952a0c261f263416f2dde7896b526539bbad9fa81ba382f7fbd0628b9a18c3a2

Analysis

max time kernel
257s
max time network
305s
platform
windows10-2004_x64
resource
win10v2004-20230703-es
resource tags

arch:x64arch:x86image:win10v2004-20230703-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
08/07/2023, 17:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

launcherfull-shiginima-v4300.exe
Size

5.4MB
MD5

3e1ad25616e2d1435fc938fc4fb0cf79
SHA1

48baffa8089e4b29fa9acacde0ef4e82a6f28771
SHA256

952a0c261f263416f2dde7896b526539bbad9fa81ba382f7fbd0628b9a18c3a2
SHA512

f165a25062fcc5e8f5b69fd7db2f97668d88ff236a509120a8cfd78befc45e3777f27030654bfc624a4b54da12152225f61c05ac945ef37cbf0451751f0b995d
SSDEEP

98304:Y2LidbOU72RGEaRja98Xq1N/dIFbpeK0TLzE9XuS5tSXylo/LHz0k:HSbOU72naja9HYFlz0TLzE9Xgym/LHQk

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5104	msedge.exe
5104	msedge.exe
3408	msedge.exe
3408	msedge.exe
4388	msedge.exe
4388	msedge.exe
3724	msedge.exe
3724	msedge.exe
3724	msedge.exe
3724	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2688	javaw.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2288 wrote to memory of 2688	2288	launcherfull-shiginima-v4300.exe	86
PID 2288 wrote to memory of 2688	2288	launcherfull-shiginima-v4300.exe	86
PID 3408 wrote to memory of 3952	3408	msedge.exe	91
PID 3408 wrote to memory of 3952	3408	msedge.exe	91
PID 1696 wrote to memory of 2184	1696	msedge.exe	95
PID 3408 wrote to memory of 1088	3408	msedge.exe	96
PID 3408 wrote to memory of 1088	3408	msedge.exe	96
PID 1696 wrote to memory of 2184	1696	msedge.exe	95
PID 3408 wrote to memory of 1088	3408	msedge.exe	96
PID 3408 wrote to memory of 1088	3408	msedge.exe	96
PID 3408 wrote to memory of 1088	3408	msedge.exe	96
PID 3408 wrote to memory of 1088	3408	msedge.exe	96
PID 3408 wrote to memory of 1088	3408	msedge.exe	96
PID 3408 wrote to memory of 1088	3408	msedge.exe	96
PID 3408 wrote to memory of 1088	3408	msedge.exe	96
PID 3408 wrote to memory of 1088	3408	msedge.exe	96
PID 3408 wrote to memory of 1088	3408	msedge.exe	96
PID 3408 wrote to memory of 1088	3408	msedge.exe	96
PID 3408 wrote to memory of 1088	3408	msedge.exe	96
PID 3408 wrote to memory of 1088	3408	msedge.exe	96
PID 3408 wrote to memory of 1088	3408	msedge.exe	96
PID 3408 wrote to memory of 1088	3408	msedge.exe	96
PID 3408 wrote to memory of 1088	3408	msedge.exe	96
PID 3408 wrote to memory of 1088	3408	msedge.exe	96
PID 3408 wrote to memory of 1088	3408	msedge.exe	96
PID 3408 wrote to memory of 1088	3408	msedge.exe	96
PID 3408 wrote to memory of 1088	3408	msedge.exe	96
PID 3408 wrote to memory of 1088	3408	msedge.exe	96
PID 3408 wrote to memory of 1088	3408	msedge.exe	96
PID 3408 wrote to memory of 1088	3408	msedge.exe	96
PID 3408 wrote to memory of 1088	3408	msedge.exe	96
PID 3408 wrote to memory of 1088	3408	msedge.exe	96
PID 3408 wrote to memory of 1088	3408	msedge.exe	96
PID 3408 wrote to memory of 1088	3408	msedge.exe	96
PID 3408 wrote to memory of 1088	3408	msedge.exe	96
PID 3408 wrote to memory of 1088	3408	msedge.exe	96
PID 3408 wrote to memory of 1088	3408	msedge.exe	96
PID 3408 wrote to memory of 1088	3408	msedge.exe	96
PID 3408 wrote to memory of 1088	3408	msedge.exe	96
PID 3408 wrote to memory of 1088	3408	msedge.exe	96
PID 3408 wrote to memory of 1088	3408	msedge.exe	96
PID 3408 wrote to memory of 1088	3408	msedge.exe	96
PID 3408 wrote to memory of 1088	3408	msedge.exe	96
PID 3408 wrote to memory of 1088	3408	msedge.exe	96
PID 3408 wrote to memory of 1088	3408	msedge.exe	96
PID 3408 wrote to memory of 1088	3408	msedge.exe	96
PID 3408 wrote to memory of 5104	3408	msedge.exe	97
PID 3408 wrote to memory of 5104	3408	msedge.exe	97
PID 3408 wrote to memory of 3832	3408	msedge.exe	98
PID 3408 wrote to memory of 3832	3408	msedge.exe	98
PID 3408 wrote to memory of 3832	3408	msedge.exe	98
PID 3408 wrote to memory of 3832	3408	msedge.exe	98
PID 3408 wrote to memory of 3832	3408	msedge.exe	98
PID 3408 wrote to memory of 3832	3408	msedge.exe	98
PID 3408 wrote to memory of 3832	3408	msedge.exe	98
PID 3408 wrote to memory of 3832	3408	msedge.exe	98
PID 3408 wrote to memory of 3832	3408	msedge.exe	98
PID 3408 wrote to memory of 3832	3408	msedge.exe	98
PID 3408 wrote to memory of 3832	3408	msedge.exe	98
PID 3408 wrote to memory of 3832	3408	msedge.exe	98
PID 3408 wrote to memory of 3832	3408	msedge.exe	98
PID 3408 wrote to memory of 3832	3408	msedge.exe	98
PID 3408 wrote to memory of 3832	3408	msedge.exe	98
PID 3408 wrote to memory of 3832	3408	msedge.exe	98

C:\Users\Admin\AppData\Local\Temp\launcherfull-shiginima-v4300.exe
"C:\Users\Admin\AppData\Local\Temp\launcherfull-shiginima-v4300.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2288
- C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
  "C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -classpath "C:\Users\Admin\AppData\Local\Temp\launcherfull-shiginima-v4300.exe" net.mc.main.Main
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0x11c,0x12c,0x7ffb1fdf46f8,0x7ffb1fdf4708,0x7ffb1fdf4718
  2⤵
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1980,17247035928645921611,4890795792417997434,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1976 /prefetch:2
  2⤵
  PID:1088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1980,17247035928645921611,4890795792417997434,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=1152 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1980,17247035928645921611,4890795792417997434,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,17247035928645921611,4890795792417997434,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
  2⤵
  PID:2504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,17247035928645921611,4890795792417997434,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1
  2⤵
  PID:3276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1980,17247035928645921611,4890795792417997434,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=3204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1980,17247035928645921611,4890795792417997434,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3988 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1980,17247035928645921611,4890795792417997434,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=3944 /prefetch:3
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,17247035928645921611,4890795792417997434,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4528 /prefetch:1
  2⤵
  PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,17247035928645921611,4890795792417997434,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,17247035928645921611,4890795792417997434,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,17247035928645921611,4890795792417997434,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,17247035928645921611,4890795792417997434,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1980,17247035928645921611,4890795792417997434,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=4184 /prefetch:8
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1980,17247035928645921611,4890795792417997434,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=4184 /prefetch:8
  2⤵
  PID:3240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Suspicious use of WriteProcessMemory
PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb1fdf46f8,0x7ffb1fdf4708,0x7ffb1fdf4718
  2⤵
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1960,8672385232237927644,17553553523587021581,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1972 /prefetch:2
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1960,8672385232237927644,17553553523587021581,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2092 /prefetch:3
  2⤵
  PID:4532

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2784

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:880

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4616

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3423d7e71b832850019e032730997f69

SHA1
bbc91ba3960fb8f7f2d5a190e6585010675d9061

SHA256
53770e40359b9738d8898520d7e4a57c28498edddbadf76ec4a599837aa0c649

SHA512
03d5fee4152300d6c5e9f72c059955c944c7e6d207e433e9fdd693639e63ea699a01696d7bbf56d2033fd52ad260c9ae36a2c5c888112d81bf7e04a3f273e65d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3423d7e71b832850019e032730997f69

SHA1
bbc91ba3960fb8f7f2d5a190e6585010675d9061

SHA256
53770e40359b9738d8898520d7e4a57c28498edddbadf76ec4a599837aa0c649

SHA512
03d5fee4152300d6c5e9f72c059955c944c7e6d207e433e9fdd693639e63ea699a01696d7bbf56d2033fd52ad260c9ae36a2c5c888112d81bf7e04a3f273e65d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3423d7e71b832850019e032730997f69

SHA1
bbc91ba3960fb8f7f2d5a190e6585010675d9061

SHA256
53770e40359b9738d8898520d7e4a57c28498edddbadf76ec4a599837aa0c649

SHA512
03d5fee4152300d6c5e9f72c059955c944c7e6d207e433e9fdd693639e63ea699a01696d7bbf56d2033fd52ad260c9ae36a2c5c888112d81bf7e04a3f273e65d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3423d7e71b832850019e032730997f69

SHA1
bbc91ba3960fb8f7f2d5a190e6585010675d9061

SHA256
53770e40359b9738d8898520d7e4a57c28498edddbadf76ec4a599837aa0c649

SHA512
03d5fee4152300d6c5e9f72c059955c944c7e6d207e433e9fdd693639e63ea699a01696d7bbf56d2033fd52ad260c9ae36a2c5c888112d81bf7e04a3f273e65d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3423d7e71b832850019e032730997f69

SHA1
bbc91ba3960fb8f7f2d5a190e6585010675d9061

SHA256
53770e40359b9738d8898520d7e4a57c28498edddbadf76ec4a599837aa0c649

SHA512
03d5fee4152300d6c5e9f72c059955c944c7e6d207e433e9fdd693639e63ea699a01696d7bbf56d2033fd52ad260c9ae36a2c5c888112d81bf7e04a3f273e65d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\60daed57-4746-4deb-a314-364fa4c8b4da.tmp

Filesize
5KB

MD5
9f3285cd3ea41d2862a39de2054e6db8

SHA1
a189b2904fc4ca9d720afab48d624a18e15a8b67

SHA256
be7b3408025cc06119105fe11962d2090da1039886d316f69c5ae53bb1d82fd1

SHA512
f3d4e2d5a1ceddb1338e1f2283f2cab972c8fce23d1671a22f62b5b488b17a264c001b87c02527e41339deab7e9a17a7a8c74f482bc01f09f6f17ebd1df0c3a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d7b411ae40a387bd9adee1a61a7e5bd0

SHA1
af2972507568f76233529e0a4cbed96cca4c662a

SHA256
9f4e4f8634f69c0e392d0d794e98c0e31b12372bd0e06e27dc94689e8a4d8801

SHA512
ea9c612b3887d07fad1b6a24c85b4b79946719bbc883a71115b74bf553fe6ebe06efe6b7c9ce29867cc03670e85b8bd7ad75c9d9ce0acc64050c41152efe94da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
04bf0ef04fe55c69466061ce37e052ab

SHA1
a62e7c19df60bbe0f9e2c3990fe6bc54284020bb

SHA256
f2aa674173a2c694cfb43ef5b14c11189df783dad28dcdc7a14f1aa9bf27c325

SHA512
7c701bc1a6597802c420ac533c22dacbc42f6248d46fc6d222b2fd26516c5e43fbfda9f0e35d3766a7c109ba41d4f923bd7355ea75134c784f404e76b03c1cd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
0e78f9a3ece93ae9434c64ea2bff51dc

SHA1
a0e4c75fe32417fe2df705987df5817326e1b3b9

SHA256
5c8ce4455f2a3e5f36f30e7100f85bdd5e44336a8312278769f89f68b8d60e68

SHA512
9d1686f0b38e3326ad036c8b218b61428204910f586dccf8b62ecbed09190f7664a719a89a6fbc0ecb429aecf5dd0ec06de44be3a1510369e427bde0626fd51d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
6d2afd8a779ed68b30d76a6cd03e89b5

SHA1
ff698ea116a39242cdf6d7c5ea9a066d2ddd5479

SHA256
eebc39d1d771397e22a384e1126bd6c9fd6cf331467b441ded0d12a34b5dad78

SHA512
12b63253e748ee168c0d69f6b4aa9ae3e1080bc5ab23695a0e7b29e431e68b1a436ab56ce78cf486258bf47cdbb698c891d8e9de0fb98d47a31292c4c532ed50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
12f062786b542a7fe1cb966d5d864841

SHA1
2e082914f0282af938c821ac463034e1da9b11bc

SHA256
c2dc0b2abf86e44d57f785c8a60e0bd935fa14528cacb0df3ab26ad7ef78588c

SHA512
cb906998acca15c267fa62cceb76d22c075d18de3ba74919a389a880b0f5d23e3cdbe60e77ab00f9c6cdae2282209e21639d6aee9559d216d11d159cf2795946

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
f0442276e000e0f919600ddffaecf625

SHA1
fa8abc9dfc543dca7fe5d6020bda95992eaa009f

SHA256
7cd903ac6c7b8bd3ef27113a45d7b2eadc34d3e5d213e0890f20f12be99829b4

SHA512
2b08c4b7755a66b3da8b4677bf6ef0b45dc0b4e21fe946382247e88cc4a1747d67ff8174e3923b5130465a5c4d1fee248eecba215dd8d34ad9cd89c863dcebe7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
559d31c0b1e19b41302b0113a80e14d0

SHA1
8c6dd7d15d0b24651aac8bd9212bef01053832b2

SHA256
c42944fbbba231e900f71667d32e75e56bdeb78ff156b851d00d09ab086786c3

SHA512
a1ea25caa79d11e1960d59bce122824ee4e583fb08d8c6e1e3104428802cc322f792da36837e27cb286d635118c94774fc253b3ea6839277930140d99f7dbb2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
f0442276e000e0f919600ddffaecf625

SHA1
fa8abc9dfc543dca7fe5d6020bda95992eaa009f

SHA256
7cd903ac6c7b8bd3ef27113a45d7b2eadc34d3e5d213e0890f20f12be99829b4

SHA512
2b08c4b7755a66b3da8b4677bf6ef0b45dc0b4e21fe946382247e88cc4a1747d67ff8174e3923b5130465a5c4d1fee248eecba215dd8d34ad9cd89c863dcebe7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
88826f664fb2a3a1b7b5d4e672c3771a

SHA1
e56af82a93a37a10cfb5b2131092348db803712d

SHA256
e9f10391e2a6189501f4c241e1e417b3f9c25f6f2517fd33f221e76086f5b4b7

SHA512
59c0522ed28b7d27c34249682370c44cdb03efdbed2f8ab25bd06dc531deb61d56509ff36b83ea5eafab7cb223f9627aa564a7a4eab778ab4558bedfee2e2b59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
4KB

MD5
dad86cf412b592eee28b3370d34fbb0f

SHA1
452fdbdbfe65d723403167399bdb355d622270ac

SHA256
37c8be17e9f63157b985daf0050d4f2ec70ccac881e57a61a9f5ba08ef891970

SHA512
df2200f3e118b44d9ff9c77df430b08f62f0f2cc1a0628d81d78c9f8d3b53254157a9cf89c7d3a60864089c002f323f551b65909dc2e72c44ef1664c08a7e369

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
4KB

MD5
dad86cf412b592eee28b3370d34fbb0f

SHA1
452fdbdbfe65d723403167399bdb355d622270ac

SHA256
37c8be17e9f63157b985daf0050d4f2ec70ccac881e57a61a9f5ba08ef891970

SHA512
df2200f3e118b44d9ff9c77df430b08f62f0f2cc1a0628d81d78c9f8d3b53254157a9cf89c7d3a60864089c002f323f551b65909dc2e72c44ef1664c08a7e369

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ad7df0f1-814d-4d24-81ef-38f71f534094.tmp

Filesize
3KB

MD5
dc5b5d83ba9efcb728926950446fea59

SHA1
c007ff406b9303d33bc42e159c5bad6b13b2f296

SHA256
750bffcdd2d3eaf095595546bbf80eb0c0859b4e9af73d3204a0257cf597be50

SHA512
a977460f9f5b3745846118b3b00b2b81af90a5eea6c993317c832405c32562086b596feba7d5f9772db67e9bd8e98c9a16cf86cda462480e3b535681a8171206

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\shig.inima

Filesize
139B

MD5
571cc0288e3f5db4c85ae85dcd1c64ce

SHA1
181bbac9970e40769a089666de6555a51f5718d4

SHA256
36ed29282e1d008064f2c06952eddabdf7c73b58e2bc5215a497ac4541be6553

SHA512
16b64e01c673e8541f3b4a85c19cb5d922e6dfce772b06ca4dd0710b60e3d9e0ba4d3a34cdf19e655bd27feec6adfe7b90b355afd5193f792de4db846e112b50

Download Submit
memory/2288-141-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2688-328-0x0000000000930000-0x0000000000931000-memory.dmp

Filesize
4KB

Download
memory/2688-206-0x0000000000930000-0x0000000000931000-memory.dmp

Filesize
4KB

Download
memory/2688-150-0x0000000000930000-0x0000000000931000-memory.dmp

Filesize
4KB

Download
memory/2688-182-0x0000000000930000-0x0000000000931000-memory.dmp

Filesize
4KB

Download
memory/2688-198-0x0000000000930000-0x0000000000931000-memory.dmp

Filesize
4KB

Download
memory/2688-207-0x0000000000930000-0x0000000000931000-memory.dmp

Filesize
4KB

Download