hxxps://eprst281[.]boo/files/blackrock[.]msix

Analysis

max time kernel
212s
max time network
203s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
01-05-2024 19:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://eprst281.boo/files/blackrock.msix

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://blackrock.com/

Signatures

Blocklisted process makes network request 1 IoCs

flow	pid	Process
77	5744	powershell.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
1924	msedge.exe
1924	msedge.exe
3668	msedge.exe
3668	msedge.exe
2992	identity_helper.exe
2992	identity_helper.exe
1272	msedge.exe
1272	msedge.exe
5692	powershell.exe
5692	powershell.exe
5692	powershell.exe
5744	powershell.exe
5744	powershell.exe
5744	powershell.exe
5232	msedge.exe
5232	msedge.exe
5868	msedge.exe
5868	msedge.exe
4796	identity_helper.exe
4796	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
5868	msedge.exe
5868	msedge.exe
5868	msedge.exe
5868	msedge.exe
5868	msedge.exe
5868	msedge.exe
5868	msedge.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeRestorePrivilege	3432	7zG.exe
Token: 35	3432	7zG.exe
Token: SeSecurityPrivilege	3432	7zG.exe
Token: SeSecurityPrivilege	3432	7zG.exe
Token: SeDebugPrivilege	5692	powershell.exe
Token: SeDebugPrivilege	5744	powershell.exe

Suspicious use of FindShellTrayWindow 62 IoCs

pid	Process
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3432	7zG.exe
5868	msedge.exe
5868	msedge.exe
5868	msedge.exe
5868	msedge.exe
5868	msedge.exe
5868	msedge.exe
5868	msedge.exe
5868	msedge.exe
5868	msedge.exe
5868	msedge.exe
5868	msedge.exe
5868	msedge.exe
5868	msedge.exe
5868	msedge.exe
5868	msedge.exe
5868	msedge.exe
5868	msedge.exe
5868	msedge.exe
5868	msedge.exe
5868	msedge.exe
5868	msedge.exe
5868	msedge.exe
5868	msedge.exe
5868	msedge.exe
5868	msedge.exe
5868	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
5868	msedge.exe
5868	msedge.exe
5868	msedge.exe
5868	msedge.exe
5868	msedge.exe
5868	msedge.exe
5868	msedge.exe
5868	msedge.exe
5868	msedge.exe
5868	msedge.exe
5868	msedge.exe
5868	msedge.exe
5868	msedge.exe
5868	msedge.exe
5868	msedge.exe
5868	msedge.exe
5868	msedge.exe
5868	msedge.exe
5868	msedge.exe
5868	msedge.exe
5868	msedge.exe
5868	msedge.exe
5868	msedge.exe
5868	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3668 wrote to memory of 3416	3668	msedge.exe	84
PID 3668 wrote to memory of 3416	3668	msedge.exe	84
PID 3668 wrote to memory of 2696	3668	msedge.exe	85
PID 3668 wrote to memory of 2696	3668	msedge.exe	85
PID 3668 wrote to memory of 2696	3668	msedge.exe	85
PID 3668 wrote to memory of 2696	3668	msedge.exe	85
PID 3668 wrote to memory of 2696	3668	msedge.exe	85
PID 3668 wrote to memory of 2696	3668	msedge.exe	85
PID 3668 wrote to memory of 2696	3668	msedge.exe	85
PID 3668 wrote to memory of 2696	3668	msedge.exe	85
PID 3668 wrote to memory of 2696	3668	msedge.exe	85
PID 3668 wrote to memory of 2696	3668	msedge.exe	85
PID 3668 wrote to memory of 2696	3668	msedge.exe	85
PID 3668 wrote to memory of 2696	3668	msedge.exe	85
PID 3668 wrote to memory of 2696	3668	msedge.exe	85
PID 3668 wrote to memory of 2696	3668	msedge.exe	85
PID 3668 wrote to memory of 2696	3668	msedge.exe	85
PID 3668 wrote to memory of 2696	3668	msedge.exe	85
PID 3668 wrote to memory of 2696	3668	msedge.exe	85
PID 3668 wrote to memory of 2696	3668	msedge.exe	85
PID 3668 wrote to memory of 2696	3668	msedge.exe	85
PID 3668 wrote to memory of 2696	3668	msedge.exe	85
PID 3668 wrote to memory of 2696	3668	msedge.exe	85
PID 3668 wrote to memory of 2696	3668	msedge.exe	85
PID 3668 wrote to memory of 2696	3668	msedge.exe	85
PID 3668 wrote to memory of 2696	3668	msedge.exe	85
PID 3668 wrote to memory of 2696	3668	msedge.exe	85
PID 3668 wrote to memory of 2696	3668	msedge.exe	85
PID 3668 wrote to memory of 2696	3668	msedge.exe	85
PID 3668 wrote to memory of 2696	3668	msedge.exe	85
PID 3668 wrote to memory of 2696	3668	msedge.exe	85
PID 3668 wrote to memory of 2696	3668	msedge.exe	85
PID 3668 wrote to memory of 2696	3668	msedge.exe	85
PID 3668 wrote to memory of 2696	3668	msedge.exe	85
PID 3668 wrote to memory of 2696	3668	msedge.exe	85
PID 3668 wrote to memory of 2696	3668	msedge.exe	85
PID 3668 wrote to memory of 2696	3668	msedge.exe	85
PID 3668 wrote to memory of 2696	3668	msedge.exe	85
PID 3668 wrote to memory of 2696	3668	msedge.exe	85
PID 3668 wrote to memory of 2696	3668	msedge.exe	85
PID 3668 wrote to memory of 2696	3668	msedge.exe	85
PID 3668 wrote to memory of 2696	3668	msedge.exe	85
PID 3668 wrote to memory of 1924	3668	msedge.exe	86
PID 3668 wrote to memory of 1924	3668	msedge.exe	86
PID 3668 wrote to memory of 2088	3668	msedge.exe	87
PID 3668 wrote to memory of 2088	3668	msedge.exe	87
PID 3668 wrote to memory of 2088	3668	msedge.exe	87
PID 3668 wrote to memory of 2088	3668	msedge.exe	87
PID 3668 wrote to memory of 2088	3668	msedge.exe	87
PID 3668 wrote to memory of 2088	3668	msedge.exe	87
PID 3668 wrote to memory of 2088	3668	msedge.exe	87
PID 3668 wrote to memory of 2088	3668	msedge.exe	87
PID 3668 wrote to memory of 2088	3668	msedge.exe	87
PID 3668 wrote to memory of 2088	3668	msedge.exe	87
PID 3668 wrote to memory of 2088	3668	msedge.exe	87
PID 3668 wrote to memory of 2088	3668	msedge.exe	87
PID 3668 wrote to memory of 2088	3668	msedge.exe	87
PID 3668 wrote to memory of 2088	3668	msedge.exe	87
PID 3668 wrote to memory of 2088	3668	msedge.exe	87
PID 3668 wrote to memory of 2088	3668	msedge.exe	87
PID 3668 wrote to memory of 2088	3668	msedge.exe	87
PID 3668 wrote to memory of 2088	3668	msedge.exe	87
PID 3668 wrote to memory of 2088	3668	msedge.exe	87
PID 3668 wrote to memory of 2088	3668	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://eprst281.boo/files/blackrock.msix
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdbdf946f8,0x7ffdbdf94708,0x7ffdbdf94718
  2⤵
  PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2236,8742677929130261185,642623399299114738,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2320 /prefetch:2
  2⤵
  PID:2696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2236,8742677929130261185,642623399299114738,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2236,8742677929130261185,642623399299114738,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
  2⤵
  PID:2088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,8742677929130261185,642623399299114738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,8742677929130261185,642623399299114738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:852
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2236,8742677929130261185,642623399299114738,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 /prefetch:8
  2⤵
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2236,8742677929130261185,642623399299114738,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,8742677929130261185,642623399299114738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:3788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,8742677929130261185,642623399299114738,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,8742677929130261185,642623399299114738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
  2⤵
  PID:556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,8742677929130261185,642623399299114738,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2236,8742677929130261185,642623399299114738,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5552 /prefetch:8
  2⤵
  PID:3156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,8742677929130261185,642623399299114738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2236,8742677929130261185,642623399299114738,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3396 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1272

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4752

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3892

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6116

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\blackrock\" -spe -an -ai#7zMap8878:78:7zEvent2222
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3432

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "-Command" "if((Get-ExecutionPolicy ) -ne 'AllSigned') { Set-ExecutionPolicy -Scope Process Bypass }; & 'C:\Users\Admin\Desktop\blackrock\LMgwPLLUMYUCMYqNCHLJ.ps1'"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5692
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
  2⤵
  - Blocklisted process makes network request
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:5744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://blackrock.com/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:5868
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdbdf946f8,0x7ffdbdf94708,0x7ffdbdf94718
    3⤵
    PID:1600
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1500,16398118840034778380,17008359519851010537,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
    3⤵
    PID:5240
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1500,16398118840034778380,17008359519851010537,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2464 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5232
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1500,16398118840034778380,17008359519851010537,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3016 /prefetch:8
    3⤵
    PID:5304
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,16398118840034778380,17008359519851010537,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
    3⤵
    PID:3356
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,16398118840034778380,17008359519851010537,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
    3⤵
    PID:5228
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1500,16398118840034778380,17008359519851010537,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 /prefetch:8
    3⤵
    PID:2296
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1500,16398118840034778380,17008359519851010537,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4796
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,16398118840034778380,17008359519851010537,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
    3⤵
    PID:1924
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,16398118840034778380,17008359519851010537,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
    3⤵
    PID:2088
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,16398118840034778380,17008359519851010537,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
    3⤵
    PID:3544
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,16398118840034778380,17008359519851010537,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
    3⤵
    PID:5040
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,16398118840034778380,17008359519851010537,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
    3⤵
    PID:3756

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4072

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9dc60aef38e7832217e7fa02d6f0d9f6

SHA1
4f8539dc7d5739b36fe976a932338f459d066db6

SHA256
8a0ee0b6fafabb256571b691c2faf77c7244945faa749c72124d5eb43a197a32

SHA512
18371541811910992c2b84a8eae7e997e8627640bdb60b9e82751389e50931db9b3e206d31f4d9d2dc3ca25ea3a82c0be413ecb0ef3ac227a14e54f406eaa7e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
df9c9a4534b3ee6313ab3848049dccfb

SHA1
2c00443dc8ac355553c5d04af2abae4a432bde51

SHA256
23a235502bd9aa52b05180d1943cdcf50cd9cf9156758fd48f986f54d21cb3f0

SHA512
d8e6243c63dfa3b8af81a0dfb9f6c63f74d857c9508ca700f96baa5b2be69afd6c4c05bd6b190ceb520aae296f1a6f58edd87180f7e8808b2eaf6b0cb0b518cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7ac03b15b68af2d5cb5c8063057cc83e

SHA1
9b2d4db737f57322ff5c4bbddd765b3177f930ab

SHA256
b90d7596301470b389842eecb46bd3a8e614260b0d374d5c35a36afb9c71a700

SHA512
a5e9f40dd9040803046b0218fab6b058d49e5e2a3ada315e161fe9fc80ebb8d6d4442ccc1c98d19e561fc7c61bcf43d662fe2231cacacb447876a2113c2e3732

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1ad90eed-70ba-4bd9-a331-84333740baff.tmp

Filesize
6KB

MD5
7435ad005a845e657a26afb79b862337

SHA1
1982668a148f87370be6e2484c7d930295268f24

SHA256
7157e0ef4eafc594973248a5a7da105293ac73a80d035ebd359db519055bc054

SHA512
278527f2fe2666e6267f32d7357d354931566a0a2f36ebbcc65341b35998f1c68cb8a8df9f073f7f276fed4379244009270e3da77d3375141af5d755de44a0b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
3b7353acc1333c890c4f5c653e29b9b7

SHA1
a159483f7dd91371ed4e1902220191d7808c72b4

SHA256
f9a79bb87e58b827bc2abe9f8366c9959cca02c3baca2b2809c51f643be158af

SHA512
5b52c5301e36484c3988f04ba8c7dec4c52a81e28f00d57bbf6fff6fb976a7fafa4e7200adcaa5289edd19a9a014651e946e5fee190216e65c5d59e2a89dbdcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
ed7235caefbf9713c631763297d0f5e3

SHA1
ecaa64e1f2c144dc34399c362fcc64f4a7217633

SHA256
3da927d5c7a2d380a1fa5c01c343b2612b1a1f8ac090f84de650e00ff7f6095b

SHA512
b4f938771a9a2729e824b4c84df2c96543cfa3307ab2a578ad159a86d20c47ff5a4ed275931639645dbad6ffe3d680c8103eb5d6100fd884881df8247af7e0bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
6e770fad1939ceb3e7fa0efb0fd2d631

SHA1
e2fc753a5fd3c3804d238884de1f610345a3240c

SHA256
2c5e643470ea0b1a412af18a6c2d12de3e898df2b87415c8811328715f0a78d4

SHA512
0924c8354d61f87f4c91d35d874e1e9fae57291d39853d0ab7e600df80cce453fb98d70612a58840675f63f54775cf50b823aa0155211b07e4c21034b3583bfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
648B

MD5
0f5898ab0b5d55d43963bd23b9050ffa

SHA1
460d33c4200f8c78c366603230f5f0d94bff8483

SHA256
8c2e4b19fa1437d466fdf4aa4f63dadc6ea90cfeaa8ccb8e3cbf5feb2551792e

SHA512
7192f9a5f72c66af404e689b4fa6bf546991bd6be7134cb30aa76742bb35eaa6916eab6342fc1d108d17ed24ab29fa7735b32a7a8400462ab47934947160d075

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
77ba627a22d937e9f21d083ef8464b41

SHA1
63b6eb131d6f0275974d5dc40d822e0b26179fe6

SHA256
baec59a9526d93637bcd1e23026780f663a5bb74ae239280a5177207d09db169

SHA512
3662a3f2d422cb73d990c6fb99d8c0391f532794a7b1368ccb06da30c187feb1d400cd752424147784cb6f4bd5908f752dcf963259993fc4c42ff90394e4f610

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
76ba73df1079cd65958826e3ea411b2a

SHA1
964459e3c1744e941a925f3b2bc0ae277897cb70

SHA256
226a45932b473ef5f7bc691cbd4da847e1b35058268c0bf33b4234ef750883bf

SHA512
96456bcb7c1a8d3dcb5b69deb0bad7314e8435e4fe2632fc78a542cf511f6d2f8d3dbb36d7d9f93c150227fb64ca3cd86bb6d75026b68cd888862c9d97b82e52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
cdaad2116ba6c11efd0595c555438eab

SHA1
4e56f8d2f6ebd77d4efa22a3c05628ce1424d62c

SHA256
2ca6a824d152fb7b380beac86dfa1e22827ecc8943954eb81af35cf633b51f7f

SHA512
9e99f7805b1ccae56f91e266e165afa755594feb03a5b33364f20411355ad1190069cd57a67d5cc891e25d366b9d519ed13e7441b38b2ba4f5537733d4bcd0b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
28KB

MD5
3459f842aa1369607f74aaa80f602404

SHA1
29584c419d42b83a69f9dddaba87afd70706870f

SHA256
a50831978f90a88570242c36e93bb9c1bc3c82dc6aa2847e4f1439ac839483e8

SHA512
8f296284d850b75d7433b435ef91bea69de63694e51b1f0de0d68ea1781115b64019fa75985ec94ad1381c89520eebd8487905fa8501b070904df30bd8d0392c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
e9ac27c1e470b0f0da5e0c6210817204

SHA1
f71447108eb9844f3967b8ad5fb01421c8dcf277

SHA256
a8f6b8bbc0056e85055e33fd4db8ebc67c6a9afdffc9d181846cc55386dcff81

SHA512
37a4cce98a5110ed5c288831911c68c92dbfe237934d6d69da4c154791f9c8d15332f19d52ab7a99bf270b807b6e04646f8a4a89ae73c97e6a85fdfbfcda1358

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
871B

MD5
f98e71fa04e85fd6e886645080f10556

SHA1
b718bc66e50240837add335110b16c65d0924755

SHA256
5d6bf9d91794ac20d0342e91b7c88b3891c81322ebf4bb447d982cf84311c8a8

SHA512
c8f7dd600bc996c4d424f95e705e999b0cd56d5d1486336387b4c25d28a206cc719fa7d0400240703ecd168a1337188c692952d8c20e9c36ab329e056217e107

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
914e99c25071e42f41b297a061f5592b

SHA1
3b9e5d8b0c18262731e73f944934365727e4eba1

SHA256
e425a9db2cf183c402ad7048b16fe9165556b05781cc24d89c7dcaca0d474f15

SHA512
ef5e54e081185bc23a6cd03e501ae4e25752a77c0b865b3a50e23fb9c5f509b98c0e7afe7305c2a04940e10258797b4b68eedeecaa073a4cb9d17cff08a5fc22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
436b3b60381bda18c9b9bc9ba8885b57

SHA1
21c11e9d97661a16023768f13556da1e2dfa1157

SHA256
6604d53342e385df117974ab649fd010392e4d369b01c4579d03289daf3e4bb7

SHA512
a42efa32db7e62a2c53894021032869188979c39a1e594dbf67ce9220df9ebc2a80ac17f0c4d8ea6ca2a4cda00bb49c913ac7a4f4f4dab78e57f51886525c4d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
60c321bf69166a25f84e612769bbe3a7

SHA1
25cdc9134fa1329a3f93c29cdae006db6ee2867b

SHA256
e810275258556034f591a24ea3ee46f763cc1b9e8eb3016a661dcb41d612fd27

SHA512
1a22c324bad263a17d271582406067c10c20c85c52ff19bb69cf857d55069a75c33e753c1832bca6a131a278e362c01d1783b4c14e231ae669dd6f6d2268b878

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5f1357f9dfeb78a1bf822e340f3cf42c

SHA1
1775b363ba68472bdceb07577bd4cd895cdd65e3

SHA256
118b8491091bc92e9856dab3abac18cfbf9b540f20c6f0ec5e8d912543373da7

SHA512
dc1d9cec6f571e2193c05c788a6c26ce82b1615448ba1ab2b9620d24bd395166fb5825942f9a2deb2c97b0131504e9ae821aa64784a3fd302e8b070b4e3b8092

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4fd8eae4d3aafc32f1bfedfa4356fc07

SHA1
2ddb36331a1164a4a90b84cd7f3088f8e65b7c65

SHA256
2cd941e3075deb46bec0a2d515e0a4ad6132b0b2ab1b0050ef9feb91d9ae3f1f

SHA512
bc1b0b15d47b979355ad69c6ac69cb890f40f62fe8a4550f8231b01cf3c78ed0e380ec90f835effb8a04e1f0dae7c3526e74e7161fa22ec23b982df1a947e7e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f449f8953de3d8644ed6bba44e4caf41

SHA1
cbcd980d497c82d98afb34ae8079c191cbc56164

SHA256
78e45ce411af95f8f5d89b9ccdaf7bb8389256bfe246361f55cce82f16fea8bb

SHA512
a7864b670bc589730e5e88e808c7bd55708b5d742997bc1f1e5cea862a4fb170602ee61e687e49abbd6c98cb1c072423534f7d3198b278e3ee5f8e492be15a5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps

Filesize
33B

MD5
2b432fef211c69c745aca86de4f8e4ab

SHA1
4b92da8d4c0188cf2409500adcd2200444a82fcc

SHA256
42b55d126d1e640b1ed7a6bdcb9a46c81df461fa7e131f4f8c7108c2c61c14de

SHA512
948502de4dc89a7e9d2e1660451fcd0f44fd3816072924a44f145d821d0363233cc92a377dba3a0a9f849e3c17b1893070025c369c8120083a622d025fe1eacf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
175B

MD5
6153ae3a389cfba4b2fe34025943ec59

SHA1
c5762dbae34261a19ec867ffea81551757373785

SHA256
93c2b2b9ce1d2a2f28fac5aadc19c713b567df08eaeef4167b6543a1cd094a61

SHA512
f2367664799162966368c4a480df6eb4205522eaae32d861217ba8ed7cfabacbfbb0f7c66433ff6d31ec9638da66e727e04c2239d7c6a0d5fd3356230e09ab6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
3ffadf55239696ea58781824b1e57c37

SHA1
aaeda682fb50bf285f57d1cca281b9f8a9128439

SHA256
dc776163687e8b8692dd5994297462aada90be8c4c8170fdf45152034056fc9d

SHA512
51a00f248cda7a281df840a311a122f6c7b6ece28913670f009939852163d3ce59dfb462f0ead68a124bd1b75731ec05a15568d538a06828e9ec2a05aded244a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13359066454122664

Filesize
461B

MD5
9520bf02ecb8baa8dbfa6443424cbce3

SHA1
1ae7f050249d91b2c1d8b5e1ead95c6912f27b1c

SHA256
1007111e57ad4a7af07731bc40c4936c15a6d4a3dff27d6090ecebd9f2287d3e

SHA512
7c52f457980807080d1f136684d794a0c5618e9e5acb30dc7139b1076d76a5756ccf607d0a6aa13cb78a28f9ae5fee388d21871fd175c1bae36eebf0a13ec01e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13359066454294664

Filesize
933B

MD5
927cb1691aaff4944d04c92b44c4d26b

SHA1
05e31a642d5da5b020b0cb5a6a78bb5d7e5aceaa

SHA256
4581317647bfb30808a9e046726d0adbd4df96f9fa25f857bdcd2217e262bfd9

SHA512
17be53c442b4a826caa28de6da8d9c007b2c67490a862bc77ee0d8b7b34d8d4f9cdff7fb1d500e2d1aa07bf3952234b567606b7b3593637a1ed8128e33d65732

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
59aa017e50cf5ec83e2334bbaad1b48c

SHA1
dd044d16c8f701480d0f52950dec0115b677e317

SHA256
276f39c124f25cdb2bffe7efd85ebe02c32ac1fbd798c78111e9ab989fa0719a

SHA512
40ca9a48f31121cc6ffeec1e3832d6ea7b6f48fa3597eae4117d1def7fbc4f783970aaeedc61f3f7828e46b0ccd3030a5caafe29cd3dc40d3604e9b77fad4222

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
7124d416a5393e3de014de74002588e7

SHA1
a7817021133c88aeec166680f4ae7182b3e14148

SHA256
ac460f0438f74e954fca5e0565b96c8eff6c997f7564a309ee12e7a53fe95a2a

SHA512
3f29d78203dfa955f934072b0f3ce1cddbd77045ee1428c8e45e3ed1816a0ef49f62733a070fd0d79d03d9a374b37920965191080fbc828a27fd7c670ffd2ce5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG

Filesize
136B

MD5
c374661865bc8c2aa00789adb3276148

SHA1
ceae20c5530ba8ceaae77340542200638e89f61a

SHA256
30b2934f739e25d91f0e9c98ae0458a780b435f47af619cbd760b79fc21bffbb

SHA512
6f8649f855846c32c89d397b6030b815e23ee9482eeb0f257652ef5b5b6efdf5b5592737ab533530c1ffb5e6da346ecc58e109adfcf7aeca3120ba5ee0227def

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004

Filesize
50B

MD5
031d6d1e28fe41a9bdcbd8a21da92df1

SHA1
38cee81cb035a60a23d6e045e5d72116f2a58683

SHA256
b51bc53f3c43a5b800a723623c4e56a836367d6e2787c57d71184df5d24151da

SHA512
e994cd3a8ee3e3cf6304c33df5b7d6cc8207e0c08d568925afa9d46d42f6f1a5bdd7261f0fd1fcdf4df1a173ef4e159ee1de8125e54efee488a1220ce85af904

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
caefb264d83d3ecb9b260c49091ff257

SHA1
491506ae1b491083134c34175311ba3cb5cb26fa

SHA256
42287c58ca15b44fb330bb134e212a2bda15553371d8bb44752bc31eae6f6014

SHA512
a042a74d72a8e4d982af97b4345980cd15c522f9525b1734d0bf3f729e41d2abf9cb1eb476c44b49bab2950227a6ecae426216879266fe563b9e1209339b4e7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
2KB

MD5
e05d04e6ee84036c3ab14dd96bc68f2d

SHA1
fe1f8911f3c4e6ef90e94255120d667e60609c05

SHA256
0736c671c477b84ad882718f3effe856c6d8d8c9e268ffb5336714219f898d37

SHA512
89f9faf318edcfa2f2ffb836de736d004f3e4ad7ec7bb254d4aef9d4e80c5ed7f0f6aa2e94051220189704ccef309e028c13c216c5517c59b42cb0f5ae52c057

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
e1ab2ae76d335c404ee50bfd996d821a

SHA1
253fe944db10a70d0c1efaa477fd8ac3c011c780

SHA256
5e9431410e986d86c91e2f9e6f664a7528aa538169756d8d1d679f9cb4884b46

SHA512
ce1bd40c3547973dde7b06dd71e2bac4a3d8f4b7e474945a90518409ead253a714575ff4e67fa6d5be0a8af07cf5cca0edf9448ba0733c96626c326ca89f8cb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
594B

MD5
a91a8ecd4141a8d22fe341e3883f64e3

SHA1
cfe59d4d06a3ca5da12945d14bca66cab4a02a3f

SHA256
a1b5420a7d7adead6cdfdeaa0ecb5ff43d28be79c1a9d410d6a00d38d8dbc683

SHA512
b34644614a1e93b5e7118b84338496fad56970e89bb2815082460aac72fed6e331fb0fa704cb8ab54ebfded951f455249f4ad5c105248ba31a1ea9e337c3a732

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
d0bb1a4d889d21fa7d941cc3044491a8

SHA1
e1d0c1eff41a6c3d97649095bdf23bd0af22563c

SHA256
d764d45eac4cf92261ff25cc1c9ae9991309da66f70a220b0f551a3462c1f2b0

SHA512
186e6d1ec7e0445e1eeba90df5c52caec2db483e91b6ce8b3d9beba316035077db0951e0574c18ca994571c73d45bc0e342b385f7d01f5d2c9ff82bd41ddac5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
0a13f5d9e425d97d4128e4291f7bcb7a

SHA1
954fc324d2654b272290f3dabb172158a0e792e7

SHA256
2cdccb939103830692c4f1d8bf2037dfe22feaf9ee00da9f13e702b6f244bfd0

SHA512
7ffb5a835bba33e0e42e8b08a5ea7ebbdac7298eec656cc91720d9790dae3ad2b03535850de2e61c8abc5417880e10ed38e10bf9d7e610810ede3db5b0dfcc95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
5d3ca4679529daeb26f223377b220d53

SHA1
99593355743398c1baa836e9593c4fa9cdffdffb

SHA256
a303ca1878fc1a59f3c9b6418c0c22cfea8e73de8eb2ea49758d999c9e3888be

SHA512
84eebe6944cf7817d8ef6bccb36182df812da61fa7b37e1fc82cf11bde9b043bfb225cd1abcd4bff8e1e739637457cecb2411c8d7e7a9be89c91209d93383e24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
fd7f589a20310587473fadbf1f5bbe97

SHA1
248e80139c8621f226a5686c58f178f119115879

SHA256
3d0a04f60532608c884615b9457389892b8561d39b65f691ea96d4c7f48bee52

SHA512
a7f49ca66b2113ada1d43e1bd7e94195e04ff14487f0949d67f30232d44ff1bba6a70788a2b9f232f74bda4a7a1e3d47b9999834000b5ae3949b61452fa58a0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
06c4b766e2fce29f717d955510d1865d

SHA1
940d84982176a83514984405b3a72cc2c02e88b1

SHA256
1022766377481a174da550ac7fbd87900dac8494488cafea1393cefd9f0cddbd

SHA512
d5eb3f897018962c870054bdea915f3c49f7dbd5ed1ce8f52c1fe827da9b9f88452bc0ace5686ba344fac1797c9fd08c4f13dddf5e64e53b061bd2d5e2439f5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
287a23290a6229f08833b16a89d09d60

SHA1
165c18f56b0038c705e4545de4dcc727b0593c4d

SHA256
aa39262fcaed2f2c040b5b5a883c31f7fd3404daa13e1e6a3134c52be2830139

SHA512
7cee00e1a4a201d9887918090cf87ccc2bfee15c8d2a0c5c9714834f943b29b3ba383a584bd3bc57a9be1b75b171ebbd469cfb45ccf1f6083cc6e1f1f6ae8d66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1c36c66e5efa907ac4f21baa700ecc09

SHA1
3d8bc9e50b9345d23ef18a5477f42f1828edc1c6

SHA256
254e8bcb14cdd8098bdc4778f9d5bd74a9067b890d48b594499547a56e2a06b2

SHA512
7d12437b3c189fc692bbf9ac0c0de28003dc849bf36ff21d4cdabec42946fb0b87f4729c5e6bf53a4b863baab197be6bd2706adf298f7f0e6de1074f91b3fe00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
23814f6c6172103fce2c117b7249b0fa

SHA1
43a9d78512cba8e528cc9ef736c64e93a4102da9

SHA256
bd1ba0fc85aeb9f6041700efe591d9745491048982d33523a2717a823e93a137

SHA512
045cda80c386f6afc4e17c996b781b98ada8f1fed901e606846953cb58a435f34a3962f5b2f9d789661a533ef1c0ab086fe01481b0303950615132da1686c86b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
22137f9e1bdb33e06f5b3c55b6b327f4

SHA1
7a1fb5d0b90a130d78f273d9b806b1c5db262817

SHA256
ca4d11b8f3a2d44513acadb83b5a2cc3a8899823660f1004a1b7b73164d702cf

SHA512
fa830a512589802b4666b6bf2b6dc5540881539cf0ca13c40e2e97d00f9d87ac0060b47ff577194aa9e8a0642a846e4952bf489f7e9dca9d51a3aa01fcc36b22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
1d2b219c9dc0bce82a1b1d62957af023

SHA1
18e4987caa96620ebd7c01a8acd59d897dace8e5

SHA256
5ed128714a215a529523a9e0285557d85ec66320deec4f24455ebf1a0943e0f1

SHA512
795b1171d85cb7270cef9ebe9c123b8eb46627fdd66675142bda84f577b99de8ea4f4b9dfc8330aeb884181236c4aa5645453f1b0a426eb00f275a2a959981ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_o2aimopr.uc4.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\Desktop\blackrock\LMgwPLLUMYUCMYqNCHLJ.ps1

Filesize
5KB

MD5
13e37ce0c6fd5ca118fca61d6dbbd7c2

SHA1
2a084d1ef095c30e92283eda758383a83fc3ec19

SHA256
ebfdea1721914a504465ea474edc3f823c3e13fc71c86f04f4793c61e5070d92

SHA512
34a3aeed8e223987fe511dc74805f47e0d97e10afc46e1b60520dfbb5e7def8803a9e5e116913c5debeffeba7b0d74fc743867534a99f43fc57e16b45285556e

Download Submit
C:\Users\Admin\Downloads\blackrock.msix

Filesize
1.0MB

MD5
1e2c2fb600bbf50b18d65ba0087da087

SHA1
abdc80373a470bfd44da52e245a5ba453cbc9158

SHA256
8684e74d35baab30e8f8af7db486c2a339d3063feb2074109b8c96c1fea8313e

SHA512
ed512d11c0e2560072b29352533f6563781cc7ab3978706bfa2180d522715e836b8ffb6bfdfc3b8947644afad993cfa5b87bd8c2932e15ef08856702832ff5c0

Download Submit
memory/5692-223-0x0000027231460000-0x000002723166A000-memory.dmp

Filesize
2.0MB

Download
memory/5692-222-0x00000272310D0000-0x0000027231246000-memory.dmp

Filesize
1.5MB

Download
memory/5692-220-0x0000027230BE0000-0x0000027230C02000-memory.dmp

Filesize
136KB

Download