hxxps://github[.]com/amtemu-2024/AMTEmu-Adobe-AI-2024-Universal-Patcher/releases/download/AMTEmu/AMTEmu-2024-Universal-Patcher[.]exe

Analysis

max time kernel
900s
max time network
1157s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
08-09-2024 10:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/amtemu-2024/AMTEmu-Adobe-AI-2024-Universal-Patcher/releases/download/AMTEmu/AMTEmu-2024-Universal-Patcher.exe

Score

8^/10

defense_evasion discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
5064	AMTEmu-2024-Universal-Patcher.exe

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/files/0x000400000002a481-31.dat	autoit_exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\AMTEmu-2024-Universal-Patcher.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 708758.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\AMTEmu-2024-Universal-Patcher.exe:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5764	msedge.exe
5764	msedge.exe
1376	msedge.exe
1376	msedge.exe
1560	msedge.exe
1560	msedge.exe
1568	identity_helper.exe
1568	identity_helper.exe
1608	msedge.exe
1608	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5064	AMTEmu-2024-Universal-Patcher.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5064	AMTEmu-2024-Universal-Patcher.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1376 wrote to memory of 5416	1376	msedge.exe	80
PID 1376 wrote to memory of 5416	1376	msedge.exe	80
PID 1376 wrote to memory of 5608	1376	msedge.exe	81
PID 1376 wrote to memory of 5608	1376	msedge.exe	81
PID 1376 wrote to memory of 5608	1376	msedge.exe	81
PID 1376 wrote to memory of 5608	1376	msedge.exe	81
PID 1376 wrote to memory of 5608	1376	msedge.exe	81
PID 1376 wrote to memory of 5608	1376	msedge.exe	81
PID 1376 wrote to memory of 5608	1376	msedge.exe	81
PID 1376 wrote to memory of 5608	1376	msedge.exe	81
PID 1376 wrote to memory of 5608	1376	msedge.exe	81
PID 1376 wrote to memory of 5608	1376	msedge.exe	81
PID 1376 wrote to memory of 5608	1376	msedge.exe	81
PID 1376 wrote to memory of 5608	1376	msedge.exe	81
PID 1376 wrote to memory of 5608	1376	msedge.exe	81
PID 1376 wrote to memory of 5608	1376	msedge.exe	81
PID 1376 wrote to memory of 5608	1376	msedge.exe	81
PID 1376 wrote to memory of 5608	1376	msedge.exe	81
PID 1376 wrote to memory of 5608	1376	msedge.exe	81
PID 1376 wrote to memory of 5608	1376	msedge.exe	81
PID 1376 wrote to memory of 5608	1376	msedge.exe	81
PID 1376 wrote to memory of 5608	1376	msedge.exe	81
PID 1376 wrote to memory of 5608	1376	msedge.exe	81
PID 1376 wrote to memory of 5608	1376	msedge.exe	81
PID 1376 wrote to memory of 5608	1376	msedge.exe	81
PID 1376 wrote to memory of 5608	1376	msedge.exe	81
PID 1376 wrote to memory of 5608	1376	msedge.exe	81
PID 1376 wrote to memory of 5608	1376	msedge.exe	81
PID 1376 wrote to memory of 5608	1376	msedge.exe	81
PID 1376 wrote to memory of 5608	1376	msedge.exe	81
PID 1376 wrote to memory of 5608	1376	msedge.exe	81
PID 1376 wrote to memory of 5608	1376	msedge.exe	81
PID 1376 wrote to memory of 5608	1376	msedge.exe	81
PID 1376 wrote to memory of 5608	1376	msedge.exe	81
PID 1376 wrote to memory of 5608	1376	msedge.exe	81
PID 1376 wrote to memory of 5608	1376	msedge.exe	81
PID 1376 wrote to memory of 5608	1376	msedge.exe	81
PID 1376 wrote to memory of 5608	1376	msedge.exe	81
PID 1376 wrote to memory of 5608	1376	msedge.exe	81
PID 1376 wrote to memory of 5608	1376	msedge.exe	81
PID 1376 wrote to memory of 5608	1376	msedge.exe	81
PID 1376 wrote to memory of 5608	1376	msedge.exe	81
PID 1376 wrote to memory of 5764	1376	msedge.exe	82
PID 1376 wrote to memory of 5764	1376	msedge.exe	82
PID 1376 wrote to memory of 5320	1376	msedge.exe	83
PID 1376 wrote to memory of 5320	1376	msedge.exe	83
PID 1376 wrote to memory of 5320	1376	msedge.exe	83
PID 1376 wrote to memory of 5320	1376	msedge.exe	83
PID 1376 wrote to memory of 5320	1376	msedge.exe	83
PID 1376 wrote to memory of 5320	1376	msedge.exe	83
PID 1376 wrote to memory of 5320	1376	msedge.exe	83
PID 1376 wrote to memory of 5320	1376	msedge.exe	83
PID 1376 wrote to memory of 5320	1376	msedge.exe	83
PID 1376 wrote to memory of 5320	1376	msedge.exe	83
PID 1376 wrote to memory of 5320	1376	msedge.exe	83
PID 1376 wrote to memory of 5320	1376	msedge.exe	83
PID 1376 wrote to memory of 5320	1376	msedge.exe	83
PID 1376 wrote to memory of 5320	1376	msedge.exe	83
PID 1376 wrote to memory of 5320	1376	msedge.exe	83
PID 1376 wrote to memory of 5320	1376	msedge.exe	83
PID 1376 wrote to memory of 5320	1376	msedge.exe	83
PID 1376 wrote to memory of 5320	1376	msedge.exe	83
PID 1376 wrote to memory of 5320	1376	msedge.exe	83
PID 1376 wrote to memory of 5320	1376	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/amtemu-2024/AMTEmu-Adobe-AI-2024-Universal-Patcher/releases/download/AMTEmu/AMTEmu-2024-Universal-Patcher.exe
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffda48f3cb8,0x7ffda48f3cc8,0x7ffda48f3cd8
  2⤵
  PID:5416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,14052714945127406174,14839150674253885543,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  PID:5608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1936,14052714945127406174,14839150674253885543,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1936,14052714945127406174,14839150674253885543,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8
  2⤵
  PID:5320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14052714945127406174,14839150674253885543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14052714945127406174,14839150674253885543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14052714945127406174,14839150674253885543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1936,14052714945127406174,14839150674253885543,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5480 /prefetch:8
  2⤵
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1936,14052714945127406174,14839150674253885543,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5976 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1936,14052714945127406174,14839150674253885543,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6120 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1936,14052714945127406174,14839150674253885543,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6012 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1608
- C:\Users\Admin\Downloads\AMTEmu-2024-Universal-Patcher.exe
  "C:\Users\Admin\Downloads\AMTEmu-2024-Universal-Patcher.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14052714945127406174,14839150674253885543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:2752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14052714945127406174,14839150674253885543,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14052714945127406174,14839150674253885543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
  2⤵
  PID:2756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14052714945127406174,14839150674253885543,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
  2⤵
  PID:3952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2536

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d30a5618854b9da7bcfc03aeb0a594c4

SHA1
7f37105d7e5b1ecb270726915956c2271116eab7

SHA256
3494c446aa3cb038f1d920b26910b7fe1f4286db78cb3f203ad02cb93889c1a8

SHA512
efd488fcd1729017a596ddd2950bff07d5a11140cba56ff8e0c62ef62827b35c22857bc4f5f5ea11ccc2e1394c0b3ee8651df62a25e66710f320e7a2cf4d1a77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
03a56f81ee69dd9727832df26709a1c9

SHA1
ab6754cc9ebd922ef3c37b7e84ff20e250cfde3b

SHA256
65d97e83b315d9140f3922b278d08352809f955e2a714fedfaea6283a5300e53

SHA512
e9915f11e74c1bcf7f80d1bcdc8175df820af30f223a17c0fe11b6808e5a400550dcbe59b64346b7741c7c77735abefaf2c988753e11d086000522a05a0f7781

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7cc48cd15bf2d562cebafecccf35d2a5

SHA1
92c54acac286d6ac56afffad40185f1b8b1cce3d

SHA256
c8091de6359c7e48886659fb9b484094a7219e155d327dc661c7621a0ad91328

SHA512
bd525c6c91f1f576a009733ec74d125b43ec82c9c240c1ba011254a64a6c022194637d0fce1a16f6ca2384ec47361177140ac6945ee893b185ef79f34f0dff55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5b97b4fcf9009e4477715ef389b5aa20

SHA1
b8cdb203cd7f92ce29866d3b7e2c2b6975228bc3

SHA256
78d7c0f4af740e027ff15a4e8ec13346125d80329b4b80149b88875edb21d918

SHA512
159c6f252da6147237ba715a2b68015aee2ec2c9cf9a9112c2abec3f6412d92acb0461592bc6093da571a026bc82d12934a87227aa5dcbb7c684a8e6edfd5c9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9ca20c9c5eb915f0be9e2bf1194cbc1b

SHA1
eb6fe2d9349afb8bda04af9112cda1fd86a7231c

SHA256
c58ae28aa15469baf94c94e62dedf73ed9986480ca9ba9acbad08728f34b91de

SHA512
c3fcd29b30f9400fc43581e20c502109dfc12ae1030ad466c0a49b5a1866c201a888a9956a3165dc66d681c95b9fd660619ef9f2c9123c394a6276e33bd16cec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\fe0aa662-36e5-45a6-9b5b-5c864a8dcb8c.tmp

Filesize
265B

MD5
f5cd008cf465804d0e6f39a8d81f9a2d

SHA1
6b2907356472ed4a719e5675cc08969f30adc855

SHA256
fcea95cc39dc6c2a925f5aed739dbedaa405ee4ce127f535fcf1c751b2b8fb5d

SHA512
dc97034546a4c94bdaa6f644b5cfd1e477209de9a03a5b02a360c254a406c1d647d6f90860f385e27387b35631c41f0886cb543ede9116436941b9af6cd3285d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8a7ceab117e2bcf51a4991e0c3fb5d81

SHA1
cdd8eec3bcd766f9554d2aca1a7a3eed081f7d9e

SHA256
04e328da235e41cd44ac1fa7c141793ce338f8459534f6e9c8c576aae6d79aab

SHA512
cdc18699f6f739fad8dc0a5ae249c095f2cd0a9478c408477aeb14a0eb354f4617d5a0da043654dfd334e5927ad4e5fc493a20f8e5d9341433e1d823850e9c90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
efa11d4a61d256bf33ad19cdbb3f29a4

SHA1
6092cafb773b1a886ee6239a4c68cc1f22ddb624

SHA256
f649f5fcdd683d32854d0e817a866c5a36a97f715f7c7d056b2daa44d59b5483

SHA512
59d7452383c23f719f409710821b9af36ebe32d842c171e98e8c76d22c44e61f236136673d8c135e50cca2952e45a45e161fd32113d65207fc8cb3ed207d5c5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
098ac99887932dc6944e3b360af56398

SHA1
151d691865af43075da139e19140297b4a426ca4

SHA256
c7d29054f26aeef77dd54d151f38c5ecbdd9a7995ed042da51e763350015cf07

SHA512
7f21431d64f610d9f3edfe3f36172382bde68b19e408ab1b0334d2484ecf6abcab561bc9b320cc64ada89c2616c149c46a18ff7c331524298d4b7fc54e27e078

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f29c02ce116a86b8f329a5cea91fc729

SHA1
331e6371bf9a8435ab375b6d1ef5c3f4d231067e

SHA256
f148220e2201adb9a43da238502f9549f66ffccffa316d8ac20b7b8e6879dfad

SHA512
8c4bb1f289121d4b2f03b464b09565101e1a05bd033c75cb59384548c7a523e378f17111cbdab3dda584cfb3b5a6a5ceebebf2403d68c57bb2eea27b9b6a6340

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
24fe460ff8b668610daa775eba494c48

SHA1
646f180ac43f40b2ff0ef4e7a4e2adc80e95d6b8

SHA256
d3b19a01d3d8cc8f6ad8f9800f819ea5c3e0fc11b6bedfef16fea6a852ee0272

SHA512
e59bef36605f5e9d1e3d6151fac1cdf222a0334515c8fb13138e10e45709761568a9c88fb64d11b6a64abefef4de87f00104fffb9509057201963fb15c3b8fa7

Download Submit
C:\Users\Admin\Downloads\AMTEmu-2024-Universal-Patcher.exe:Zone.Identifier

Filesize
604B

MD5
02223777bfb2564c35ba47296e0b4471

SHA1
b58355f2c73964ef17c9cb76d879ac26145df40a

SHA256
b281577553817e70535f63adf7def4eb313ac63b0b22a7fef987a44b47689223

SHA512
a97b3446ee84e04e09f705136525e8a9746068d6b1bf43f6fb6c3904039ee63ba2aa09127585a1b54b0088c4b9c8d8f89c9b6ccb0d70877bd5c77f995aa89297

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 708758.crdownload

Filesize
1.5MB

MD5
3f9f6614d1502d1442774b96a79df79a

SHA1
3c2fc76d135caa2ba3ac24681dda3cb6ac0dde61

SHA256
5761e0a37a846b17d677454c4142a1c3ec9625dd5222085e71fe652b446baaba

SHA512
6c8676875e57b5686adb92d1c0c267f371b75b1176cfcf5754db2aeaefa9ed762af19b7dd509bdebede03f939d848320810ace1ede4f2b0f7350a74d28908bff

Download Submit
C:\Users\Admin\Downloads\config.ini

Filesize
4KB

MD5
36a6e6a21ac16adac13f2edd0393818b

SHA1
6bd88a9900614f8dc26729723c964499337ea569

SHA256
1b880dffb2bf903c82deac05d21e4636f0a0cb814ff3a3ef8b0722b8b8c659cd

SHA512
341c44791b52bcfe429e0d4df57f502c37a223cc9d6e70ed8c0bf93102993e40c2fd3d21c105fd1a6771206f6e51c8399c5c213d6037eda38ec603ee3c139e13

Download Submit