hxxps://drive[.]google[.]com/file/d/1ZQAn5Z7wYBohz6ERPOqn4bMFgqIyXg0-/view?usp=drive_link

Analysis

max time kernel
413s
max time network
415s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
10-08-2024 02:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1ZQAn5Z7wYBohz6ERPOqn4bMFgqIyXg0-/view?usp=drive_link

Score

8^/10

discovery persistence

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 4 IoCs

pid	Process
4860	utweb_installer.exe
1836	utweb_installer.tmp
2548	utweb_installer.exe
3932	utweb.exe

Loads dropped DLL 16 IoCs

pid	Process
2548	utweb_installer.exe
2548	utweb_installer.exe
2548	utweb_installer.exe
2548	utweb_installer.exe
2548	utweb_installer.exe
2548	utweb_installer.exe
2548	utweb_installer.exe
2548	utweb_installer.exe
2548	utweb_installer.exe
2548	utweb_installer.exe
3932	utweb.exe
3932	utweb.exe
3932	utweb.exe
3932	utweb.exe
3932	utweb.exe
3932	utweb.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\utweb = "\"C:\\Users\\Admin\\AppData\\Roaming\\uTorrent Web\\utweb.exe\" /MINIMIZED"	utweb.exe

Checks for any installed AV software in registry 1 TTPs 3 IoCs

Security Software Discovery

T1518.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Avira\Browser\Installed	utweb_installer.tmp
Key opened	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Avira\Browser\Installed	utweb_installer.tmp
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Browser\Installed	utweb_installer.tmp

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 1 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	utweb.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
3	drive.google.com
7	drive.google.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	utweb_installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	utweb.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	utweb_installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	utweb_installer.tmp

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\	utweb_installer.tmp
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	utweb_installer.tmp

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133677320244322281"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\.torrent\OpenWithProgids\Torrent File = "0"	utweb_installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.btwkey	utweb_installer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616193"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Torrent File\shell\open\command	utweb_installer.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\.btwkey\OpenWithProgids\BTWKey File = "0"	utweb_installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BTWKey File\DefaultIcon	utweb_installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Magnet\ = "Magnet URI"	utweb_installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1194130065-3471212556-1656947724-1000\{F42777BC-35B7-4155-9E75-725401C01209}	chrome.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Torrent File\shell\ = "open"	utweb_installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Magnet\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Roaming\\uTorrent Web\\utweb.exe,0"	utweb_installer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe10000000b98ea471d7e4da01520e4529e4e4da017feef7d3d0eada0114000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe11000000b98ea471d7e4da016ccb38cad0eada016ccb38cad0eada0114000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\NodeSlot = "4"	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Torrent File\DefaultIcon	utweb_installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Torrent File\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Roaming\\uTorrent Web\\utweb.exe,0"	utweb_installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Magnet\URL Protocol	utweb_installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Magnet\shell	utweb_installer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Torrent File	utweb_installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Torrent File\shell	utweb_installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.btwkey\ = "BTWKey File"	utweb_installer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.torrent\ = "Torrent File"	utweb_installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Torrent File\ = "Torrent File"	utweb_installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Torrent File\shell\open	utweb_installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Magnet\DefaultIcon	utweb_installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.torrent	utweb_installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BTWKey File	utweb_installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	msedge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BTWKey File\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Roaming\\uTorrent Web\\utweb.exe,0"	utweb_installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Magnet\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Roaming\\uTorrent Web\\utweb.exe \"%1\" /SHELLASSOC"	utweb_installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	msedge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Torrent File\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Roaming\\uTorrent Web\\utweb.exe \"%1\" /SHELLASSOC"	utweb_installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BTWKey File\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Roaming\\uTorrent Web\\utweb.exe \"%1\" /SHELLASSOC"	utweb_installer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BTWKey File\shell\open\command	utweb_installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Magnet\shell\open\command	utweb_installer.exe

Modifies system certificate store 2 TTPs 8 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431\Blob = 5c00000001000000040000000008000019000000010000001000000091fad483f14848a8a69b18b805cdbb3a0f0000000100000014000000327fc447408de9bf596f83d4b2fa4b8e3e7097d8090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b060105050703076200000001000000200000006dc47172e01cbcb0bf62580d895fe2b8ac9ad4f873801e0c10b9c837d21eb1770b000000010000001e00000045006e00740072007500730074002000280032003000340038002900000014000000010000001400000055e481d11180bed889b908a331f9a1240916b9701d0000000100000010000000e871723e266f38af5d49cda2a502669c7e000000010000000800000000c001b39667d601030000000100000014000000503006091d97d4f5ae39f7cbe7927d7d652d3431040000000100000010000000ee2931bc327e9ae6e8b5f751b434719020000000010000002e0400003082042a30820312a00302010202043863def8300d06092a864886f70d01010505003081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f7269747920283230343829301e170d3939313232343137353035315a170d3239303732343134313531325a3081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f726974792028323034382930820122300d06092a864886f70d01010105000382010f003082010a0282010100ad4d4ba91286b2eaa320071516642a2b4bd1bf0b4a4d8eed8076a567b77840c07342c868c0db532bdd5eb8769835938b1a9d7c133a0e1f5bb71ecfe524141eb181a98d7db8cc6b4b03f1020cdcaba54024007f7494a19d0829b3880bf587779d55cde4c37ed76a64ab851486955b9732506f3dc8ba660ce3fcbdb849c176894919fdc0a8bd89a3672fc69fbc711960b82de92cc99076667b94e2af78d665535d3cd69cb2cf2903f92fa450b2d448ce0532558afdb2644c0ee4980775db7fdfb9085560853029f97b48a46986e3353f1e865d7a7a15bdef008e1522541700902693bc0e496891bff847d39d9542c10e4ddf6f26cfc3182162664370d6d5c007e10203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041455e481d11180bed889b908a331f9a1240916b970300d06092a864886f70d010105050003820101003b9b8f569b30e753997c7a79a74d97d7199590fb061fca337c46638f966624fa401b2127cae67273f24ffe3199fdc80c4c6853c680821398fab6adda5d3df1ce6ef6151194820cee3f95af11ab0fd72fde1f038f572c1ec9bb9a1a4495eb184fa61fcd7d57102f9b04095a84b56ed81d3ae1d69ed16c795e791c14c5e3d04c933b653ceddf3dbea6e5951ac3b519c3bd5e5bbbff23ef6819cb1293275c032d6f30d01eb61aacde5af7d1aaa827a6fe7981c479993357ba12b0a9e0426c93ca56defe6d840b088b7e8dead79821c6f3e73c792f5e9cd14c158de1ec2237cc9a430b97dc80908db3679b6f48081556cfbff12b7c5e9a76e95990c57c8335116551	utweb.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431	utweb.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431\Blob = 0f0000000100000014000000327fc447408de9bf596f83d4b2fa4b8e3e7097d8090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b060105050703076200000001000000200000006dc47172e01cbcb0bf62580d895fe2b8ac9ad4f873801e0c10b9c837d21eb1770b000000010000001e00000045006e00740072007500730074002000280032003000340038002900000014000000010000001400000055e481d11180bed889b908a331f9a1240916b9701d0000000100000010000000e871723e266f38af5d49cda2a502669c7e000000010000000800000000c001b39667d601030000000100000014000000503006091d97d4f5ae39f7cbe7927d7d652d343120000000010000002e0400003082042a30820312a00302010202043863def8300d06092a864886f70d01010505003081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f7269747920283230343829301e170d3939313232343137353035315a170d3239303732343134313531325a3081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f726974792028323034382930820122300d06092a864886f70d01010105000382010f003082010a0282010100ad4d4ba91286b2eaa320071516642a2b4bd1bf0b4a4d8eed8076a567b77840c07342c868c0db532bdd5eb8769835938b1a9d7c133a0e1f5bb71ecfe524141eb181a98d7db8cc6b4b03f1020cdcaba54024007f7494a19d0829b3880bf587779d55cde4c37ed76a64ab851486955b9732506f3dc8ba660ce3fcbdb849c176894919fdc0a8bd89a3672fc69fbc711960b82de92cc99076667b94e2af78d665535d3cd69cb2cf2903f92fa450b2d448ce0532558afdb2644c0ee4980775db7fdfb9085560853029f97b48a46986e3353f1e865d7a7a15bdef008e1522541700902693bc0e496891bff847d39d9542c10e4ddf6f26cfc3182162664370d6d5c007e10203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041455e481d11180bed889b908a331f9a1240916b970300d06092a864886f70d010105050003820101003b9b8f569b30e753997c7a79a74d97d7199590fb061fca337c46638f966624fa401b2127cae67273f24ffe3199fdc80c4c6853c680821398fab6adda5d3df1ce6ef6151194820cee3f95af11ab0fd72fde1f038f572c1ec9bb9a1a4495eb184fa61fcd7d57102f9b04095a84b56ed81d3ae1d69ed16c795e791c14c5e3d04c933b653ceddf3dbea6e5951ac3b519c3bd5e5bbbff23ef6819cb1293275c032d6f30d01eb61aacde5af7d1aaa827a6fe7981c479993357ba12b0a9e0426c93ca56defe6d840b088b7e8dead79821c6f3e73c792f5e9cd14c158de1ec2237cc9a430b97dc80908db3679b6f48081556cfbff12b7c5e9a76e95990c57c8335116551	utweb.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431\Blob = 19000000010000001000000091fad483f14848a8a69b18b805cdbb3a0f0000000100000014000000327fc447408de9bf596f83d4b2fa4b8e3e7097d8090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b060105050703076200000001000000200000006dc47172e01cbcb0bf62580d895fe2b8ac9ad4f873801e0c10b9c837d21eb1770b000000010000001e00000045006e00740072007500730074002000280032003000340038002900000014000000010000001400000055e481d11180bed889b908a331f9a1240916b9701d0000000100000010000000e871723e266f38af5d49cda2a502669c7e000000010000000800000000c001b39667d601030000000100000014000000503006091d97d4f5ae39f7cbe7927d7d652d343120000000010000002e0400003082042a30820312a00302010202043863def8300d06092a864886f70d01010505003081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f7269747920283230343829301e170d3939313232343137353035315a170d3239303732343134313531325a3081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f726974792028323034382930820122300d06092a864886f70d01010105000382010f003082010a0282010100ad4d4ba91286b2eaa320071516642a2b4bd1bf0b4a4d8eed8076a567b77840c07342c868c0db532bdd5eb8769835938b1a9d7c133a0e1f5bb71ecfe524141eb181a98d7db8cc6b4b03f1020cdcaba54024007f7494a19d0829b3880bf587779d55cde4c37ed76a64ab851486955b9732506f3dc8ba660ce3fcbdb849c176894919fdc0a8bd89a3672fc69fbc711960b82de92cc99076667b94e2af78d665535d3cd69cb2cf2903f92fa450b2d448ce0532558afdb2644c0ee4980775db7fdfb9085560853029f97b48a46986e3353f1e865d7a7a15bdef008e1522541700902693bc0e496891bff847d39d9542c10e4ddf6f26cfc3182162664370d6d5c007e10203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041455e481d11180bed889b908a331f9a1240916b970300d06092a864886f70d010105050003820101003b9b8f569b30e753997c7a79a74d97d7199590fb061fca337c46638f966624fa401b2127cae67273f24ffe3199fdc80c4c6853c680821398fab6adda5d3df1ce6ef6151194820cee3f95af11ab0fd72fde1f038f572c1ec9bb9a1a4495eb184fa61fcd7d57102f9b04095a84b56ed81d3ae1d69ed16c795e791c14c5e3d04c933b653ceddf3dbea6e5951ac3b519c3bd5e5bbbff23ef6819cb1293275c032d6f30d01eb61aacde5af7d1aaa827a6fe7981c479993357ba12b0a9e0426c93ca56defe6d840b088b7e8dead79821c6f3e73c792f5e9cd14c158de1ec2237cc9a430b97dc80908db3679b6f48081556cfbff12b7c5e9a76e95990c57c8335116551	utweb.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	utweb.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	utweb.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	utweb.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431\Blob = 040000000100000010000000ee2931bc327e9ae6e8b5f751b4347190030000000100000014000000503006091d97d4f5ae39f7cbe7927d7d652d34317e000000010000000800000000c001b39667d6011d0000000100000010000000e871723e266f38af5d49cda2a502669c14000000010000001400000055e481d11180bed889b908a331f9a1240916b9700b000000010000001e00000045006e0074007200750073007400200028003200300034003800290000006200000001000000200000006dc47172e01cbcb0bf62580d895fe2b8ac9ad4f873801e0c10b9c837d21eb1777f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b06010505070307530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000014000000327fc447408de9bf596f83d4b2fa4b8e3e7097d819000000010000001000000091fad483f14848a8a69b18b805cdbb3a20000000010000002e0400003082042a30820312a00302010202043863def8300d06092a864886f70d01010505003081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f7269747920283230343829301e170d3939313232343137353035315a170d3239303732343134313531325a3081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f726974792028323034382930820122300d06092a864886f70d01010105000382010f003082010a0282010100ad4d4ba91286b2eaa320071516642a2b4bd1bf0b4a4d8eed8076a567b77840c07342c868c0db532bdd5eb8769835938b1a9d7c133a0e1f5bb71ecfe524141eb181a98d7db8cc6b4b03f1020cdcaba54024007f7494a19d0829b3880bf587779d55cde4c37ed76a64ab851486955b9732506f3dc8ba660ce3fcbdb849c176894919fdc0a8bd89a3672fc69fbc711960b82de92cc99076667b94e2af78d665535d3cd69cb2cf2903f92fa450b2d448ce0532558afdb2644c0ee4980775db7fdfb9085560853029f97b48a46986e3353f1e865d7a7a15bdef008e1522541700902693bc0e496891bff847d39d9542c10e4ddf6f26cfc3182162664370d6d5c007e10203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041455e481d11180bed889b908a331f9a1240916b970300d06092a864886f70d010105050003820101003b9b8f569b30e753997c7a79a74d97d7199590fb061fca337c46638f966624fa401b2127cae67273f24ffe3199fdc80c4c6853c680821398fab6adda5d3df1ce6ef6151194820cee3f95af11ab0fd72fde1f038f572c1ec9bb9a1a4495eb184fa61fcd7d57102f9b04095a84b56ed81d3ae1d69ed16c795e791c14c5e3d04c933b653ceddf3dbea6e5951ac3b519c3bd5e5bbbff23ef6819cb1293275c032d6f30d01eb61aacde5af7d1aaa827a6fe7981c479993357ba12b0a9e0426c93ca56defe6d840b088b7e8dead79821c6f3e73c792f5e9cd14c158de1ec2237cc9a430b97dc80908db3679b6f48081556cfbff12b7c5e9a76e95990c57c8335116551	utweb.exe

Script User-Agent 4 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	218	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	211	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	215	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	216	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
4140	chrome.exe
4140	chrome.exe
2548	utweb_installer.exe
2548	utweb_installer.exe
1120	msedge.exe
1120	msedge.exe
3836	msedge.exe
3836	msedge.exe
4532	identity_helper.exe
4532	identity_helper.exe
5492	msedge.exe
5492	msedge.exe
5472	msedge.exe
5472	msedge.exe
5472	msedge.exe
5472	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
4016	7zFM.exe
5492	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

pid	Process
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
1836	utweb_installer.tmp
4140	chrome.exe
4848	7zG.exe
4016	7zFM.exe
4016	7zFM.exe
3932	utweb.exe
3932	utweb.exe
3932	utweb.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe

Suspicious use of SendNotifyMessage 59 IoCs

pid	Process
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
3932	utweb.exe
3932	utweb.exe
3932	utweb.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5492	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4140 wrote to memory of 2928	4140	chrome.exe	85
PID 4140 wrote to memory of 2928	4140	chrome.exe	85
PID 4140 wrote to memory of 4684	4140	chrome.exe	86
PID 4140 wrote to memory of 4684	4140	chrome.exe	86
PID 4140 wrote to memory of 4684	4140	chrome.exe	86
PID 4140 wrote to memory of 4684	4140	chrome.exe	86
PID 4140 wrote to memory of 4684	4140	chrome.exe	86
PID 4140 wrote to memory of 4684	4140	chrome.exe	86
PID 4140 wrote to memory of 4684	4140	chrome.exe	86
PID 4140 wrote to memory of 4684	4140	chrome.exe	86
PID 4140 wrote to memory of 4684	4140	chrome.exe	86
PID 4140 wrote to memory of 4684	4140	chrome.exe	86
PID 4140 wrote to memory of 4684	4140	chrome.exe	86
PID 4140 wrote to memory of 4684	4140	chrome.exe	86
PID 4140 wrote to memory of 4684	4140	chrome.exe	86
PID 4140 wrote to memory of 4684	4140	chrome.exe	86
PID 4140 wrote to memory of 4684	4140	chrome.exe	86
PID 4140 wrote to memory of 4684	4140	chrome.exe	86
PID 4140 wrote to memory of 4684	4140	chrome.exe	86
PID 4140 wrote to memory of 4684	4140	chrome.exe	86
PID 4140 wrote to memory of 4684	4140	chrome.exe	86
PID 4140 wrote to memory of 4684	4140	chrome.exe	86
PID 4140 wrote to memory of 4684	4140	chrome.exe	86
PID 4140 wrote to memory of 4684	4140	chrome.exe	86
PID 4140 wrote to memory of 4684	4140	chrome.exe	86
PID 4140 wrote to memory of 4684	4140	chrome.exe	86
PID 4140 wrote to memory of 4684	4140	chrome.exe	86
PID 4140 wrote to memory of 4684	4140	chrome.exe	86
PID 4140 wrote to memory of 4684	4140	chrome.exe	86
PID 4140 wrote to memory of 4684	4140	chrome.exe	86
PID 4140 wrote to memory of 4684	4140	chrome.exe	86
PID 4140 wrote to memory of 4684	4140	chrome.exe	86
PID 4140 wrote to memory of 3636	4140	chrome.exe	87
PID 4140 wrote to memory of 3636	4140	chrome.exe	87
PID 4140 wrote to memory of 1976	4140	chrome.exe	88
PID 4140 wrote to memory of 1976	4140	chrome.exe	88
PID 4140 wrote to memory of 1976	4140	chrome.exe	88
PID 4140 wrote to memory of 1976	4140	chrome.exe	88
PID 4140 wrote to memory of 1976	4140	chrome.exe	88
PID 4140 wrote to memory of 1976	4140	chrome.exe	88
PID 4140 wrote to memory of 1976	4140	chrome.exe	88
PID 4140 wrote to memory of 1976	4140	chrome.exe	88
PID 4140 wrote to memory of 1976	4140	chrome.exe	88
PID 4140 wrote to memory of 1976	4140	chrome.exe	88
PID 4140 wrote to memory of 1976	4140	chrome.exe	88
PID 4140 wrote to memory of 1976	4140	chrome.exe	88
PID 4140 wrote to memory of 1976	4140	chrome.exe	88
PID 4140 wrote to memory of 1976	4140	chrome.exe	88
PID 4140 wrote to memory of 1976	4140	chrome.exe	88
PID 4140 wrote to memory of 1976	4140	chrome.exe	88
PID 4140 wrote to memory of 1976	4140	chrome.exe	88
PID 4140 wrote to memory of 1976	4140	chrome.exe	88
PID 4140 wrote to memory of 1976	4140	chrome.exe	88
PID 4140 wrote to memory of 1976	4140	chrome.exe	88
PID 4140 wrote to memory of 1976	4140	chrome.exe	88
PID 4140 wrote to memory of 1976	4140	chrome.exe	88
PID 4140 wrote to memory of 1976	4140	chrome.exe	88
PID 4140 wrote to memory of 1976	4140	chrome.exe	88
PID 4140 wrote to memory of 1976	4140	chrome.exe	88
PID 4140 wrote to memory of 1976	4140	chrome.exe	88
PID 4140 wrote to memory of 1976	4140	chrome.exe	88
PID 4140 wrote to memory of 1976	4140	chrome.exe	88
PID 4140 wrote to memory of 1976	4140	chrome.exe	88
PID 4140 wrote to memory of 1976	4140	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/file/d/1ZQAn5Z7wYBohz6ERPOqn4bMFgqIyXg0-/view?usp=drive_link
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff98354cc40,0x7ff98354cc4c,0x7ff98354cc58
  2⤵
  PID:2928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1976,i,9893040479007892460,9149603649708252317,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1972 /prefetch:2
  2⤵
  PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2164,i,9893040479007892460,9149603649708252317,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  PID:3636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,9893040479007892460,9149603649708252317,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2408 /prefetch:8
  2⤵
  PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,9893040479007892460,9149603649708252317,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,9893040479007892460,9149603649708252317,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:3524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4344,i,9893040479007892460,9149603649708252317,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3644 /prefetch:1
  2⤵
  PID:3840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5124,i,9893040479007892460,9149603649708252317,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5136 /prefetch:8
  2⤵
  PID:2540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3120,i,9893040479007892460,9149603649708252317,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:1524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5172,i,9893040479007892460,9149603649708252317,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:1980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5252,i,9893040479007892460,9149603649708252317,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3420 /prefetch:8
  2⤵
  PID:1808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4012,i,9893040479007892460,9149603649708252317,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:3452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3260,i,9893040479007892460,9149603649708252317,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4604 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5148,i,9893040479007892460,9149603649708252317,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:1808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4676,i,9893040479007892460,9149603649708252317,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:4000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4588,i,9893040479007892460,9149603649708252317,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3208 /prefetch:8
  2⤵
  PID:3592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3752,i,9893040479007892460,9149603649708252317,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5504 /prefetch:8
  2⤵
  - Modifies registry class
  PID:1540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5568,i,9893040479007892460,9149603649708252317,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:3168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3256,i,9893040479007892460,9149603649708252317,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5484,i,9893040479007892460,9149603649708252317,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4416 /prefetch:8
  2⤵
  PID:4696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5212,i,9893040479007892460,9149603649708252317,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4532 /prefetch:8
  2⤵
  PID:60
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4768,i,9893040479007892460,9149603649708252317,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5780 /prefetch:8
  2⤵
  PID:1580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5680,i,9893040479007892460,9149603649708252317,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5804 /prefetch:8
  2⤵
  PID:1832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5584,i,9893040479007892460,9149603649708252317,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5952 /prefetch:8
  2⤵
  PID:2020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5264,i,9893040479007892460,9149603649708252317,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3228 /prefetch:8
  2⤵
  PID:3424
- C:\Users\Admin\Downloads\utweb_installer.exe
  "C:\Users\Admin\Downloads\utweb_installer.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4860
- - C:\Users\Admin\AppData\Local\Temp\is-M957A.tmp\utweb_installer.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-M957A.tmp\utweb_installer.tmp" /SL5="$9006A,866439,820736,C:\Users\Admin\Downloads\utweb_installer.exe"
    3⤵
    - Executes dropped EXE
    - Checks for any installed AV software in registry
    - System Location Discovery: System Language Discovery
    - Checks processor information in registry
    - Suspicious use of FindShellTrayWindow
    PID:1836
  - - C:\Users\Admin\AppData\Local\Temp\is-68RKI.tmp\utweb_installer.exe
      "C:\Users\Admin\AppData\Local\Temp\is-68RKI.tmp\utweb_installer.exe" /S
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Modifies registry class
      Suspicious behavior: EnumeratesProcesses
      PID:2548
  - - C:\Users\Admin\AppData\Roaming\uTorrent Web\utweb.exe
      "C:\Users\Admin\AppData\Roaming\uTorrent Web\utweb.exe" /RUNONSTARTUP
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Adds Run key to start application
      Enumerates connected drives
      System Location Discovery: System Language Discovery
      Modifies system certificate store
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      PID:3932
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://utweb.rainberrytv.com/gui/index.html?v=1.4.0.5828&firstrun=1&localauth=localapid9e51a814307e241:
        5⤵
        Enumerates system info in registry
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:3836
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff982aa46f8,0x7ff982aa4708,0x7ff982aa4718
        6⤵
        
        PID:4020
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,7399811844581729493,13202734839913114550,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
        6⤵
        
        PID:2312
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,7399811844581729493,13202734839913114550,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:3
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1120
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,7399811844581729493,13202734839913114550,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
        6⤵
        
        PID:4808
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7399811844581729493,13202734839913114550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
        6⤵
        
        PID:2632
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7399811844581729493,13202734839913114550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
        6⤵
        
        PID:2444
      - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,7399811844581729493,13202734839913114550,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 /prefetch:8
        6⤵
        
        PID:2248
      - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,7399811844581729493,13202734839913114550,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 /prefetch:8
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:4532
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2076,7399811844581729493,13202734839913114550,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4164 /prefetch:8
        6⤵
        Modifies registry class
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: GetForegroundWindowSpam
        Suspicious use of SetWindowsHookEx
        
        PID:5492
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7399811844581729493,13202734839913114550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2112 /prefetch:1
        6⤵
        
        PID:1696
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7399811844581729493,13202734839913114550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
        6⤵
        
        PID:5968
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7399811844581729493,13202734839913114550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
        6⤵
        
        PID:6064
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7399811844581729493,13202734839913114550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
        6⤵
        
        PID:5512
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7399811844581729493,13202734839913114550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1
        6⤵
        
        PID:5572
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2076,7399811844581729493,13202734839913114550,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6232 /prefetch:8
        6⤵
        
        PID:5524
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7399811844581729493,13202734839913114550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
        6⤵
        
        PID:4900
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7399811844581729493,13202734839913114550,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1
        6⤵
        
        PID:4932
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7399811844581729493,13202734839913114550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
        6⤵
        
        PID:5348
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7399811844581729493,13202734839913114550,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1
        6⤵
        
        PID:5084
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,7399811844581729493,13202734839913114550,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5952 /prefetch:2
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5472

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1608

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4104

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1384

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap31615:124:7zEvent27376
1⤵
- Suspicious use of FindShellTrayWindow
PID:4848

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Ultimate.RetroBat.PC.Build-Stev.rar"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:4016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3224

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4668

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x304 0x500
1⤵
PID:4952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Peripheral Device Discovery

T1120

Query Registry

T1012

Software Discovery

T1518

Security Software Discovery

T1518.001

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
42e28f1dfd5e0cfcda6e597f63cda3be

SHA1
5bfb2cb4755a10876f08fc6e3509deb5efabc3ab

SHA256
2e477a357338a8d4294958ec359a847cc4a5922621247c6bf76ac7264d806721

SHA512
cd07d86ba27925ffc4978feb8bc3e7d0a65db37346b155ec166075c7efe0d6c9f0f2529c26309bc4ef3a28b93ab049c93c817cc44f834535c37e62f9aea2c5a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
210KB

MD5
48d2860dd3168b6f06a4f27c6791bcaa

SHA1
f5f803efed91cd45a36c3d6acdffaaf0e863bf8c

SHA256
04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77

SHA512
172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
6f19777e8597b24e5c4fcb24cb9fef14

SHA1
f1aed7e2aa1a09520836919e222e16d0c42de373

SHA256
07b1dfa2fe8dc02229a3ec52474fcbaab9a0687a14b83bed678c651c16097df3

SHA512
686d1628b0f3a05072d0298bfe732cdf92510d03c11671c818669816d699b4820bb66283b6a31255d368d955279f12f588ec695c3a96c1a71a0ecd315edd54df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
9d9121a91694a0a1357880f65f443582

SHA1
e3b56c9bf8e0029c207df84ed8798b33a3b981ab

SHA256
0fd9816308808ba6ca6e73d9547d8d295ae329b03397526493d202c57b8212ee

SHA512
d34574ce68da5f332462f3fa90b02703be09985d464dcee8d8232b3693d3183dc6a7e2254dd336426e5b23f0f75b5e0a9cdeb8cfe1c3c6c0b2068dd9cfbf51ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
237f9ed58caffd61e94d78987f78c81c

SHA1
d0599c3e8e6411f4fe0d20501fbd31527a19be51

SHA256
2a20cc02d94ab8b33968833fd227c5e6cf7515799663b4e30c3f09e8d59e30df

SHA512
29937f2f7dcc9f8026984feacfcca4ba6ef8f1c58a9d2fc06d100cfdde3ec71fbca08704229a541c3f297d5d0842a81bfdedbba125f5c87548d02b443a13ca02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
8e01c1023dcb9d0554268b7913ca15d1

SHA1
54570ad6a600747f8f0bcd7357718691fb8bede1

SHA256
3bd9cd477d4e609e12bca3d9090f9eda606dce4719ae80ee192a533b3c15458f

SHA512
bc98f4bbec8fd0286dc9adbbbbfada17377c5710921abc61b1ce498e6e832c8f3ab6f8a9e9aa5ca6eb132809eaf057cf658c4c9f8aa09181b8b4147095df6ce3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e8e298f40e616ea59d6d094d5c55a97e

SHA1
14dcbcbe11a072011df55f74780d3c0a19e436fe

SHA256
a4053520660e1ea351661fcb4e69b52fe2e63529f521943126a46235c7b27673

SHA512
72588a6f30a6ffa96fdae9c6d8628b4e94cf41c68a7d9e2ecdfd2160a32e8c8284c1c42ad28c30ca42da6407022dfaa62ffd224baf9f2f069e1db3fe1b8796fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0b0f096842aacef2194f135bcf8c15c4

SHA1
3e40e5b3c845ff4687fcdcd23c42e32d0232751f

SHA256
4786ed02f0540e85cd1801913f8b3ff5ee6fc8d567a5ae5862a88ae2c9e03abb

SHA512
1c0e738557024e5a2402a4b5f6371cc8ce3c573e16189c5284666f9f6117f43b41cfde482ff71f7227d85398126e9b66949d671df3fb480ebcd0398f88ad8ea8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
77fbb13e084565827b4f7efe4ea18543

SHA1
80066ff1284d131245a820b1d36519f5a42043ae

SHA256
dbbed30dc03991aafe35d14c2918cbd40569637882ce9a30e2bcf513efd6f318

SHA512
ccd5a4d5a4bb4b853ba7eb9b63050cba1923eebb266e32dd8804d790f4bc3801147763add0d3abb08959dae5b261da5aa4b8d87498a5cc7bd043f72f61bfe48a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
5ddbcaba8626341326936c1f78dff8bc

SHA1
b44288e014776b44235df1b2af55ce7789c71cf6

SHA256
5f10178aefa953bea7299d2457c106d6db2776a3255e8053bbe2d683bcf89721

SHA512
3bc1dc0f071db0c9c01e351281522e3feddbc33b70de44978f36b35b9a091c382afb026373c5f221f76a5bc6701e0b5a614b1de8e81207e18d32a6eff5f26edd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
942fcee6408aaeb845512eee181fbf7d

SHA1
87e25f2d6ce309e44ac4c404ded3d01df5f39561

SHA256
fb4ea49c0f73ad98cc31ed22aabe460a97aca74aacfaff58e9a826f2fe5481a5

SHA512
e054458fe901acc2a14b8d952c19277ab8a32546bd3d2e88eecd2e5b26d532eabbc365173624e712ab580cb1a94a52d59257f6737eb3b47a913accc289299f0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f1614066affda489b2a44df3c45eaf07

SHA1
9568803d395d03834d562cfe621afc72b5eb96af

SHA256
4875f0916e2507b7a33d4e4eb650514069b80816702dcaeab22515113c9cf543

SHA512
d8e9ac5619c79f4701af108d96b0cf9f51f3a6a37e16e35646a6cfe5a18ab171fd4cc77f1f997a4630eb2198f61d119b17c8d82db373ffca9ad6e7282123a338

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1af6ae396be5098e7240b7d24ad96532

SHA1
fe78b17c9d72c75974ba92eb7189a8cc7326f9ce

SHA256
6ab3406ffe69db6f07e705363978623f7f915e6d815a92a46b4afa8262079a55

SHA512
88c8cf460158aff0c18b8dc3e7dcc669ddc474af86c7bb98cf65eb8ed523137ee160cb41b0e4399e3a9ea3982fed3d6439e0778da6e751391feefa08126ce04f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
03d563a8ba300fb1ff313b66fd478e6c

SHA1
071f7ff890caf72e1b6492e6ff40a8d7ccdab569

SHA256
e9d72a4d977bdccca012de63b31b98a4b57645a89290ff7ce860f127a3e4d707

SHA512
d6e22df63969d567f8e1c3d5b7b4ead751d19db39e98a9534fed6eb09138de66efd089e7f2c2b940c0de29dfdaf7c786fbbe1500ef65f65508f7ba12dc2dd1a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d38f178869d787c24788278e6e5817e2

SHA1
1336f332358aa0ff497f29abe98af3a89b6ab9d5

SHA256
e7e639bb1e7b15d1d7e7c944c78e09dd595220683ec966bd2c28f159ecf1a3aa

SHA512
8ff273adc7743469b9ebd0ec75f3889d15fefb9d934b792a2b56314098bc45c766ec9d4f937ec31360b50bec3e5acde7d3d9473499adfb68619d5205b5461170

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
9b597457b374a4b4517d40b6a9abcf09

SHA1
72048e0e8b67babd23ca34dd14a7d37cfccf013d

SHA256
3abee2b29b60e8c38a41b0b138e1c90c32f1a480da00e9a866a3d8a34cd4a0f1

SHA512
5f4659d75e4326fdc396141d9ecee64b7ac34cc468323fb622481437afd4d35cdf1d1715339a4a0904876f01e9c8ecdc96e1b6c56f09198c86bdddc7da10abe5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
535923e09d8c88a693253bebeed464a9

SHA1
6224c63423adeb31f897af4edab8c5c305f815b9

SHA256
dda5ef34d9bddbb9ce9d592b5e9e4ec3a15322c0d6daaa1506688c016a5e797d

SHA512
8f4a9533dd518a976160c53bf8227dc34845787039ee5a6f8f6072bb9687fa949cb8583d08ec7326457e8672e10f2cb8ddbb9ba65e9744770d7e9ff4f74a3585

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
b5bcde20401d8d953d22d5a6b08f513f

SHA1
0f14354c599668a63942d2377184d85e41c30efd

SHA256
67858c63e277b15c2a5ca11fa17a727f379b084d5af4af36cd68310b611ed594

SHA512
7e1ee52dd6de1d3430c45c5ce68d0f03dbb80d71dd00273325fb9799e7f7af1a983db14f82e0eb6342b3bec881f89de81724497ac84665cad0997592d1085db6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
ab89de43513e6a0f4e86bb3a267aba62

SHA1
e589c63aed1d4531b5df14451d2f8bba2d7a3651

SHA256
7d9e87db000a51ffd9756807c359a7e53f0b97b15a47e0a1f64f6de5ed5051ec

SHA512
063bc73ef4e9f1b5deb09b820f25ab400c03d655bfd097e613d753d0dc34c6801538b0f567247efeaededdfd48a968c0cb79b933c21db987f541aa50bdaa09ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
3cc431f299e75d9de0df2142823c799a

SHA1
81d0d8006a9cbb1a1b207759eea5842f359fad13

SHA256
d476ac5cdecb7746ebe3a002f237318f68f31d715c98fa5a840fc8105ae770f4

SHA512
fe7a6fbc771d7a782c5fad8d0d81890e78c992958d9d5c2ba071307ba3ebf5683b0bcbc7af0657d9926bb4b6df6dc640b2893787e7e6a5803506f00c361c6954

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\5fdca155-2596-4b0b-a46f-eb0c1a7fccb6.tmp

Filesize
7KB

MD5
ea9861c9b504e1096b7a842b1b9e8f26

SHA1
2eb973f96596413335a9afadacc01156197da4a8

SHA256
143fbedd9eb75527e966eabeb0d0b588610f60e8c0f7f4c267e05a4f17aec3cf

SHA512
5d3f2563dc06ab589358545a810b31b7355e49419cf84a33aa4d4e991264eb2ea21bae568695fd26bf13254153a506804d25311de824aac9b177d08e79e24d9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
134KB

MD5
2d0b8c416f2927ca1d30e677d8622422

SHA1
7faa20188364c6577ce9c01e86a5792d2f14bad7

SHA256
5fde473598cce13d69cdd4c1668e5cf19be85a9f4713bcdbbb17f7fed4047e5f

SHA512
d8d6839e08b13cd3f27b8515f8b191cf3e06804add095b2ace62e5a9f2b6ba5f64e3ed72367728ca5df61fdd6a8eeb3c31094ae9c75f1f8a3366472432d51ce2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
27KB

MD5
46e6043b3a70e5986f0b72a748d9e3e2

SHA1
5d3ac460401a49fb84286e0f8b9edf6167530fa6

SHA256
171b12a8c0900d5f0d9e700eb668c02f167ad6f7adce4b9c36201ee10aeae005

SHA512
c0f875ed0d9e05a7439ac9d160edf59ed3b1b384b87dca5b75de3ba11a47a94d543f108ee60aaf421c965c0635408003535795e0f6601afdef4010d982724385

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
64KB

MD5
3488659b0bfbea0fd873c45d690bf562

SHA1
ff0aa12d22cb32e23e416c03410944b3854ba8b8

SHA256
88cc581f6e6b74011a2b01ed62ff84288cbe8bbd199a0f5a1e89b9162643094f

SHA512
1ed4cacb7547ca72f3dddac11cc4cc014afb364935a7b0ee8f892df9a8bf659ccd402ecaa92ffb6704d60e13cc2b81558148c7a2c1a37074b667c83ea7725a10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
244KB

MD5
766304e17715e000e612ac472ec7fb54

SHA1
0e8448d4b51cbb7e4efec3158c1d29380c8499ab

SHA256
51aed6ec5d7b61e43be474701b1e485e8a1f12ce7aa99adb652dadfcccd81073

SHA512
55f127668dadc02b3f0919a5bd239df12e1abdda3c38bc881fbda9207f2a63e2465d5d10299cb51cc63eec364a93d307059869663864397d6d510b4f227c3792

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
20KB

MD5
631c4ff7d6e4024e5bdf8eb9fc2a2bcb

SHA1
c59d67b2bb027b438d05bd7c3ad9214393ef51c6

SHA256
27ccc7fad443790d6f9dc6fbb217fc2bc6e12f6a88e010e76d58cc33e1e99c82

SHA512
12517b3522fcc96cfafc031903de605609f91232a965d92473be5c1e7fc9ad4b1a46fa38c554e0613f0b1cfb02fd0a14122eaf77a0bbf3a06bd5868d31d0160e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1ae68a737de6c3d8_0

Filesize
253B

MD5
13e998ecd6c192d118f983cb9e1264d4

SHA1
8786cd3ce3332cd48cf91e2b81f00196b4277390

SHA256
0c748c40ea0a78814cc3cd8d354366551af5093656248f3e3769bc25a0a818cd

SHA512
b91f3d963048ce687483945db153e3aa15a449c44a42bdaa779268822d547c867ceaa2921164c125f36c803fea90f565f0a2f4f1c6201cd1b33729759f196eb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\320a304d22a23853_0

Filesize
127KB

MD5
986adf257f43625b4e347e39e6092854

SHA1
ec3fb9939705221689e4500b7a0f6b377d890c93

SHA256
21d4a1fbb71a4f4b88d24e17b6ca3b7d9d2debbe8c07fd5f7ba270504549edaa

SHA512
73b94d040e1c7554e34a7efd33cef57d0d28ecc1bcb146973f44390ee3365511c3568c4e59cb49b6dddb82067df8bb3b7fe6697317f026c3bbf26061d91a0b34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\49577b254674de8c_0

Filesize
347KB

MD5
240e49b3c3025649ad12074811eb5ebc

SHA1
b6d45dbf156e296c15b93adf8b1fc474a35f13cf

SHA256
9f88cbbbeeb5c6234cc0409b03b2742ee0bbf8c112f81a212e229aecf1a9c15c

SHA512
8ab1b543263b61f1c99ea7840142a069f93ce6f4cae943bfedc071d47e6ac49dca4a56824e215e2f1ff5b357f94c82231552b7ce5293a81eb74b9bd992de2ed4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5051960cad1dcb43_0

Filesize
227KB

MD5
ff4c001c75784e4e547292addfcf011b

SHA1
330674b4eb74350d5235428e790deaa1295266ac

SHA256
37b3fb4d582d42cf1b9aa06ffd43746ec051fe7d15291de1041d29fbd131b7f1

SHA512
269bbd7898e0dce0fc0acb9a5b7ee99d1065d7bb896e3cc190b3a31d904c0c33481133bafea6d31e5de82b388d56c1fad979117aa8c3ecaa81e9d1f60a014411

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\acb0196847f56f40_0

Filesize
255B

MD5
d3600e11971c7baf713deef861d20588

SHA1
24da094f8e410e0b3731e714ab97cda90277b649

SHA256
c7481aff542cac2776b843e9b47a68a062db34caef0f3730bf6879b8508c22b1

SHA512
95ee296c0891c15fd878d1c402e909ffa82e4247f420d2ee31467075579a9d99c0a0a1cff6b4c25567711439798a2e3b77aa5273e8add64d394c8cd4d719b20a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fd81b2fe222df39e_0

Filesize
269B

MD5
d0913b6b37889cb7c200d3766b9a8d94

SHA1
a0366bae9c8f9ef8571294ec00ccfb0f80cb05bc

SHA256
94c6def7f1f223062ae9222104cfa78bb9df2f25881c80700f8c62e347e961ac

SHA512
6da3692a61ec8f4dfc48e4d54a9facf9c9b47db0abc0907255dd8ea583f5063a4cbe0be8089a09f9efe25f54ab45b2fe80bc2680d9eb3a440f72266bbd196265

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
1KB

MD5
b6f02635bf07d7316b1d51622e5b6dd7

SHA1
3dac62c6ee832f4133636e68650b4fe30fcf9320

SHA256
8e43f7eedd2c5407f0cdfcafa00f90a6d729e78da2ab1150174b2fd08a1cfb9e

SHA512
3d10ab880441b8de2fbfec07367f32f8c967927d4181c19ed2c1e448213af5485e54422d17606782aa62247b75be0dca983968bdcc4a7019e78a1cd3b86ff29a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ebd9bc20e18e7898754274f0fdb33dca

SHA1
02ece9556d4c419c9e35c06009f5ef7fb2aa5fdd

SHA256
bffed7d30779e72c6bc9d7e5f23455613112cb1580d5195cffd36b5e6029204d

SHA512
2b3619b79d3f4ac2f7a5f1071cc4c548e7218abc60d6c3735c7e3d7521921cc615967fad9ed9e72e48f19720987effbf19a65cca1e6e9991e47ce80ead92f006

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
bd37e773020b1ba9cc5753dbc1270274

SHA1
0cccf8496a5e6940505b216b0ac97b78350a1eac

SHA256
beea569e25bc73a8aa92920d57643f4e412293b508e0266d911a00a842d88af6

SHA512
14f0c166c87f5620bbfa305869d55675ed7a4f8061f497b672154c2a5d33002b04a7179e5aea115c7b666b7d902a419264e56681ab0513c5f12df1620f4e8377

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
2c14bb547044a72c798271c9b141eae9

SHA1
387d75a5c9269048f07d804dd750a833c2029f14

SHA256
117c5077b7a5629fa8ae7aa0f0987c3b9b0107d37c3d6b77fdaf4c30efdf341f

SHA512
c5bcd87cdef3d996e43de1f75cbb16c4aacd6669401dd40d9255a3b69183c5f59201fb39205b905f782de08d0c810052d33684510dbc4aeb26831de52eef1e87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
32c91886db29f40e09677b7ce23c79ac

SHA1
653910c669b653d8885943a2a6211348b22d4537

SHA256
90c8d341277df7ca84e83ff518308eb89becc404cbb30ce56e1ef12d04e60bf1

SHA512
182c7cdadf2fafddee34bee9861d38aae1ca5fd0f728c75dae4fce6d4f57a582ea441ffe06003f907bd209a5eac9dfca56677a394810d34311e7c016b8b1358b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
cec0f47ef893df0386e8d14e8fda247c

SHA1
19d1ffeb7e4dea3912a9015625f4bcb4ea39c744

SHA256
59dd587d0e124acf805c6c64ed6a162e5d6fb453dfe330ec905294a525d99389

SHA512
f2c32777f20fe4b59f0fb4ab9cb3269bc12789d622862ce22f5a027ff30438333a1b5bba7842330862d93a2a19a2eb702aad90490b9c2fc6db36934cda3a2dd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
8a4460c74d390131e78a6093102ab521

SHA1
2d9c93bc7eb4fe61a6ec7f7136426560131e69b7

SHA256
1382d21db708883158bd93cfbc9831e99d28cdca9c189356d507f95c7df3c454

SHA512
d4376ad7df0d3a8104597b22cb966c5e18c038c3fc7c1bfccdafef23e7e3ec44c7e1bc5218614dc93227d9e4eae727c2f0975961fb6ef4e9513ce1fbba758110

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e9451447ccf6600a67e9933a56277694

SHA1
1c6556d099f831249b5896ea90aec97d6130f7b9

SHA256
0389fc162e0315d09c97439636ad305be71a9c976925c8bf19570ecb8fc30136

SHA512
3e93a813fbb6fde71461e366efd2d181dab0fa9c6bd9cb95ecf58ffe3db636d2454eb56b2520cfcef78a29f34b14c8ef9ffba7139ad4c1bd94ae262258c9d4f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
d3535235b3c9bb4b28d3cfa6fcd4424c

SHA1
111ebdff2f204aab9d2721f5626825cc17873ebb

SHA256
38d8a5eceb52b1a5d7440e8b472982223cd324783312476942cb0fe273d720b0

SHA512
790b93c1fa1ab6308276d1ee946be8fbae71c2b5f7a07d36db817a7120d9600247e7c9dde11921d3528681c65d934a23b415f48f6551d155a68a56f6dfa4a978

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
388b8eaec52ebcd6d54848d77aa0d860

SHA1
2edbc9cde73b9be49059a568e50bed975c451b06

SHA256
866904164eba90629b563247011c6f45f12852087ae7b28b247a14d950fff38e

SHA512
2e6d64d7f3617c29cfe0ff927a5c82633c8914c706fd6de843eb22f00076d99a0e07a4718a9289c5fa44d89418e54280be9814dfed69f64df727f3916b6fbda3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
21bb07a1d45fc4566c5124d1933fb99e

SHA1
c36d7ee657f20e5a6a246c495e6db58e8431e3df

SHA256
555e828db494a93aef5487b2b3bab05fbf8ceef3633840462b50509d7e402b77

SHA512
82ad7bb98d1fc7a23bcc4a0b716f11c209acb9473cdd6400c620ed76373c215b51b394dd608b22576893c068ffb95dd606306ac3df2542628dd07975c0aef583

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e7e3f457ccf747b45dfa33740d691140

SHA1
0d048bce60375a2b3effbb234ed40a2ac4a656f0

SHA256
1d24acefaf18d0bd11d593c372585257b8b8e9bc7bc662774e499514ba64bfb6

SHA512
323ccc616798ac4e0ea21c1ec5ab2a59eceae7ad96937828896910a8fa8c43e10457aa03c1ede810cf6bb3eca1f175f9e8bcaad1222977f6793eef7f0427f1d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ae96e757606ebc7f3d6d162e7877f366

SHA1
36b406b007f18e0fb7eaff83ad1e79eb1d6ce89d

SHA256
9c7b67b0e3e8b20c48c00d48f59cfaca92d23f58494aacb22d7139f12ff4bc5f

SHA512
6130889cc7228516f2aa7bc157e6443c6fcf7c3bd27f3a8e509a641d5320facce508696450204fb0154d9037dc19756db582f53faa36a2e8891f994f78dfb536

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cccb408e6bdf5a35a425964ffa68b770

SHA1
de2ae2d46f17221f67f3cccd1641287a5fc5aa7c

SHA256
ab381dd41ca539a7ff8fbe0157ae6622be4250db461d2d47dd1670ca1c40f95e

SHA512
11be3968cec9b2d6465694d23b3a473c340371b6c0225d5e17f2fb07a8676e2d5cfdb9d0ada5b1446ee68863953d2e4a6682ecc57522b9107f46f928405c64c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
dfbce3d017f97a4b6d472bece349ca10

SHA1
2c4dce6478b8ca44373927429859ee545ee1df2d

SHA256
b9716224646c722ebd87dc618ee7074b585cb1a1365a861af3dc6972cab499e7

SHA512
1cea58f9cb7a71d1b86f0460ca76ced1315b85776d88c1129e3433dd77409d88ea8e172026675a4a9fa7a84e1c301d6e7f75f29d0f10e0333c97f24614e32b70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
131f251daae9ed47f76b6fa65f60b821

SHA1
9eb764feba7daca3d53d980eab6d4288ab8d716d

SHA256
ca7cdb1d832b945f1e36eeb1188c3941b366b3ab4ab2b7eca53347b6767b2740

SHA512
d57e1d5a024eb7a71da7ecbf61967a8e8909ad984137c843182dcead0d3f0d81a361b54d8178678ea39110b2c3bdb4a09272407fe3da9ffa0fecf946d1a4f357

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f99a914faaf9ff632842ede80b74e803

SHA1
18fdf0480fb9c66243124d4f0dfd0ba4e4d09908

SHA256
320f52acafc19d91c1fd8ec35ed407df39c31f4922a37748735dcd93ac3e3722

SHA512
d7c9e534202488878bf2a2da470f7037bfcea41ca39e4cf1fe982bd4677b59ec2c10cfb5427beecb83ee8f3e8f94ccb156b3e03cbc389628d6292cc5e9905c5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
da3eb64a59ddce9e3fd911356f36eac2

SHA1
3eed8536deeb3e09b3eac777ee0ecb13a3f5dc82

SHA256
e26c4db3889d8704570d7d38b2b334c65208199e022a1ad4200703a9d173d029

SHA512
28ccbe68c59bce1a05c036c119222c3d09ecef51cd4f627ffd9cb7fe29771e03df88e8f1f450877811527f77e9ba2fffd1d25ef099648e7bf675009c9e26f6c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8e8eb4417a6d6d9edfdeaade90c8b3ff

SHA1
14abaf42d8a100a4f09f240f9ab894d1f2bdf775

SHA256
6057e46a1e773cfd6d71f73b3293149fe749162ab3cafbaed2ccd452534c7191

SHA512
795c9418314e8d15e4514af5813ffffab2cf29b7fc641cfc2588e861ccb3c6b4ba417b4bd8b49df86b93318dbeaa6e75273f7bcd8821a18351e873126d15b512

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
983e9022aa6ca9e1c8818c3f07e6e311

SHA1
56beeddb94d576db60be03bcca846597d7d605ea

SHA256
c7f0fd79286bfde3044920c5c8457ed7dd163372af94b23018135f105e67beee

SHA512
8f1d46b07a82dcd7e667e2c822876151053311dbc118b8fe0edc9ff718d7cadf689730b06f0f0cc7838652dd3a03b3983d726c02a6ae302227ec6386c540ea4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a354a.TMP

Filesize
1KB

MD5
247448df064650f5a27b0fbba44c5b59

SHA1
69a09358f6a7c4f916084678f2a92a123bf26ce5

SHA256
9a8bdc9328e497848323114fa569bb4e8110aad7e40318c8054e5629fd5526b4

SHA512
9cef23a31a5e92268bb91af2de27ee43de4615af5fa0f77f9cdb57b6f45ed1fc88a8acdaccaabb23808c052ae0fd0ce71ea44acc0706490e18aeab40ff6bb45c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
059857d43dfa6eac71232f399da4f3a8

SHA1
594ee96f338a67325c4f01bf3e54de137c8f87ab

SHA256
91a9bfb645b74696456dee3d24890098fd5d0f4dae0ea47d7940d295654a9aad

SHA512
7b3e62cee271ce76716083ad15838c68348a591b22e697d850ec212b64dd7da35d95e3973f8e274e5100cdc63b4e165cfadcdebeb20c2e7f48e915cc07f5c6bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
8d43243e2b3c4d7298d8b251856db78e

SHA1
319da81523d636889d886632e3664eed63bd2591

SHA256
53ac32c8ef13b6ddd82c1c0d92c985f12539ce211d8c803ab76bfb18b59cf513

SHA512
7d420816221292e64b323a51f6db29602a0461f28279410578ecfa07c504cb9c7f280aa26c989ca19d0785171d77d8e6f4cac6ada1b27b88c9a02c8f8229d415

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db

Filesize
28KB

MD5
53a9ec3e527cb46059722e0339dfbee0

SHA1
fc44d5569779c9e8eebe0c8393bc3e6f38ef57d6

SHA256
29bcb0fa71d1ec30d5162421636998e541e067d8e103032693dc4222f8d29be0

SHA512
75679966814cd11c8e45242fbffd2adc548903a1240ae4dbc95a91db73beb22018cae353151af0b4520816caf00ae32f5c54e64fd271de8999de5c007fbfe0f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-68RKI.tmp\AVG_BRW.png

Filesize
29KB

MD5
0b4fa89d69051df475b75ca654752ef6

SHA1
81bf857a2af9e3c3e4632cbb88cd71e40a831a73

SHA256
60a9085cea2e072d4b65748cc71f616d3137c1f0b7eed4f77e1b6c9e3aa78b7e

SHA512
8106a4974f3453a1e894fec8939038a9692fd87096f716e5aa5895aa14ee1c187a9a9760c0d4aec7c1e0cc7614b4a2dbf9b6c297cc0f7a38ba47837bede3b296

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-68RKI.tmp\RAV_Cross.png

Filesize
74KB

MD5
cd09f361286d1ad2622ba8a57b7613bd

SHA1
4cd3e5d4063b3517a950b9d030841f51f3c5f1b1

SHA256
b92a31d4853d1b2c4e5b9d9624f40b439856d0c6a517e100978cbde8d3c47dc8

SHA512
f73d60c92644e0478107e0402d1c7b4dfa1674f69b41856f74f937a7b57ceaa2b3be9242f2b59f1fcf71063aac6cbe16c594618d1a8cdd181510de3240f31dff

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-68RKI.tmp\WebAdvisor.png

Filesize
47KB

MD5
4cfff8dc30d353cd3d215fd3a5dbac24

SHA1
0f4f73f0dddc75f3506e026ef53c45c6fafbc87e

SHA256
0c430e56d69435d8ab31cbb5916a73a47d11ef65b37d289ee7d11130adf25856

SHA512
9d616f19c2496be6e89b855c41befc0235e3ce949d2b2ae7719c823f10be7fe0809bddfd93e28735b36271083dd802ae349b3ab7b60179b269d4a18c6cef4139

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-68RKI.tmp\utweb_installer.exe

Filesize
17.4MB

MD5
a87f9b5d44edd211272b5c426f1d57f6

SHA1
5e3108a746b9b5dc3f3009b9ce3c6a0bf4d53585

SHA256
cd1305de487481fa02e9db300f9dd041d7a65cc98ca87576abedfa9ee305c2b9

SHA512
dae6b6f8491c6b745fa01f4fb0b2fd02cfb2f52229bc7cd12a3d82bb158744b946a3bd1963fa9a4cffb0936473fce0a4fffe000d6d45f1f60efadea30343d919

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-M957A.tmp\utweb_installer.tmp

Filesize
3.0MB

MD5
1d4508a9912fb54a6395fab3e02e892b

SHA1
500912fb5d7b601a567094a34bb6c4c0183ce993

SHA256
c604a247cea27d5daad0f740e68e1518546fb40d68332f17f60e9c831ca3936a

SHA512
d1b01594eac84a61f20b8eab7fec9f1e495eb94c7f6be043225d4a4a0fe40483977d307e4434029f459b40760c228e0c43a7fc4b770a8688f368236d278b9040

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse747B.tmp\FindProcDLL.dll

Filesize
3KB

MD5
b4faf654de4284a89eaf7d073e4e1e63

SHA1
8efcfd1ca648e942cbffd27af429784b7fcf514b

SHA256
c0948b2ec36a69f82c08935fac4b212238b6792694f009b93b4bdb478c4f26e3

SHA512
eef31e332be859cf2a64c928bf3b96442f36fe51f1a372c5628264a0d4b2fc7b3e670323c8fb5ffa72db995b8924da2555198e7de7b4f549d9e0f9e6dbb6b388

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse747B.tmp\INetC.dll

Filesize
24KB

MD5
640bff73a5f8e37b202d911e4749b2e9

SHA1
9588dd7561ab7de3bca392b084bec91f3521c879

SHA256
c1e568e25ec111184deb1b87cfda4bfec529b1abeab39b66539d998012f33502

SHA512
39c6c358e2b480c8cbebcc1da683924c8092fb2947f2da4a8df1b0dc1fdda61003d91d12232a436ec88ff4e0995b7f6ee8c6efbdca935eaa984001f7a72fea0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse747B.tmp\System.dll

Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse747B.tmp\UAC.dll

Filesize
14KB

MD5
adb29e6b186daa765dc750128649b63d

SHA1
160cbdc4cb0ac2c142d361df138c537aa7e708c9

SHA256
2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

SHA512
b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse747B.tmp\nsisFirewall.dll

Filesize
8KB

MD5
f5bf81a102de52a4add21b8a367e54e0

SHA1
cf1e76ffe4a3ecd4dad453112afd33624f16751c

SHA256
53be5716ad80945cb99681d5dbda60492f5dfb206fbfdb776b769b3eeb18d2c2

SHA512
6e280a75f706474ad31b2ce770fa34f54cb598528fac4477c466200a608b79c0f9b84011545595d9ba94331ad08e2f51bd42de91f92379db27686a28ba351256

Download Submit
C:\Users\Admin\AppData\Roaming\uTorrent Web\avcodec-58.dll

Filesize
1.4MB

MD5
9d7585d920144436fd23b5397ad20abf

SHA1
396b69f02b672b2df8b630e0690c440f17e7cd8e

SHA256
8b527770e0580ee328f8c91aae05016b174d15e13f28befff5a6b6a6f4837084

SHA512
c6fce0b220e319c8c91739159e9870302240e734b15c1721bb1357b6e62772b743d62f0a8b280aa285d8adde10e1fe24056ccfd1b05b9bf220e7f4f9434dd356

Download Submit
C:\Users\Admin\AppData\Roaming\uTorrent Web\avformat-58.dll

Filesize
927KB

MD5
c123211331c1f98b8a679ecbd5048997

SHA1
4b6807dcbbb0160b191cba08413c79ce557921ed

SHA256
4e8d418e6b1345c05e08a4b88e78a84a97c9a8179ca851bd87c93836c2409f31

SHA512
4232c5f759109cb71a5c5833cb3de2b641c71504f62132cced98f56f792c11d9d5a84ac96c91c8dec6b4d19021b9ba555976779957faa3a6c6438f0abc51a6e8

Download Submit
C:\Users\Admin\AppData\Roaming\uTorrent Web\avutil-56.dll

Filesize
620KB

MD5
e0cdb9bbfa7a22ef965d55161945176e

SHA1
1d0929e86b838f02025552cd4e0f6eb91f769d75

SHA256
47a1c21d501b81a93088ae081da08e74d098ac82e0dbae7a909f39af5bd24815

SHA512
813c9b18aa7e8d8794010cc40eda839db324079a87a784b9ab8a98c3f318e9c12d2d86eaa8bd4ec1e4ec6175a9e12efce243c0d0daa193b802ed0cc4739173f5

Download Submit
C:\Users\Admin\AppData\Roaming\uTorrent Web\helper.partial

Filesize
5.6MB

MD5
96b220a306b716a01d8c6d1fe6de719a

SHA1
07ea647454d25acf0ebf6f56b9741656d92fec08

SHA256
a44c00f9ebefdaa26c5f53b8091a1adc71ad73be51494c208cd7ecfc2ba00400

SHA512
2d500a17a5bf3f653a3a500d01fee2392c37fa7fb26871bdf15b03b6acb0bbe21342bfa48297c5354627ebc1a9900c4f88bf7cbb9de4ca0c0f752e264db779ff

Download Submit
C:\Users\Admin\AppData\Roaming\uTorrent Web\libcrypto-1_1.dll

Filesize
2.4MB

MD5
cc316f02b1166ba92e53788ab269a639

SHA1
f1ffc069ffd1abacd9b3378a2c40599b8a3d0f85

SHA256
b8453da0de5aefb1b775486cec41011c4877ebd1ffa8089d89bce2ee8e3d5eb5

SHA512
0a86400a472c4ae91a051dde9b260b630f81028aef144f6b6c37754801049958cef3545f903427b0ad1af8c380c8267d95dfd8144601c7c6fedc239ad4a397db

Download Submit
C:\Users\Admin\AppData\Roaming\uTorrent Web\libssl-1_1.dll

Filesize
525KB

MD5
88228668dfd302da82a2ce585db55f38

SHA1
30092d8680c184726e45879f6c7340ecdf98b388

SHA256
2129c263ad08f415ac40abce658e13327ab5911f59a21767dab56d3167083020

SHA512
8b88a1cf14ef47c39c00568df9b421a45936c74989b428e668ec737438fe993f0c08f65a1f164d54594ea66b49e976c3991cc9a9bc2d56c0bce90e589e142bda

Download Submit
C:\Users\Admin\AppData\Roaming\uTorrent Web\swresample-3.dll

Filesize
149KB

MD5
69ae94597b9412a9936aa43340ad1826

SHA1
67cdf694af7543186f1492897d69f5ab41cfe4d4

SHA256
11771c928aff73893e72de8e01912dbbb8c5d8643f23601545457c96d5b8361f

SHA512
34c7e20d67eb0c8076fb83fdc01628d7d532611a5e56c882085acf648eeb6199a5f4b54c6d848846c502f6c1089cf5eacddc0b7bce6667bd84369b2d338f6e93

Download Submit
C:\Users\Admin\AppData\Roaming\uTorrent Web\utweb.exe

Filesize
6.1MB

MD5
5278b44dda4fa3d16d64de86cde33500

SHA1
c3d466e7ca6353cd8406a6a2fad93ddb3cb87c4f

SHA256
eefc63fedcb47cff7ec2466eeff0c93b92e2ee0acf86f6c163d97e39959eb462

SHA512
6ca33eb2c785be34f53c3e865ca20e406c967d1e3634cf0c1171a9415c8bb0185a7dd8ce33e361b86b297529bad741916b35ce87748c3cf35039a25f10c1bce5

Download Submit
C:\Users\Admin\Desktop\uTorrent Web.lnk

Filesize
1KB

MD5
4d482cce768b4b974b1545b7e0656f62

SHA1
dcbec1fb3cba7439305686bcf8e9b95ebafc882c

SHA256
1cfff043a40f1030dd88c463489a83a155e8faddd55522ce19ec1541480f6c60

SHA512
b888e4ec9c96e6b167e0b6041407331758b8e522cdd2a63b778f322199349e83cc712db485bc926acde0cd1784916b2d41175339eefb38921a9947e395bfed42

Download Submit
C:\Users\Admin\Downloads\Ultimate.RetroBat.PC.Build-Stev.rar

Filesize
131KB

MD5
4dc9b5e9afa294a15aaa055c80ec1bd9

SHA1
37d7d6cdfffec8bd829e65399b57d844a05c25dc

SHA256
26d545e432889a296401c7755477959b63595c145fa19dd0d077c02556b97dac

SHA512
32171d8296dafe91c3eac1ad4e2d52a7c4df29729b851ecd9a6d167b6839e1e25490de6ae2820efedab986d132b167f901d99c4bd2280b9edaae98dce2a9e7ae

Download Submit
C:\Users\Admin\Downloads\Ultimate.RetroBat.PC.Build-Stev.torrent

Filesize
133KB

MD5
b5477e2d601ed717bd7d05341175071f

SHA1
aa692089bec51a1fe35b137edd96bfdee48bafa3

SHA256
da7fdb888991c6eaf0411911f580db8a62341fe1e193f691f5e7e54a98e88d45

SHA512
cd3b4986ece39b8752d2bbd5edf42997c67e55922f8af28eaec294b8337ce36189f0fb7271f656a4795a6532ab1f32c5c36b73e156c2c30abdc5e7e4297c6594

Download Submit
C:\Users\Admin\Downloads\utweb_installer.exe

Filesize
1.7MB

MD5
31e55107f1a4decf6403f545f75e8877

SHA1
c6869bb14c6e760334ebc1766c885c8e2a057b23

SHA256
935d7af001d1f7c8b7cfead656ea3f1651330e2b434b2d3499f835e5d5a65650

SHA512
b9ac59699be47d1dee6fd24adb2b8080240fe969ffa01d9c8792f24791b78db97d29545621036bb33f76c82a8984118d236328f8a22d82503256c6bcec827c17

Download Submit
memory/1836-560-0x00000000075C0000-0x0000000007700000-memory.dmp

Filesize
1.2MB

Download
memory/1836-542-0x0000000000400000-0x0000000000710000-memory.dmp

Filesize
3.1MB

Download
memory/1836-686-0x0000000000400000-0x0000000000710000-memory.dmp

Filesize
3.1MB

Download
memory/1836-569-0x0000000000400000-0x0000000000710000-memory.dmp

Filesize
3.1MB

Download
memory/1836-568-0x0000000000400000-0x0000000000710000-memory.dmp

Filesize
3.1MB

Download
memory/1836-561-0x0000000000400000-0x0000000000710000-memory.dmp

Filesize
3.1MB

Download
memory/1836-879-0x0000000000400000-0x0000000000710000-memory.dmp

Filesize
3.1MB

Download
memory/1836-547-0x0000000000400000-0x0000000000710000-memory.dmp

Filesize
3.1MB

Download
memory/1836-546-0x00000000075C0000-0x0000000007700000-memory.dmp

Filesize
1.2MB

Download
memory/1836-791-0x0000000000400000-0x0000000000710000-memory.dmp

Filesize
3.1MB

Download
memory/1836-510-0x0000000000400000-0x0000000000710000-memory.dmp

Filesize
3.1MB

Download
memory/1836-540-0x0000000000400000-0x0000000000710000-memory.dmp

Filesize
3.1MB

Download
memory/1836-539-0x00000000075C0000-0x0000000007700000-memory.dmp

Filesize
1.2MB

Download
memory/4860-541-0x0000000000400000-0x00000000004D6000-memory.dmp

Filesize
856KB

Download
memory/4860-505-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/4860-503-0x0000000000400000-0x00000000004D6000-memory.dmp

Filesize
856KB

Download
memory/4860-880-0x0000000000400000-0x00000000004D6000-memory.dmp

Filesize
856KB

Download