fe6ef89f60d6ee9658e4a95126daf760ab983996cdc32b11fa7cd222e52059d1

Resubmissions

20/02/2024, 15:50

240220-s93d8abe65 8

20/02/2024, 15:31

240220-syjgzabc44 8

20/02/2024, 15:24

240220-ss225abb57 8

Analysis

max time kernel
1801s
max time network
1706s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
20/02/2024, 15:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Overwatch Server Blocker.exe
Size

248KB
MD5

2dd1ef815043e4cad7a8824bda5749b4
SHA1

ba1ce1ac279195d0d94142ddddf33169730a12f9
SHA256

fe6ef89f60d6ee9658e4a95126daf760ab983996cdc32b11fa7cd222e52059d1
SHA512

b96fa87ac5f7ad14e338f3314e91a5b05b65bcea9affaa4f37ac78385507642a45ee5a3b2237c2fca50ff0dfd9f6a8a42c308e3703fa065544e1fb24160ffb94
SSDEEP

3072:Zg95y39boeOQ9WwzzLjE5UPtJ0zLjE5UZS1VlVo:Zg95c9b/ztPcztZmV

Score

8^/10

upx

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 5 IoCs

pid	Process
4456	TamozaTweaks.exe
2676	Ultra Mute.exe
4184	Ultra Mute.exe
3732	Ultra Mute.exe
2336	Ultra Mute.exe

Loads dropped DLL 16 IoCs

pid	Process
2676	Ultra Mute.exe
2676	Ultra Mute.exe
2676	Ultra Mute.exe
2676	Ultra Mute.exe
4184	Ultra Mute.exe
4184	Ultra Mute.exe
4184	Ultra Mute.exe
4184	Ultra Mute.exe
3732	Ultra Mute.exe
3732	Ultra Mute.exe
3732	Ultra Mute.exe
3732	Ultra Mute.exe
2336	Ultra Mute.exe
2336	Ultra Mute.exe
2336	Ultra Mute.exe
2336	Ultra Mute.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x000500000001e1b6-780.dat	upx

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
120	api.ipify.org
121	api.ipify.org

Drops file in Program Files directory 9 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Ultra Mute\AudioSwitcher.AudioApi.CoreAudio.dll	UltraMute_v2.1.exe
File created	C:\Program Files (x86)\Ultra Mute\AudioSwitcher.AudioApi.dll	UltraMute_v2.1.exe
File opened for modification	C:\Program Files (x86)\Ultra Mute\AudioSwitcher.AudioApi.dll	UltraMute_v2.1.exe
File created	C:\Program Files (x86)\Ultra Mute\Uninstall.exe	UltraMute_v2.1.exe
File opened for modification	C:\Program Files (x86)\Ultra Mute\AudioSwitcher.AudioApi.CoreAudio.dll	UltraMute_v2.1.exe
File created	C:\Program Files (x86)\Ultra Mute\Ultra Mute.exe	UltraMute_v2.1.exe
File opened for modification	C:\Program Files (x86)\Ultra Mute\Ultra Mute.exe	UltraMute_v2.1.exe
File opened for modification	C:\Program Files (x86)\Ultra Mute\Uninstall.exe	UltraMute_v2.1.exe
File created	C:\Program Files (x86)\Ultra Mute\Uninstall.ini	UltraMute_v2.1.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	TamozaTweaks.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	TamozaTweaks.exe

Enumerates system info in registry 2 TTPs 8 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	TamozaTweaks.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	TamozaTweaks.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	TamozaTweaks.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVersion	TamozaTweaks.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSReleaseDate	TamozaTweaks.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 684442.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 21 IoCs

pid	Process
3756	msedge.exe
3756	msedge.exe
2536	msedge.exe
2536	msedge.exe
4424	identity_helper.exe
4424	identity_helper.exe
2424	msedge.exe
2424	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
4456	TamozaTweaks.exe
4456	TamozaTweaks.exe
4456	TamozaTweaks.exe
4456	TamozaTweaks.exe
4456	TamozaTweaks.exe
2524	msedge.exe
2524	msedge.exe
3988	UltraMute_v2.1.exe
3988	UltraMute_v2.1.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4456	TamozaTweaks.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe

Suspicious use of SendNotifyMessage 36 IoCs

pid	Process
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2676	Ultra Mute.exe
4184	Ultra Mute.exe
3732	Ultra Mute.exe
2336	Ultra Mute.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2464 wrote to memory of 2536	2464	Overwatch Server Blocker.exe	84
PID 2464 wrote to memory of 2536	2464	Overwatch Server Blocker.exe	84
PID 2536 wrote to memory of 3868	2536	msedge.exe	85
PID 2536 wrote to memory of 3868	2536	msedge.exe	85
PID 2536 wrote to memory of 2352	2536	msedge.exe	86
PID 2536 wrote to memory of 2352	2536	msedge.exe	86
PID 2536 wrote to memory of 2352	2536	msedge.exe	86
PID 2536 wrote to memory of 2352	2536	msedge.exe	86
PID 2536 wrote to memory of 2352	2536	msedge.exe	86
PID 2536 wrote to memory of 2352	2536	msedge.exe	86
PID 2536 wrote to memory of 2352	2536	msedge.exe	86
PID 2536 wrote to memory of 2352	2536	msedge.exe	86
PID 2536 wrote to memory of 2352	2536	msedge.exe	86
PID 2536 wrote to memory of 2352	2536	msedge.exe	86
PID 2536 wrote to memory of 2352	2536	msedge.exe	86
PID 2536 wrote to memory of 2352	2536	msedge.exe	86
PID 2536 wrote to memory of 2352	2536	msedge.exe	86
PID 2536 wrote to memory of 2352	2536	msedge.exe	86
PID 2536 wrote to memory of 2352	2536	msedge.exe	86
PID 2536 wrote to memory of 2352	2536	msedge.exe	86
PID 2536 wrote to memory of 2352	2536	msedge.exe	86
PID 2536 wrote to memory of 2352	2536	msedge.exe	86
PID 2536 wrote to memory of 2352	2536	msedge.exe	86
PID 2536 wrote to memory of 2352	2536	msedge.exe	86
PID 2536 wrote to memory of 2352	2536	msedge.exe	86
PID 2536 wrote to memory of 2352	2536	msedge.exe	86
PID 2536 wrote to memory of 2352	2536	msedge.exe	86
PID 2536 wrote to memory of 2352	2536	msedge.exe	86
PID 2536 wrote to memory of 2352	2536	msedge.exe	86
PID 2536 wrote to memory of 2352	2536	msedge.exe	86
PID 2536 wrote to memory of 2352	2536	msedge.exe	86
PID 2536 wrote to memory of 2352	2536	msedge.exe	86
PID 2536 wrote to memory of 2352	2536	msedge.exe	86
PID 2536 wrote to memory of 2352	2536	msedge.exe	86
PID 2536 wrote to memory of 2352	2536	msedge.exe	86
PID 2536 wrote to memory of 2352	2536	msedge.exe	86
PID 2536 wrote to memory of 2352	2536	msedge.exe	86
PID 2536 wrote to memory of 2352	2536	msedge.exe	86
PID 2536 wrote to memory of 2352	2536	msedge.exe	86
PID 2536 wrote to memory of 2352	2536	msedge.exe	86
PID 2536 wrote to memory of 2352	2536	msedge.exe	86
PID 2536 wrote to memory of 2352	2536	msedge.exe	86
PID 2536 wrote to memory of 2352	2536	msedge.exe	86
PID 2536 wrote to memory of 2352	2536	msedge.exe	86
PID 2536 wrote to memory of 3756	2536	msedge.exe	87
PID 2536 wrote to memory of 3756	2536	msedge.exe	87
PID 2536 wrote to memory of 4136	2536	msedge.exe	88
PID 2536 wrote to memory of 4136	2536	msedge.exe	88
PID 2536 wrote to memory of 4136	2536	msedge.exe	88
PID 2536 wrote to memory of 4136	2536	msedge.exe	88
PID 2536 wrote to memory of 4136	2536	msedge.exe	88
PID 2536 wrote to memory of 4136	2536	msedge.exe	88
PID 2536 wrote to memory of 4136	2536	msedge.exe	88
PID 2536 wrote to memory of 4136	2536	msedge.exe	88
PID 2536 wrote to memory of 4136	2536	msedge.exe	88
PID 2536 wrote to memory of 4136	2536	msedge.exe	88
PID 2536 wrote to memory of 4136	2536	msedge.exe	88
PID 2536 wrote to memory of 4136	2536	msedge.exe	88
PID 2536 wrote to memory of 4136	2536	msedge.exe	88
PID 2536 wrote to memory of 4136	2536	msedge.exe	88
PID 2536 wrote to memory of 4136	2536	msedge.exe	88
PID 2536 wrote to memory of 4136	2536	msedge.exe	88
PID 2536 wrote to memory of 4136	2536	msedge.exe	88
PID 2536 wrote to memory of 4136	2536	msedge.exe	88

C:\Users\Admin\AppData\Local\Temp\Overwatch Server Blocker.exe
"C:\Users\Admin\AppData\Local\Temp\Overwatch Server Blocker.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://tamoza.net/
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2536
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe847e46f8,0x7ffe847e4708,0x7ffe847e4718
    3⤵
    PID:3868
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,9722198887146976543,410310373680381698,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
    3⤵
    PID:2352
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,9722198887146976543,410310373680381698,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3756
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,9722198887146976543,410310373680381698,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2556 /prefetch:8
    3⤵
    PID:4136
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9722198887146976543,410310373680381698,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
    3⤵
    PID:3368
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9722198887146976543,410310373680381698,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
    3⤵
    PID:1940
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9722198887146976543,410310373680381698,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
    3⤵
    PID:4740
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,9722198887146976543,410310373680381698,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5924 /prefetch:8
    3⤵
    PID:3264
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,9722198887146976543,410310373680381698,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5924 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4424
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9722198887146976543,410310373680381698,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
    3⤵
    PID:2168
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9722198887146976543,410310373680381698,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
    3⤵
    PID:3944
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9722198887146976543,410310373680381698,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
    3⤵
    PID:1372
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9722198887146976543,410310373680381698,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
    3⤵
    PID:2440
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9722198887146976543,410310373680381698,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
    3⤵
    PID:3928
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9722198887146976543,410310373680381698,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
    3⤵
    PID:2292
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9722198887146976543,410310373680381698,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2476 /prefetch:1
    3⤵
    PID:2824
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9722198887146976543,410310373680381698,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1
    3⤵
    PID:920
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1900,9722198887146976543,410310373680381698,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5788 /prefetch:8
    3⤵
    PID:3456
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1900,9722198887146976543,410310373680381698,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6276 /prefetch:8
    3⤵
    PID:1504
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1900,9722198887146976543,410310373680381698,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6560 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2424
- - C:\Users\Admin\Downloads\TamozaTweaks.exe
    "C:\Users\Admin\Downloads\TamozaTweaks.exe"
    3⤵
    - Executes dropped EXE
    - Checks processor information in registry
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4456
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,9722198887146976543,410310373680381698,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5052 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2376
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9722198887146976543,410310373680381698,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
    3⤵
    PID:2572
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9722198887146976543,410310373680381698,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2264 /prefetch:1
    3⤵
    PID:2372
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9722198887146976543,410310373680381698,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
    3⤵
    PID:4604
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1900,9722198887146976543,410310373680381698,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5024 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2524

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2168

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2172

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1008

C:\Users\Admin\AppData\Local\Temp\Temp1_Ultra_Mute_v2.1.zip\UltraMute_v2.1.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Ultra_Mute_v2.1.zip\UltraMute_v2.1.exe"
1⤵
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
PID:3988

C:\Users\Admin\AppData\Local\Temp\Temp1_Ultra_Mute_v2.1.zip\UltraMute_v2.1.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Ultra_Mute_v2.1.zip\UltraMute_v2.1.exe"
1⤵
PID:4360

C:\Users\Admin\AppData\Local\Temp\Temp1_Ultra_Mute_v2.1.zip\UltraMute_v2.1.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Ultra_Mute_v2.1.zip\UltraMute_v2.1.exe"
1⤵
PID:1380

C:\Program Files (x86)\Ultra Mute\Ultra Mute.exe
"C:\Program Files (x86)\Ultra Mute\Ultra Mute.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SendNotifyMessage
PID:2676

C:\Program Files (x86)\Ultra Mute\Ultra Mute.exe
"C:\Program Files (x86)\Ultra Mute\Ultra Mute.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SendNotifyMessage
PID:4184

C:\Program Files (x86)\Ultra Mute\Ultra Mute.exe
"C:\Program Files (x86)\Ultra Mute\Ultra Mute.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SendNotifyMessage
PID:3732

C:\Program Files (x86)\Ultra Mute\Ultra Mute.exe
"C:\Program Files (x86)\Ultra Mute\Ultra Mute.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SendNotifyMessage
PID:2336

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Ultra Mute\AudioSwitcher.AudioApi.CoreAudio.dll

Filesize
96KB

MD5
67dc1c02102094ef2e7e6d3aebcd22da

SHA1
c99bed965a936dee274072b2e8cd798c0c9ab88e

SHA256
beb04364d653907cc5aab9e4d7500fbfad5923c387204796af70bced5aaf06b2

SHA512
821c906b16136c8e44c598b242013c9e485f298bf5d680b1716236681046874e348a11c5c95982ff5b91ae4d50547deedeb7512dc3e5cef3dfaade4a6b4f7eac

Download Submit
C:\Program Files (x86)\Ultra Mute\AudioSwitcher.AudioApi.dll

Filesize
35KB

MD5
1f38d13a0b64eb65bed172a3bb197d74

SHA1
130c8cd4eaf25d00973074b22947e227645b4065

SHA256
edfcc05f76dad9fe7355f437f063eedd26a0f235bc74017ff10e30002e04bc1c

SHA512
82ba1e9abbf372daa4a268b4f954d2bb1141ce3b5cb922234a6372d61568b2f33a03a80dc1f0a59b376c07749881a6069af26b6bfe210b204cbdf96513c096c1

Download Submit
C:\Program Files (x86)\Ultra Mute\Ultra Mute.exe

Filesize
701KB

MD5
d0728c46cb3bc591266f34d428dccdc6

SHA1
fd5cfb1526919235d214b5ca963e0caefba31e43

SHA256
156d899fb269305fbbc589936f3bde9c0c5230417f4a496c06d1d6a1f3ad3928

SHA512
b4850b2e903629100091299c415d37df892fcbb80b0f1d0135cc5e06bfb7594fe3419dba5b63d9aa0ddb15d5672020b7b4f328e162c1dc951da00bdf951a08fd

Download Submit
C:\Program Files (x86)\Ultra Mute\Ultra Mute.exe

Filesize
1.0MB

MD5
c69b3ca43c98ba66cba2089ca2344fd9

SHA1
530606dda1a4f76aea8eef8e439724b1dc01e5b7

SHA256
d41cee55d072a8adb33fd2476fce27dbb7a875afd6e9c221805a2256f56464eb

SHA512
0d86f0b0632a17b0e1412ae8d656642b8fd95655ef8349b7c0e30c4e634a1448fa03dda039599724811c76b1a11e9ee8cae5325d2829aa87473e966176660709

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
efc9c7501d0a6db520763baad1e05ce8

SHA1
60b5e190124b54ff7234bb2e36071d9c8db8545f

SHA256
7af7b56e2f0a84ae008785726f3404eb9001baa4b5531d0d618c6bdcb05a3a7a

SHA512
bda611ddba56513a30295ea5ca8bc59e552154f860d13fed97201cdb81814dd6d1bca7deca6f8f58c9ae585d91e450f4383a365f80560f4b8e59a4c8b53c327d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
18KB

MD5
e16fcff2e5dab1b21ec267b02af43275

SHA1
dd299105389457c50ef5d950de112927dfe42b2f

SHA256
b4a4a2f0c5b97c5abe52c7bbea5709eed6fa154dfe538c5da57f0532ab71add7

SHA512
e4f73d83c78ec61895e5511f795a31311459496e53fe37bd03e12eb6a2f80a8846366a58b808069d9b08114a4f6763f07f4c6259cf1b93092c5c387bdc9ca867

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
102KB

MD5
4e3b6af6455d4d44be1c63a654bc5079

SHA1
ae1a035747a25df844cc71ac860a9f5ce7251a23

SHA256
384976c29cbd3f199acb925161865e81fc50cc9cd8248546af5014ad9e59c4d6

SHA512
ce82325dc69ea00e02681ea1d1bd1364e1cf64b23f87faef6bf63169c8b26ef79042ab16e2390a8eb21093da4b0c59eb42b05ac782c2d503f4af493e86bbd076

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
93KB

MD5
437a7f92b5160eb05d28892d18920fdc

SHA1
9a34b537123a8574b8b0b1b36faff0255694de09

SHA256
414f99db9b9390dad93551361a117df16f30c1174a367d51cd263a6be8a171c9

SHA512
3b92fc5bb312fd4cd336fb0289cbf783eee5e183bcda9ecf5c387fe77ec5e0dab3d013a5437f41ce3f3f48504ce7d2f631fb1bd413131fd62a1b190ab210588f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
62KB

MD5
262d5d1b61a293a8efd51a3ecd45a5b9

SHA1
f5caaaa5d14fb3bfe13009fdde1741e7cdaef83e

SHA256
258b13a5dbf368545d19c09e90b7be1cfa8ae6699046a7ef5b87e41d189dcd45

SHA512
1da815f840eeb5d6a806aaba510d32b5acd58c66595a4ecf2c87e97ec448947d62fc84e4e93296f67ca71dbe6a00cc85324009b838876c687a1192230a23e052

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
76KB

MD5
87d825d220e497c48ae40bbc4a19f789

SHA1
74cdd55d306d885c7f6fac8445151342cc07d029

SHA256
ccf665f5c21abd70696297d89ee66f09d362c979f3f0b6aaffc266774985fc91

SHA512
565cc65fb99c8f702427a28d11c22c34934220f8c4920ae85546d1dae015001a54552fced5bde7e07844d5232bb90b1d39edde75986a7aa4397bcba24be77eb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
48KB

MD5
3fc27f1a474eb6d8f4e646ff74e4a582

SHA1
8a663b5a6e93890224c96b6a90882815ed5a7e06

SHA256
1e0e8ce39b7388e680e74cc1f6d05ba707b1da4c3c597190a3f0ed03c2145b19

SHA512
9a4385406df0cdd518ee5725cfe72375e026f64e0791ef9ad0ed4185f4c79c02ff49158d1849ab987e03d0bb161b7c284cbaf0dff76ff71a2131fc409a0b2507

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
160KB

MD5
7656f8d0f136732add6e2b738c4f1a37

SHA1
29f7e8eecaf2c0e7e812042216b566112535474b

SHA256
ce83eea40443c85e6d93b2b8de3dc7a2ad3e76719888db03dc9af6b9db629510

SHA512
a4a63e124537c690f7dc7163bd571190f5f2d616ced602884df2773ac65796ea454ca82cb8c092af8a837617db4daaa81cdf5c06f71bcbcce9d64dbf9b270563

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
74KB

MD5
3a839e893dc7096fd3cd2962642153f9

SHA1
cfdb76dfa60d1de35765d3df006b18268ec9230a

SHA256
b1da36620ce264f8df77bc142f1c25c101916c31834c76a35c6b2cf2b0d172f0

SHA512
82c259153663582a022938f2532cc3252c3dc4a71272509ea6128af04c824eb78c40b29d40a870e7c2527a7308271c0bff9e2985a752fe79bded0823cf689202

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
64KB

MD5
7085db54f044308555a4c4501153b48a

SHA1
dfbec843fb875c9a92d68cd90aca0554f51e603d

SHA256
fda1547a032fe9703769ab80d70e9604e56b65c13f77fd8a3c8d7fc1c1719cc0

SHA512
aa7a0be9d9c33300adfd367d7d73c76dd5e8e68b0bfd155fb1396fdaf45f81501bad7c95b0f9473137f5895c5e3a421dd8cdceb633ed4937acbd21ca8d5ef4b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
40KB

MD5
09c2fd4e5f3d9abc54e231bde32d2022

SHA1
78c208ddb78abdb980ce25ba1361c05aeace4bbb

SHA256
cf9f987adc53ae48ffcceb9b62097af9f0e7df9431797d51c356ff39a9793985

SHA512
15ac03b4a1b1451e138e1d145dcde0da4ec6f6647669b736bbef8f7a4a9ddab599e8aa4bdd48816ba8614c7973235d4bb481d3c9756312b1ac94f68cfa34cc9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
100KB

MD5
0fdd93d96389c2840e919dbf86138a51

SHA1
8ca8ad62620ced0676370a876ec4580de66b2fb0

SHA256
6ad95793a2d55346b624ce55b5b71babc16f1dd389dd3d574c9ad4918c687d75

SHA512
364d6cba1236bc53e937c0de91273b63bc0831a9641dd21ec304146947171738c4d731d198ebce39c7fe571036ae75ca37b2b17b3fd384f82587977ffa29a9ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
166KB

MD5
12f81ebc4b735598d06855f1dfdca593

SHA1
34256b848084348e3178cb3f4d206c3cca75f761

SHA256
1f786dfec26533f501bb014a087c9f297ea2252424f78358efc4ca28e087d3b2

SHA512
baf9452487ed8d128f55b2f2831f1194b3989ebbcc54a4b4e905197b1acb6b7b3478af118238a07d7c4e0669600e51c94fcfff9c9ee6de9e800ffa8f1518ae11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
68KB

MD5
b5d73917b0a66d349f99fb7b2fb7c368

SHA1
55e49232788b5a956ecca57241387e019ea37ce6

SHA256
df307d55364f90f80fbde0798e464d0f74753c8d864d5c7c8583adf742a0a09a

SHA512
5d3904f52f5ad498555528380da922a96d8841b421cd011222c190b56de51b83959db6caca9c9b37aa8c45f9fdd668346cf44615b876fb0c471c654bf2acdb4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
148KB

MD5
f5fc4e26403d9a2732a1bb0d125c1b1d

SHA1
58f796196a27ebd7ee7fdc3cab7cc5e6187d6230

SHA256
c780e1d856c73b0a712d27d5e6d8c74aaadab5bb344ffefd295f8c6c0c04d583

SHA512
82ced77b2cf9906fd0d331c250176c427d0a63418c70834342c52a5b3bb419410494e79d788fe157497c4febde2ac774a25e3c03ec6ed381c64c5a46ffe3d890

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

Filesize
2.0MB

MD5
8698a42122ae2e2767685340346be191

SHA1
08a34bf01b696b0d5dae8d0fd6a2e95c064a6271

SHA256
e36dd3a84c01f6d62f896f4d57631885ccdd9762aee55b4aed8f108249eee49d

SHA512
502a59d8cfd60b468d98a7a872a42d4414dd4a9ddc801e0194f5dec0e0c7883b7d3990445b53d46e1e9b7622f92f2a5f5a7f38ecc208281ff035e5b40738a137

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
9bb9c76b3816714f20f3ee30bfbd1892

SHA1
5ea0b0824db1d6f1e092a910dec00dd8ebe5dfaa

SHA256
085d88f7d4206567880b0373af9517debcf18e7623cb0a6665e3bf5bac19dec6

SHA512
cedfb96ea28671c649b28781bdba2c183812b09fc0685ca269a4766489d24cbaf5bf6680be926796c7300cbd17c23827717914934513271b2de9ce65b6e3f120

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
16686d4f80175e71e3f2f29b024b3b05

SHA1
252350360030681c731aa2990db972ad0b09f5cd

SHA256
df3e1d52acd2a7d9e9a14de869d7f3442d98a376e243e6d500910d6643e335eb

SHA512
ae70cfbfa8fb3f0e41aba30b979037de3407d8ee67ed83c226dfae773188178af44038d029623e6895ae180514d5aa3f6f49100a6f7a34a32d7f0e6517995182

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
6a630ef7c7955ba44b1e380d1eeba707

SHA1
44bb22505f142fde78945c8daa0e40edbf96690a

SHA256
b239d3e6d2209da9f242e10032001048f2898a7e8db16a2700955b217a50f1d1

SHA512
acf3fe45e623a9a5d053e3491cc5a9c5d805b7acde9696fc4a15e410de85f1e4e18218470ed092cbc86ba6abbd87084ea97ea0520a96f660d37aca86fdc545ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
6cd75179539e5c508b4818bd338d77a5

SHA1
215b962e5604ce162ba7c9e8cd00c6a6ccc33283

SHA256
5c8208a6409703a0fb2642b3dd614fd7f521b5ec79a7647e4d1538e8d70f6d64

SHA512
3393c0a875e14f60bb7a267c7be69af7d59c19410af9f7ccae73bbd42121bf16eae59305144f14fe8913ae5605cf5f8a1e26f61ab1d42c2391d4fb2db6238b51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
9d46f17b728ee162b7812580c7b06ea3

SHA1
38fa154863171b659b50e252cb9f97457db1850e

SHA256
7ba8af96c0103df0ddee3ea6eb875d9d155228611eccaeafc39f62de7bcb1e66

SHA512
1277bfb81823057e0644c21609ea471c25bf6237437214b1e76575930d27a821de6cf4a95bc02cf37ae08ea3c64e41912cd541efa2bfb33f918e0e998b553fe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
014846c45b844b4f78e20999632f47fd

SHA1
d5294aa79dab4fa0c2ea5d65ddbac3e504b42048

SHA256
dedc43a5744d15b9edb0422ee1d89caec5ddb146a8588bae8b7175477e00b9c4

SHA512
ba47cecb77b0219decc449fe07fb869b6bfc91e72d65247a7614070d02c93173d6bb0ad66f77143bb5d9cfe2713cb1cdd33ab21f4d173bbe49a85b1ab2800723

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9b281a4cba347abf562eaa79bb940990

SHA1
bc3e7c5600ae2ee4c33866549ab81afa59d29ef9

SHA256
96a1e4bd6fb8e18137a80ac4ee2a52a384162f1db3dc48d97122c6778a25d08b

SHA512
3a553efa0294d0a5f60b005d00650ec6ae33818b27779817855f2b475280bcfedc2347f8eecdcfc68ae50c639ef4bf7cbc4095eba611a2bac1e90693e2d53918

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
11b88596a453a2c2da17baa3266c0050

SHA1
7946afd8a6005acd8ded14cd1246840fe92cddf8

SHA256
7a80eb372036971130096408f9e49c9b7a298cf2f81a92523a6c5aeee776f03c

SHA512
0a8937dc047eb1cf16784ef37de45507411d070f3f3261e78968232b92edf4e292cf7df59b18e9cf4d912514cac971a469687cfa29551cd9dd36f9ecf4120688

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5908eb7434ecb766d9a5d2d15d906b5c

SHA1
681bc815b85cb971f6694b714687c869e201f1e1

SHA256
1a661627d28589722bfab86efdfe2a0c84b150ab1769664260fe131335a88da7

SHA512
03a7943de3fa15c2a514ada60553ce093a7ddcac4a98b0d84a0232a727790938be7553f8e982cbc17b295fe3fead315f6744c154f2105d974dd550e09bf57afd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2878483d9d475cdc57700ef4ae8a11eb

SHA1
9994d873c3d9a2bc349e95d9df2e167d37b87ccd

SHA256
983ca022a6a71c5fe10a02a5acc07ecaebd514d23bdc6ac09abeb0c93b8c1e69

SHA512
f21e47a7a5a23541c9ee6afa9bfcf530222fee6098bae1809e430fdeccc6dd243d41a6d2074bfa3e578c1468a3095a760834d573fc67ac60124ba0c152adb378

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9bed0e530ad7535326e22d09fbb79b11

SHA1
27fbb72663f4b945fc6c67ee1953f594700183e2

SHA256
1c66b253140ee51bc7647d55690bcef64d7007de4e9166af8b2cf88252b78748

SHA512
2fd7d9b66f0abb7a2b9ca8dcefafa73366c57c7d517f1d59f881807b30d52e6025fb1a4646f9bc11141dee9bff693531e2015556be9d28944e5d8a366e0db3a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
78fc427c643d32245d8bcb202f9f1a0b

SHA1
f894228a0e70b608a4a56c79f2115a852053bf83

SHA256
768c7ea96f218538bff84d72f0a0adb57c8a799be78759f1605bfdcf2cee7db7

SHA512
ec935ca708de6711004a9c33ae7f2923270e207ef77f49c966121c5ed1896d37f2b44adf0be0c409172f868f62241a0dfaed3e4bc16a61a4c2fdf54c99edd4ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c92c05bdb8aad3a7b10684c935137cca

SHA1
788537cfdfb28565357177fa68a84fd26233d61e

SHA256
445d6f86ae89f1ac9de4d7f845fb42805b4216cc363f806eedf9682682faa70a

SHA512
9f7fa72fd70f5cad54a4155c46d154d4b578dfde08ba08283a74bf51399e040a364816b82e5667c7ee85e99a9d8e1bd328d9a78c6c006d601586a0fb84d4db1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fc43e78dc0cdfcb1b87bd015df2d8a6c

SHA1
c0453149b11455e5e933b2ad3249e9abad9d3615

SHA256
58135eb9d7e3f4bd9b4289f4ee461650177f52ddc851a918e6f5e563d417d008

SHA512
f8f2387813a920753281d7c70d9dac024aa5a5bbb948a0cab3541fcd2fedfc10e09b0ef778d140aca47789b16265cb6245e5a404adeb44290e32efc2a33f1007

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4c3a29f8a1c814cc28df1925b01dc38f

SHA1
457e14d395488f973467cbf3936e9323b92535b3

SHA256
8da385947165ce0d689e2e0ccbb59107df9d120fc827c2161fe78095dfc6617e

SHA512
309a14fd82d47b073ce83719c57d4876f64ba7ab49563df073f689a8eb3a9ebc203f601f9a3f75dcadb2431e4f5bd2635e26b11373d7561bdb4c5aff59e3b152

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
121510c1483c9de9fdb590c20526ec0a

SHA1
96443a812fe4d3c522cfdbc9c95155e11939f4e2

SHA256
cf5d26bc399d0200a32080741e12f77d784a3117e6d58e07106e913f257aa46c

SHA512
b367741da9ab4e9a621ad663762bd9c459676e0fb1412e60f7068834cbd5c83b050608e33d5320e1b191be1d809fef48831e0f42b3ecabd38b24ec222576fa81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c7c68fd9284d7f60371cc06f7a402e66

SHA1
d3a650d4b561d1a430fad3132cd66d440e58134d

SHA256
f6fc6b4e5ff8c99f8a319f89055d4beccea73ea648560e989e4065f58c90aeeb

SHA512
c4d6d571c0586bf57dbf1e8aa32a104fdf80c376cf0ab8d57a0abb8b98d38fd801096fb13a359a94f7bcf50a97fb9a9cc0eaca89266fc4ecb3b3ba75b2713f6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
035f84e25fd2828269d05263e5670944

SHA1
2fa0cebe6f54a0d67e608b10ad7158f685fe27c8

SHA256
e341ac109ab113a915c3b882816473d44f41349100dcb21811dc2be98eee758f

SHA512
62e4f643ae757292213c306884792a6ede5c3a4053e8473b9471e85230b873f4d8994b74e96caf12a2b1126e08587f2f6d42fc934a0210e6d6c0afaa832b9017

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e3aa5141b2a361c4268a16a378718d53

SHA1
9fe40938ab631664c131fcf8788fe300a90ee43b

SHA256
fdc95c1248016aba3ea59beab7a9cc7b601c6df9b08f05b5569e8e0a53124711

SHA512
0f01072fe3a946ea4125e12e2ea630e9bf8d869e88e9f28af1f5a15b418a5254b8f9dc8d8a704d4b701fd8a0798114e3a68af676b01535dab6ef7aa8d0a59821

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2f2141f40157bbdf29bfabc3e354783c

SHA1
81eb39eaa6707df1ed4c164ee0475a1d0d3cbd3a

SHA256
19ae15af6bae767faecd01c0627d9ce3601aa600084c8f571ffffa8640018a37

SHA512
037220464b893d49f68477018b3c651088193d8f83bf29a0dd2cf0bb35c5e2c3b04773ae5d494c8320bcf95c46d32271072f289465b2dcc6306e446f39ecf2cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bd84fb35b1d6fa32270add5b9b900557

SHA1
31e1b28561899c624d00f8f651477af709dd9144

SHA256
c13d5dd3fe4e99c1e1bb980811fb2d9dc0a73eff4b7450cda70bda15a268fd11

SHA512
d9bfd73dc629f6f206e2571434be8ca754a95621a7019ebba5f2f920836c546fd6d5c2348298217ec8b8e7990509552d60f3a4cb6bce83fffe8b6cde40039b3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8a86ad3f47e7a31ea4d5c2309fa58472

SHA1
6470194b5cc80f212bf7ad13a60a7a5b5c30a4de

SHA256
027806b061369a1f3571d7bcb6485e740605097f76582d7490cd02564491e220

SHA512
9733a39cffbd1cb3c544fd8f772b2cf02325e9c0e1623939fa76fcf470866c79bfd2e867a811752edc3b743311be911f7e36f4a2980ba48c191315ec69b27f47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
875B

MD5
47000b239938a97b9549285f7d62a943

SHA1
c3b903ab3c7ac8102800677d02972ceb4d3856af

SHA256
afe504ecfb91721e2ce438b7b521cfbf481e1d4a0932bd74552a09d04ef453a0

SHA512
eab68a26902d58d1b8cf2b56732d15b208bb4e40c1f5c0bf4fe9b49bf99e6f9f6d7854e2e9189b08a4e74cd2d477cd69d2da5789fad5d17bddaa19b151ebf08c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe589805.TMP

Filesize
371B

MD5
6797c0e581991bedb8a43b8385120b05

SHA1
36b5e5717418084f31db320d27076054675f592a

SHA256
5045d06d2e812c545561e17d1ee42263f099a50c85c7a9795f46704443b90419

SHA512
03534d8f61315d46db909c05977623e472561788781d862838c99250925a159fc09988145300a3caf07aae4837a1e0c9a499d1d220019543b421d38a102ce415

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
062d7f95e842dc461e05cc47fa3d5d6a

SHA1
62b68407c7b166f2a1b9b67ff98b2ff7dc8ded7e

SHA256
f413228b29f56e97b4e590882ce94d4be50d528f77ee39adb87c163dc5e8843d

SHA512
29c645f5c95f396cfee52bfb4d989585161e698fe02a4a6937476ab2b4694978abe8d575324288e43a6426125baa213d37541fb8d57d2efdaf17ba71261aaba6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
f3fff24bd66f2f982d43c59e1bbcd57a

SHA1
1d6afa2a58ee7db235f6404d8c9404bea2e915c2

SHA256
3217b405c311d941098d357b829f35ab436e22761857bab2bc4047ba03b7f3dc

SHA512
f2a2f5472cbcf1065ddfd22696a33ff538f7dc61983c43cf0a3f66a078987752600835f40d371a350968d96cc0817c0255934cbfc1412863ffe06f866a8c299e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
7b1604dab3d50e4d6f093f9407f72cfd

SHA1
590b6fa8a50d550cdbac5a536da8663eb44f1b42

SHA256
a56bb14477b2702920b30d6374b58bea896ab9a8f693ab80ef4ac888033b5577

SHA512
bd1db10eff110c485632fb0c0d696cad9b91dd6b2813475d9f6e336b12b130030a9cca68052dcfb99c21559459631b02977e6176dd7a669d49070b8ab422ba33

Download Submit
C:\Users\Admin\AppData\Local\Temp\AITMP39\Englishai.lng

Filesize
8KB

MD5
f0e3286a88e88a3384522e50e75a5f5b

SHA1
72cf1905d2433b44a509612c4bf78739f2c892ed

SHA256
309d0443b14d17b7f7087f8059fb11bfbf445d5e3aed77a410778c4224affa26

SHA512
eaac37a9e2e883bcd740d13a945754477329ca151bc3569a5463ef1a020dec2c936fa4b438d5a60a55133d8cc8bdea764d941f6a0b269b95d969ffa64cf16367

Download Submit
C:\Users\Admin\AppData\Local\Temp\AITMP39\ailogo.bmp

Filesize
195KB

MD5
22c4a8aee84cde39b2126c4acb7b7d59

SHA1
051bc6c2fefe8af51de4f9c0fd151537b2c279df

SHA256
8d7afe922d00729aeea775b37d46eac204254101afd64f3a3c32c0376dc8c5b1

SHA512
49f4945bcc76d996f0298b7bd25ac393228c4022ac8228c4877780e62a6a9dbdd2dd02b7efd62c5932e29fe78c8cf7566c067fbc50936672086c26bb1995d48b

Download Submit
C:\Users\Admin\AppData\Local\Temp\AITMP39\aisetup.ini

Filesize
2KB

MD5
1677519ca91f333a800e9976be4b31a0

SHA1
ed34b145be816f9b30717ae2e2f62f2df92feaa9

SHA256
12ccea9f68466d3369131a9c83e234ad1d40e601828189359e3d530944bb11ac

SHA512
09a2b2c9fbdbfc9ab5e4cb1dbdef5023ffdda25965fdc49b006b9b87fe0d3d5bfdfa19fe5b910ba87fa560de94a38e5521caffc188b3ff21bd7100438eb1346a

Download Submit
C:\Users\Admin\AppData\Local\Temp\AITMP39\aisetup.zip

Filesize
653KB

MD5
0e0c1777e1eb180085f427a93eae095c

SHA1
fb75e7655724016fa9746d811d76664e3c344038

SHA256
bb8620a9e64c97f967ad55be47937acf09efc8707cee9d805ca7d7f0c3af584a

SHA512
b8062cf2dd60e3513f9d40154e415df6758bad32fa2d1fa347bf0a12b94085b88ceff1b78ee3c5ba399f4cec6814764e5e6df4580549ea032eb514c0a2e4ded0

Download Submit
C:\Users\Admin\AppData\Local\Temp\AITMP891\Uninstall.exe

Filesize
683KB

MD5
5b0bca58958235346b53b5ca452f2174

SHA1
5b6eb78e4a80524c6a6ff25adfc9b2b181f7fe02

SHA256
45154f3698568e179fbb6e77dc32d4f0e9c03e5e5f062e16d5cda3b9d1ca35ee

SHA512
6ad7f20286a9e3176d12591132cb44d3fddbc63bae7485a0e344b5633badc0e9b76cbddef1f03477f16eb3a58f42f53df05f6facea242bd85e3020c3d8eca795

Download Submit
C:\Users\Admin\Downloads\TamozaTweaks.exe

Filesize
4.6MB

MD5
5ff318675a28436f7dd8136054ea14f2

SHA1
486e0aae9c9aae504bb512d7b811089fe5f70243

SHA256
09d0c8ee68de61c3a34902ac733a890d95a17dab68648190bb548319084101c1

SHA512
b2e55294e5231c45491cbb0732fec26df454af6756d0717c36d36240d20cb570dd3aa82baa5243aa693050e166299f024f9a90de117958ee9dbaea45227c64cc

Download Submit
C:\Users\Admin\Downloads\TamozaTweaks.exe

Filesize
4.0MB

MD5
c00066a90bfe5884a9e485c32b25bbc8

SHA1
98d2497862dc1e26b573b95c0d661c7e026209d8

SHA256
3070eae1e88372803cd59d83b28ded1791126874d5f7e2978a6dd2bb324d7a03

SHA512
22e67e0d7a6f5ff6e5e4e0ee7660b8c93a818f14810ab492e49d9ab86380603d5ec278fcabb735879fd43b4276b6a77147b81002aa72b1b1aa060ad30ea857d4

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 684442.crdownload

Filesize
5.5MB

MD5
8042d3f658d5376f8739af52d68fe5cf

SHA1
e02c9abff2178c5155ec71f20cc7fc9cc176c6d7

SHA256
87b15febb54b0606977c9b910ed9bfc572bd2532d58931e1d39582688c86d0e3

SHA512
885e2e9ed0227ed0b8f31db6507690d57a176c7a7aad8f5617cf7a313a989f85fbdd5abc731c507242d5cb8fdbf03cbb9df8cd58866f110dfe4a9de1f3382128

Download Submit
memory/1380-866-0x00000000025C0000-0x00000000025C1000-memory.dmp

Filesize
4KB

Download
memory/1380-899-0x0000000000400000-0x0000000000705000-memory.dmp

Filesize
3.0MB

Download
memory/2336-965-0x00000000051B0000-0x00000000051C0000-memory.dmp

Filesize
64KB

Download
memory/2336-964-0x00000000748B0000-0x0000000075060000-memory.dmp

Filesize
7.7MB

Download
memory/2336-955-0x00000000051B0000-0x00000000051C0000-memory.dmp

Filesize
64KB

Download
memory/2336-952-0x00000000748B0000-0x0000000075060000-memory.dmp

Filesize
7.7MB

Download
memory/2464-4-0x0000000004F00000-0x0000000004F10000-memory.dmp

Filesize
64KB

Download
memory/2464-64-0x00000000748B0000-0x0000000075060000-memory.dmp

Filesize
7.7MB

Download
memory/2464-3-0x0000000004D90000-0x0000000004E22000-memory.dmp

Filesize
584KB

Download
memory/2464-6-0x0000000004F00000-0x0000000004F10000-memory.dmp

Filesize
64KB

Download
memory/2464-1-0x0000000000370000-0x00000000003B4000-memory.dmp

Filesize
272KB

Download
memory/2464-5-0x0000000004E60000-0x0000000004E6A000-memory.dmp

Filesize
40KB

Download
memory/2464-7-0x0000000007C40000-0x0000000007C58000-memory.dmp

Filesize
96KB

Download
memory/2464-0-0x00000000748B0000-0x0000000075060000-memory.dmp

Filesize
7.7MB

Download
memory/2464-189-0x0000000004F00000-0x0000000004F10000-memory.dmp

Filesize
64KB

Download
memory/2464-131-0x0000000004F00000-0x0000000004F10000-memory.dmp

Filesize
64KB

Download
memory/2464-2-0x0000000005400000-0x00000000059A4000-memory.dmp

Filesize
5.6MB

Download
memory/2676-922-0x0000000000200000-0x000000000030A000-memory.dmp

Filesize
1.0MB

Download
memory/2676-923-0x00000000748B0000-0x0000000075060000-memory.dmp

Filesize
7.7MB

Download
memory/2676-924-0x0000000004D60000-0x0000000004D70000-memory.dmp

Filesize
64KB

Download
memory/2676-929-0x0000000004D60000-0x0000000004D70000-memory.dmp

Filesize
64KB

Download
memory/2676-951-0x0000000004D60000-0x0000000004D70000-memory.dmp

Filesize
64KB

Download
memory/2676-933-0x00000000078C0000-0x00000000078D0000-memory.dmp

Filesize
64KB

Download
memory/2676-928-0x00000000078D0000-0x00000000078EE000-memory.dmp

Filesize
120KB

Download
memory/2676-943-0x00000000748B0000-0x0000000075060000-memory.dmp

Filesize
7.7MB

Download
memory/2676-945-0x0000000004D60000-0x0000000004D70000-memory.dmp

Filesize
64KB

Download
memory/3732-962-0x0000000005990000-0x00000000059A0000-memory.dmp

Filesize
64KB

Download
memory/3732-944-0x0000000005990000-0x00000000059A0000-memory.dmp

Filesize
64KB

Download
memory/3732-942-0x00000000748B0000-0x0000000075060000-memory.dmp

Filesize
7.7MB

Download
memory/3732-961-0x00000000748B0000-0x0000000075060000-memory.dmp

Filesize
7.7MB

Download
memory/3732-963-0x0000000005990000-0x00000000059A0000-memory.dmp

Filesize
64KB

Download
memory/3988-825-0x0000000000400000-0x0000000000705000-memory.dmp

Filesize
3.0MB

Download
memory/3988-737-0x00000000025B0000-0x00000000025B1000-memory.dmp

Filesize
4KB

Download
memory/4184-960-0x00000000059A0000-0x00000000059B0000-memory.dmp

Filesize
64KB

Download
memory/4184-938-0x00000000059A0000-0x00000000059B0000-memory.dmp

Filesize
64KB

Download
memory/4184-935-0x00000000748B0000-0x0000000075060000-memory.dmp

Filesize
7.7MB

Download
memory/4184-958-0x00000000748B0000-0x0000000075060000-memory.dmp

Filesize
7.7MB

Download
memory/4184-959-0x00000000059A0000-0x00000000059B0000-memory.dmp

Filesize
64KB

Download
memory/4360-832-0x00000000025C0000-0x00000000025C1000-memory.dmp

Filesize
4KB

Download
memory/4360-865-0x0000000000400000-0x0000000000705000-memory.dmp

Filesize
3.0MB

Download
memory/4456-627-0x000000000A4A0000-0x000000000A4B0000-memory.dmp

Filesize
64KB

Download
memory/4456-625-0x000000000B6C0000-0x000000000B726000-memory.dmp

Filesize
408KB

Download
memory/4456-626-0x000000000A4A0000-0x000000000A4B0000-memory.dmp

Filesize
64KB

Download
memory/4456-602-0x000000000A4A0000-0x000000000A4B0000-memory.dmp

Filesize
64KB

Download
memory/4456-629-0x00000000748B0000-0x0000000075060000-memory.dmp

Filesize
7.7MB

Download
memory/4456-601-0x000000000A4A0000-0x000000000A4B0000-memory.dmp

Filesize
64KB

Download
memory/4456-600-0x00000000748B0000-0x0000000075060000-memory.dmp

Filesize
7.7MB

Download
memory/4456-585-0x000000000A4A0000-0x000000000A4B0000-memory.dmp

Filesize
64KB

Download
memory/4456-555-0x000000000A4A0000-0x000000000A4B0000-memory.dmp

Filesize
64KB

Download
memory/4456-551-0x0000000000550000-0x00000000058EE000-memory.dmp

Filesize
83.6MB

Download
memory/4456-550-0x00000000748B0000-0x0000000075060000-memory.dmp

Filesize
7.7MB

Download