hxxps://cdn[.]discordapp[.]com/attachments/1231623032314007572/1235539611170897941/sigmahacks0[.]2[.]exe?ex=664fc42e&is=664e72ae&hm=ff1079404040d8b0641ac3503edee1849552aae3baa9e9e8eb10398d797385fe&

Analysis

max time kernel
2640s
max time network
2690s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 01:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1231623032314007572/1235539611170897941/sigmahacks0.2.exe?ex=664fc42e&is=664e72ae&hm=ff1079404040d8b0641ac3503edee1849552aae3baa9e9e8eb10398d797385fe&

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file
Executes dropped EXE 2 IoCs

Processes:

sigmahacks0.2.exetest.exe

pid process

6088 sigmahacks0.2.exe
4404 test.exe

pid	process
6088	sigmahacks0.2.exe
4404	test.exe

Loads dropped DLL 16 IoCs

Processes:

test.exe

pid	process
4404	test.exe
4404	test.exe
4404	test.exe
4404	test.exe
4404	test.exe
4404	test.exe
4404	test.exe
4404	test.exe
4404	test.exe
4404	test.exe
4404	test.exe
4404	test.exe
4404	test.exe
4404	test.exe
4404	test.exe
4404	test.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 64 IoCs

Processes:

msedge.exemsedge.exemsedge.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads"	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3558294865-3673844354-2255444939-1000\{6CB5D2DC-BD1F-4BA3-A52E-5C4F98B9F52D}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Version = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\NodeSlot = "3"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe100000004f9a47b432a1da01304a0e8338a1da0146a50fd7b0acda0114000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	msedge.exe

NTFS ADS 1 IoCs

Processes:

msedge.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\Unconfirmed 238984.crdownload:SmartScreen msedge.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 238984.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exe

pid	process
2092	msedge.exe
2092	msedge.exe
2420	msedge.exe
2420	msedge.exe
2444	identity_helper.exe
2444	identity_helper.exe
5304	msedge.exe
5304	msedge.exe
5336	msedge.exe
5336	msedge.exe
5832	msedge.exe
5832	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
2668	msedge.exe
2668	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 31 IoCs

Processes:

msedge.exe

pid	process
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

test.exe

description pid process

Token: SeDebugPrivilege 4404 test.exe

description	pid	process
Token: SeDebugPrivilege	4404	test.exe

Suspicious use of FindShellTrayWindow 37 IoCs

Processes:

msedge.exe

pid	process
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

msedge.exemsedge.exe

pid process

5832 msedge.exe
2668 msedge.exe

pid	process
5832	msedge.exe
2668	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2420 wrote to memory of 4708	2420	msedge.exe	msedge.exe
PID 2420 wrote to memory of 4708	2420	msedge.exe	msedge.exe
PID 2420 wrote to memory of 2948	2420	msedge.exe	msedge.exe
PID 2420 wrote to memory of 2948	2420	msedge.exe	msedge.exe
PID 2420 wrote to memory of 2948	2420	msedge.exe	msedge.exe
PID 2420 wrote to memory of 2948	2420	msedge.exe	msedge.exe
PID 2420 wrote to memory of 2948	2420	msedge.exe	msedge.exe
PID 2420 wrote to memory of 2948	2420	msedge.exe	msedge.exe
PID 2420 wrote to memory of 2948	2420	msedge.exe	msedge.exe
PID 2420 wrote to memory of 2948	2420	msedge.exe	msedge.exe
PID 2420 wrote to memory of 2948	2420	msedge.exe	msedge.exe
PID 2420 wrote to memory of 2948	2420	msedge.exe	msedge.exe
PID 2420 wrote to memory of 2948	2420	msedge.exe	msedge.exe
PID 2420 wrote to memory of 2948	2420	msedge.exe	msedge.exe
PID 2420 wrote to memory of 2948	2420	msedge.exe	msedge.exe
PID 2420 wrote to memory of 2948	2420	msedge.exe	msedge.exe
PID 2420 wrote to memory of 2948	2420	msedge.exe	msedge.exe
PID 2420 wrote to memory of 2948	2420	msedge.exe	msedge.exe
PID 2420 wrote to memory of 2948	2420	msedge.exe	msedge.exe
PID 2420 wrote to memory of 2948	2420	msedge.exe	msedge.exe
PID 2420 wrote to memory of 2948	2420	msedge.exe	msedge.exe
PID 2420 wrote to memory of 2948	2420	msedge.exe	msedge.exe
PID 2420 wrote to memory of 2948	2420	msedge.exe	msedge.exe
PID 2420 wrote to memory of 2948	2420	msedge.exe	msedge.exe
PID 2420 wrote to memory of 2948	2420	msedge.exe	msedge.exe
PID 2420 wrote to memory of 2948	2420	msedge.exe	msedge.exe
PID 2420 wrote to memory of 2948	2420	msedge.exe	msedge.exe
PID 2420 wrote to memory of 2948	2420	msedge.exe	msedge.exe
PID 2420 wrote to memory of 2948	2420	msedge.exe	msedge.exe
PID 2420 wrote to memory of 2948	2420	msedge.exe	msedge.exe
PID 2420 wrote to memory of 2948	2420	msedge.exe	msedge.exe
PID 2420 wrote to memory of 2948	2420	msedge.exe	msedge.exe
PID 2420 wrote to memory of 2948	2420	msedge.exe	msedge.exe
PID 2420 wrote to memory of 2948	2420	msedge.exe	msedge.exe
PID 2420 wrote to memory of 2948	2420	msedge.exe	msedge.exe
PID 2420 wrote to memory of 2948	2420	msedge.exe	msedge.exe
PID 2420 wrote to memory of 2948	2420	msedge.exe	msedge.exe
PID 2420 wrote to memory of 2948	2420	msedge.exe	msedge.exe
PID 2420 wrote to memory of 2948	2420	msedge.exe	msedge.exe
PID 2420 wrote to memory of 2948	2420	msedge.exe	msedge.exe
PID 2420 wrote to memory of 2948	2420	msedge.exe	msedge.exe
PID 2420 wrote to memory of 2948	2420	msedge.exe	msedge.exe
PID 2420 wrote to memory of 2092	2420	msedge.exe	msedge.exe
PID 2420 wrote to memory of 2092	2420	msedge.exe	msedge.exe
PID 2420 wrote to memory of 1156	2420	msedge.exe	msedge.exe
PID 2420 wrote to memory of 1156	2420	msedge.exe	msedge.exe
PID 2420 wrote to memory of 1156	2420	msedge.exe	msedge.exe
PID 2420 wrote to memory of 1156	2420	msedge.exe	msedge.exe
PID 2420 wrote to memory of 1156	2420	msedge.exe	msedge.exe
PID 2420 wrote to memory of 1156	2420	msedge.exe	msedge.exe
PID 2420 wrote to memory of 1156	2420	msedge.exe	msedge.exe
PID 2420 wrote to memory of 1156	2420	msedge.exe	msedge.exe
PID 2420 wrote to memory of 1156	2420	msedge.exe	msedge.exe
PID 2420 wrote to memory of 1156	2420	msedge.exe	msedge.exe
PID 2420 wrote to memory of 1156	2420	msedge.exe	msedge.exe
PID 2420 wrote to memory of 1156	2420	msedge.exe	msedge.exe
PID 2420 wrote to memory of 1156	2420	msedge.exe	msedge.exe
PID 2420 wrote to memory of 1156	2420	msedge.exe	msedge.exe
PID 2420 wrote to memory of 1156	2420	msedge.exe	msedge.exe
PID 2420 wrote to memory of 1156	2420	msedge.exe	msedge.exe
PID 2420 wrote to memory of 1156	2420	msedge.exe	msedge.exe
PID 2420 wrote to memory of 1156	2420	msedge.exe	msedge.exe
PID 2420 wrote to memory of 1156	2420	msedge.exe	msedge.exe
PID 2420 wrote to memory of 1156	2420	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1231623032314007572/1235539611170897941/sigmahacks0.2.exe?ex=664fc42e&is=664e72ae&hm=ff1079404040d8b0641ac3503edee1849552aae3baa9e9e8eb10398d797385fe&
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9aa2a46f8,0x7ff9aa2a4708,0x7ff9aa2a4718
2⤵
PID:4708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,4722424138279979382,13084089419289433348,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
2⤵
PID:2948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,4722424138279979382,13084089419289433348,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,4722424138279979382,13084089419289433348,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
2⤵
PID:1156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4722424138279979382,13084089419289433348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
2⤵
PID:1384

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4722424138279979382,13084089419289433348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
2⤵
PID:4428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4722424138279979382,13084089419289433348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
2⤵
PID:1164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4722424138279979382,13084089419289433348,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
2⤵
PID:984

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,4722424138279979382,13084089419289433348,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5680 /prefetch:8
2⤵
PID:2644

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,4722424138279979382,13084089419289433348,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5680 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2180,4722424138279979382,13084089419289433348,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3512 /prefetch:8
2⤵
PID:4240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4722424138279979382,13084089419289433348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
2⤵
PID:4964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4722424138279979382,13084089419289433348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
2⤵
PID:1136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4722424138279979382,13084089419289433348,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
2⤵
PID:3248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2180,4722424138279979382,13084089419289433348,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5520 /prefetch:8
2⤵
PID:4340

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2180,4722424138279979382,13084089419289433348,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5992 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5304

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4722424138279979382,13084089419289433348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
2⤵
PID:5656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4722424138279979382,13084089419289433348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
2⤵
PID:5948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4722424138279979382,13084089419289433348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
2⤵
PID:5176

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4722424138279979382,13084089419289433348,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1
2⤵
PID:5168

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2180,4722424138279979382,13084089419289433348,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5316 /prefetch:8
2⤵
PID:5372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2180,4722424138279979382,13084089419289433348,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3964 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:5336

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4722424138279979382,13084089419289433348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
2⤵
PID:5652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4722424138279979382,13084089419289433348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3700 /prefetch:1
2⤵
PID:5740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4722424138279979382,13084089419289433348,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6332 /prefetch:1
2⤵
PID:3248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4722424138279979382,13084089419289433348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
2⤵
PID:5960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4722424138279979382,13084089419289433348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
2⤵
PID:5932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4722424138279979382,13084089419289433348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
2⤵
PID:4788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2180,4722424138279979382,13084089419289433348,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6992 /prefetch:8
2⤵
PID:3352

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2180,4722424138279979382,13084089419289433348,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3436 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4722424138279979382,13084089419289433348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2628 /prefetch:1
2⤵
PID:5680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4722424138279979382,13084089419289433348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1760 /prefetch:1
2⤵
PID:6072

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4722424138279979382,13084089419289433348,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
2⤵
PID:6048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4722424138279979382,13084089419289433348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
2⤵
PID:5972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4722424138279979382,13084089419289433348,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7004 /prefetch:1
2⤵
PID:5888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4722424138279979382,13084089419289433348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2756 /prefetch:1
2⤵
PID:1604

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4722424138279979382,13084089419289433348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
2⤵
PID:4560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4722424138279979382,13084089419289433348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6892 /prefetch:1
2⤵
PID:5144

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4722424138279979382,13084089419289433348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3076 /prefetch:1
2⤵
PID:716

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,4722424138279979382,13084089419289433348,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3364 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4722424138279979382,13084089419289433348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1
2⤵
PID:228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4722424138279979382,13084089419289433348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2128 /prefetch:1
2⤵
PID:5680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4722424138279979382,13084089419289433348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6912 /prefetch:1
2⤵
PID:5268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4722424138279979382,13084089419289433348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7220 /prefetch:1
2⤵
PID:6004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4722424138279979382,13084089419289433348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
2⤵
PID:2816

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2180,4722424138279979382,13084089419289433348,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2668

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4240

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1564

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5892

C:\Users\Admin\Downloads\sigmahacks0.2.exe
"C:\Users\Admin\Downloads\sigmahacks0.2.exe"
1⤵
- Executes dropped EXE
PID:6088

C:\Users\Admin\AppData\Local\Temp\onefile_6088_133609014392030709\test.exe
"C:\Users\Admin\Downloads\sigmahacks0.2.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:4404

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c title Incognito v1.0.0b - public
3⤵
PID:4420

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
f61fa5143fe872d1d8f1e9f8dc6544f9

SHA1
df44bab94d7388fb38c63085ec4db80cfc5eb009

SHA256
284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64

SHA512
971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
87f7abeb82600e1e640b843ad50fe0a1

SHA1
045bbada3f23fc59941bf7d0210fb160cb78ae87

SHA256
b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262

SHA512
ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
Filesize
69KB

MD5
aac57f6f587f163486628b8860aa3637

SHA1
b1b51e14672caae2361f0e2c54b72d1107cfce54

SHA256
0cda72f2d9b6f196897f58d5de1fe1b43424ce55701eac625e591a0fd4ce7486

SHA512
0622796aab85764434e30cbe78b4e80e129443744dd13bc376f7a124ed04863c86bb1dcd5222bb1814f6599accbd45c9ee2b983da6c461b68670ae59141a6c1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
Filesize
40KB

MD5
9dc9673c5af1dcf765ad951ecba52c69

SHA1
9d5c1202e46a7d699bf85559b0a827bfc3a57751

SHA256
bd993164fb521b40693bef84eab25d964ddf89b16788458e661e453eb418da46

SHA512
bf515983dc980667844bb4a30b05400ef01df2047496335ca2770466bfe8a2170a4dd822fc56bb109b6235ace7e4ff52a75957d2d9a752c3bdd8b71265b698e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
Filesize
1.2MB

MD5
81a63a086d1c0fb065b12ebecf8cd7f8

SHA1
4ae54a6f2a83df9c901b196a6c29c3436b3a3f0b

SHA256
706678b4abec74ac3221737a9c70bab8ea40cf26ee6a89cb321e6c1503fee0ce

SHA512
2d33384744684bb31c7a30b263d6d2a1fe7bdd3dbaca9867ec6955795e23e7ab5996137210c651c608c22b1d9800bc1a29ef933958fb57dcac2482e8d3922877

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c
Filesize
206KB

MD5
f998b8f6765b4c57936ada0bb2eb4a5a

SHA1
13fb29dc0968838653b8414a125c124023c001df

SHA256
374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef

SHA512
d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032
Filesize
17KB

MD5
868f1c2cbe6f6335e9526108b93b85ea

SHA1
ab894b8655b55724140516c9717ec90134186bbc

SHA256
0e993dfb76c08813b09f952cc2fe16a3b32caf5ca333093a88c231e09944584f

SHA512
21d76233f7fadfaf838f9cd18caf341986fc0bcd81e3135e9c6a5efbc0790173b55166ce04e26de4190d981f557a690d1a1352bd1d0d2e191912b7903802403c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033
Filesize
19KB

MD5
1972b3df4ebb295fcc3ff76696ded3c3

SHA1
9c61bb9965b82391685b64631e8622e3fa94d82b

SHA256
0e99d08426be6356e9a025a6d8b0864ce4f2f1f2ef77739c5cc675481ecddfc4

SHA512
b6327f004952d250164de4220629b6e0837af30a210b19a46e802d6f749b8af5e3385295ea52315f0f6a8620cfe1b330742ce97fdc87321d8777e217aa27e7ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034
Filesize
16KB

MD5
22026eb00d2d70eeb63cbe14d75f8355

SHA1
5d1cabc0387f4eccaef9baee4f4237c57eea15fe

SHA256
74216ef799be77d9538ee3c99daa11dd18fa6cbaa5c2034dcf9b758c98d0f284

SHA512
d0cd848ecce7fb3d207adbcaf67e65b090c5ad8132da4b745683180fa7a571573866bac6371c9d7b27cf69d53d5820861059399f2f52491af9fe2e6eee8af188

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035
Filesize
17KB

MD5
c0a5a0e67eb1daf568e7cd375c40d2aa

SHA1
a65f3df46a42a0c58c3edd06c11d86e374de4384

SHA256
4c9d7b64f6e39ac78b21f19dc5b4b669141729a5ab78ffc7a0a53506e35a8cdd

SHA512
7705d43dee52fedfd5b68407a861252debeb8107d24eeb842880c771b4215f0504b6eeb00838a7cf1948dee3d1d9d65d91798fda2f2650a105760c592373f6cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036
Filesize
17KB

MD5
fb5a5952be07c7caea3f3ba4b93a2634

SHA1
9c8c8324dca4190d0acaebcdda03d99eee2599fa

SHA256
b86105cdb2f03d802b69e0eb735a73a67621f6160218c7de483a84e6d7dfaabd

SHA512
1f4edab4415f82268a40d0ead26db7c7083d131b933f5d43ea5928967386e7e9e7b954c95b88e45911a3a3ac6c965ef7765921103bf7ed5571604c3748882b14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037
Filesize
17KB

MD5
8b4c25adad144b4e4de96b2e2e783890

SHA1
32448f5fa6d6c617a7181c27d34c0d455bc407e1

SHA256
fa753e2c8392c0fda3779ec04d159c2ecf7001d2e8df3a878b6c5f28cc76ce54

SHA512
dc359eae665e1f9c08cfcf31bfea409a36f1ae458d6cf526a04104265fdc5077a261841cbb4b965232463461013a25ccc77d608949c0dfaa4d11d2999dbaa58c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f
Filesize
24KB

MD5
1fc15b901524b92722f9ff863f892a2b

SHA1
cfd0a92d2c92614684524739630a35750c0103ec

SHA256
da9a1e371b04099955c3a322baee3aeee1962c8b8dabe559703a7c2699968ef4

SHA512
5cdc691e1be0d28c30819c0245b292d914f0a5beaed3f4fc42ac67ba22834808d66a0bfc663d625274631957c9b7760ada4088309b5941786c794edad1329c75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\80185dc7e9c946bf_0
Filesize
251B

MD5
90171c5c1b9705d27721f079dda6e6ad

SHA1
5532ad9545de8f5f156082d1754f9dda851d328d

SHA256
d4b60d15d1cdcab2785bf92e459beb15410b4a5736e964beaf1ad87397a11e1d

SHA512
83df057495a2fc16f64cf1b4c487df60ee4ed43d4c28134fc77c28163275df366b417b8cfd6d78464cdea9b428c2f552da4e1722ee4e705523e26ac33182d51b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\affde63bd3a153fe_0
Filesize
7KB

MD5
38378ac4f124825c4ef23a69e9f23897

SHA1
b578d8e3ef4469c81872897fa5004395d174aedc

SHA256
58363dd9ec770ccf9d493fa76a7c2ccac19edc6e4f2e6c44fb83c9cc37ab29c7

SHA512
6e22812d5d0834dbd010535e6c78a41160023864c094742af952eeb12e2aa57807f5457fffa0e46e187764d523b308e3c9428097d2ae03b8f38ccd917b7bb10d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b836d225a5ef9bfa_0
Filesize
2KB

MD5
d65f15d558afd89727a3da5d9167bb98

SHA1
9a0c136d6274f922eb7b1c071e1d99513fbc04f8

SHA256
a3951ec4783ee9864665141051afc9a9d5813049eae6ef5d9653fac3d460b97c

SHA512
9562528981fba3b86be5d524e96c829ff18d16ff060242f408d922330a1978582e25998f70c2b738ea52c9da2ccb5b9dde2bb314acc26777c4a15abc5e0641d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cdda4407fd4b496d_0
Filesize
67KB

MD5
b414e4845284aea45128e301a1c173fd

SHA1
5de6be0c665d8941f02ffa3ad34170c1455ee271

SHA256
a809c976f071fc81ae1d662d7f6fe95a5dd3ccf671ffafb7a83501a5fd54ce18

SHA512
a80e9e99c7c7b86d0f4bf461bc00b8f543bb4420427d1cd889e33c19548e61d8e465d8cf53372c5f3264f87d74a12c995e032c0f852ac68b9220bae5078e97f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d5fc7d529063f2a6_0
Filesize
8KB

MD5
16f5f7da720a08844d43e1ae7dba251b

SHA1
bc6eab8324812abe804033ff65eeeac2ae415fc8

SHA256
d99f54d3e54f7cbe943375b109d84f3925e9a3133b5437fa94ffd2bc0a25d664

SHA512
4267a5d506a3b454ca5f120f7f8965174dc87d72f657316ae6eddbf1c4144b25d6148996ac0257aa5bd365bdb679130011a54932444bab7cb7a78be30f8466de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fad6b9900931c8d3_0
Filesize
1KB

MD5
afda66036957f0f93b23c14e2733315a

SHA1
4ec23f800d6372fed5eb824c3ad3b9afa6a6a85d

SHA256
c7445c116e1a927426cfcc8c671c5fa81f5986011c458f4161f7c918a5849afa

SHA512
8dafe1f67552cc3aab0672b6ae574175dc1dde65d0e8688180e578691eec754c0e88115e17a2d8278f6d59b0e643fce19e144b98a69fdcbdc8bf011dd60f0193

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
e21496f31de9b6bbfa1e291b477ca787

SHA1
ea140c5697ae89bba2a83204efa3d3d037eef04b

SHA256
5b8c38ff17fa85bed592e8665fbab6394afad955a6af381aea6bcfcfea3fbc42

SHA512
7e3a5d07bae28b66ac15113400e423ff22798498a8aa9f5b55422ad3ef2c56655da06291a2f71336e10fe8c259dd003a419209168cf921008ac587af99e3bbf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
4KB

MD5
bab81ccef176f64f798ecc88ce7274bf

SHA1
4fff057692aa7bd161915861d65c3e91dbdfcf1c

SHA256
f8543d3756fe205d31ff401fe958e7f01d833b1f7d6405fc5975d5ca700ae641

SHA512
42d2ad606ff2faf49a61e5c22e2d12a68fbe19efd07c4d1251a62b8013de3de1049d57e4485e2d598a681cb071c13dfe17c839d3e1d0733054f81ac4971144ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
4KB

MD5
e06db4b410223031faefb00fc4d9eee2

SHA1
a973bd589dc6987ef856cd236bac6b3bd0d1a57b

SHA256
f2053676c451a216d2b1b21f32aef2b4a708bde07f3a6603d41bc0fd699fafb5

SHA512
28e69f478d8c56bd7216eaafc2d9bb0b256da5350b53837730841131e11b44b455b142dc98ba48115972111502a46ab3e6696aa35728269c5801e230dcb09b7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
4KB

MD5
a2eaba3e21e0e6700d436c3107b65413

SHA1
849256d4b57ac3a9f81342e05d975d0c4a89a7f0

SHA256
947777c92cc83a44f0ca0b8a161fa1284f5127db04023ec80a664b56f630e8e4

SHA512
291797bcb4512b9588171510db7c2b044850c0e244850af09ee9a45c6ac18d120e521605c22a608ce31ed2b851717ad8a0db1f5b028c383cfe47653bb608b3fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
4KB

MD5
010aa492d45751fb51023eb445e7d2c8

SHA1
cf4d538ee0a743cc039168edab8648beec244d8b

SHA256
a7b332494803117ad5df988724361ee77745b7f128998ebf832bd2655cc4b8b6

SHA512
f8811d544b5e4ccd012321cbddd029b0d19096371b261bd2541b46a0f8382c50b7f7874ad94243b928c205eeedeac5819f24431da929b2220d6a6d3af523e2ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
4KB

MD5
9b26a485e88f32597aeb3b11a306466e

SHA1
e02e9b4a9ad5dd3b6ca42ac9f49ae0cc5e5ccda5

SHA256
9334f2feb480dbf56f04bb44019025bcc973c3cad269ea7ffc82b39786876123

SHA512
3f686745f15614be79244d6a35c3bfa815a8cc68627fa6c55a2817d5ed24b3d0bf99c33f44e2647f1c9fbdfe14d9fc1011cafd184f5270325eb5d8f7a778f3a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
90b5f6ab640213a22ac8ce84a49ecb06

SHA1
2aa0fec9e4eb86e1a77b7b376fc25cbfb6554e23

SHA256
cbdc1a3172ddc0ef652ffbb4217516790717005bc62147dfcd1976736999c2e9

SHA512
c391e8390c09eeeb54bbeeb0997a54fff94434eb29b05e275c59c083dc93966af3c8599ee064d2ee1bccca1e552effe7af1174a3b192cfe88b9fc69bbd5bcd25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
52b0b81648e9805f03b9c06b3e6ab25a

SHA1
7e76d117cfc0c37240685f8e1730441c170c374c

SHA256
e37f261a7a52893d9e661943622b50bfc8f29a3f1e5b888651c5c606b26f954f

SHA512
575ea301a678331f48b0e32b53943cb805594c00b0031a6814100035d05d07c38da7ba9a688489002eef941931cb7d8415f0a7d59dc56687e80d32e860d494c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
c0ccab7b6cb42f1d82cac8fc67809f36

SHA1
43edaa4e1ef851ab067ff38fbb9517c5546ef226

SHA256
cca6ad5d9f230c7df7ef724b0ca08410ae5c278ab41c6285bbafa259455cd052

SHA512
4ff346688b2443e4767b8e279ef7d2044b9abeff17ffd1a51fab436bbe215c80dfd59f439e23b0365040f7495ff3cc636e250e0601d0b138baefb739232f1b89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
1596f990515577299aa63ec4d5f4794a

SHA1
a2cdb08f73c03020b2b8f19fa77fcc940a42848e

SHA256
0a46ccfc22a697c9a1f388f5e852fd839c27ab04e338b09c6d5f41ba1b1e9496

SHA512
181e383e2e3bd93cdfafefd3bd6c20b22486720008382fe55f9676e96570fe75353cca6d402f68028408bee3ffb94384d4e00a6c3f4ca36f3aea74fb64822f73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
18534127f74d59038f87b08930545b99

SHA1
cdc451621fa82f5f0beb200b864a393d5e705d95

SHA256
e694aa597c429eb3a2ddae3aaef4b82c850c7187531d49200cfc026f9eaddffa

SHA512
a01155658d6ded80b17e315e9bee0a5db4bfb0f3d2cfe6440362131b7245c454b24ed9158321e6872afacd47facfe3dc81e2b14aa43f403082ee50c53fd7c0ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
4d015c0b4663baf83ae0884e8f810f22

SHA1
6880d3fdfbbba654bb7d36d8525a25493c3fb736

SHA256
585e1e1d209f5072ada0e4a06f0c5cd6566bfd1dd0dfd28b9185f55630aca9c3

SHA512
17eddeb5a0271ce10780bec5d6681b374d2fbf4f8b58fa665fbd8e6606e44912c987c8c4cb40c36686e28509f53032b922545579b7a4e5bc2e6e366a7540c35b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
4d81bbd9608ab79a29f4b682262bfe01

SHA1
7d335ce2db4a312bede1a4539b3185db3e94cc56

SHA256
c194bed77cded75b5183dc1d2d7f44c1e78096f0fca4dd17108ddd3b179f60ae

SHA512
d0d80bca48e3eab441abf6c2cadaf875f2925fbe893121e76008a6c39fbaff6cb77735cf8be4dc68ce9cfd3e87f7a27871d5d0977ff845fd9f07e985c7b974ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
e5b75b2cdf77b7d113927e263126858d

SHA1
d63794b2315a817cf43ba76107f866db078c750c

SHA256
def859b0f4ec6fe158ec24d934d0a216289a9b047cabd131ca0907a8a2d45762

SHA512
866ab2420d550d6dfdc83030025903215cd25b4c2028e74bff7ffb3bc776d54f390e1560c5de5610869d373f4579dc1f8dd2ae688d872c5fa4c3e0e0d3462630

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
e8d51ba6086f5bb52db143895b052ac8

SHA1
e18087bdd065a13713159f6852fde822243c258f

SHA256
4347be7c863068d32f6cdb85663d29912d532d4d81d2f5d6cf3b09c91d126d12

SHA512
a34b6e5edae662a317a4f9e8fa03e94dc25b917ddfbc3169fc088b8eaf6e161e5fb5af283bf00a61283619ea0c57b58c22df9de32d88b61b8521e7defb3d459c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
d0cf60d049ef4673aa5a58a387143aa9

SHA1
c643cd8785ab04214bfe4a0069a7894f459e32ec

SHA256
9c3407547fdf3498693b6836f820da1477c53ffa7b1530c45e54242ccc0a4bea

SHA512
18dc019708009b5d1c7b0063b5c541b57e6fe3d8078d21b22357b6a80bdfe051f748fad67dd4962b265eb87f81140b918b3226e6a04dfab09702137611749d16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
10KB

MD5
1bafc23574cf215e6b3d6920fbd9df16

SHA1
c5292d479cfe32123117f03e9f4b0def05b78664

SHA256
b9b067d1f44a596535a9a2ed2ace4506a36ba537f4860e789a6b98203dafd612

SHA512
00afd348a268b079cfc0ade9062f1c42e07c9c836a86a02bea30e419d9623facf7e18efc327f06c708c4f3ab19cfa45d3f68670ce2a0ebfb9c45ab91d74ed31a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
10KB

MD5
8ea713c03b7f092e035d065bb0c645d9

SHA1
adcb62a7394ae225add04b32942ae0acdca4b32d

SHA256
26cb399a75586de937d121d361e8e7263a2da7521eb71f544a8e982359ba491b

SHA512
a3b227d6ffbb11f6305dd9214087e1ad2613eba06f547ee7e045d0ee99c03f481e5b83b6ad9366ca55258a85940a5ff440e92237741eb8810fb573d0c2710f80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
10KB

MD5
b35ba8e77adfa616cace89456e51d31d

SHA1
6db5b226760df42087184e73b207f60e89067930

SHA256
5c0b6cae30855137355cd04124fb46e0119b8746cebf542c356d3c321b6cd6aa

SHA512
3bdcfc567109eb8420baefd93c29a1efe80912142e556f07e1ee71c9f79fd63cd2a04dd76aa686c611f4fa014b2452c2610ee44f59dedb88b9a5164aff4efd8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
4191d0a6210278137b15ef62b602bbd7

SHA1
22da09d9064b192b3fafa4cfeb54566467112b13

SHA256
ccb61549e27a6c6ca0955174584cdbe1dd082a33047e911ef70ffe306446ebd9

SHA512
d8ef77595059cd8a89b51b744dc1a9c3bfe53d3018733849e72b9589de4d2b212e6bd059b05b88200530e286a3776936b693516fefa76f15fa889075a824401b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
24566e861b4c54b8bf22628f9bd71409

SHA1
f229cd1509293388e9d31d7821695385941cdf69

SHA256
ae34cf261750bf2178cea1217f60e4584bf38f107dfb6fbbf1dda4f9460203e4

SHA512
955535ed8c19b78189150f7f0b5e97f5719858ca0b3f163f075e501eb5c6b8be6527c2c296de13e2a660bbec0c195eafa5e50496147e920daa4954927eed56bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
10KB

MD5
0c8932dc998ccee20a679a5ea0353e56

SHA1
60fb130366dad1a8a96823a316a4333f86302b61

SHA256
db3a84ce2da95df311e52c3ab1c58c0b07bf5fbd507ebef4e23a818a050e5471

SHA512
591e560438ec3a8c4a11b8e84141af4470f259251e75264f6a23c1ff2c2b0be341aefb8d2eed43cacdc5bf2de300190a0fd1f57bfce0929bbe0a1478ca2f7e2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
10KB

MD5
ea33017ce5bb292c61a331a3907de924

SHA1
01e1d52125dc4ec3fc118203d7bc73c6064d123f

SHA256
56217fa1db38cdcf7b0b09d610f3a70b40c4c793d06793677c104329becbe4d1

SHA512
8fea6be8a7041184dd7792c8541e00809f4e725f315bda26d384d04a490419d6f7bdffc6271f6348cbb8d4fbc91c6763f807267be89ccf0ac9394357c8ef52d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
72B

MD5
5e42668b0c5c21110f9f870c6c21bee5

SHA1
eb9b1e60d30878f8aa7ff1098b8d683fb2b20108

SHA256
3e36725edaea339ee4bb30522a078871d9dc05756ae15a989c8fb025eb7010ac

SHA512
def0f9afbca058ce664e2d2593c015b1a60fea5485ec360c2a28b3f53dfc727b98d6f87e03f7cf388c30869e4ef14810c48677c8b3011650be36b91b75085189

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe581373.TMP
Filesize
48B

MD5
339e51c62244d831f48841226d813039

SHA1
61303693c4b9009d1da23457167291afdcfab853

SHA256
b9a50c62cd040e9a5a65bd709c55a1fc02afb05cf53230295db09abe7035e7fd

SHA512
3869556f915d6d40c0051d3ea93e84c2c92cf8311ad88dd8a92d84b443c3b90cbc5e1a40e59656958539fb85ae2c1e0f4f0a8f8600a4743d90f3f80fcb16289e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
64a4c5a40e31e9a8a0cd6972eed11e08

SHA1
eef64006863f196d76b356cd5cfde02bcf657dd1

SHA256
71354e958e881e49d9cdd4cd28dd165c9c199003baea8f00db4ff0a9c0dcd6b6

SHA512
611015adc4d6746ba3178c903f11b29c9863a548517da8fe7d5517fd36254cc84e1567d8bc6b33ed9ed66f31c7f014527f24743f1cf2d8b4a5aeb29733d58637

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
c74b09d2c322943c5f70a555029c6267

SHA1
b61184ab3b8f2ff448250b20a20946bd24281acf

SHA256
eb3fb684a5656637c1fe07046bc5a8ab47f7eab35dc5185ba2ed7c32c660e752

SHA512
9ac554dc7b8f930eca75acde7713ed039e822d1bfa291a1023186509852b0da6061487aeab22a46f7412e288318d23c110e42d3430d88507da781d011bba0b7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
b9bb3ef23c3e47d549eff3e960e19c01

SHA1
d572dbd78be7589f16c6534d6c47dcffe8e6e513

SHA256
91c91967da6b9d92861bc18c97db0e247b2f9b7c862b4c829c6e726f96ea2ae3

SHA512
acd176f90d82db8db204dd73324c7d93b5f9e2573ad73d6736e1175ce35517fa8e0fbd5f02a1adeb106451932f96251de43bb1d94bc06e71f2a9a0a18ad9bb3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
6aeede7cc61ece9216d4eb8f29dd6171

SHA1
f6c6f6e0201659afd20e070f63a02a440642135b

SHA256
12ecf7d4a592e0e0cf180b8e33a429d0a5e4ea84f3285427dd92753a56af14b0

SHA512
adc8deb3e6f4e5d0d42f9763b5334cd02329554f92edb1ace9078de4c26060120019bee1125848606f47bd60484cadfcc0aaabb25d94bfe33ae13918ca4135d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
089e07db81fe8edf577c1a2617a50dbb

SHA1
7acb077aa9dc15538d8d281879213bf54fbed346

SHA256
83a4460dfab27618c20c0c6e27cb263ae8f4735fcbc941d179b650dcf5230b69

SHA512
ad13dd5421592a817645265fabd643318c3a45343fc8b0bbd1b37c3800ea3fc6a15945cb89e285967cd7f00cd4c7c68b001def2d71a5635af8590d5756024b8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
2dec50ebfca32540e1daacbd2cbcc63e

SHA1
a50aacb0160877d1426d7d42c4e4bb1d46b7f019

SHA256
d8ac3a3b97bbac342ba73b4b81386ecb4b0d2b72314a53eee8243cb34da1c253

SHA512
c0e1c7a2c394a2d7f57dc1b1d449ccacfee37923fc410cb606ae4b427bcaa805772a19a49185569815d4067a85154fe45c0499117ba073b923319c8d3e7462f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
48938b7842ca617cadd2b720066b3d0f

SHA1
c6426de66ab8aca2034f67150e40defff109036f

SHA256
7a2a055394cefff578d51d6deefb6b6054cffb471a927d3e6345bf7709424d43

SHA512
ecf83570133a556b365e655adf2516ccf5acc02bb6b1d1f7a20dbb52ee30d27f596ce11f50c2f2fac33e587c202e417a3bd6097388bf7eeda3216fa9b5241744

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
4d9420352fb1a1ebf10213e3104d943c

SHA1
fac8ecad343314df05b1ed387bef51c9523b14fc

SHA256
d3538faf594bbbea685f434b28f3b92bb6b72e3a82b4454bbdec543fb9d2e0bc

SHA512
b35bdaf95635752ac5c8abdc3ac1cf3c02b828b640bacdcaf47c8a51589f90ae1a595dc42a558a57ebc02a76b4a89f6970c972fa55fb9f3b515507d4a4e1da11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
785d9332fdae1652af777ee418afceef

SHA1
b598bc0f6c0def05cc98aeb8fa9484084219e1d0

SHA256
20229179b8d51e99148e4384eccdf3cf7b487ef90aed2a61e740d4aee6d20def

SHA512
2e482fd4e5b86d9cc870858e0e9fbf61eb32b5e7813d9e49d2ccafaf480d1b1a547317e9f7ef3efc807071f6fa35c57c86e67c48d6b598fbe90111a5e22dd0ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e678.TMP
Filesize
536B

MD5
23d00b4d46f1232acd897a1bfda07ac5

SHA1
3c2ec1021bc2f114590ed87d81eebd35262b45b4

SHA256
6543fdb60f88569ed87db53c45b39581580219e1957371622923105ba54501de

SHA512
bf497b6263f93077d1c40da371d87c446d505abf52346009ea1389defda0ee8ab702732bf0291ce72194a2a8b7b3db5cb2684702f0cb03c4bcdf5f84b88b7214

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
42c786f1cee13e9e92f064e5143c510c

SHA1
c68277ef33312817d83c550c9fb3ec172f640679

SHA256
cb3512eb23eb7b08995740df42724135a48ad7da2b299767cb27eb3140ba547c

SHA512
f5c4ae657d357885ec013723a78ecdbd621d83346e815c124fd98e45ced4e9a11cfe457f8f917ca85b1a51a78ef870bd6d1572e0a58b643bbb4306236073651d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
474ab38669e9cba189cd121d18ef8f82

SHA1
6f2990eb26d622de1f9ed3e1b7e99a98f7583d57

SHA256
89414150728a1c2a64c54f08b064350fe6c82a88f82668a9702af2a2185e61c4

SHA512
6788550eae0aa1b068d83cd0d0bea13fefb79e026dc1affaba57bcf36e6fc0373c3e7fb9ea6cb99c14670a5a07e4ba6dd349c7fdf401a28afb2c3bf0d8e83f6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
c25bae47648f6571298f592810cc7c31

SHA1
1b08c844c87baa12ca5aeb4ff7735aafe0250807

SHA256
0005cb605b09580a76d9700033d36dae98719a62756f5a064378462a95045d18

SHA512
21e03771601fe232d5d0f037e252f9d86c31cf0d1b21a68ebba728d20e25a434d30213099b8c4980d6037254a03ec381e36e66f84b44c0caa05db088e8d10adc

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_lzma.pyd
Filesize
154KB

MD5
337b0e65a856568778e25660f77bc80a

SHA1
4d9e921feaee5fa70181eba99054ffa7b6c9bb3f

SHA256
613de58e4a9a80eff8f8bc45c350a6eaebf89f85ffd2d7e3b0b266bf0888a60a

SHA512
19e6da02d9d25ccef06c843b9f429e6b598667270631febe99a0d12fc12d5da4fb242973a8351d3bf169f60d2e17fe821ad692038c793ce69dfb66a42211398e

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_socket.pyd
Filesize
76KB

MD5
8140bdc5803a4893509f0e39b67158ce

SHA1
653cc1c82ba6240b0186623724aec3287e9bc232

SHA256
39715ef8d043354f0ab15f62878530a38518fb6192bc48da6a098498e8d35769

SHA512
d0878fee92e555b15e9f01ce39cfdc3d6122b41ce00ec3a4a7f0f661619f83ec520dca41e35a1e15650fb34ad238974fe8019577c42ca460dde76e3891b0e826

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\libffi-8.dll
Filesize
34KB

MD5
32d36d2b0719db2b739af803c5e1c2f5

SHA1
023c4f1159a2a05420f68daf939b9ac2b04ab082

SHA256
128a583e821e52b595eb4b3dda17697d3ca456ee72945f7ecce48ededad0e93c

SHA512
a0a68cfc2f96cb1afd29db185c940e9838b6d097d2591b0a2e66830dd500e8b9538d170125a00ee8c22b8251181b73518b73de94beeedd421d3e888564a111c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\win32api.pyd
Filesize
130KB

MD5
1d6762b494dc9e60ca95f7238ae1fb14

SHA1
aa0397d96a0ed41b2f03352049dafe040d59ad5d

SHA256
fae5323e2119a8f678055f4244177b5806c7b6b171b1945168f685631b913664

SHA512
0b561f651161a34c37ff8d115f154c52202f573d049681f8cdd7bba2e966bb8203780c19ba824b4a693ef12ef1eeef6aeeef96eb369e4b6129f1deb6b26aaa00

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_6088_133609014392030709\VCRUNTIME140.dll
Filesize
96KB

MD5
f12681a472b9dd04a812e16096514974

SHA1
6fd102eb3e0b0e6eef08118d71f28702d1a9067c

SHA256
d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8

SHA512
7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_6088_133609014392030709\_bz2.pyd
Filesize
81KB

MD5
4101128e19134a4733028cfaafc2f3bb

SHA1
66c18b0406201c3cfbba6e239ab9ee3dbb3be07d

SHA256
5843872d5e2b08f138a71fe9ba94813afee59c8b48166d4a8eb0f606107a7e80

SHA512
4f2fc415026d7fd71c5018bc2ffdf37a5b835a417b9e5017261849e36d65375715bae148ce8f9649f9d807a63ac09d0fb270e4abae83dfa371d129953a5422ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_6088_133609014392030709\_ctypes.pyd
Filesize
120KB

MD5
6a9ca97c039d9bbb7abf40b53c851198

SHA1
01bcbd134a76ccd4f3badb5f4056abedcff60734

SHA256
e662d2b35bb48c5f3432bde79c0d20313238af800968ba0faa6ea7e7e5ef4535

SHA512
dedf7f98afc0a94a248f12e4c4ca01b412da45b926da3f9c4cbc1d2cbb98c8899f43f5884b1bf1f0b941edaeef65612ea17438e67745962ff13761300910960d

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_6088_133609014392030709\psutil\_psutil_windows.pyd
Filesize
65KB

MD5
3cba71b6bc59c26518dc865241add80a

SHA1
7e9c609790b1de110328bbbcbb4cd09b7150e5bd

SHA256
e10b73d6e13a5ae2624630f3d8535c5091ef403db6a00a2798f30874938ee996

SHA512
3ef7e20e382d51d93c707be930e12781636433650d0a2c27e109ebebeba1f30ea3e7b09af985f87f67f6b9d2ac6a7a717435f94b9d1585a9eb093a83771b43f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_6088_133609014392030709\python3.dll
Filesize
64KB

MD5
34e49bb1dfddf6037f0001d9aefe7d61

SHA1
a25a39dca11cdc195c9ecd49e95657a3e4fe3215

SHA256
4055d1b9e553b78c244143ab6b48151604003b39a9bf54879dee9175455c1281

SHA512
edb715654baaf499cf788bcacd5657adcf9f20b37b02671abe71bda334629344415ed3a7e95cb51164e66a7aa3ed4bf84acb05649ccd55e3f64036f3178b7856

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_6088_133609014392030709\python311.dll
Filesize
5.5MB

MD5
9a24c8c35e4ac4b1597124c1dcbebe0f

SHA1
f59782a4923a30118b97e01a7f8db69b92d8382a

SHA256
a0cf640e756875c25c12b4a38ba5f2772e8e512036e2ac59eb8567bf05ffbfb7

SHA512
9d9336bf1f0d3bc9ce4a636a5f4e52c5f9487f51f00614fc4a34854a315ce7ea8be328153812dbd67c45c75001818fa63317eba15a6c9a024fa9f2cab163165b

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_6088_133609014392030709\pywintypes311.dll
Filesize
131KB

MD5
90b786dc6795d8ad0870e290349b5b52

SHA1
592c54e67cf5d2d884339e7a8d7a21e003e6482f

SHA256
89f2a5c6be1e70b3d895318fdd618506b8c0e9a63b6a1a4055dff4abdc89f18a

SHA512
c6e1dbf25d260c723a26c88ec027d40d47f5e28fc9eb2dbc72a88813a1d05c7f75616b31836b68b87df45c65eef6f3eaed2a9f9767f9e2f12c45f672c2116e72

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_6088_133609014392030709\select.pyd
Filesize
28KB

MD5
97ee623f1217a7b4b7de5769b7b665d6

SHA1
95b918f3f4c057fb9c878c8cc5e502c0bd9e54c0

SHA256
0046eb32f873cde62cf29af02687b1dd43154e9fd10e0aa3d8353d3debb38790

SHA512
20edc7eae5c0709af5c792f04a8a633d416da5a38fc69bd0409afe40b7fb1afa526de6fe25d8543ece9ea44fd6baa04a9d316ac71212ae9638bdef768e661e0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_6088_133609014392030709\test.exe
Filesize
9.6MB

MD5
5244aa93f4209963f6c63e1ef9dde0b9

SHA1
642219eec726127fe7fbe9ceb5e223dcf46fbe46

SHA256
aeca166d5d3da9e76957686ca8753e95b930d8508f825f3cc6b4bac28da6e142

SHA512
e510165f98b070ad3c202734833230779fd95585d28b0a9873afbb5022f488c85e935b7f366a92b89449b42106f4ed76997cac16994386560bd45021d368e28c

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_6088_133609014392030709\vcruntime140_1.dll
Filesize
37KB

MD5
75e78e4bf561031d39f86143753400ff

SHA1
324c2a99e39f8992459495182677e91656a05206

SHA256
1758085a61527b427c4380f0c976d29a8bee889f2ac480c356a3f166433bf70e

SHA512
ce4daf46bce44a89d21308c63e2de8b757a23be2630360209c4a25eb13f1f66a04fbb0a124761a33bbf34496f2f2a02b8df159b4b62f1b6241e1dbfb0e5d9756

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_6088_133609014392030709\win32gui.pyd
Filesize
212KB

MD5
3c81c0ceebb2b5c224a56c024021efad

SHA1
aee4ddcc136856ed2297d7dbdc781a266cf7eab9

SHA256
6085bc00a1f157c4d2cc0609e20e1e20d2572fe6498de3bec4c9c7bebcfbb629

SHA512
f2d6c06da4f56a8119a931b5895c446432152737b4a7ae95c2b91b1638e961da78833728d62e206e1d886e7c36d7bed3fa4403d0b57a017523dd831dd6b7117f

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_6088_133609014392030709\win32process.pyd
Filesize
52KB

MD5
936b26a67e6c7788c3a5268f478e01b8

SHA1
0ee92f0a97a14fcd45865667ed02b278794b2fdf

SHA256
0459439ef3efa0e0fc2b8ca3f0245826e9bbd7e8f3266276398921a4aa899fbd

SHA512
bfe37390da24cc9422cabbbbbc7733d89f61d73ecc3765fe494b5a7bd044e4ffb629f1bb4a28437fe9ad169ae65f2338c15d689f381f9e745c44f2741388860b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 238984.crdownload
Filesize
6.9MB

MD5
10bbd38c21ebf84fea97c3812d57d9c6

SHA1
293cec0d7f44151ffbf88dfe408265825f8bca9b

SHA256
83c4e5947870b7b9f06044624b420ddc9fbae6898a5c9b4420c3dbeaca508bb9

SHA512
a00ec8ed84b806c4aca8564354a6687da64b999d255df7fea4c38e6026c8a4cee665414e96d5e28904d051f4c1a6956193a96c12e52286d6d7f58f39bae8ac31

Download Submit
\??\pipe\LOCAL\crashpad_2420_TSVYARBCAVWDDJET
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit