076	1400	msedge.exe	95
PID 1400 wrote to memory of 5076	1400	msedge.exe	95
PID 1400 wrote to memory of 5076	1400	msedge.exe	95
PID 1400 wrote to memory of 5076	1400	msedge.exe	95
PID 1400 wrote to memory of 5076	1400	msedge.exe	95
PID 1400 wrote to memory of 5076	1400	msedge.exe	95
PID 1400 wrote to memory of 5076	1400	msedge.exe	95
PID 1400 wrote to memory of 4140	1400	msedge.exe	96
PID 1400 wrote to memory of 4140	1400	msedge.exe	96
PID 1400 wrote to memory of 3372	1400	msedge.exe	97
PID 1400 wrote to memory of 3372	1400	msedge.exe	97
PID 1400 wrote to memory of 3372	1400	msedge.exe	97
PID 1400 wrote to memory of 3372	1400	msedge.exe	97
PID 1400 wrote to memory of 3372	1400	msedge.exe	97
PID 1400 wrote to memory of 3372	1400	msedge.exe	97
PID 1400 wrote to memory of 3372	1400	msedge.exe	97
PID 1400 wrote to memory of 3372	1400	msedge.exe	97
PID 1400 wrote to memory of 3372	1400	msedge.exe	97
PID 1400 wrote to memory of 3372	1400	msedge.exe	97
PID 1400 wrote to memory of 3372	1400	msedge.exe	97
PID 1400 wrote to memory of 3372	1400	msedge.exe	97
PID 1400 wrote to memory of 3372	1400	msedge.exe	97
PID 1400 wrote to memory of 3372	1400	msedge.exe	97
PID 1400 wrote to memory of 3372	1400	msedge.exe	97
PID 1400 wrote to memory of 3372	1400	msedge.exe	97
PID 1400 wrote to memory of 3372	1400	msedge.exe	97
PID 1400 wrote to memory of 3372	1400	msedge.exe	97

C:\Users\Admin\AppData\Local\Temp\Undertale\UTES_v1.exe
"C:\Users\Admin\AppData\Local\Temp\Undertale\UTES_v1.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://download.undertale-spanish.com/UTES-2.0.0.0.zip
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:1400
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffdac6446f8,0x7ffdac644708,0x7ffdac644718
    3⤵
    PID:3932
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,16615753426541296997,16872089346695715408,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
    3⤵
    PID:5076
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,16615753426541296997,16872089346695715408,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4140
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,16615753426541296997,16872089346695715408,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
    3⤵
    PID:3372
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16615753426541296997,16872089346695715408,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
    3⤵
    PID:4320
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16615753426541296997,16872089346695715408,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
    3⤵
    PID:1496
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16615753426541296997,16872089346695715408,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
    3⤵
    PID:3796
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16615753426541296997,16872089346695715408,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
    3⤵
    PID:1324
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,16615753426541296997,16872089346695715408,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5728 /prefetch:8
    3⤵
    PID:2176
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
    3⤵
    - Drops file in Program Files directory
    PID:1760
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff6ec6e5460,0x7ff6ec6e5470,0x7ff6ec6e5480
      4⤵
      PID:1564
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,16615753426541296997,16872089346695715408,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5728 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4756
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,16615753426541296997,16872089346695715408,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3868 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4248
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16615753426541296997,16872089346695715408,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
    3⤵
    PID:1716
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,16615753426541296997,16872089346695715408,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3892 /prefetch:8
    3⤵
    PID:4812
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16615753426541296997,16872089346695715408,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
    3⤵
    PID:3676
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16615753426541296997,16872089346695715408,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
    3⤵
    PID:2952
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,16615753426541296997,16872089346695715408,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1704 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1560

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1504

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0820611471c1bb55fa7be7430c7c6329

SHA1
5ce7a9712722684223aced2522764c1e3a43fbb9

SHA256
f00d04749a374843bd118b41f669f8b0a20d76526c34b554c3ccac5ebd2f4f75

SHA512
77ea022b4265f3962f5e07a0a790f428c885da0cc11be0975285ce0eee4a2eec0a7cda9ea8f366dc2a946679b5dd927c5f94b527de6515856b68b8d08e435148

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
425e83cc5a7b1f8edfbec7d986058b01

SHA1
432a90a25e714c618ff30631d9fdbe3606b0d0df

SHA256
060a2e5f65b8f3b79a8d4a0c54b877cfe032f558beb0888d6f810aaeef8579bd

SHA512
4bf074de60e7849ade26119ef778fe67ea47691efff45f3d5e0b25de2d06fcc6f95a2cfcdbed85759a5c078bb371fe57de725babda2f44290b4dc42d7b6001af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
b5547f45b06cbb7b9c8767ed4a597ac1

SHA1
9cf2dbbdf91ec7da69edf35785d1b595643eed2c

SHA256
325c76679f82f56d25ed5d716b920c9843c3a3db7e229f803dc1769993298c08

SHA512
8e3828433f95878d8a0cbb2863194bec3bdba7f3ff47f8a8c296b5cd5953af7c6aecb6ff7d9a565843a784768515f73b0ad9d087d19b3463e8803a606087f9dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8911a60838d6785ade35d04fbe2a688e

SHA1
a18a24f4d61e8d12023c30323d2acae5c0c85bfa

SHA256
8051049ef1608e49ca4484b956d4ae935b031fa10825977fc4358023bedc9cc6

SHA512
070278facabb22aed970cd312ea4a2f438396010ef62eccd261aa90328fef06904ce8f05f2d219411ad7cb212bef0c34bd4708f7d483ee92a7cb43570c624816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
91de7a00ef3a47e759f4f0ac99d57605

SHA1
e2a040f019f2dfee98667e18706c7dfea65d8805

SHA256
63260402f2fb61b5527375f163bd5d8a62ce130a68b84c53cca34c711dd78029

SHA512
9f65115caaad2272715c83ac05e1ee6e35b2ac13031aba4582c9ae863f618b04d7bae332f25d1ab0756b267399076886c9a9058b3596e52019bb983b1b01c5b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
672a150e164b9f8adff2d884d6a9d7e2

SHA1
635edc20264b70ebc6e08d092357dbf7e53bb097

SHA256
ee52b7d30c15f4def465b8464f8b7ccf3ed1900bdf48230c410360dc42349d1b

SHA512
4aa59c99fe36d98dbf8be516df79f2fbe361520a9f468fef0ec30fc52bba72d517856d9adcbf4dea9493d9e96ace7f58906c99ea78e2482b528d82bd9463cf9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
d53ac35ab3976e67caeed75c4d44ffc1

SHA1
c139ab66d75dc06f98ada34b5baf4d5693266176

SHA256
647867c7236bcb78b7d585b476d82a101a077fac43c78dc59e612253fbf69437

SHA512
391355c71734ded913239a6db10a3202087e756bccc8e29411108f21b3f2460d9a9c606619aadd785285be70eddcf61ef9519441cd387cd3823c1399a6967cc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
dce1b97c10d595fa7c15e4e1f6bde761

SHA1
339a80d3568f4cd7c9ce7c5c45c86971e26d7520

SHA256
5002a774925602d9aa599f8566709b78f4667a9d6618da72e63053148f63f490

SHA512
61fea34dec0401c7346ee503fda7f0c98ea873c00f0fc95f501fc814bf7689df5b5cb293db4ea44dcc1bb110cedf4be191c568fefba6713149edb7354abe94b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
cfd85e6229dde6fa6e832bcd3f3e4211

SHA1
cf0bebe1e5f5e40c0afb507c3139ad014f9c6954

SHA256
124af13cf7cac6c862b6f3b304a093ce3987f4371e306d2ae3059874dffd47be

SHA512
4295ddbc9ca5d0e0ad4c116b97308b39337c015969e8d1c0eb2999b817decb79ea955c198e60b72f4d72a9c8f0e2d59b6bfa8497959e338e7c0583dfda8844d5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
277711b70d344b949ac3d5a7b6db4bee

SHA1
cfc8e7e871ff96f0b3620ac826b8d1d645d96111

SHA256
484c79d7bdc5295ba61af5901a15b3972ad070c0d0c429ba8833093841d53926

SHA512
9f7183df6e41f4575c918c89541b48178516c590a9f4f677771d354d21d626ad9390b238d1925fd92284d1d7138afe4db8d2647483b922acb371160d9e3add42

Download Submit
C:\Users\Admin\Downloads\UTES-2.0.0.0.zip

Filesize
9.8MB

MD5
90e009f66cd2f9969df615a456ef06cc

SHA1
d48e9e95c473521aff916cf865ef256007b69843

SHA256
89021bde3b4a1506b290ebf906ba4fa5cd9008779c7083f9c4f63dd473a5561a

SHA512
1a742a2f9ea5bc635d75936029506345684f19bd29ebedcd192faf333aec4a790421518d5cbde8594acaf5de0486e3d01580affbb287a96119b5cc25a4d9bb74

Download Submit
memory/2776-142-0x0000000006450000-0x0000000006460000-memory.dmp

Filesize
64KB

Download
memory/2776-140-0x0000000006450000-0x0000000006460000-memory.dmp

Filesize
64KB

Download
memory/2776-133-0x0000000000F20000-0x000000000180E000-memory.dmp

Filesize
8.9MB

Download
memory/2776-139-0x0000000006450000-0x0000000006460000-memory.dmp

Filesize
64KB

Download
memory/2776-284-0x0000000006450000-0x0000000006460000-memory.dmp

Filesize
64KB

Download
memory/2776-138-0x00000000063B0000-0x0000000006406000-memory.dmp

Filesize
344KB

Download
memory/2776-137-0x00000000061B0000-0x00000000061BA000-memory.dmp

Filesize
40KB

Download
memory/2776-136-0x0000000006310000-0x00000000063A2000-memory.dmp

Filesize
584KB

Download
memory/2776-135-0x0000000006820000-0x0000000006DC4000-memory.dmp

Filesize
5.6MB

Download
memory/2776-134-0x00000000061D0000-0x000000000626C000-memory.dmp

Filesize
624KB

Download