hxxps://github[.]com/doodoofart3443/ZM-ULTI/raw/refs/heads/main/Ultima%20Multihack%20V3[.]55[.]rar

Resubmissions

20/04/2025, 10:15

250420-maftaavnz9 6

20/04/2025, 10:12

250420-l8n2wavnt9 10

Analysis

max time kernel
0s
max time network
5s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
20/04/2025, 10:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/doodoofart3443/ZM-ULTI/raw/refs/heads/main/Ultima%20Multihack%20V3.55.rar

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
27	raw.githubusercontent.com
28	raw.githubusercontent.com
26	raw.githubusercontent.com

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3544 wrote to memory of 3712	3544	msedge.exe	85
PID 3544 wrote to memory of 3712	3544	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/doodoofart3443/ZM-ULTI/raw/refs/heads/main/Ultima%20Multihack%20V3.55.rar
1⤵
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x2dc,0x7ffb5b3ff208,0x7ffb5b3ff214,0x7ffb5b3ff220
  2⤵
  PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1896,i,4469719663496862811,7616787120676703883,262144 --variations-seed-version --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2112,i,4469719663496862811,7616787120676703883,262144 --variations-seed-version --mojo-platform-channel-handle=2212 /prefetch:2
  2⤵
  PID:704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2476,i,4469719663496862811,7616787120676703883,262144 --variations-seed-version --mojo-platform-channel-handle=2624 /prefetch:8
  2⤵
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3452,i,4469719663496862811,7616787120676703883,262144 --variations-seed-version --mojo-platform-channel-handle=3548 /prefetch:1
  2⤵
  PID:2328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3444,i,4469719663496862811,7616787120676703883,262144 --variations-seed-version --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5028,i,4469719663496862811,7616787120676703883,262144 --variations-seed-version --mojo-platform-channel-handle=5088 /prefetch:8
  2⤵
  PID:2024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5036,i,4469719663496862811,7616787120676703883,262144 --variations-seed-version --mojo-platform-channel-handle=5096 /prefetch:8
  2⤵
  PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5512,i,4469719663496862811,7616787120676703883,262144 --variations-seed-version --mojo-platform-channel-handle=5532 /prefetch:8
  2⤵
  PID:3604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=5556,i,4469719663496862811,7616787120676703883,262144 --variations-seed-version --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5856,i,4469719663496862811,7616787120676703883,262144 --variations-seed-version --mojo-platform-channel-handle=5864 /prefetch:8
  2⤵
  PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5876,i,4469719663496862811,7616787120676703883,262144 --variations-seed-version --mojo-platform-channel-handle=5964 /prefetch:8
  2⤵
  PID:2992
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5968,i,4469719663496862811,7616787120676703883,262144 --variations-seed-version --mojo-platform-channel-handle=6396 /prefetch:8
  2⤵
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5968,i,4469719663496862811,7616787120676703883,262144 --variations-seed-version --mojo-platform-channel-handle=6396 /prefetch:8
  2⤵
  PID:3796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --always-read-main-dll --field-trial-handle=4812,i,4469719663496862811,7616787120676703883,262144 --variations-seed-version --mojo-platform-channel-handle=6436 /prefetch:1
  2⤵
  PID:6028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=704,i,4469719663496862811,7616787120676703883,262144 --variations-seed-version --mojo-platform-channel-handle=6852 /prefetch:8
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6840,i,4469719663496862811,7616787120676703883,262144 --variations-seed-version --mojo-platform-channel-handle=6760 /prefetch:8
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6816,i,4469719663496862811,7616787120676703883,262144 --variations-seed-version --mojo-platform-channel-handle=6892 /prefetch:8
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6604,i,4469719663496862811,7616787120676703883,262144 --variations-seed-version --mojo-platform-channel-handle=6232 /prefetch:8
  2⤵
  PID:5820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --always-read-main-dll --field-trial-handle=5308,i,4469719663496862811,7616787120676703883,262144 --variations-seed-version --mojo-platform-channel-handle=6880 /prefetch:1
  2⤵
  PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --always-read-main-dll --field-trial-handle=7080,i,4469719663496862811,7616787120676703883,262144 --variations-seed-version --mojo-platform-channel-handle=7088 /prefetch:1
  2⤵
  PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7016,i,4469719663496862811,7616787120676703883,262144 --variations-seed-version --mojo-platform-channel-handle=6088 /prefetch:8
  2⤵
  PID:5916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5708,i,4469719663496862811,7616787120676703883,262144 --variations-seed-version --mojo-platform-channel-handle=5748 /prefetch:8
  2⤵
  PID:5196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6872,i,4469719663496862811,7616787120676703883,262144 --variations-seed-version --mojo-platform-channel-handle=5740 /prefetch:8
  2⤵
  PID:4808

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4848

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:2564

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping3544_1559320938\manifest.fingerprint

Filesize
66B

MD5
496b05677135db1c74d82f948538c21c

SHA1
e736e675ca5195b5fc16e59fb7de582437fb9f9a

SHA256
df55a9464ee22a0f860c0f3b4a75ec62471d37b4d8cb7a0e460eef98cb83ebe7

SHA512
8bd1b683e24a8c8c03b0bc041288296448f799a6f431bacbd62cb33e621672991141c7151d9424ad60ab65a7a6a30298243b8b71d281f9e99b8abb79fe16bd3c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3544_1559320938\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
65044109d1beb8ed8d59560642cbc519

SHA1
0084485b0aa26069232fab51ee603682e8edfd17

SHA256
a1e0b448218678b30356cbbe4092ea091435e7450822a9748361b6e8b198962d

SHA512
96dcc68fe92f98c4329a8335cfffdb0849a52562431045ccc42076bda0abf3842491303fb669246bfd04e64113688d3f90000a09571dd76ff84b52e34e45f9b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
d835dc94eba092ae7d0ca26bbc9805bd

SHA1
6a32acf3142a4730f996e2b3a8fe8d7c74be023f

SHA256
aab5aa05ca8ff28dc821bbef2a197f117f0ab5fff71ae88c6461378f4c9750f3

SHA512
da0226e7ef537a77e37618c7aa98f3b8d4327c3fe7f23048a2549515accdaa31c5c873b0f6a6388206be57e05420acae4ceec2ac7e6a8eb2ee03c59b574a6951

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
36b7349526eb6bbf54fca53e6563a1a4

SHA1
e671a3d126c65b469fbce027ae76ed76dd99aac5

SHA256
ebd6c0d421bf2782bf496c3a9063aaab10af374a439e315465a90c692884916b

SHA512
1902fa73e1b39f296476dda02557580925910f6f4fd6b0760d6b338e62a21662c278a123100ff3ac01ccb28a53ae311a7dc6da9feade7ced9daac4405764192a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe586c03.TMP

Filesize
3KB

MD5
00a0f1c095e5206579ff635048dc02c8

SHA1
8820bcccc91f0a9c15b2936a2e9a7010f22e05fb

SHA256
3366a8f99bdc97ffdcede18788a1205ecb0a6c7109963fcb3c261e06c0829e01

SHA512
0206753f20946b358d59130ba359e2e7b311cd8950c989dc9e1960b8920b1ac2b1d4d477b76e5e2806b7fd23e2278a9d7de12894c9731815ddd349035d1e8e80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
2b66d93c82a06797cdfd9df96a09e74a

SHA1
5f7eb526ee8a0c519b5d86c845fea8afd15b0c28

SHA256
d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954

SHA512
95e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\LOG

Filesize
343B

MD5
86f8fadb27b73635f570bf20710f4164

SHA1
ee02a063030e5781131598f0e06d9d3c4b0c83c8

SHA256
dab1e5e0e4c8ed62165a0610f7123d7d6ef404410b4bb41215627fc4e4dec4b1

SHA512
091ff4c4efe28ec4c359ea68380c4cd2bd61838cd51af9cf2a5c81370d3197abd1cf91c4c28bd66e4bee85c6b230bfaef23febe8f3216bc28feb2853563c7dbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
19ca6bb584ab67f23649128e62921b33

SHA1
ecb6492058e6bb26057de2566267bcd51f73ec7d

SHA256
d955aa659e75c6e9b2cee952cd99d16bc3794afa2e20833d70120e264b89fdd7

SHA512
e586cf94cd396a5d06efc6556dab5aa82e5320f23e038d3fa7db0a0b7dba1ccce751de7240d91fcbcb15f8635d600d9093256d5cb5408c2f1d5cf08e1f513639

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
209B

MD5
83244501e5cc3afd67f5e576e97b4680

SHA1
9d86c92505a74dbb6e32f7ab52e13fdd57c1fd68

SHA256
2772cc48fe24930fad11ffec64a1535b14c7edd8bd5c691417cb6c696816095f

SHA512
cabb66d44f3bf9f7140dcabaa98a7337d8f9c1cb5d26b776b8135cdf39a9d90b7a29310346d5019a6f94e9bc14d71033ccddbce593eadf60dc63d1d5c8829878

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
2203cefd6d323e5a4eef908f07dfa0ae

SHA1
63a5fb87590dc35d4025f06de6911d64c933e866

SHA256
d3d65626b33bff54c589f191e70241a5494147feebc95b461e5df523e31776b1

SHA512
f43bfb968a69c47704cdf71857addb9f5e1e378e57239bd0d2121410981f32e0ebd0c39f0117b94663e229b1a5f4d623800e05167fc9ba10db8e971353cec529

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
18da721124704479d087d69f2206b772

SHA1
ee47acb083dce600b52e8afb2535188f9218ad0a

SHA256
a8bc18280ccd9186901d63a732ee976e06e905fd4eccb22ca27f82eaebf751e5

SHA512
4e88121405d765361b25dbf53f2afb26a6386ccb0ba7c34514d5738310489795535d3dd45df76e1f5bdad86b6e173ec24b0434180a12c4018ded01f550ff97bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
5928bfa7068c24a9077cb3471664f937

SHA1
8a1f8d3538d7984cf59082c3a8822d714c784b37

SHA256
a1dd65cfc464a1c023e113dca7df383c3774c090acae3f744a729f81a84505d0

SHA512
42527828980f16a2cb6dd4e43492ac1bcdfd3d74014553e0bde64c52bf267ccf5dd599b1f41b925e5effc2ecb8d34d4ee01c8777d76572dc010bfea2215b998b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
f11abf9b0ae7009b4102374dc27fc5b0

SHA1
05eb7acc4af84d872a4857f0e7de037c7ff77b78

SHA256
72d15de8fd5648bb388b3195a2403b33a9f0a37b64d1f32937a45d04e78e56c7

SHA512
428626d14cfa9c756334245c7725eb3527b134a56f4754e3a7e11f75fea2fe511500f8013010dc1b19067b7d9cf427557345cace6de3cca85e1738fe5a5b6a46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\0664cb19-ad22-4ed4-b2cd-7c7d2d8a1310\index-dir\the-real-index

Filesize
72B

MD5
18d075ac961e4bdbebfba6a2bab3ba59

SHA1
bc9dc2e86efc6189174b17081534f2264c4d4dd9

SHA256
2556e2fea89be4f93effb5d759b8d4727cd8d9c564a0c094a9d8de20ed207896

SHA512
54fbf2977067dcb3602508cb8ba378fbf6db18e8bb90cab2d28d1f90fe4b5e1cef7b7b5b2b7c764e5436252f7955226eeac06b0e51b7e2ceb0e22a2689e5aeae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\0664cb19-ad22-4ed4-b2cd-7c7d2d8a1310\index-dir\the-real-index~RFe585186.TMP

Filesize
72B

MD5
e753d3e453e6cd8317c553e62db8ea73

SHA1
c641a664f2e0b628a8dea5dba547937cad248b1e

SHA256
1dc01d930aad8c16fcde09e1997ff3c17679347c66613e1ae58f4f065275b72b

SHA512
b13f706534c77ae67e16f5d3264149aa0da50d441025c6edcb7f9c9f2794771a69e08d2dd81d21c5c0ca52d0b446ec4877a7c7b68dafdcfd59532dec474d8173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\494fcfc7-dca0-43e8-b58e-e4e62243c5c0\index-dir\the-real-index

Filesize
96B

MD5
a30155ebba70da6d4d05f4d46635373e

SHA1
43679712c0b6833de0654a588ff7f016d9cc6074

SHA256
8aa897acfa68bc984abdd2fff9b5cc4b40bdf93733f57eca8eee1017fdbb5453

SHA512
ef14fa8b432446fd9572807a061abbfca749db40d25526f56c0cf99cc5e0f1dc67725ae890aa3a4caee81ee922e08ed961e3c7b5c9f9439a1bf45a483f750c1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\494fcfc7-dca0-43e8-b58e-e4e62243c5c0\index-dir\the-real-index~RFe585d6d.TMP

Filesize
48B

MD5
05c13458c2c1a2d8d324abf335c7b3d8

SHA1
1c4cc0701dcb6017168a1dc005d6b8c752bd3b35

SHA256
692e3b0efe906de87968e222d5bc7ef9a515bbe99ac0a8e231c0f1d3cbdb9184

SHA512
4510f4021865f251ffcb6757e86a463ec5e8f69031fd2bbad5983c69f314502e12574b737d691ce79893832264442737aedec52ff84b66de42e7eecb42c2dd27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\b063b10c-aa74-40e9-8097-2e7a6b21975e\index-dir\the-real-index

Filesize
2KB

MD5
dd9c1ab987144b65c2304133f088a59a

SHA1
ec297170cdf4317483e19f15d48f6fe67441c58a

SHA256
0b3ba6ebb30836030d4f16f66262ab218bc6cfe50a02db86cac617ac00c11fbf

SHA512
8295cd8603ca18aac7e3a4d07ed30af649aaec49802c7a2fd28bc0bfae913c5090cfef234f852672ad1e58fa5b8e657cb7245b63027a35774adb4b2b8b78092d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\b063b10c-aa74-40e9-8097-2e7a6b21975e\index-dir\the-real-index~RFe587191.TMP

Filesize
2KB

MD5
2c4613e5bbf1337843ccd62c223ef913

SHA1
1e60b5312fbdaccb45d0fe60436344ed6b8dc8ea

SHA256
f524af1d33e4aea59a689af3851f6f408484cf22523ada6815e967ea9a980280

SHA512
3d4679d4d5879a58fe726788fe4ad38b4add9e2a07bc132796a60ec818865889794c989a6843b45ba2aad8cd8aac72e4c32e6c1efb3b1c1f7b86ef6636bdb80d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\b90a9dce-b22a-4b5b-8760-65ac93bf0dcf\index-dir\the-real-index

Filesize
72B

MD5
8fcd015089693adf94b0d77ac6a3d418

SHA1
cd6f0f03717e63f6053035bb80a32dad3a87efd2

SHA256
495da57c27d14b6211aae3f04416819419041ddc9514721e8df0d452495d1c5a

SHA512
b6e86ab957c77cdfc6acfbdfe7011c9d686abd92429ef598a88c8cb6bfe0a01a746ea06a44d4a8867e1f07e4cbea023cf7e536492d5a3a81c56a08f0e4d781f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
322B

MD5
398fbeedc0528173ff21467f8cf14059

SHA1
a0c12a451ca8175ca78f5c5e64f55d24eaf68f77

SHA256
e924fb758ad5061f860de21d5e3880539b708a3b86dbbfe2ec7d58aca45c5a0f

SHA512
0e82c723327b1436ab8b3a5634b9ed862be917b15d25398f7d95d9b0279b4192bb1695a408b1ec4424aedbdbba9c80793c9f173c7b6a54e2095abedad5f682a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
327B

MD5
7f1ce18f11167968f5da81e0fdd53e6d

SHA1
c64ede079e843dcb6cb43eb79f2bab54f366a17f

SHA256
d74433254451dde29f278d09f87310dd7fe161b5e8e1a779592b1accc9df1ab3

SHA512
3b71a71a99555bdfbeaa2862c741f2327ed4bf1ef3444f4cb5755deb3894085ac52bc60779d6041cb9a096f4a047077a10976083ccaf37b59a757cf7405c95b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
0f5452f9bd52d523d80ebb8afb93dbb6

SHA1
58a3b62789b0b0cef68b689b82653fad822bf058

SHA256
5877f09bff367c44686074c0228a74adc65e1f4fe0363f61273912d961a3a10b

SHA512
62cd8c9db5fe15aada86a5c1df5d8ab260a9a3b59326c8ca30c8c4a771ba0e3b980149f97d7014649848c7a27f9f135492f2ead7be2fd4e2bdba01334a3b047b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe586d4b.TMP

Filesize
72B

MD5
8bd4a0addb5ec1257bd3fa9cd1f05b77

SHA1
3596cc3d938d2105ac852055604deac5059adf3c

SHA256
7320470e0c44339c3e8b0b333d427d362835aaad057d3cbdee2dc39f4fdbc7ba

SHA512
78d3c5c15b1f6e76861ee4867c9773122a5e1e1ca72fd2753095aaa96f66d790bd74be73818c1656d069b6ec3758e82f928ac4bb03f4074d8cfa0f9de7766adf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
23KB

MD5
14c76ff68df05836b587edb29eddf9b6

SHA1
78646a80c22aad01cc7bcd2c56edcf063f812421

SHA256
d4daa742fca49da86987e92a4f6917bd1814c72ecf898cfb44298eea5b32077a

SHA512
02677ba946ed5cf0d7fade32ee3c78705dfc18341065183354beae871118cb6dec0373451c29a32aa4db14bbed896bf4094c25e2362dde2714bfc3ecdc36047c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
469B

MD5
e0f572131897784e645cbff9d7659fd7

SHA1
b5aba80e1f50ef55747caed82710ca190b9e403b

SHA256
e39fad7379f82922ed6aa9968cd970d231cd344957116695e7163a6b7a1cae04

SHA512
661e703ded0b630e04ef10bf28851d429e07ebc92f67ae3fd4a30b84e709f566904adb28fe5bf7585b66dd710113143b4e698c987e2d8ec9468cd13cf53d8ab9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
4d6e86406fa1e3990c94db03bf86cc46

SHA1
046e6d78800ff60fd4114127bf27d75665ec5cce

SHA256
8fa4d5247e262aec9aacac64a1064a3d7d22a357b25c074b2598e45212d41193

SHA512
ab6ae063cfacd2f61221cee573ca91d448ffb9d3c8e35ddf2ca1ad222f0449a5fe8e4f052d1da51ea7f5c905a4f66b6f49799e75007cd2c177063eadb1678106

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
904B

MD5
3678d5bc4c5ef24fc0c828363297007e

SHA1
abb7febc8df9adfe34117c9c4b56d694beb16de8

SHA256
1fcb7f5723c15d64227e1e5ce986f82f2fdeae85ae997de201deaeb818d00e92

SHA512
df9e916a3e003eb1355298d493c4dd61005b37f712349023d37ef4ebd95bd03ddb65ed7fae709dbca31ae68b1577efde7aefba853c6ffeb92428f8fcdfb27e88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
907d512c5b24b16c5dcd9d701be25b03

SHA1
c3c2c3f43a099b9d0d05a39c07419e3cbcfe7cd0

SHA256
90fe708d0c4970b4e7aff7d6d694f0bf757868023d9cd2dbba60e1f016bebeee

SHA512
ae3f55d4c2212b3d828b8b2e9738f51290f5d261363cf6d36bb32f5d518fd6f2c8b17d19ca107d52d3b11dfdcfabfd6d138588dc2f6317438678986bfe786502

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
3ed67a817a987caf37c5ea19db0c5371

SHA1
a31e16212b27ec71c89dad32b718f9ddb897cc35

SHA256
7bbe1e9d9f1cb90cbec1da8e507df25990c14f616ba577bd4172ef9e8935c688

SHA512
55fa72b1bab68fb5845981f127b878eb5b6507494f399d41f51d88127539fe59e9bc1cccfda214151ec4ee6c44ca0645f5c50874cc819595b1fad4ed97558b5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
12f8385e369242a1fcdc1157397b01a0

SHA1
f005b4afd0c80b99e3254b77aba7c88c67ddee3b

SHA256
0bd88149cd9a758eddabf493959484afd597992333f81af1939398a117d99fb4

SHA512
9bc73f30a4a0f269c49d729e86a9e5fd2621f7419b12de0287aa972e3b42548337f52d6926c61943a03066075ebdf91b62717a03d6cdd1044981cc01612390b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
220ad8c3ee3e4d9767998ecae7b308df

SHA1
b6eb697718d19d97dea1fcd82471fcb60638c2c7

SHA256
91f64a8fa40f7e36f69f34a71a46e5148526cf56e770d6f715996d2f43db95ba

SHA512
b639a1b4cfc72bcd84822f333521a3ab4343ae7fca0cd8f6ce0392f8ccd86b159dd63a0ab425fa6ebd23588f5e29a2bf0450f59de1eb10a267b018dcd2a37c19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
85acfb507b26063fd6ec4395218dac3c

SHA1
7ca867292707b57d6ff663c8fb87d9340b9f4b5b

SHA256
407122bbf30b462e5d0a8764371492a952395f910f34246c2d7fe56016663d03

SHA512
7b79d911c9a55b987299378568af25c0a23b6c2318463a7a7d0b3bedaa5bb1989a0de0d5d3d931269a1ad516a99b4930b351132621d70de814c940f342754a2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
50KB

MD5
b34d7aa246afec69c514b8186b2b123e

SHA1
ac971d8085cf8c6344506d3e236c0e5b07b395de

SHA256
ec87356491e2bd48ff43f149bc7af8731baa96a8011502caf406ad25d051ba84

SHA512
f5963b45402f921c1331c26b723a1028fbdd83e8e38c9640b06e1aa69bcffccad129f34e65db5a476074578066a68a2536b5a8f618e5e1bd511e97d9d80ddc47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
3d6edef07f1e4939820a6eafeb179469

SHA1
ed98af19c20bf13e23a0b3f1202e41fc924b4c53

SHA256
81ad14d5e5290a318f291b937c20fc173210d0bf014a7710adfb6d6473dff2cb

SHA512
0d2a05b50c36b41f1e6cc1f609c68b63e03847cecb7b40a4b1ac82f6e120662834cf5eecc1acf3fd856554b2212dedc26b9a3c6bf884020d594d27b20802c258

Download Submit
C:\Users\Admin\Downloads\Ultima Multihack V3.55.rar.crdownload

Filesize
1.1MB

MD5
68b8f86e2ce3738414443a3b816c9bc7

SHA1
798b2571f4d75bdfd0b32571963893c6df13d739

SHA256
c28379b8019cbe79d6b88d061e9097acd76c919f374acae53beec493c001289d

SHA512
09e000338d1ff3b5a9e2b54684adf966434aa2f4f8f2678a2c5ffbe8a0cadb14d9b05e3a41376eb4dce0c6e723496a00be96344cb5dd32ae913e53cc0befb0e7

Download Submit