eb8b2c7d51ca85de8962a91626b2bfdf3900185810ab80ff789b217471532728

Analysis

max time kernel
266s
max time network
250s
platform
windows10-2004_x64
resource
win10v2004-20230831-es
resource tags

arch:x64arch:x86image:win10v2004-20230831-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
02-09-2023 21:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

launcherfull-shiginima-v4300.exe
Size

5.4MB
MD5

3e1ad25616e2d1435fc938fc4fb0cf79
SHA1

48baffa8089e4b29fa9acacde0ef4e82a6f28771
SHA256

952a0c261f263416f2dde7896b526539bbad9fa81ba382f7fbd0628b9a18c3a2
SHA512

f165a25062fcc5e8f5b69fd7db2f97668d88ff236a509120a8cfd78befc45e3777f27030654bfc624a4b54da12152225f61c05ac945ef37cbf0451751f0b995d
SSDEEP

98304:Y2LidbOU72RGEaRja98Xq1N/dIFbpeK0TLzE9XuS5tSXylo/LHz0k:HSbOU72naja9HYFlz0TLzE9Xgym/LHQk

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2940	launcherfull-shiginima-v4400.exe
2304	launcherfull-shiginima-v4400.exe

Drops file in Program Files directory 12 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\ntdll.pdb	javaw.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2848203831-2014322062-3611574811-1000\{8C07891E-1ADC-46B4-8027-98C407D2387C}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2848203831-2014322062-3611574811-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
5024	msedge.exe
5024	msedge.exe
4488	msedge.exe
4488	msedge.exe
3872	identity_helper.exe
3872	identity_helper.exe
4504	msedge.exe
4504	msedge.exe
2284	msedge.exe
2284	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs

pid	Process
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: 33	4836	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4836	AUDIODG.EXE
Token: SeRestorePrivilege	3340	7zG.exe
Token: 35	3340	7zG.exe
Token: SeSecurityPrivilege	3340	7zG.exe
Token: SeSecurityPrivilege	3340	7zG.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
3340	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4044	javaw.exe
364	javaw.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3832 wrote to memory of 4044	3832	launcherfull-shiginima-v4300.exe	82
PID 3832 wrote to memory of 4044	3832	launcherfull-shiginima-v4300.exe	82
PID 4488 wrote to memory of 3204	4488	msedge.exe	86
PID 4488 wrote to memory of 3204	4488	msedge.exe	86
PID 4488 wrote to memory of 4784	4488	msedge.exe	89
PID 4488 wrote to memory of 4784	4488	msedge.exe	89
PID 4488 wrote to memory of 4784	4488	msedge.exe	89
PID 4488 wrote to memory of 4784	4488	msedge.exe	89
PID 4488 wrote to memory of 4784	4488	msedge.exe	89
PID 4488 wrote to memory of 4784	4488	msedge.exe	89
PID 4488 wrote to memory of 4784	4488	msedge.exe	89
PID 4488 wrote to memory of 4784	4488	msedge.exe	89
PID 4488 wrote to memory of 4784	4488	msedge.exe	89
PID 4488 wrote to memory of 4784	4488	msedge.exe	89
PID 4488 wrote to memory of 4784	4488	msedge.exe	89
PID 4488 wrote to memory of 4784	4488	msedge.exe	89
PID 4488 wrote to memory of 4784	4488	msedge.exe	89
PID 4488 wrote to memory of 4784	4488	msedge.exe	89
PID 4488 wrote to memory of 4784	4488	msedge.exe	89
PID 4488 wrote to memory of 4784	4488	msedge.exe	89
PID 4488 wrote to memory of 4784	4488	msedge.exe	89
PID 4488 wrote to memory of 4784	4488	msedge.exe	89
PID 4488 wrote to memory of 4784	4488	msedge.exe	89
PID 4488 wrote to memory of 4784	4488	msedge.exe	89
PID 4488 wrote to memory of 4784	4488	msedge.exe	89
PID 4488 wrote to memory of 4784	4488	msedge.exe	89
PID 4488 wrote to memory of 4784	4488	msedge.exe	89
PID 4488 wrote to memory of 4784	4488	msedge.exe	89
PID 4488 wrote to memory of 4784	4488	msedge.exe	89
PID 4488 wrote to memory of 4784	4488	msedge.exe	89
PID 4488 wrote to memory of 4784	4488	msedge.exe	89
PID 4488 wrote to memory of 4784	4488	msedge.exe	89
PID 4488 wrote to memory of 4784	4488	msedge.exe	89
PID 4488 wrote to memory of 4784	4488	msedge.exe	89
PID 4488 wrote to memory of 4784	4488	msedge.exe	89
PID 4488 wrote to memory of 4784	4488	msedge.exe	89
PID 4488 wrote to memory of 4784	4488	msedge.exe	89
PID 4488 wrote to memory of 4784	4488	msedge.exe	89
PID 4488 wrote to memory of 4784	4488	msedge.exe	89
PID 4488 wrote to memory of 4784	4488	msedge.exe	89
PID 4488 wrote to memory of 4784	4488	msedge.exe	89
PID 4488 wrote to memory of 4784	4488	msedge.exe	89
PID 4488 wrote to memory of 4784	4488	msedge.exe	89
PID 4488 wrote to memory of 4784	4488	msedge.exe	89
PID 4488 wrote to memory of 5024	4488	msedge.exe	90
PID 4488 wrote to memory of 5024	4488	msedge.exe	90
PID 4488 wrote to memory of 2060	4488	msedge.exe	91
PID 4488 wrote to memory of 2060	4488	msedge.exe	91
PID 4488 wrote to memory of 2060	4488	msedge.exe	91
PID 4488 wrote to memory of 2060	4488	msedge.exe	91
PID 4488 wrote to memory of 2060	4488	msedge.exe	91
PID 4488 wrote to memory of 2060	4488	msedge.exe	91
PID 4488 wrote to memory of 2060	4488	msedge.exe	91
PID 4488 wrote to memory of 2060	4488	msedge.exe	91
PID 4488 wrote to memory of 2060	4488	msedge.exe	91
PID 4488 wrote to memory of 2060	4488	msedge.exe	91
PID 4488 wrote to memory of 2060	4488	msedge.exe	91
PID 4488 wrote to memory of 2060	4488	msedge.exe	91
PID 4488 wrote to memory of 2060	4488	msedge.exe	91
PID 4488 wrote to memory of 2060	4488	msedge.exe	91
PID 4488 wrote to memory of 2060	4488	msedge.exe	91
PID 4488 wrote to memory of 2060	4488	msedge.exe	91
PID 4488 wrote to memory of 2060	4488	msedge.exe	91
PID 4488 wrote to memory of 2060	4488	msedge.exe	91

C:\Users\Admin\AppData\Local\Temp\launcherfull-shiginima-v4300.exe
"C:\Users\Admin\AppData\Local\Temp\launcherfull-shiginima-v4300.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3832
- C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
  "C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -classpath "C:\Users\Admin\AppData\Local\Temp\launcherfull-shiginima-v4300.exe" net.mc.main.Main
  2⤵
  - Drops file in Program Files directory
  - Suspicious use of SetWindowsHookEx
  PID:4044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd7bc146f8,0x7ffd7bc14708,0x7ffd7bc14718
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,16582984663853644012,13246718591335099010,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,16582984663853644012,13246718591335099010,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,16582984663853644012,13246718591335099010,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:2060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16582984663853644012,13246718591335099010,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16582984663853644012,13246718591335099010,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16582984663853644012,13246718591335099010,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16582984663853644012,13246718591335099010,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,16582984663853644012,13246718591335099010,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5184 /prefetch:8
  2⤵
  PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,16582984663853644012,13246718591335099010,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5184 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16582984663853644012,13246718591335099010,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16582984663853644012,13246718591335099010,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2164,16582984663853644012,13246718591335099010,131072 --lang=es --service-sandbox-type=audio --mojo-platform-channel-handle=4912 /prefetch:8
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2164,16582984663853644012,13246718591335099010,131072 --lang=es --service-sandbox-type=video_capture --mojo-platform-channel-handle=5152 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16582984663853644012,13246718591335099010,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16582984663853644012,13246718591335099010,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16582984663853644012,13246718591335099010,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16582984663853644012,13246718591335099010,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16582984663853644012,13246718591335099010,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:2684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16582984663853644012,13246718591335099010,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16582984663853644012,13246718591335099010,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7044 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16582984663853644012,13246718591335099010,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16582984663853644012,13246718591335099010,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16582984663853644012,13246718591335099010,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6764 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16582984663853644012,13246718591335099010,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7572 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16582984663853644012,13246718591335099010,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3116 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16582984663853644012,13246718591335099010,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1804 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16582984663853644012,13246718591335099010,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16582984663853644012,13246718591335099010,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1
  2⤵
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16582984663853644012,13246718591335099010,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7664 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16582984663853644012,13246718591335099010,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:2772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16582984663853644012,13246718591335099010,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7096 /prefetch:1
  2⤵
  PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16582984663853644012,13246718591335099010,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:1
  2⤵
  PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2164,16582984663853644012,13246718591335099010,131072 --lang=es --service-sandbox-type=collections --mojo-platform-channel-handle=5516 /prefetch:8
  2⤵
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2164,16582984663853644012,13246718591335099010,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=7088 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16582984663853644012,13246718591335099010,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,16582984663853644012,13246718591335099010,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=8332 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2540

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4728

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1512

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x33c 0x498
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4836

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4860

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap15726:124:7zEvent27451
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3340

C:\Users\Admin\Downloads\launcherfull-shiginima-v4400.exe
"C:\Users\Admin\Downloads\launcherfull-shiginima-v4400.exe"
1⤵
- Executes dropped EXE
PID:2940
- C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
  "C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -classpath "C:\Users\Admin\Downloads\launcherfull-shiginima-v4400.exe" net.mc.main.Main
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:364

C:\Users\Admin\Downloads\launcherfull-shiginima-v4400.exe
"C:\Users\Admin\Downloads\launcherfull-shiginima-v4400.exe"
1⤵
- Executes dropped EXE
PID:2304
- C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
  "C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -classpath "C:\Users\Admin\Downloads\launcherfull-shiginima-v4400.exe" net.mc.main.Main
  2⤵
  PID:4528

C:\Users\Admin\Downloads\launcherfull-shiginima-v4400.exe
"C:\Users\Admin\Downloads\launcherfull-shiginima-v4400.exe"
1⤵
PID:2280

C:\Users\Admin\Downloads\launcherfull-shiginima-v4400.exe
"C:\Users\Admin\Downloads\launcherfull-shiginima-v4400.exe"
1⤵
PID:5108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\.oracle_jre_usage\90737d32e3aba4b.timestamp

Filesize
50B

MD5
ac74728303ca1a3ff4fe3ec3602e005f

SHA1
222fbcdd58ac416118226b66a545e5c903c5a2c5

SHA256
d16e193ec657ebccd5dccf738594d386065f800d530fa93c266ab8a50968e4e9

SHA512
e1d5fd36a551c72c7c0007227e145f1d4ca93f77e84cbea86d9f52346b273ca0c0074e6180785227c048f452a014068752d909b347c64979c96892e64544a1f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
184c5c7572a6b42b329aae4e94e9b801

SHA1
adc61339fa23296b5271ac2b7e0de1d7390c4e12

SHA256
ce44f115c3b1677a95d69195266225da59f4dd8cd9d57fd713df35b91cc564b1

SHA512
692f524f7b95da9ef6e247772dc5e949fa3aa34a61675fa5c59698583c1708f0aecf454a06f8deb8bdd7690fce5bc9c76bd2a544ea6354fda15a924480eee820

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
32KB

MD5
bb052051339971a0858fa1f6bcafeabd

SHA1
6ca5604708179f0984f0b9f4b777aa28af6102eb

SHA256
4ca6a196741c5d1929a0513e2b8cab509c9b3023c722a31537bdbe50b13f7093

SHA512
719d3dd572605b88c49471d12ed4659c330d8aa9d012ca64e32ea790707c62ac32f58e068e027c519500c12d53238eb6b7e4a3208c580439da26976189de2688

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
d454fdabf7e72c38bceac3174e8c6211

SHA1
cb111899c0b6c609d14059a886bfdf9b80e38846

SHA256
2653a22935ea5ea0a03a89cbc6ba4789cd84f7a041728eb0aea4505a88bbc398

SHA512
9872c3a8985dde547b593e08d4cd2f899be25702f77306b0f416d5179eb74c706fdcc790789484bd537bfadf01d8ba574a06b27c68b7e50ec94826b29080ea68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
18820badc10e5abd941504395fa40f38

SHA1
712f059ba878fbd0c95c97a4dcac884ee639d4e8

SHA256
9b523f89dc92f9198d26d5d53cf23491ef57b690ff8489ef321a067730b9083e

SHA512
334c3d84091fa1720e8f720516713341e53bbefff35186afb7694fa9a108ed9a72eb0001fbf98443c8a11d8835563103a634068fcf0dedd074ce09b671bb04ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
89c1b76b2516f5b8d8ea7f548f5a3aac

SHA1
0a1658f654b08e8e5c2c82aa0be69e765a59abd6

SHA256
d01400fb257163e7257b7190397aa9c127db94d74e854e43bcbf162762986d5b

SHA512
deeeef36357e4018f7027db05ecff7b94f93c9463f6b51a0fd64d703b6b495324081fca9aab16270447dce23e045e8ea0ce9069435f951e1d7c80a8c88e367f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
eb1c350c7009ca844f2afdab2fd7f9c4

SHA1
ff2c708946432f5885ee5ccce308f28cb424b5d9

SHA256
88e6b0c54d3e22e85b80ca44156933cdc17b3faab2c6ad02b36386a86f592650

SHA512
328ceeca603e52daab4724d57898eff96949c1a126ff94b94951d14a7e7f3425c96ab87a46a6c32696abd436b68be1b5e4c8e700e4d22be39bc3bb512e17ebba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c33491d19c2bc99ddf3a6600ff2b20ea

SHA1
8a7c033200df1bc7abe4fc0bff26bfaac91e7588

SHA256
d19f566bd912ea7a9b7ea539204b212d2c42fdf7c74cf2eea0aec4d5f34b444b

SHA512
b86b80a4e0911a9e3e63b22fb07663bec9697d6254d73271ef625ae63af8c26ffe552bd5db33ae05aabe08a748bcb86a4ee874a8a3405e29742b52f841d90bee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c85628fcfc5e9e251fc9984e2b07f28c

SHA1
3ca611ab2f5620aea5575c641f2275053c462ef0

SHA256
958f47599a50488a883cb076aadc5581543395af8d8ba6f9a403349f2314d801

SHA512
610117c8610d23624ba078ef24ba90ef51cf2a2c6383a3a2da99fb317acf4f48eec30e96965a72d05ed891106101d1d33ba92a6d27db5e8a0afed5aa4bcf8cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
fe693129af5cd16683c78f6b0605c9b6

SHA1
53baeb951ed2da95a5c61513ac91e7472b371595

SHA256
49da165e8d3c1220ad248c0f2b5e8b679f3ce36d22c759fb0d3f15ab57e735a5

SHA512
9c7c36dbf1f137ed5d10f10f022a56b8662666f281c6bb3816edd45abe6c1a21ef0fe318dcd8f561ae38fd779f01d8cd2f7d4d64b808752659b2f4d433c9b3b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
d54751d1a71fc6f12d4af78396740c3f

SHA1
e94e2ff12ee4ab674af919803bcdde8803a8a57b

SHA256
091fb8d9daae4bde32d6459174c218281b08d08b5ac31f7ae0d603498280abb7

SHA512
fdd307afd3014b527c07a6528ec7b7903adeaa7ad8b600ff00082d816108d8be2fdc8296b8070666879e00f535b016a1c3a886c190631e979b8b0f7b1414417e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
e29e649fd95fb162d207b37c2f8e5ace

SHA1
211788b4a87073e66edf069f79f02177749f7305

SHA256
568f0577fc64a2d3e5025c1e0229759e69315693aea952081cc571b52a851959

SHA512
239d5f60ee26cc3a81ecaeb04d6342cd5fdc1dc81b80977a014027bf5f1eba2534139614a575aaefe126db7c3196d7f47328e1428ccac2d502f66746ec0409d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
ac23f2da15461a4e1cde54abec53c66c

SHA1
4064ced709aac7160fb44d3c02d447f239e758bf

SHA256
4768867f50dc68fb7b083a8475a91e3c2e116ebd1c007804242dcc1193adacde

SHA512
2e1661da8473e047d3c9919580d636566d004f566489149b7cf94f102ede15fa609856da188e2dbfd4548dee294586a3fabaeef1bc6f0f7ef7bb5c7e7f5d4ab5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
4622c7190a55f0d214fc53c9c2d15394

SHA1
406ee43e8e184f6b5eaebbd0dfc801aef63c100c

SHA256
5e0eaac627697798682a7bede93c49f3806e2469dd96c19c38fa89a994f835e4

SHA512
8836dc5b72b581032468caa6cc780c8a836c93ad9fcd9a87415994a068bb51c57d86582351a41bc1a47d4c13bc0ae97cb861c0d6954f4cbf282ceb9a7f778314

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
daef91c32ede220b1da2c7d8bcc07191

SHA1
7d2cc773286d8263113da0f7ec819b55c890305e

SHA256
1d0720ed54933c005ff31a7704e5f2fd43959358648d68be05db0d9d63691f3e

SHA512
2ae42822bb629c1cb24d67cbe73ec5319d86abb5470bd65a37092913b6e9f7e7b99548e326f8fbdc685eb9733ea6cfea97f4b68949ecbe97451b53877f753987

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
2236cc12bac28f32727898f8e798ea71

SHA1
60b010388e64c9c6b7278329c25ef18895c2e4ce

SHA256
fb27de22688cf0240d03864dcf317d31701e0f0da97f5bbe6e545030f5830d77

SHA512
df522872bcf008bd11e85c5155ead36c0bd2e33a0d44bf3c2ac7f52e6e0df3dcc3067165869509a1ac7167919509672fe7c961619a9f833e8a92a59de456ced6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
e1c138e53f29ba8e7933f68577a30ec9

SHA1
c95fc7f4de3ef1b5fefbf3c007478682798d4bf5

SHA256
7f1d9cee0a9d25b8589cc06e8a54b4882425a787f392540f5d4a80ea2b347001

SHA512
3026da8470e256bb425a4f04b07c77d44d58b130f56e7d81b909280e36d609e3b5ca385305edf72e40d27465013282d6670e1244164465a7a7f058a05e5c1221

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59fb8d.TMP

Filesize
48B

MD5
9ac9bcb1563fa108a1f64bd2efb6c1e3

SHA1
14d51538daa5e2fdf4fb9642575845baeb142260

SHA256
1a7ab9cb2f0d533dfee82d782db6c7c0577764c0c7cf6d139928fa6e768f8f16

SHA512
831f56508be6b4ff7f69ca3beb3f42ce290812bbe64e01d919152e8245c8c9f43f173227fe26122da9afd52403d111024c2c5617169ee18d532e7d77960214f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
29c4d1b630667c48b61285bddef37040

SHA1
96886ee737f8674f57e70a624869c06b9471d0ff

SHA256
8b5a13dc4562bec87d21994b2dc1893cf2598f0f056a9ae3a06e55b346b936be

SHA512
784c703bd73cf9e7005ba7f1901b703d6c2d29ecbda514742e3621d09a26f60c2d405b9f83451ffec1e56dc03488fd90d94905531137c7e8a7656ebdca9cf83e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b041d9f9f1b37eb11aa07b2ec1402092

SHA1
6a13e7e0b8b89cfa717b2c285afccae495834e19

SHA256
89289f2b9fb20530259610520b0e22ad328add8eadd46e65a9f3ff2c560718cd

SHA512
2a235bd6c2fa50f6435c744f025ba8dde18b76d8b3e6e258ee7ac666f715477bc208cba108c9a14a82020ce1509e7b0a6eec6e301ba742ba4aefeca50d2b498a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
576d6966e1783282c4146742dba34a98

SHA1
2b1ffb1a72f79f02c53d344e4f4809b096cfed4f

SHA256
88d8e6395cf374d9d690cd17fa735c44cd31b1aaca155ee3036787a4c9602b21

SHA512
a786455466019fd0f823e0be3a63adf6fe43cb5942a38d186dfef3e9cfe4696db2167ffe01a8ff3aa1ffe4b255cca8747cce604db77ec64024a970d7d0c3f990

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
740bdb1fa3eebb4f408fcfd94a56acaa

SHA1
e2474c9067e7f3f1644979eed1ee461b30e5c49d

SHA256
8d87f0a342b5fc7d2ba5546e990e7158d7f6dfaa66ecf05d5d704cfcb7823baa

SHA512
53d28a95d89e76603e80f016276bb68269cd92891c049172ab51d6437c49d004f8fb376286a9c2a9d5bec220b0843435639304df876abd0c611b4d25ad26a9b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
90c6e6b591328b345153b70d00bc22b0

SHA1
9b27e062111a1fe4715796974045d518ae6cf285

SHA256
f5aacd4f441ec85ae7e71624c412b899247710acfccea56abe9dc524c2970ee6

SHA512
786690632d85790a035ee2b6fc0a08deefe656a15b628e5da188326377724287917c79cba47410331b21135352c76039ffbac23b0f0578971a8794dbc63f3dfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58d3f5.TMP

Filesize
370B

MD5
c0b34f394c066899ed06ee1831737768

SHA1
4efa0d4dc33c551d588b8656be481e7ac876bf2f

SHA256
4d307310f0f6221571e50aa854911e9e1b071bbe7f76f30962313ae70741bbde

SHA512
434e54e3454c74206e331690ec5105ab46ea5159d97e12d9f19a1e2ad42bfaa123874ca26ebf19790505c80f8a382178a96686ee18fac573c196706adb6a1c23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
7d9b555af39b1a8b92b48528fac924cf

SHA1
bd2756555af5f81977d6fb6287083ead25fa3116

SHA256
8b6203fcdc5d8f6e3bca9bfbf7569e2835d62980de1758be96cdd47cfad2c7c1

SHA512
227183739e708e4c152e4cebf5fa011b457b794330e56031ac74441bf064b14a2653f6545dc1d7e8c99b9805be87a13361f38d2a6a55676794b31b89850e9e49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
180ce3e56163e1b3c0c0155654b84f56

SHA1
91a507bb190ef85a92f469dd0e3029b6905860b3

SHA256
5852d8336cff972ed738f530fe8aaf964b3f0ebf6b56e254a502f5cf59a9a2cf

SHA512
b41be7eb1ad587164e39d37845aaa273fae97b36677b9aa109618b19978a7fb77624a93f8225142c90870060777d49aa29102b14ed4d7e03dee0b05c5886baaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
70ce303fb20c7f69f6a3f6497120a8a4

SHA1
74334d9ab1da65ba5db4beaceb58b9d86087c183

SHA256
141c4a2db9d1d7cf601b0304d38ce1c361a55f878990818ca70c3147e17806de

SHA512
f0fd74c6b052eb1d309eefb46dc30e8fe899dc232a73c64238aa52c207c9360168b4911ed0cf1b65eb98f3cd6a653d865954ac9705c61ce7899f3ff0539dcf2a

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\shig.inima

Filesize
139B

MD5
571cc0288e3f5db4c85ae85dcd1c64ce

SHA1
181bbac9970e40769a089666de6555a51f5718d4

SHA256
36ed29282e1d008064f2c06952eddabdf7c73b58e2bc5215a497ac4541be6553

SHA512
16b64e01c673e8541f3b4a85c19cb5d922e6dfce772b06ca4dd0710b60e3d9e0ba4d3a34cdf19e655bd27feec6adfe7b90b355afd5193f792de4db846e112b50

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\shig.inima

Filesize
139B

MD5
571cc0288e3f5db4c85ae85dcd1c64ce

SHA1
181bbac9970e40769a089666de6555a51f5718d4

SHA256
36ed29282e1d008064f2c06952eddabdf7c73b58e2bc5215a497ac4541be6553

SHA512
16b64e01c673e8541f3b4a85c19cb5d922e6dfce772b06ca4dd0710b60e3d9e0ba4d3a34cdf19e655bd27feec6adfe7b90b355afd5193f792de4db846e112b50

Download Submit
C:\Users\Admin\Downloads\launcherfull-shiginima-v4400-pc.zip

Filesize
4.8MB

MD5
7e90d8cf11b36e8d8ddfd24b787e1216

SHA1
ef3ced3c98a306598e869a3b8020ab99d552e6b2

SHA256
3bc1e207766bcff7b7328c5d336ec8e9211485cfd05242a0ff79e1a8ef49b1fb

SHA512
0de23d403ffafc55581fc885bb1cc592d52fbd02d84e6ecb81cc0cace83da42e3927e40638214a506e445e1d3a66444fbc1c239b695b1e6eeb1ca9f2c8d1a72c

Download Submit
C:\Users\Admin\Downloads\launcherfull-shiginima-v4400.exe

Filesize
5.4MB

MD5
c3db052da531710367faf5e011475715

SHA1
46f599e4e1ece582006739debe0a522925a9cd13

SHA256
7c6220b046553f9c95b8098ff83bfc6b7828093650becbc1b44e3d7819d7efd1

SHA512
67bfb67b36dab91e37b1ada7fbd688dc39cf19c337e3938d1f7e4f47173b7dc9d0b93dc035d6511ce65b8fe44384bb9cffa9953e97c6fffadb29fd561eec7feb

Download Submit
C:\Users\Admin\Downloads\launcherfull-shiginima-v4400.exe

Filesize
5.4MB

MD5
c3db052da531710367faf5e011475715

SHA1
46f599e4e1ece582006739debe0a522925a9cd13

SHA256
7c6220b046553f9c95b8098ff83bfc6b7828093650becbc1b44e3d7819d7efd1

SHA512
67bfb67b36dab91e37b1ada7fbd688dc39cf19c337e3938d1f7e4f47173b7dc9d0b93dc035d6511ce65b8fe44384bb9cffa9953e97c6fffadb29fd561eec7feb

Download Submit
C:\Users\Admin\Downloads\launcherfull-shiginima-v4400.exe

Filesize
5.4MB

MD5
c3db052da531710367faf5e011475715

SHA1
46f599e4e1ece582006739debe0a522925a9cd13

SHA256
7c6220b046553f9c95b8098ff83bfc6b7828093650becbc1b44e3d7819d7efd1

SHA512
67bfb67b36dab91e37b1ada7fbd688dc39cf19c337e3938d1f7e4f47173b7dc9d0b93dc035d6511ce65b8fe44384bb9cffa9953e97c6fffadb29fd561eec7feb

Download Submit
memory/364-828-0x0000000002D30000-0x0000000003D30000-memory.dmp

Filesize
16.0MB

Download
memory/364-892-0x0000000001190000-0x0000000001191000-memory.dmp

Filesize
4KB

Download
memory/364-909-0x0000000001190000-0x0000000001191000-memory.dmp

Filesize
4KB

Download
memory/364-839-0x0000000001190000-0x0000000001191000-memory.dmp

Filesize
4KB

Download
memory/364-843-0x0000000001190000-0x0000000001191000-memory.dmp

Filesize
4KB

Download
memory/364-853-0x0000000002D30000-0x0000000003D30000-memory.dmp

Filesize
16.0MB

Download
memory/364-908-0x0000000001190000-0x0000000001191000-memory.dmp

Filesize
4KB

Download
memory/364-905-0x0000000002D30000-0x0000000003D30000-memory.dmp

Filesize
16.0MB

Download
memory/364-890-0x0000000001190000-0x0000000001191000-memory.dmp

Filesize
4KB

Download
memory/364-891-0x0000000002D30000-0x0000000003D30000-memory.dmp

Filesize
16.0MB

Download
memory/2940-833-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3832-9-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3832-25-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4044-27-0x0000000002770000-0x0000000003770000-memory.dmp

Filesize
16.0MB

Download
memory/4044-26-0x0000000002770000-0x0000000003770000-memory.dmp

Filesize
16.0MB

Download
memory/4044-4-0x0000000002770000-0x0000000003770000-memory.dmp

Filesize
16.0MB

Download
memory/4044-19-0x0000000000C50000-0x0000000000C51000-memory.dmp

Filesize
4KB

Download
memory/4044-15-0x0000000000C50000-0x0000000000C51000-memory.dmp

Filesize
4KB

Download