hxxps://1337xto[.]to/

Analysis

max time kernel
217s
max time network
214s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19/01/2025, 16:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://1337xto.to/

Score

8^/10

steam discovery phishing

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
5768	utweb_installer.exe
1688	beta

Loads dropped DLL 10 IoCs

pid	Process
1688	beta
1688	beta
1688	beta
1688	beta
1688	beta
1688	beta
1688	beta
1688	beta
1688	beta
1688	beta

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Detected potential entity reuse from brand STEAM.
phishing steam
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	utweb_installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	beta

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	utweb_installer.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	utweb_installer.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 39 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Torrent File\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Roaming\\uTorrent Web\\utweb.exe \"%1\" /SHELLASSOC"	beta
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BTWKey File\shell	beta
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BTWKey File\shell\open\command	beta
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BTWKey File\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Roaming\\uTorrent Web\\utweb.exe \"%1\" /SHELLASSOC"	beta
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.btwkey\ = "BTWKey File"	beta
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.torrent	beta
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Torrent File\shell\ = "open"	beta
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.btwkey	beta
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BTWKey File	beta
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BTWKey File\DefaultIcon	beta
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Magnet\Content Type = "application/x-magnet"	beta
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Magnet\DefaultIcon	beta
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\.torrent\OpenWithProgids\Torrent File = "0"	beta
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Torrent File	beta
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Torrent File\ = "Torrent File"	beta
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Torrent File\DefaultIcon	beta
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BTWKey File\shell\ = "open"	beta
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BTWKey File\shell\open	beta
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Magnet\ = "Magnet URI"	beta
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Magnet\shell\open	beta
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.torrent\OpenWithProgids	beta
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Torrent File\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Roaming\\uTorrent Web\\utweb.exe,0"	beta
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.btwkey\OpenWithProgids	beta
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BTWKey File\ = "BTWKey File"	beta
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Magnet\URL Protocol	beta
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Magnet\Content Type	beta
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Magnet\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Roaming\\uTorrent Web\\utweb.exe,0"	beta
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Torrent File\shell	beta
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\.btwkey\OpenWithProgids\BTWKey File = "0"	beta
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Magnet	beta
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Magnet\Content Type\ = "application/x-magnet"	beta
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Magnet\shell	beta
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Magnet\shell\ = "open"	beta
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Magnet\shell\open\command	beta
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.torrent\ = "Torrent File"	beta
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Torrent File\shell\open\command	beta
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Torrent File\shell\open	beta
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BTWKey File\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Roaming\\uTorrent Web\\utweb.exe,0"	beta
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Magnet\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Roaming\\uTorrent Web\\utweb.exe \"%1\" /SHELLASSOC"	beta

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 876493.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
3364	msedge.exe
3364	msedge.exe
2536	msedge.exe
2536	msedge.exe
4084	identity_helper.exe
4084	identity_helper.exe
5384	msedge.exe
5384	msedge.exe
5768	utweb_installer.exe
5768	utweb_installer.exe
1688	beta
1688	beta
5332	msedge.exe
5332	msedge.exe
5332	msedge.exe
5332	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

pid	Process
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe

Suspicious use of FindShellTrayWindow 37 IoCs

pid	Process
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
5768	utweb_installer.exe
5768	utweb_installer.exe
5768	utweb_installer.exe
1688	beta

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2536 wrote to memory of 524	2536	msedge.exe	84
PID 2536 wrote to memory of 524	2536	msedge.exe	84
PID 2536 wrote to memory of 3896	2536	msedge.exe	85
PID 2536 wrote to memory of 3896	2536	msedge.exe	85
PID 2536 wrote to memory of 3896	2536	msedge.exe	85
PID 2536 wrote to memory of 3896	2536	msedge.exe	85
PID 2536 wrote to memory of 3896	2536	msedge.exe	85
PID 2536 wrote to memory of 3896	2536	msedge.exe	85
PID 2536 wrote to memory of 3896	2536	msedge.exe	85
PID 2536 wrote to memory of 3896	2536	msedge.exe	85
PID 2536 wrote to memory of 3896	2536	msedge.exe	85
PID 2536 wrote to memory of 3896	2536	msedge.exe	85
PID 2536 wrote to memory of 3896	2536	msedge.exe	85
PID 2536 wrote to memory of 3896	2536	msedge.exe	85
PID 2536 wrote to memory of 3896	2536	msedge.exe	85
PID 2536 wrote to memory of 3896	2536	msedge.exe	85
PID 2536 wrote to memory of 3896	2536	msedge.exe	85
PID 2536 wrote to memory of 3896	2536	msedge.exe	85
PID 2536 wrote to memory of 3896	2536	msedge.exe	85
PID 2536 wrote to memory of 3896	2536	msedge.exe	85
PID 2536 wrote to memory of 3896	2536	msedge.exe	85
PID 2536 wrote to memory of 3896	2536	msedge.exe	85
PID 2536 wrote to memory of 3896	2536	msedge.exe	85
PID 2536 wrote to memory of 3896	2536	msedge.exe	85
PID 2536 wrote to memory of 3896	2536	msedge.exe	85
PID 2536 wrote to memory of 3896	2536	msedge.exe	85
PID 2536 wrote to memory of 3896	2536	msedge.exe	85
PID 2536 wrote to memory of 3896	2536	msedge.exe	85
PID 2536 wrote to memory of 3896	2536	msedge.exe	85
PID 2536 wrote to memory of 3896	2536	msedge.exe	85
PID 2536 wrote to memory of 3896	2536	msedge.exe	85
PID 2536 wrote to memory of 3896	2536	msedge.exe	85
PID 2536 wrote to memory of 3896	2536	msedge.exe	85
PID 2536 wrote to memory of 3896	2536	msedge.exe	85
PID 2536 wrote to memory of 3896	2536	msedge.exe	85
PID 2536 wrote to memory of 3896	2536	msedge.exe	85
PID 2536 wrote to memory of 3896	2536	msedge.exe	85
PID 2536 wrote to memory of 3896	2536	msedge.exe	85
PID 2536 wrote to memory of 3896	2536	msedge.exe	85
PID 2536 wrote to memory of 3896	2536	msedge.exe	85
PID 2536 wrote to memory of 3896	2536	msedge.exe	85
PID 2536 wrote to memory of 3896	2536	msedge.exe	85
PID 2536 wrote to memory of 3364	2536	msedge.exe	86
PID 2536 wrote to memory of 3364	2536	msedge.exe	86
PID 2536 wrote to memory of 2468	2536	msedge.exe	87
PID 2536 wrote to memory of 2468	2536	msedge.exe	87
PID 2536 wrote to memory of 2468	2536	msedge.exe	87
PID 2536 wrote to memory of 2468	2536	msedge.exe	87
PID 2536 wrote to memory of 2468	2536	msedge.exe	87
PID 2536 wrote to memory of 2468	2536	msedge.exe	87
PID 2536 wrote to memory of 2468	2536	msedge.exe	87
PID 2536 wrote to memory of 2468	2536	msedge.exe	87
PID 2536 wrote to memory of 2468	2536	msedge.exe	87
PID 2536 wrote to memory of 2468	2536	msedge.exe	87
PID 2536 wrote to memory of 2468	2536	msedge.exe	87
PID 2536 wrote to memory of 2468	2536	msedge.exe	87
PID 2536 wrote to memory of 2468	2536	msedge.exe	87
PID 2536 wrote to memory of 2468	2536	msedge.exe	87
PID 2536 wrote to memory of 2468	2536	msedge.exe	87
PID 2536 wrote to memory of 2468	2536	msedge.exe	87
PID 2536 wrote to memory of 2468	2536	msedge.exe	87
PID 2536 wrote to memory of 2468	2536	msedge.exe	87
PID 2536 wrote to memory of 2468	2536	msedge.exe	87
PID 2536 wrote to memory of 2468	2536	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://1337xto.to/
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffad86346f8,0x7ffad8634708,0x7ffad8634718
  2⤵
  PID:524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,16808965320724888092,162277468613319741,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:3896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,16808965320724888092,162277468613319741,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,16808965320724888092,162277468613319741,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8
  2⤵
  PID:2468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16808965320724888092,162277468613319741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16808965320724888092,162277468613319741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16808965320724888092,162277468613319741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
  2⤵
  PID:888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16808965320724888092,162277468613319741,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3960 /prefetch:1
  2⤵
  PID:1032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16808965320724888092,162277468613319741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16808965320724888092,162277468613319741,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:1172
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,16808965320724888092,162277468613319741,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4608 /prefetch:8
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,16808965320724888092,162277468613319741,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4608 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16808965320724888092,162277468613319741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16808965320724888092,162277468613319741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16808965320724888092,162277468613319741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3664 /prefetch:1
  2⤵
  PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16808965320724888092,162277468613319741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16808965320724888092,162277468613319741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2068,16808965320724888092,162277468613319741,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5580 /prefetch:8
  2⤵
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16808965320724888092,162277468613319741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2068,16808965320724888092,162277468613319741,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6480 /prefetch:8
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16808965320724888092,162277468613319741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:1
  2⤵
  PID:2492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16808965320724888092,162277468613319741,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16808965320724888092,162277468613319741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7056 /prefetch:1
  2⤵
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16808965320724888092,162277468613319741,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7088 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2068,16808965320724888092,162277468613319741,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6880 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5384
- C:\Users\Admin\Downloads\utweb_installer.exe
  "C:\Users\Admin\Downloads\utweb_installer.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:5768
- - C:\Users\Admin\AppData\Local\Temp\ISV14CB.tmp\beta
    "C:\Users\Admin\AppData\Local\Temp\ISV14CB.tmp\beta" /S
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:1688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16808965320724888092,162277468613319741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,16808965320724888092,162277468613319741,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1260 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16808965320724888092,162277468613319741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
  2⤵
  PID:5204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16808965320724888092,162277468613319741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7064 /prefetch:1
  2⤵
  PID:2096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16808965320724888092,162277468613319741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6604 /prefetch:1
  2⤵
  PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2068,16808965320724888092,162277468613319741,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2216 /prefetch:8
  2⤵
  PID:5724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16808965320724888092,162277468613319741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16808965320724888092,162277468613319741,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16808965320724888092,162277468613319741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7000 /prefetch:1
  2⤵
  PID:724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16808965320724888092,162277468613319741,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3048 /prefetch:1
  2⤵
  PID:4676

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3152

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4372

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x310 0x2fc
1⤵
PID:5976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\50b3b34d-317e-4b0a-bfd6-b43ef325446e.tmp

Filesize
10KB

MD5
3e897f2c0a2a0a0a200c8ce33c86f5a0

SHA1
980fb8c5d10b1cc54b75f8329e0c98788ce4ad5e

SHA256
44c682a79e5dc6a96a60ce48ce462301d672ec46b16d5b11282625ee91fee9aa

SHA512
277c14d400403fb656c319ee8c2fc1aafa0dedf2e653db19f7d0def11338a12843f1d73970fd011a8f75b4dffc1caa5b2ad13da2ffad2c3b4643469cfbca8063

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8749e21d9d0a17dac32d5aa2027f7a75

SHA1
a5d555f8b035c7938a4a864e89218c0402ab7cde

SHA256
915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304

SHA512
c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
34d2c4f40f47672ecdf6f66fea242f4a

SHA1
4bcad62542aeb44cae38a907d8b5a8604115ada2

SHA256
b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33

SHA512
50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
47KB

MD5
9f96d459817e54de2e5c9733a9bbb010

SHA1
afbadc759b65670865c10b31b34ca3c3e000cd31

SHA256
51b37ee622ba3e2210a8175ecd99d26d3a3a9e991368d0efbb705f21ff9ac609

SHA512
aa2514018ef2e39ebde92125f5cc6fb7f778f2ab3c35d4ec3a075578fda41a76dbd7239fe2ea61533fb3262c04739c6500d1497c006f511aa3142bb2696d2307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
67KB

MD5
69df804d05f8b29a88278b7d582dd279

SHA1
d9560905612cf656d5dd0e741172fb4cd9c60688

SHA256
b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608

SHA512
0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
19KB

MD5
1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

SHA1
6dd8803e59949c985d6a9df2f26c833041a5178c

SHA256
af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

SHA512
b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
26KB

MD5
8ce06435dd74849daee31c8ab278ce07

SHA1
a8e754c3a39e0f1056044cbdb743a144bdf25564

SHA256
303074dab603456b6ed26e7e6e667d52c89ab16e6db5e6a9339205ce1f6c1709

SHA512
49e99bffcdf02cfe8cef0e8ef4b121c75d365ab0bbc67c3a3af4cf199cc46e27ab2a9fdf32590697b15b0a58ee2b7a433fe962455cf91f9a404e891e73a26f59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000040

Filesize
126KB

MD5
8fc059a7e1758ad0c0e17be4b0575b93

SHA1
df3d910563829c3b2e6fb0767038f75af4d4fcbd

SHA256
6be2d61547095ffeb30a1fd03fd7d6aba9009edc719144812c5610bd2e27fb97

SHA512
9d08e40a15305b3a60214a0c2faaec5612d3f7506e7a08bf786600ae8aeae8b71c511666babd95d63e16aa4616b310dbd8cffe7a115f216a5e5755afa949b5f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
22aaab65d179a68d37ed099120a056f0

SHA1
9a528e3e7a43a6be1064236370d1c5c71794cb1f

SHA256
be56459ce6cdf504d819067c7967328282f9afa5a79ece9a6ea43979fda4adda

SHA512
996c83c5bc00438a4fff049c60bf5289dd69f44372ce56737508392aa81525d4fd01ca4af03e5b859f07bd8fbaa870d6bca19253cbfe11fc22ac0c32edd54a07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
53dd339e9847aa0d160adb70b6ad5c45

SHA1
15ac3c2766c432da414208100c753781bb54d3c8

SHA256
596b9cbcde39dd414215758f63c06526879da0fdfd825c965cef8641744445a4

SHA512
4c42ee2ecce91d1364210e80dea07f6e7593256ef117f99026629981acb7cb2ef92bfeee47a53cb3e7b7474cdfc8b4af90454117bb956f106cb2132085d4ac88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
a423e55862bdb23a3a665f5a283fd03c

SHA1
d4e92f35b285ab423b8be4b5071770c12e8c22d3

SHA256
9a6f04fb88bac3867bf078ba07d7e0f5450fe57fbd62d84d0d294dacead8bf5a

SHA512
da37664b766f84ba6eac5727f2e1212338e44d1fe63be8bd40ab2a48d3bfbf5cec7a30d3f99f82b2dadf80deb93d27a102363cf3fbc43ec737c8d002e1ed867d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
94f34d2dc7f2dd863a4195a1e2879de9

SHA1
51ee0ab0ff3d5fe4f2c353b216b179f9f4ec6352

SHA256
e44ca55068e694a0440cc3039f4da0e88d46ebe5461043290c0b30d4b9fd21d9

SHA512
0769099d2e4866b8ea3a15d728979b14facb97e7b21da1f4ce98674419ad137579e09355b5cc83674b3a546751d38fdcb2af5ee2313ebb24a1813680a958bfe8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
5728713cf434abdbc962bdaa87de3f72

SHA1
ceea05d4a788a7d9f0ba2709221411fd86eaef5c

SHA256
08812b1e3f05deba3a01348bf381344e6e86206a081fc15c47d0cc0e8a05ab8a

SHA512
c2431576abba4b49d248bb968f35620f79a54861fdb613ec8481e24b96c514397936c0c31e2d93b2b1eaab9b3e00a4c2cb9af612b750492dfac2d1af48de0145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
27026c647221d1761ea5e5efd0ee21a2

SHA1
eb729d1fceed902c52fe30281af88c704975ad9f

SHA256
43945571185602c0601ae032a4dd89c33944b57a3223d0661c793f55fb3e766f

SHA512
7e11758bf6dae405850c37d819bfa9253f8ab2902648b85ddc9a55dda2faef74afbba1ee9be76a00109210f3c6d0b5ff358385ec68df0bd0db5bac52dedda6ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
aaefaef8807cc8835bc8e7ee1b2f465c

SHA1
587ba4498002833b82060dc99204f8242491120c

SHA256
e7bd70447dcdd282743de7cd9cac30d437afcb61f1ffec0b47c42f49ce088d80

SHA512
7e526d1679da63b0c047dda22b4a15269dc338942fa9632192766690e7d872ac4c902a8a7d4aa6572c05445fe6787751d1f043363bcb1bf4f48a3b22aed52d2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
70c05bc18c99e861e6c29a0b7d3e9b18

SHA1
2e5ba642555d1359b7f70dfde7897e7a38b35105

SHA256
aa2f8a3846804ad136dde201f2d3b34b63362f053ba96edda364997db2630ee1

SHA512
cfd4d978b8676f2162c65cad3be592cbf22728fa31fbf9bc96b4cdb4446c2d36bb1b3da63a3d28cc9e63316c6b651813f4ee987198f12fefb91b9efcc7f3a64f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
b42d90ce9ad903dea7541f477de4303f

SHA1
664179e36da697bed8cec49c2ec7d467e1b33655

SHA256
5e034d9ab5b5a19a268ff4645a5c07955ef4513e8d0d3717d3e6061f0e1de372

SHA512
f62d41f8b2fa1a539e6f49b6b746eae3c8a350811b3258562d24d1668acf0012d30a5968e619c50c62c589fd620b0368c986eb2c11a61866dea8803565272061

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
23ba63a9b063389fd25e39c53b3f6987

SHA1
68f1b8a02b27084cc04406d992dadfdb8536ecc0

SHA256
9ead9313e2806e437367d4a3b85f41ce2617f36309573d702174caadd6b693e9

SHA512
3a62327ffb665bc921f7da4094bb7109b94cb07ae2af71043c355bf2f78482a5dad69935b03350dbc0eb26904c35328530be266a89f3cb1c091708d3dc55e58f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
dded63ecc0122a0d8d3a91005615078f

SHA1
8610f8bab9900279349e20eff01c3f9d6d8e175b

SHA256
816e0dc0eab819f830af8fa1077f30a1237b5e61066cc0aba6016e3521a307b1

SHA512
c5ed1e53cd4a02af5cb2ed9f5d58fb57464181cb320ac2dafac2904dda397e5955eac2304a1fa7b39150a345ab2b83f2b60d740b170d91facbfa8fe66a306b42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8ee4b947324655dfc63743c0d12e93da

SHA1
326dac1bd2699cbb76b40ff6ae084d87eb69b297

SHA256
cf6c7a932b331f40ea0e3d927c649fe51fce636697783bb3b890fa6b39fe0bb3

SHA512
94d443948a91df50275a9b9179fa55628563cd35b14818447e3525ffd8cbd996881923181f6e894d37a1ddd5ad60dd603b0719bcd1bd0710468e2b109da94d3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d30d90b2b48a60fb4cfb30f148b4e24a

SHA1
52011e03c1480711ea52efc169dfeb17a3cc029b

SHA256
4903598aaac4ef4e1bfe744ab53361a49c13199b49493b03f2adc2566db9fc2e

SHA512
c36f39ad44234787e2013da9b76b0cc561de120fd85c1d3a6a902d197ae4469de9530c0f77a16f92c1687b2e731759a7267202bce3a6dbb5910e24728946cb37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2434bc5f34da9e3403f22d5575d1ce07

SHA1
53d2e71dbb45e3cd9c537353d698311f0e772fd0

SHA256
23a7fecd48bc4088b3252783809e0baf4bdbe358b582cf8611f628c5cbde2926

SHA512
13eb2f28987eda9f00a67420ab1fe7a9daa140c8ab2838ca0293786f3295767a56565c800d1e45d372b5dc96f1785129213eafcdb023f78ea368fdc12850873f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4aa2c2447c202f612545e5915c060da0

SHA1
cf7d9acda820d8a8140489fa04af425d99534d71

SHA256
d6623fd7c78e8a96896528659408ac565bab6166f63d3c0461c12b6c4d4b84ef

SHA512
38bf96b10334a5350c64eb9721c5a964972941b3ac0febfc8babff1215c2b7122310f53132c84b3560fa3dcfdc8f31120911a18db99655ae535bc7c43550cc2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
5702bf65adccfd2b528699ea1168fb5f

SHA1
2ec31a080c2dac7933e4f68819c2f60edeeb6cd9

SHA256
c8fc746b0e46f95614600002bdc813930d5d6150baf0ee749599ea0fd6dcee8d

SHA512
bade843bdb45374625faf59569b367416d8edcbd29353c43302af13e9861a6b14dbe656e111912c623060d04cfac6bb89eef491bd77819433081684a88f474c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e119.TMP

Filesize
1KB

MD5
0ac5c01d363fc3f7d6a1078a14361f4e

SHA1
ea1ee6cd1dab69f2e0495c433d5dbaa7feaa73f0

SHA256
266630de91f4ff111594d27d32de58d6ad8b4fb30e63cd2f9a9f7f6322ea689d

SHA512
a6aaacab24b18c3d1d474de83b5a33d0545916024c05c9a178e267d629f229d5a3375f84997f06810093578ac1e65da7f1e2c66e14ba1f9059bfc996b060d054

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Temp\ISV14CB.tmp\beta

Filesize
17.4MB

MD5
f90ac5c11aa97726788246a120fd2550

SHA1
903ad3bc25ed56e91e72cd9c93f9063a7baf51ba

SHA256
cad49b1006da8a23994531b755beb3833542ed73cde2c0a4882887ef8a1588e5

SHA512
1637daacf3333bb6129ee37cddc62c49c9badc233c82a4dc37ce8e2d451d27ece6fde74dcb03b776637da8d33e0c81177cd3b5949a8293d3500cb1177380bbd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss65F9.tmp\FindProcDLL.dll

Filesize
3KB

MD5
b4faf654de4284a89eaf7d073e4e1e63

SHA1
8efcfd1ca648e942cbffd27af429784b7fcf514b

SHA256
c0948b2ec36a69f82c08935fac4b212238b6792694f009b93b4bdb478c4f26e3

SHA512
eef31e332be859cf2a64c928bf3b96442f36fe51f1a372c5628264a0d4b2fc7b3e670323c8fb5ffa72db995b8924da2555198e7de7b4f549d9e0f9e6dbb6b388

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss65F9.tmp\INetC.dll

Filesize
24KB

MD5
640bff73a5f8e37b202d911e4749b2e9

SHA1
9588dd7561ab7de3bca392b084bec91f3521c879

SHA256
c1e568e25ec111184deb1b87cfda4bfec529b1abeab39b66539d998012f33502

SHA512
39c6c358e2b480c8cbebcc1da683924c8092fb2947f2da4a8df1b0dc1fdda61003d91d12232a436ec88ff4e0995b7f6ee8c6efbdca935eaa984001f7a72fea0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss65F9.tmp\System.dll

Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss65F9.tmp\UAC.dll

Filesize
14KB

MD5
adb29e6b186daa765dc750128649b63d

SHA1
160cbdc4cb0ac2c142d361df138c537aa7e708c9

SHA256
2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

SHA512
b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss65F9.tmp\nsisFirewall.dll

Filesize
8KB

MD5
f5bf81a102de52a4add21b8a367e54e0

SHA1
cf1e76ffe4a3ecd4dad453112afd33624f16751c

SHA256
53be5716ad80945cb99681d5dbda60492f5dfb206fbfdb776b769b3eeb18d2c2

SHA512
6e280a75f706474ad31b2ce770fa34f54cb598528fac4477c466200a608b79c0f9b84011545595d9ba94331ad08e2f51bd42de91f92379db27686a28ba351256

Download Submit
C:\Users\Admin\AppData\Roaming\uTorrent Web\utweb.exe

Filesize
6.1MB

MD5
5d5dff03a591f8ae9223164cb085c108

SHA1
3628a8f4f2c679d6b8006da0ef8fbb35ee37f92d

SHA256
bd9115fa4f9b215516b0710ebace8061a29e091b12031a3e75bce10d06eec08d

SHA512
dc506b298842d4c3ade85ef0af347b7f74e7f1f7fce8b87a60cd52a3015bba120d95ea27019eb5a5b0c0602133d50544a5d21daa439374bdbab962495b4d5297

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 876493.crdownload

Filesize
4.4MB

MD5
abd747fc3566a9c307978b67329247ec

SHA1
ff9e22695f5dd574d9046c96bafbfa6ceedf20ae

SHA256
06eeb602fa7d0c063d16b5a2461a6527c5b3a12ec1f672729f98fa3197815de3

SHA512
e463d750459eac8371d46eb94ff2fabf65f4a0a203c474095f4c9432a92a97bd4b4b8f1e4fbc25e3fb8a55c40e020125d13b170730812ed25ed1208fe0b17d43

Download Submit