hxxps://drive[.]google[.]com/file/d/1whu3sKw4uQoj72DD3mvELIKOb6YKfipO/view?usp=sharing

Analysis

max time kernel
600s
max time network
599s
platform
windows10-2004_x64
resource
win10v2004-20240802-de
resource tags

arch:x64arch:x86image:win10v2004-20240802-delocale:de-deos:windows10-2004-x64systemwindows
submitted
21-08-2024 23:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1whu3sKw4uQoj72DD3mvELIKOb6YKfipO/view?usp=sharing

Score

6^/10

discovery

Malware Config

Signatures

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	svchost.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
12	drive.google.com
9	drive.google.com

Network Service Discovery 1 TTPs 1 IoCs

Attempt to gather information on host's network.

discovery

Network Service Discovery

T1046

pid	Process
4708	GameBarPresenceWriter.exe

Drops file in System32 directory 39 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\ntdll.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\symbols\dll\ntdll.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\symbols\dll\UnityPlayer_Win64_il2cpp_x64.pdb	Secret Neighbour.exe
File opened for modification	C:\Windows\system32\kernel32.pdb	Secret Neighbour.exe
File opened for modification	C:\Windows\system32\symbols\dll\GameAssembly.pdb	Secret Neighbour.exe
File opened for modification	C:\Windows\system32\UnityPlayer_Win64_il2cpp_x64.pdb	Secret Neighbour.exe
File opened for modification	C:\Windows\system32\UnityPlayer_Win64_il2cpp_x64.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\symbols\exe\WindowsPlayer_Master_il2cpp_x64.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\symbols\DLL\kernel32.pdb	Secret Neighbour.exe
File opened for modification	C:\Windows\system32\symbols\dll\UnityPlayer_Win64_il2cpp_x64.pdb	Secret Neighbour.exe
File opened for modification	C:\Windows\system32\exe\WindowsPlayer_Master_il2cpp_x64.pdb	Secret Neighbour.exe
File opened for modification	C:\Windows\system32\exe\WindowsPlayer_Master_il2cpp_x64.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\dll\ntdll.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\ntdll.pdb	Secret Neighbour.exe
File opened for modification	C:\Windows\system32\dll\UnityPlayer_Win64_il2cpp_x64.pdb	Secret Neighbour.exe
File opened for modification	C:\Windows\system32\DLL\kernel32.pdb	Secret Neighbour.exe
File opened for modification	C:\Windows\system32\dll\GameAssembly.pdb	Secret Neighbour.exe
File opened for modification	C:\Windows\system32\dll\UnityPlayer_Win64_il2cpp_x64.pdb	Secret Neighbour.exe
File opened for modification	C:\Windows\system32\symbols\DLL\kernel32.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\UnityPlayer_Win64_il2cpp_x64.pdb	Secret Neighbour.exe
File opened for modification	C:\Windows\system32\GameAssembly.pdb	Secret Neighbour.exe
File opened for modification	C:\Windows\system32\symbols\exe\WindowsPlayer_Master_il2cpp_x64.pdb	Secret Neighbour.exe
File opened for modification	C:\Windows\system32\kernel32.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\symbols\dll\GameAssembly.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\dll\ntdll.pdb	Secret Neighbour.exe
File opened for modification	C:\Windows\system32\DLL\kernel32.pdb	Secret Neighbour.exe
File opened for modification	C:\Windows\system32\symbols\DLL\kernel32.pdb	Secret Neighbour.exe
File opened for modification	C:\Windows\system32\symbols\dll\ntdll.pdb	Secret Neighbour.exe
File opened for modification	C:\Windows\system32\dll\GameAssembly.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\WindowsPlayer_Master_il2cpp_x64.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\ntdll.pdb	Secret Neighbour.exe
File opened for modification	C:\Windows\system32\symbols\dll\ntdll.pdb	Secret Neighbour.exe
File opened for modification	C:\Windows\system32\WindowsPlayer_Master_il2cpp_x64.pdb	Secret Neighbour.exe
File opened for modification	C:\Windows\system32\kernel32.pdb	Secret Neighbour.exe
File opened for modification	C:\Windows\system32\dll\ntdll.pdb	Secret Neighbour.exe
File opened for modification	C:\Windows\system32\dll\UnityPlayer_Win64_il2cpp_x64.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\GameAssembly.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\symbols\dll\UnityPlayer_Win64_il2cpp_x64.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\DLL\kernel32.pdb	UnityCrashHandler64.exe

Drops file in Windows directory 40 IoCs

description	ioc	Process
File opened for modification	C:\Windows\dll\GameAssembly.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\symbols\dll\UnityPlayer_Win64_il2cpp_x64.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\WindowsPlayer_Master_il2cpp_x64.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\symbols\DLL\kernel32.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\exe\WindowsPlayer_Master_il2cpp_x64.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\ntdll.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\GameAssembly.pdb	Secret Neighbour.exe
File opened for modification	C:\Windows\dll\GameAssembly.pdb	Secret Neighbour.exe
File opened for modification	C:\Windows\UnityPlayer_Win64_il2cpp_x64.pdb	Secret Neighbour.exe
File opened for modification	C:\Windows\dll\ntdll.pdb	Secret Neighbour.exe
File opened for modification	C:\Windows\GameAssembly.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\INF\msmouse.PNF	Secret Neighbour.exe
File opened for modification	C:\Windows\kernel32.pdb	Secret Neighbour.exe
File opened for modification	C:\Windows\DLL\kernel32.pdb	Secret Neighbour.exe
File opened for modification	C:\Windows\symbols\dll\UnityPlayer_Win64_il2cpp_x64.pdb	Secret Neighbour.exe
File opened for modification	C:\Windows\symbols\DLL\kernel32.pdb	Secret Neighbour.exe
File opened for modification	C:\Windows\symbols\dll\ntdll.pdb	Secret Neighbour.exe
File opened for modification	C:\Windows\dll\UnityPlayer_Win64_il2cpp_x64.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\symbols\dll\ntdll.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\symbols\DLL\kernel32.pdb	Secret Neighbour.exe
File opened for modification	C:\Windows\ntdll.pdb	Secret Neighbour.exe
File opened for modification	C:\Windows\dll\ntdll.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\dll\UnityPlayer_Win64_il2cpp_x64.pdb	Secret Neighbour.exe
File opened for modification	C:\Windows\symbols\dll\ntdll.pdb	Secret Neighbour.exe
File opened for modification	C:\Windows\WindowsPlayer_Master_il2cpp_x64.pdb	Secret Neighbour.exe
File opened for modification	C:\Windows\exe\WindowsPlayer_Master_il2cpp_x64.pdb	Secret Neighbour.exe
File opened for modification	C:\Windows\UnityPlayer_Win64_il2cpp_x64.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\symbols\exe\WindowsPlayer_Master_il2cpp_x64.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\UnityPlayer_Win64_il2cpp_x64.pdb	Secret Neighbour.exe
File opened for modification	C:\Windows\DLL\kernel32.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\dll\ntdll.pdb	Secret Neighbour.exe
File opened for modification	C:\Windows\ntdll.pdb	Secret Neighbour.exe
File opened for modification	C:\Windows\symbols\dll\GameAssembly.pdb	Secret Neighbour.exe
File opened for modification	C:\Windows\dll\UnityPlayer_Win64_il2cpp_x64.pdb	Secret Neighbour.exe
File opened for modification	C:\Windows\symbols\exe\WindowsPlayer_Master_il2cpp_x64.pdb	Secret Neighbour.exe
File opened for modification	C:\Windows\kernel32.pdb	Secret Neighbour.exe
File opened for modification	C:\Windows\symbols\dll\UnityPlayer_Win64_il2cpp_x64.pdb	Secret Neighbour.exe
File opened for modification	C:\Windows\DLL\kernel32.pdb	Secret Neighbour.exe
File opened for modification	C:\Windows\symbols\dll\GameAssembly.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\kernel32.pdb	UnityCrashHandler64.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe

Checks processor information in registry 2 TTPs 11 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	msedge.exe
Key opened	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Secret Neighbour.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Secret Neighbour.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	msedge.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Secret Neighbour.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Secret Neighbour.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe

Enumerates system info in registry 2 TTPs 7 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-656926755-4116854191-210765258-1000\{D42E068D-5C3C-4611-9511-B3D409D0CCC4}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-656926755-4116854191-210765258-1000\{97D3E45C-095A-498E-A5CC-63F3777360E5}	svchost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-656926755-4116854191-210765258-1000\{B84B923A-1F12-4DE7-A3D3-56F0FC5A6CA6}	svchost.exe

Suspicious behavior: EnumeratesProcesses 36 IoCs

pid	Process
2544	msedge.exe
2544	msedge.exe
3548	msedge.exe
3548	msedge.exe
1072	identity_helper.exe
1072	identity_helper.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
5500	msedge.exe
5500	msedge.exe
1900	msedge.exe
1900	msedge.exe
5808	Secret Neighbour.exe
5808	Secret Neighbour.exe
5112	UnityCrashHandler64.exe
5112	UnityCrashHandler64.exe
5112	UnityCrashHandler64.exe
5112	UnityCrashHandler64.exe
5112	UnityCrashHandler64.exe
5112	UnityCrashHandler64.exe
3188	Secret Neighbour.exe
3188	Secret Neighbour.exe
3188	Secret Neighbour.exe
3188	Secret Neighbour.exe
3332	UnityCrashHandler64.exe
3332	UnityCrashHandler64.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4416	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 32 IoCs

pid	Process
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: 33	1688	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1688	AUDIODG.EXE
Token: SeCreateGlobalPrivilege	960	dwm.exe
Token: SeChangeNotifyPrivilege	960	dwm.exe
Token: 33	960	dwm.exe
Token: SeIncBasePriorityPrivilege	960	dwm.exe
Token: SeShutdownPrivilege	960	dwm.exe
Token: SeCreatePagefilePrivilege	960	dwm.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3188	Secret Neighbour.exe
4416	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3548 wrote to memory of 3936	3548	msedge.exe	84
PID 3548 wrote to memory of 3936	3548	msedge.exe	84
PID 3548 wrote to memory of 2992	3548	msedge.exe	85
PID 3548 wrote to memory of 2992	3548	msedge.exe	85
PID 3548 wrote to memory of 2992	3548	msedge.exe	85
PID 3548 wrote to memory of 2992	3548	msedge.exe	85
PID 3548 wrote to memory of 2992	3548	msedge.exe	85
PID 3548 wrote to memory of 2992	3548	msedge.exe	85
PID 3548 wrote to memory of 2992	3548	msedge.exe	85
PID 3548 wrote to memory of 2992	3548	msedge.exe	85
PID 3548 wrote to memory of 2992	3548	msedge.exe	85
PID 3548 wrote to memory of 2992	3548	msedge.exe	85
PID 3548 wrote to memory of 2992	3548	msedge.exe	85
PID 3548 wrote to memory of 2992	3548	msedge.exe	85
PID 3548 wrote to memory of 2992	3548	msedge.exe	85
PID 3548 wrote to memory of 2992	3548	msedge.exe	85
PID 3548 wrote to memory of 2992	3548	msedge.exe	85
PID 3548 wrote to memory of 2992	3548	msedge.exe	85
PID 3548 wrote to memory of 2992	3548	msedge.exe	85
PID 3548 wrote to memory of 2992	3548	msedge.exe	85
PID 3548 wrote to memory of 2992	3548	msedge.exe	85
PID 3548 wrote to memory of 2992	3548	msedge.exe	85
PID 3548 wrote to memory of 2992	3548	msedge.exe	85
PID 3548 wrote to memory of 2992	3548	msedge.exe	85
PID 3548 wrote to memory of 2992	3548	msedge.exe	85
PID 3548 wrote to memory of 2992	3548	msedge.exe	85
PID 3548 wrote to memory of 2992	3548	msedge.exe	85
PID 3548 wrote to memory of 2992	3548	msedge.exe	85
PID 3548 wrote to memory of 2992	3548	msedge.exe	85
PID 3548 wrote to memory of 2992	3548	msedge.exe	85
PID 3548 wrote to memory of 2992	3548	msedge.exe	85
PID 3548 wrote to memory of 2992	3548	msedge.exe	85
PID 3548 wrote to memory of 2992	3548	msedge.exe	85
PID 3548 wrote to memory of 2992	3548	msedge.exe	85
PID 3548 wrote to memory of 2992	3548	msedge.exe	85
PID 3548 wrote to memory of 2992	3548	msedge.exe	85
PID 3548 wrote to memory of 2992	3548	msedge.exe	85
PID 3548 wrote to memory of 2992	3548	msedge.exe	85
PID 3548 wrote to memory of 2992	3548	msedge.exe	85
PID 3548 wrote to memory of 2992	3548	msedge.exe	85
PID 3548 wrote to memory of 2992	3548	msedge.exe	85
PID 3548 wrote to memory of 2992	3548	msedge.exe	85
PID 3548 wrote to memory of 2544	3548	msedge.exe	86
PID 3548 wrote to memory of 2544	3548	msedge.exe	86
PID 3548 wrote to memory of 2612	3548	msedge.exe	87
PID 3548 wrote to memory of 2612	3548	msedge.exe	87
PID 3548 wrote to memory of 2612	3548	msedge.exe	87
PID 3548 wrote to memory of 2612	3548	msedge.exe	87
PID 3548 wrote to memory of 2612	3548	msedge.exe	87
PID 3548 wrote to memory of 2612	3548	msedge.exe	87
PID 3548 wrote to memory of 2612	3548	msedge.exe	87
PID 3548 wrote to memory of 2612	3548	msedge.exe	87
PID 3548 wrote to memory of 2612	3548	msedge.exe	87
PID 3548 wrote to memory of 2612	3548	msedge.exe	87
PID 3548 wrote to memory of 2612	3548	msedge.exe	87
PID 3548 wrote to memory of 2612	3548	msedge.exe	87
PID 3548 wrote to memory of 2612	3548	msedge.exe	87
PID 3548 wrote to memory of 2612	3548	msedge.exe	87
PID 3548 wrote to memory of 2612	3548	msedge.exe	87
PID 3548 wrote to memory of 2612	3548	msedge.exe	87
PID 3548 wrote to memory of 2612	3548	msedge.exe	87
PID 3548 wrote to memory of 2612	3548	msedge.exe	87
PID 3548 wrote to memory of 2612	3548	msedge.exe	87
PID 3548 wrote to memory of 2612	3548	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1whu3sKw4uQoj72DD3mvELIKOb6YKfipO/view?usp=sharing
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa306046f8,0x7ffa30604708,0x7ffa30604718
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,10646719118562813018,7177043645573408998,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:2992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,10646719118562813018,7177043645573408998,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,10646719118562813018,7177043645573408998,131072 --lang=de --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
  2⤵
  PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10646719118562813018,7177043645573408998,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10646719118562813018,7177043645573408998,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:1736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10646719118562813018,7177043645573408998,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2032 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10646719118562813018,7177043645573408998,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,10646719118562813018,7177043645573408998,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=5820 /prefetch:8
  2⤵
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,10646719118562813018,7177043645573408998,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=5820 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10646719118562813018,7177043645573408998,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10646719118562813018,7177043645573408998,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:2636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10646719118562813018,7177043645573408998,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:5360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10646719118562813018,7177043645573408998,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3956 /prefetch:1
  2⤵
  PID:5736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10646719118562813018,7177043645573408998,131072 --lang=de --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2232 /prefetch:1
  2⤵
  PID:5744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10646719118562813018,7177043645573408998,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
  2⤵
  PID:5896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10646719118562813018,7177043645573408998,131072 --lang=de --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:5904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2112,10646719118562813018,7177043645573408998,131072 --lang=de --service-sandbox-type=collections --mojo-platform-channel-handle=5252 /prefetch:8
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10646719118562813018,7177043645573408998,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10646719118562813018,7177043645573408998,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3752 /prefetch:1
  2⤵
  PID:5380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10646719118562813018,7177043645573408998,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1304 /prefetch:1
  2⤵
  PID:5872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10646719118562813018,7177043645573408998,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:5224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10646719118562813018,7177043645573408998,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
  2⤵
  PID:5236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10646719118562813018,7177043645573408998,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,10646719118562813018,7177043645573408998,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3080 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10646719118562813018,7177043645573408998,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:3844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10646719118562813018,7177043645573408998,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2112,10646719118562813018,7177043645573408998,131072 --lang=de --service-sandbox-type=collections --mojo-platform-channel-handle=6652 /prefetch:8
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10646719118562813018,7177043645573408998,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:1
  2⤵
  PID:1892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10646719118562813018,7177043645573408998,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6808 /prefetch:1
  2⤵
  PID:5984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2112,10646719118562813018,7177043645573408998,131072 --lang=de --service-sandbox-type=audio --mojo-platform-channel-handle=6668 /prefetch:8
  2⤵
  PID:5508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2112,10646719118562813018,7177043645573408998,131072 --lang=de --service-sandbox-type=video_capture --mojo-platform-channel-handle=6644 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10646719118562813018,7177043645573408998,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6972 /prefetch:1
  2⤵
  PID:1244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10646719118562813018,7177043645573408998,131072 --lang=de --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6952 /prefetch:1
  2⤵
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10646719118562813018,7177043645573408998,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7348 /prefetch:1
  2⤵
  PID:5816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10646719118562813018,7177043645573408998,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1
  2⤵
  PID:5744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10646719118562813018,7177043645573408998,131072 --lang=de --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6660 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10646719118562813018,7177043645573408998,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7608 /prefetch:1
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10646719118562813018,7177043645573408998,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7128 /prefetch:1
  2⤵
  PID:5788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10646719118562813018,7177043645573408998,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7524 /prefetch:1
  2⤵
  PID:6008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2112,10646719118562813018,7177043645573408998,131072 --lang=de --service-sandbox-type=service --mojo-platform-channel-handle=7040 /prefetch:8
  2⤵
  PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10646719118562813018,7177043645573408998,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7236 /prefetch:1
  2⤵
  PID:5988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10646719118562813018,7177043645573408998,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7516 /prefetch:1
  2⤵
  PID:5584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10646719118562813018,7177043645573408998,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3664 /prefetch:1
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2112,10646719118562813018,7177043645573408998,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=5996 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1900

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3872

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1828

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6080

C:\Users\Admin\Downloads\Summer 2020\Summer 2020\Secret Neighbour.exe
"C:\Users\Admin\Downloads\Summer 2020\Summer 2020\Secret Neighbour.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
PID:5808
- C:\Users\Admin\Downloads\Summer 2020\Summer 2020\UnityCrashHandler64.exe
  "C:\Users\Admin\Downloads\Summer 2020\Summer 2020\UnityCrashHandler64.exe" --attach 5808 2172694630400
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  PID:5112
- - C:\Users\Admin\Downloads\Summer 2020\Summer 2020\UnityCrashHandler64.exe
    "C:\Users\Admin\Downloads\Summer 2020\Summer 2020\UnityCrashHandler64.exe" "5808" "2172694630400"
    3⤵
    PID:2320

C:\Users\Admin\Downloads\Summer 2020\Summer 2020\Secret Neighbour.exe
"C:\Users\Admin\Downloads\Summer 2020\Summer 2020\Secret Neighbour.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3188
- C:\Users\Admin\Downloads\Summer 2020\Summer 2020\UnityCrashHandler64.exe
  "C:\Users\Admin\Downloads\Summer 2020\Summer 2020\UnityCrashHandler64.exe" --attach 3188 2281968701440
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3332

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f0 0x3c4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1688

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
- Network Service Discovery
PID:4708

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4416

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Drops desktop.ini file(s)
- Checks processor information in registry
- Modifies registry class
PID:1884

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:960

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Checks processor information in registry
- Modifies registry class
PID:5240

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Service Discovery

T1046

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Hologryph\Secret Neighbour\Unity\7be13857-2146-4022-91b3-3d98c1067f79\Analytics\ArchivedEvents\172428416900002.c513cc9d\c

Filesize
1B

MD5
c81e728d9d4c2f636f067f89cc14862c

SHA1
da4b9237bacccdf19c0760cab7aec4a8359010b0

SHA256
d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35

SHA512
40b244112641dd78dd4f93b6c9190dd46e0099194d5a44257b7efad6ef9ff4683da1eda0244448cb343aa688f5d3efd7314dafe580ac0bcbf115aeca9e8dc114

Download Submit
C:\Users\Admin\AppData\LocalLow\Hologryph\Secret Neighbour\Unity\7be13857-2146-4022-91b3-3d98c1067f79\Analytics\ArchivedEvents\172428416900002.c513cc9d\s

Filesize
362B

MD5
3783420f1249c85bd9b96bc0d56cb17e

SHA1
4b2e43eacd46c66c549599ee1a84182c4ec04abf

SHA256
09d064df8b498790f2c58b89a4b09ee4033133e429a0411d0a6e2a71db337881

SHA512
fe1653d0eb1ea9fba47a0e499f589c08e3fab499469fe0cb1c7f99b0047b94b5bd4b98e80c4eac26e272da8d56049e08644373b8f7a5e05751ca8152e2bc1a0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

Filesize
150B

MD5
30d32a91efd272df5b4cc33e2a8b81d1

SHA1
8757a2556cd243778b6c192860780a9a394464ac

SHA256
8b0ecb38352a94fe078468698c19fa54a103127e3c93479d4c0d58c6b43548bc

SHA512
401acf13824b5325da03123da25fc5a5ac455639948caf5972ea564099cc5603cbb4197ab19fecef09691440c01e26c65f42859d36cfd6a367262de631e4a101

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\7a16a13f-163d-4d2a-a419-14746bccc8df.dmp

Filesize
4.0MB

MD5
27497e8d018bd68696bd7847eb82db29

SHA1
f4142938600554b08d7c04b0088aa59637c5ac19

SHA256
f010dfb42f0a5f9e128c0dde1962c25039b37ed02fca41cddcd1ce9a80c0bc7d

SHA512
fe2af27de316517018557f269f8415d5818ac31489ad5be03d0cf15095e40a9196087f89876a712d72093c6dd0188102bd2e526ad48638de202a13443a9c1959

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
214KB

MD5
0f7899f81a58ca65286c5e9f17cd0b62

SHA1
739297042d52977ceee389c6b1aff11319f09616

SHA256
f4af288176253a42161eae4d51932cc77aa1f21091495271b0e77da09dffd44b

SHA512
89bbd8a71131ff7f9263334ecc22bea23ea12f712981649111562dc1b44ddab77de74ba3c326e7378be3449f556bdba59767c8df9e56679c3ada68b4e7ecad08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
51e71996e6f4c9166a9764f731806e9c

SHA1
aa0ea0db46bb76cf6fbd70424652f92c562614fe

SHA256
fe14458408b6645d60adf33f2ec55f3405a8f7bb724577ee1e3a879afb929148

SHA512
66c8eae9f131106b277d66b36e9d657cdb429e50c4ad55530d04e98320642e4d201697637cd0b67d495717989ae1e70cb4f3e5baea92bb41d23a5b1fa8f67bf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
4ad3ad3f66c123b4905c9d1a2c204575

SHA1
77cf4938900112a2d5f56fee18214ad162d03d6d

SHA256
de5be009ac1a652bccd854ff06734c666ff6a425ab6ff8e113bbe2370c1d5809

SHA512
58ad663e130fc7379588d4ebbd310fd9f61cf9356ef340764b3801f361878487a05435bf64d565303f2b75be16fe04704ed5b68fa9d3f001014e1c76a092241f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
4a8ff083c7d1e393d36245d4195e2f36

SHA1
3b3709c5b6c219db1699f096388ee1af6e31408c

SHA256
af320da225d68cc643fdfa089ed60e1ca9e4666085ecf506d1b1381d1680af29

SHA512
1d1e194467c358ea5bdb478d777c242282c75551889d5b26c3a35104275ab2aa46ec4e08105f63ff285556250dd85b277e11dc940154f3fb96c04ba1e222396c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
b117e6b954feef6204754cc07827056e

SHA1
402377a4dcfdebb63ea11c8447903b0fcdc4170b

SHA256
092287d4149b67c3a673c2de4befb045c3f4c4122e9cdac364e68e90e2f29a6f

SHA512
ab5d90a7d1a55682733c59aef208903c2a0e36516d748175e75da3cf641003afdf4a57f4c4fbcaa2fd87051e38c3dbb64fed24efda64551300d05ad2319e3a24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
07e1c3f772b18eb09a77526325a17949

SHA1
1b867663b65f81cf0afdc597c323760c4efab36f

SHA256
c9fe6c8f8e4ccbe7dffc25f7d37b37a33d2bfe11ba9158626363759059ecc4fd

SHA512
eaaebbc3eff15f934591d04128d946ebc49b627ed66e456e9b03a9b19e2d87499d552ef1c8febe13ce57ced94a094aa8ac1c05b0e90d5fa0cb09c9560ecd8870

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
09fa18523b2e951f3b7e3e2920618d64

SHA1
0a6b9a1df803daec9963d8bf92849966549c1ce6

SHA256
4a5e8524c45f7999cc6387ae94cff1470788f555468639edd62188e365097e9e

SHA512
57a67d5f59549ce252d8bf5ac3e2e9bb3570b7df6be9f8b3f3d4798b21767cce17697c89eb7f46988c97018056d6b4e59010a15fb48006cb983277abe9ed7616

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
4816869efaf44dde668252ac7e3b247c

SHA1
e56d6f4fdfb2070f6e730ebf44466940c79ad32c

SHA256
b2ab6d5eca7e658883c86a56a3e3cd8caa6819f1c3f1f1992b325a16eec77081

SHA512
eea876e4b752712a096b4c0de12f06573a2f9295b32f97c0605c12e938b5f696c25f7c45d06af3b111845d5f0372398bdc1a68d1122c607eb6225c61bea6400c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
5d3f740e1c1577980e84a5735cda6400

SHA1
8942ce8c6848d788fa1d346bd7f475a263d13bb8

SHA256
3ef896f77f1bf324db751d24ee63b6b65ddb82d3fea22331b0b718f9be4c7aae

SHA512
b97a571481f078cada3af5db4137bb45777104e2db3ff6e50f264c08c7f8ff59a7223a67cb3819037df7498c90329074e8dc0ff617d15d7d6aa6735938c7be62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
6abc2b6b2f31e1fde2810e858467a9fa

SHA1
93030240cb0efc30f40779ebd1e5200f52dd2dc0

SHA256
3d1cc058d77a8ab8a022904c31925b463eb3b74d0debab453e7a53884680b6cd

SHA512
7c1dfddef964dcb7a18b9f9af33694229a630694aea766e78b0613282d92fd2c67dc1edb22bbb60f55004886afdbc9c317b925ba95f4aeebcd58c21bc51f3f35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f5775f9b258d629640ba523a13f5b79a

SHA1
c4379db89083176ae6c34e55c225dfde7dbdb291

SHA256
15933c339250f2f67e5260297fb7cfa5d4dd116357a13d1c4f57e55d2d1096d8

SHA512
e2cfb7e3a5c926a75400fad3681aa2afa91d1fce709d06da1818f55567636bcc6e53513b9d082c0d1165b0a899146896cf7f46ba039ae8383bd065adc6b5ca04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
b4befcae5813203c2b62fa8c1b9b367b

SHA1
7c91f62dcf50c9995e9f02506dfb6da17f1bc647

SHA256
a6e43d121924da71c6406d991e9a3a19ef074dc60407ad2060dc3261be975083

SHA512
83564ae7326e7513fe7e44fbe318b0b1b7a4f91d19b98871c02694b16b1b7bdceb8be7fb57b63b541dfe2c7dc1e29b23eecbd824e0e6e41ad412b145fa8f1cb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
98b49f432a6477beb614ad8fb663b6d2

SHA1
03bb3a979d32e34f110fab6420e0aaeedc0aae30

SHA256
db3bd91689d01cfe12ccf8032ecc3fbb92741d581e6b3673c346ec48eea3c374

SHA512
a51e0772d2dab1365fe2623660b846b305539c5318cd9557abdb74abfe6992d1fa167d03349ceab21d6bb798ddf12547fb872df3e63746a8268bb829e07d2530

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ab83d2fffe9cbe70c6c7ae3e379cb252

SHA1
536d3f2a023fd65fc7516c323e96c96e17dc5a56

SHA256
ad06bc6dcced708856ac7f2681c3eb0cd84b494dd29af861286d5846349b009a

SHA512
80230c7d37c6725d60c7d24ee70946387c8276e295f3325295e8ad41840ab7cd708e9cb6c72ce61947e161381207cbe6509f211a76be4b056d85a06997cde70a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
9a75d959e20a5af334db5214916d92a6

SHA1
a3d5edde0a3f42b45e3351605d0d77d2075db51d

SHA256
525475f3fa04dd8c1a2cda33333f1262175e578ab2def947bb0a9825fb7feb91

SHA512
8cb573bfb273cedc5196eb868c01dc48b2752f9f7d4274a75ca1c4196b085a818b52cb3773bfb73e4d3f7cecfe6abac845191cdd8f8a751fc313c2f05050093a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
ae884a1e52317fe0c1c3f2264d1e2d60

SHA1
1c10ee58573ec785ecee5cfb8a9f75878816195d

SHA256
3335720135502136522dc49c80271febbdfbe2534b6d66f2fef5fcb5c10a9ebe

SHA512
c4eddbfa6eaec8b4a1342d1ec03e38b75ac8c479627f7c6067fa0b05db863f57c4377ce2badc5b109d2c1dc2d2c0fb8a38e434eb70726f5de37e7f3e73671645

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
d846ccf26037908f90d32755b4c2ef0e

SHA1
8fc7ec6534ab83697f7c9d37aac2ef818f04b6aa

SHA256
1d20ebd2536ed62d48c4282b5829d954f48a026149cb0522fbe4d828da3dbd58

SHA512
aff3cf96eadbc084270129525ca6da5616253ae2baf4955d4e6fe90127dddf4df55809cde6712d5fc977e5350b7479a0175815caacfe0091563035b14f1e2999

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
bc6d26ca876c4050aa51f5176da59824

SHA1
819998ef141c41ce972acb59c065efcf689cda14

SHA256
ddf4056b5a749c5ecd574cac1b63bff6d5c88b2014265b802b041ff6183fc2a1

SHA512
555bc838fd022a2064b3dd597ebfd169e00af851068a94fee1b53f58e7bb27be07f8c698b28d6bda467202c4f9cc1a3d2df68059880aaf89404a79463cbe4c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
aae4f68026d3a5d7881bdd0b60f613d6

SHA1
8f3b760d6ab10020f99f71b67e16edf8d1627a0a

SHA256
b762aff7a657c6a1fcf127e49732455ada7cc5b775e4619bf498d27290f0752c

SHA512
bcbeeaf96728c3a6c9aac70ed6fb467d7702246acbc6bdd5dbad915b35270bde8dd9cd813d349f317988aa92c5aa231a1ad12e9c210cf04d9eae4fedb05050e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5abecd.TMP

Filesize
48B

MD5
206bd8f4c886a94f4a95c89ad7a74c2f

SHA1
f00003688911c1adcb4ace365ce8081c622c603b

SHA256
fc3d3986a028c186eee5314e2db9ae1d31200974e12e7d4c3d2fcc8638de6f52

SHA512
67e24dae91f99c4b68f83d5d2b6cb3da92408c68f7dff2f82e4fdfc7f341a13e21104ad91cd0c10ab1583a917045006725d5fdfc1cd1c173543823937559ba2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1bda81fc2b4e90c4295525815cd4a30a

SHA1
144503533ece7af2b4bd9e720a2d42dadde6af40

SHA256
8d534458ff466996a966558e1f0ddb40784369f0f238d135ff2a41ac28877b4c

SHA512
56ec47aa482f6acb634838d269ece9d4bd5a4074d467084b00158572657e42f311412dc2cddb63915d6eb37dbb4e90b2e29cdec9bb64a9e1811e0115687c95de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
938fd63ae9809b2b923a781d10866e51

SHA1
1e0a8309976bdb90c6a39e02e9271c0c7bbb97c5

SHA256
20afb72b4bc8989adf4fec157f565e8fa5bfa72fee28dc2c067e9537f664f419

SHA512
4a9677fbf26e9d6217790d9abf1a7e2087b32d2cad1096b253d2a86c48341248d12de9ec5718dd13c8906e536310481802bfd22699aae309e13e4ae0762097f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a3fc9.TMP

Filesize
1KB

MD5
92affb62f5acfecb20407018566c3ca2

SHA1
ff268cede0c39e0a153b91ff6f95caacdd74ad8d

SHA256
5023d8a99c860ca5d931651b803c897ac2a5c0ff9e3fa0baf3b5062c0cf04c92

SHA512
02379894cdb927a0bd2e4dca68f11430f605681a694a704d5956543c64c77056fbe96e34c377731128eb328acb46adf09bce92cdbfa6c765a0439fb01d2328c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ad2a4b670b049afab7daea9593085401

SHA1
ebb2d46afd0d66a1c7787836f847ac18958af833

SHA256
52519c9c5b8b8b568505a420bb176c20aae07c31ce7f12ebdb78ad06955e807d

SHA512
e41fd97482e8d05c0c6472fb966f9bef7a2fd25f62ddc6596f02cde654846cec9ed770f84c813539b6bd72459aa7053ce5abc08a8d1631e1a33768984d1cb685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
c8267e6de2056cf4abd69315f513d4f3

SHA1
2ea6f8146518d157b33f2f5fdd34e283914f3e15

SHA256
88c5b463efcea9ec496dda1a13c60f99059e3c9a99a35d0da73663f41ba76c42

SHA512
4fcd809047fdb6c2c233bf7b70d910671b5393068e405262d9014e25d486587dc59f5e86cac11d3f354f7fdfa6f52d9125f0fbf630949ec525a9b7bb152999c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
8d0336a36c7b8cecfcc7a355fe0ba29a

SHA1
3717bb72310b3a05fdebd8829d7eafdae477ee49

SHA256
4d5f9b5b59f1fc345c52cb39c2459232c82d1183a3ec05dc38a8027fd9b628eb

SHA512
b69e152f9f5add43179e55ded0bc312e8a68d174038f2415827a56a8e2a654483a85a495fb25c8247ecd3e8579264b2c801df80f5075dd068349c0fee8b13b98

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini

Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit