hxxps://eprst281[.]boo/files/blackrock[.]msix

Analysis

max time kernel
183s
max time network
208s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
01-05-2024 19:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://eprst281.boo/files/blackrock.msix

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://blackrock.com/

Signatures

Blocklisted process makes network request 1 IoCs

flow	pid	Process
24	1152	powershell.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\Local Settings\MuiCache	AppInstaller.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\blackrock.msix:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
2608	msedge.exe
2608	msedge.exe
4292	msedge.exe
4292	msedge.exe
4168	identity_helper.exe
4168	identity_helper.exe
3224	msedge.exe
3224	msedge.exe
3504	msedge.exe
3504	msedge.exe
3552	powershell.exe
3552	powershell.exe
1152	powershell.exe
1152	powershell.exe
720	msedge.exe
720	msedge.exe
3984	msedge.exe
3984	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeRestorePrivilege	4732	7zG.exe
Token: 35	4732	7zG.exe
Token: SeSecurityPrivilege	4732	7zG.exe
Token: SeSecurityPrivilege	4732	7zG.exe
Token: SeDebugPrivilege	3552	powershell.exe
Token: SeDebugPrivilege	1152	powershell.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4732	7zG.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1924	AppInstaller.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4292 wrote to memory of 724	4292	msedge.exe	79
PID 4292 wrote to memory of 724	4292	msedge.exe	79
PID 4292 wrote to memory of 2808	4292	msedge.exe	80
PID 4292 wrote to memory of 2808	4292	msedge.exe	80
PID 4292 wrote to memory of 2808	4292	msedge.exe	80
PID 4292 wrote to memory of 2808	4292	msedge.exe	80
PID 4292 wrote to memory of 2808	4292	msedge.exe	80
PID 4292 wrote to memory of 2808	4292	msedge.exe	80
PID 4292 wrote to memory of 2808	4292	msedge.exe	80
PID 4292 wrote to memory of 2808	4292	msedge.exe	80
PID 4292 wrote to memory of 2808	4292	msedge.exe	80
PID 4292 wrote to memory of 2808	4292	msedge.exe	80
PID 4292 wrote to memory of 2808	4292	msedge.exe	80
PID 4292 wrote to memory of 2808	4292	msedge.exe	80
PID 4292 wrote to memory of 2808	4292	msedge.exe	80
PID 4292 wrote to memory of 2808	4292	msedge.exe	80
PID 4292 wrote to memory of 2808	4292	msedge.exe	80
PID 4292 wrote to memory of 2808	4292	msedge.exe	80
PID 4292 wrote to memory of 2808	4292	msedge.exe	80
PID 4292 wrote to memory of 2808	4292	msedge.exe	80
PID 4292 wrote to memory of 2808	4292	msedge.exe	80
PID 4292 wrote to memory of 2808	4292	msedge.exe	80
PID 4292 wrote to memory of 2808	4292	msedge.exe	80
PID 4292 wrote to memory of 2808	4292	msedge.exe	80
PID 4292 wrote to memory of 2808	4292	msedge.exe	80
PID 4292 wrote to memory of 2808	4292	msedge.exe	80
PID 4292 wrote to memory of 2808	4292	msedge.exe	80
PID 4292 wrote to memory of 2808	4292	msedge.exe	80
PID 4292 wrote to memory of 2808	4292	msedge.exe	80
PID 4292 wrote to memory of 2808	4292	msedge.exe	80
PID 4292 wrote to memory of 2808	4292	msedge.exe	80
PID 4292 wrote to memory of 2808	4292	msedge.exe	80
PID 4292 wrote to memory of 2808	4292	msedge.exe	80
PID 4292 wrote to memory of 2808	4292	msedge.exe	80
PID 4292 wrote to memory of 2808	4292	msedge.exe	80
PID 4292 wrote to memory of 2808	4292	msedge.exe	80
PID 4292 wrote to memory of 2808	4292	msedge.exe	80
PID 4292 wrote to memory of 2808	4292	msedge.exe	80
PID 4292 wrote to memory of 2808	4292	msedge.exe	80
PID 4292 wrote to memory of 2808	4292	msedge.exe	80
PID 4292 wrote to memory of 2808	4292	msedge.exe	80
PID 4292 wrote to memory of 2808	4292	msedge.exe	80
PID 4292 wrote to memory of 2608	4292	msedge.exe	81
PID 4292 wrote to memory of 2608	4292	msedge.exe	81
PID 4292 wrote to memory of 2144	4292	msedge.exe	82
PID 4292 wrote to memory of 2144	4292	msedge.exe	82
PID 4292 wrote to memory of 2144	4292	msedge.exe	82
PID 4292 wrote to memory of 2144	4292	msedge.exe	82
PID 4292 wrote to memory of 2144	4292	msedge.exe	82
PID 4292 wrote to memory of 2144	4292	msedge.exe	82
PID 4292 wrote to memory of 2144	4292	msedge.exe	82
PID 4292 wrote to memory of 2144	4292	msedge.exe	82
PID 4292 wrote to memory of 2144	4292	msedge.exe	82
PID 4292 wrote to memory of 2144	4292	msedge.exe	82
PID 4292 wrote to memory of 2144	4292	msedge.exe	82
PID 4292 wrote to memory of 2144	4292	msedge.exe	82
PID 4292 wrote to memory of 2144	4292	msedge.exe	82
PID 4292 wrote to memory of 2144	4292	msedge.exe	82
PID 4292 wrote to memory of 2144	4292	msedge.exe	82
PID 4292 wrote to memory of 2144	4292	msedge.exe	82
PID 4292 wrote to memory of 2144	4292	msedge.exe	82
PID 4292 wrote to memory of 2144	4292	msedge.exe	82
PID 4292 wrote to memory of 2144	4292	msedge.exe	82
PID 4292 wrote to memory of 2144	4292	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://eprst281.boo/files/blackrock.msix
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc942b3cb8,0x7ffc942b3cc8,0x7ffc942b3cd8
  2⤵
  PID:724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1960,1257762069632271535,7890024233509198507,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1972 /prefetch:2
  2⤵
  PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1960,1257762069632271535,7890024233509198507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1960,1257762069632271535,7890024233509198507,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
  2⤵
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,1257762069632271535,7890024233509198507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,1257762069632271535,7890024233509198507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,1257762069632271535,7890024233509198507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:1
  2⤵
  PID:648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,1257762069632271535,7890024233509198507,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1960,1257762069632271535,7890024233509198507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5044 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,1257762069632271535,7890024233509198507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,1257762069632271535,7890024233509198507,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1960,1257762069632271535,7890024233509198507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4688 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,1257762069632271535,7890024233509198507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:2716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1960,1257762069632271535,7890024233509198507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3504

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2180

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4828

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4512

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\blackrock\" -spe -an -ai#7zMap10185:78:7zEvent7000
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4732

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "-Command" "if((Get-ExecutionPolicy ) -ne 'AllSigned') { Set-ExecutionPolicy -Scope Process Bypass }; & 'C:\Users\Admin\Desktop\blackrock\LMgwPLLUMYUCMYqNCHLJ.ps1'"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3552
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
  2⤵
  - Blocklisted process makes network request
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://blackrock.com/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:3984
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc942b3cb8,0x7ffc942b3cc8,0x7ffc942b3cd8
    3⤵
    PID:2156
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1800,2875549003301347939,7667458811743021451,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2
    3⤵
    PID:4884
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1800,2875549003301347939,7667458811743021451,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:720
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1800,2875549003301347939,7667458811743021451,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
    3⤵
    PID:4024
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,2875549003301347939,7667458811743021451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
    3⤵
    PID:1732
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,2875549003301347939,7667458811743021451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
    3⤵
    PID:3976
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,2875549003301347939,7667458811743021451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
    3⤵
    PID:1060
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,2875549003301347939,7667458811743021451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
    3⤵
    PID:3504

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1756

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2808

C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstaller.exe
"C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstaller.exe" -ServerName:App.AppX9rwyqtrq9gw3wnmrap9a412nsc7145qh.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1924

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:4560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8d5e555f6429eb64461265a024abf016

SHA1
05a5dca6408d473d82fe45ebc8e4843653ad55af

SHA256
0344fd65882ba51695a10e1312e65f08d58afca83771c9d545e181829d6b5ed1

SHA512
be5edfdcda1ba0db9fbab48ee1b643f1b03821e24048892d18033094fec14171035179e987a08dd91a1c25d91d9256837a4105f6765afd225a868f3e95050b8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2a94c2ae8213f1fc17133c2d20085654

SHA1
03581be1297aabc3ce8f30f04eea8fdfb4fc8904

SHA256
f1786e17af7df6fe09d12535374e8ec2f183c15aa50b5fcf3f8e0f52cc5cde38

SHA512
d269b8afd2dc4c5cb8b8d0b6fa67deb7a244d8102d76b83ed7dd7228e19a9b6dde6b589f86e9ad063e2ffe1e86bd2516c71851cdfc72f526266cf54f8cb60965

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b5710c39b3d1cd6dd0e5d30fbe1146d6

SHA1
bf018f8a3e87605bfeca89d5a71776bfc8de0b47

SHA256
770d04df1484883a18accb258ecfa407d328c32c0ccbd8866c1203c5dfb4981f

SHA512
0f868e4ce284984662d8f0ff6e76f1a53e074a7223122a75efa7bb90d0204bc59bee4b36c215d219a03707c642e13f5efce0c3c57f46659a0cb1e7fd2f4d3cf1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
13fbdc5cbcef28f33cc27078312b34e8

SHA1
e715b46b7a570d9606e8b5daa190ba9572c7ea58

SHA256
ce70147329cba927e45a7d3d02ac22bd06b8949d5882d96799f74d0f012498f5

SHA512
e4493bf25075a5b621c795511f4b3231b24ed335afc33a8e4a54811e98a29b9896a243923f04e0bb25d485f2bfaf8d5399c8e1034ec590bf1c3746b9b960118a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
dc51d12470d911d95c971f1ee3f92f05

SHA1
23ac25c6389c9dd696e1a116e485c21c6a766cb9

SHA256
4e46f5b22e10ec7eea9ba4202a87b4bc672daa6d7af4dee0aeb592ddad791756

SHA512
db603a8503a57d074ccf1baf55513cde340a264d686e0c281a622c23294d27df97f885a9c99b6f2b3b7a2b5936041102700d983fa2e42785c2cbdb59d62ded46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
44e35df145e99f9ea2b8e68a32fe896f

SHA1
206648a9990295a83f6a566818740246a41935b8

SHA256
2f52bd719fcf25944410e2d06df99adfb3f22f1d84cd23712c4f4f5403873357

SHA512
03476dd9700b8e93d8e09d73792a5152f201c1b664e71d9fc553174e408187229d1c2776de9368f5cd0dac6f9f838117b8d3cccc2125e10ad2bb7109cb244e49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
1.0MB

MD5
1e2c2fb600bbf50b18d65ba0087da087

SHA1
abdc80373a470bfd44da52e245a5ba453cbc9158

SHA256
8684e74d35baab30e8f8af7db486c2a339d3063feb2074109b8c96c1fea8313e

SHA512
ed512d11c0e2560072b29352533f6563781cc7ab3978706bfa2180d522715e836b8ffb6bfdfc3b8947644afad993cfa5b87bd8c2932e15ef08856702832ff5c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
864B

MD5
45bf9562b298fb617b1a9f7e275869cf

SHA1
deff37495d90ca6a93e1dad3717b6e079f5fad3e

SHA256
441f61e6ad2b1d13ef74d07930e585150ecbdab401a41a96ca2df5475b088d3d

SHA512
e505d0ef7f8ada95cb2e16b64582583b131c8ed99f45caa0f8a677c16af1a16696bdfbf162b528a56096e5e40ab6b1a53ce92937a67246354ef7beb620ff12fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f85f5ec96a9b365b0dc983a4c72c4481

SHA1
961ab8cac52d049ac9f46fef804c0b249bb81833

SHA256
0edfd67d1056b4454b47996631b7e330c6f927fc21a6a1ebde1d9851b863e324

SHA512
9fdb52ccd6983bedad8c3889856e55c8a6619a0ced9be9c39e43f3dddde4261e7a47dd69e464c47b5779e5226e15bfc162ffa9ee35400e7aea3cc72671d55129

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
1c5aa513152dfc0f69be96c245678faf

SHA1
957383c4053b85a0a69287574d223b3b587b8a04

SHA256
935ddc3502dc80270db8d1e9501e5890402067777247852cef47b1d97f32ba18

SHA512
9a0510f4e890481bc11f6762151092b977d5e2648228e913aac2c354fc3c2fa4b9fa0bb68bd5e681419578f0283ef6ac6558979026f1aadd127fb5c04c05fc7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
28KB

MD5
b190a5a51fb45fc300ef2951b47afebc

SHA1
ca06cbf50ba743aaf6347ee2937a1c9c92eaaec2

SHA256
7bed8cb1d65f430618f289c73c7f5f3b68d22e2c59292fafea6c787a5cd41a2b

SHA512
7d8a6cfc563c881caec857c323ee3703a30900101454cbf507d82d061f92162a0de00b595779bb4a5cf87d98d82b1b3d6b8a41085a8bfe0b930f5d8cc6695c06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
6dd1c92c4168cfe215d9384b23289eaf

SHA1
13a11f084338e36042573b2c8d0a5d672df677ab

SHA256
5a55e6536bdc53b1c7b3721b64d533bb64e4592f07dd3c0b0523e90a88a42630

SHA512
4beb3da7bf4a41d4f5369a5737ecc38fe2c4320ebeb252b053f9f2e5f8a3e9b9dc4a58759e2059443e43cbe86be0024225863f7d2935e0f175a6cb4dd392dd57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
54debd4693884f91e544e391581780ce

SHA1
da959e3e62c93d996e945f803db6e8f3ee8c0f82

SHA256
0868a0d7070e45f365970a63d3cc176307f9892043f58229d387be86b7c58aa7

SHA512
86f740cc8c828408657a5aa6f0c77a1a0bb4dcda67d443795b8a7fd056b19f2db9991de53c1cdcb6b559062909a9850c42ec9f04868cb7e85322420d6d0f70c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b8cd342af467c24f93b58907a2293abd

SHA1
01582054dc51b6cf58ba0c270f559b9eb9efb3bc

SHA256
01bf3cfd442d44908d277a6ee48086aa539766717cffc9fd561e0bfe7bbfd636

SHA512
44045a132fffe08f1fe73f97fc5ab9c6af141ec095d9d68e2f94469c1ab07a6937fe509eccb5ce66bf4ade0b13b87035dc1b1b5b4a9a00b82b9d413bcce88579

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bfacbd4aa544b078df348dbd5ebcaa76

SHA1
7e3a88bfae65b224d458fd3b9fec09d9141b7e06

SHA256
228bb7dc02102faec3667965c4fa710782946976ef21546aa89e88215d584de0

SHA512
e9f468443540dccb7d2cc492cea39023c4bb8c48dbe4bef116622a59a6c3fe255246aebd8c4dca2e559621aa0d46ce2269e74714f5fa3b305058c9d37e95b4de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
651cfec5c1ca78ef4b6fe816a2c7df22

SHA1
4147e03df03080a4cd565ec8cd50188595a8e49b

SHA256
0e9fd3aa09b4627f4c04811942d81128f2365da7cd94a2d9c6406a21f59e2600

SHA512
ff4961f3b7974dd3f728dff7677d5c4ff3caf84b1a53b46d47fc4f1d3d9d9cbc6b9c8119903a1a2ac9e9d5c255855d0c919e145c8580830fe269988374e46ebf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b5667138e948cbcb7b1a63a4640d8feb

SHA1
fd9bd0dc9a848ed0178a5fb38ae786d8e4626deb

SHA256
dc0fc24e294e6533403f0ec7bb888f857b3af2c1fc4cef2347a0fdaabf221a28

SHA512
0bad2e06bfe1ca7b02174b9ef1a081f72b0e8356b49c2214f9b14243f76b8297fb877e404310faabe93657662d6bb39a11eed9ed11a93e1a98d1101207b71956

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
29c27588c243a3368aaa53055d6c068a

SHA1
0018a0aeb13afd4032b2662ce5e36291cf5cf559

SHA256
8e74a776071d34e6f29bd7125743d61b7bba78429e23da3c263c0c141d315437

SHA512
6cda00ff4f2ad006a0351df29dc49855399e5bb4cbcb8380364eb49dc32c8d87ac93c77ff9783dc0a8274c5b83ca5f645236bbf196f48ee518a4138828660fc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e02178b282b70391adf4e786cd23da11d7889f0a\index.txt

Filesize
153B

MD5
a67504e66f64154ac3c2c2b6ad69a39f

SHA1
6a2372fe79a62c4b26f0e5682d238b28d2ed64cc

SHA256
77038e4b0889db72c40fce75a8ec63af019e1cf17ba033bc72fb3fe2b06fd2c8

SHA512
ea1062b010089b7a161e65ae62977c3721855bd1f78a965d769de1da6377fe809bc2c3b08d58a77513df4eb302a607dbf6dd2b5c8beda135bc71a5fa7fecefc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e02178b282b70391adf4e786cd23da11d7889f0a\index.txt

Filesize
101B

MD5
1d178da121e0fd03ba966f5527bc031b

SHA1
36c3cc8c800a4ee9f962f665c5586ae457f8f633

SHA256
465db5246e935539c6a922ade589cb16bc98681f6883f0302e829fdcc365fd3c

SHA512
6919d71449c514379fb97b4fcc562b2f2877103182bd2b32825a5c91e23327c76e4dc77efb47c0204908cea2bb28d25c49a300493aedf9616330af76edcec275

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e02178b282b70391adf4e786cd23da11d7889f0a\index.txt

Filesize
160B

MD5
b3198da700c03cbb1c949166bb1b25ad

SHA1
150db17962bab65ab7bb64f078561bc987090e3f

SHA256
82fd9e1736204cc905e71535f405f568a15cb64f03c979b2d129f96a783961aa

SHA512
d8d5108d4aa08dcc46ebc0f8b63a16a9812ca04ce8f33a8d9b1a53677ac79717829344d59fd752600dc218ad0916b20bdbee8fb0492af68eb6b1330b6df45ab9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
175B

MD5
6153ae3a389cfba4b2fe34025943ec59

SHA1
c5762dbae34261a19ec867ffea81551757373785

SHA256
93c2b2b9ce1d2a2f28fac5aadc19c713b567df08eaeef4167b6543a1cd094a61

SHA512
f2367664799162966368c4a480df6eb4205522eaae32d861217ba8ed7cfabacbfbb0f7c66433ff6d31ec9638da66e727e04c2239d7c6a0d5fd3356230e09ab6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
427ddc43b3adaa64f384325ac9ecd77a

SHA1
b7a7ea0a7de960d0e4818cac942f9e39760010e7

SHA256
0babaae75b9d524105b53a0fa204b3a8aef4acdbcf665f1a9f51cdbf2a534d43

SHA512
a717659c68748980d280d568a89592c3d8b234382c96473fb124dc9f094a03f445d83d60423d9e7188cca1841a58bac0c6bad16320acad1d0c73af65493db2bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13359066460282224

Filesize
461B

MD5
479ab0fd06391f84ddd90a5e5960f67a

SHA1
fd1974b4b31dcc9c0cad18fa0c2cbb17b82b8592

SHA256
baeeb42283cc47c7b67003aa97cff537d24f4526e49f9356ada27b03b6e8658d

SHA512
bbbb700d1156e5f81db90d6fc0e1d5841c11e3904f68644f74bae90b6f3e9d25d742beb1e488c7cc117f616660df8bfc6836bfbecca45b4151d4545e49e5c02c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13359066460453224

Filesize
717B

MD5
ae355e6ab9ac6b89744b2983485c01c0

SHA1
85355122ba505d5b6585921da0b348f5c16bc241

SHA256
b173718f444c4993cc8c19d3e27a7f5d5133d3771e3a64acff0addbd95d9339e

SHA512
477a6c9a5fe0ccc22c95877c3148c46c7bac3f243533085e5101b39213cad978d220f66b1b8b67933c236c90bf40aac7ba090e65b2079860a6c80945afacd125

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
5748f6df669f463263ea486bbd1c635a

SHA1
fe9f8ab95a40897b25ca0a06ec771b21214d0947

SHA256
0c157739d9ae6c4fec23105ed7b2054bb1f8cb3501f4c6434329747b99b57743

SHA512
c96bf58d24809f80a7462675b171d77d28cabb2f47938147b8bb52bc8586e973f1a563df067441a0600038d9476fcba075ae34389a7d3ea1edefc078d1e0dc0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
bdf36f7e7787f2d5adb29dc10ec700a7

SHA1
1d1a16699eff43e83bce834cfcd23fc9de91a5ff

SHA256
88bcac55f36f35509aad9b259e81f83b54db3f4c667ec3220abf7042114646a5

SHA512
8880162369ec8514a80cc57252230b24a300cf5a8df98291fa109021d2ff088b51405eb4d7fa5b9dc17593d5d7c841f5f0e5b93abff09f9426c083b35b643d1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
eb926643bd0859811e22ddd1d9b914b9

SHA1
f7956ef679e315d135a9fd22f22953bb2623dcc0

SHA256
9e98be2fded561072f8f624ef6758008af53fc0556bb60d9957e6513cbaf0f83

SHA512
517fb22560fdd8fe4b8c185739e30c38406e8628e1db78a8d278241349cb5942b3c83ab820b6fd70f4e2890ab3df79ff09883e2b2e7199e19f5aa7f9e0325797

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
4KB

MD5
973350dff9cc86d296ea916146271416

SHA1
949c57851c23fe2b40f1fec49b3d5ce5ec7e37d6

SHA256
2a76fad793039b156e59ad1ca628d1189ed2dbb4d160e5e71761ebae883c7dcd

SHA512
075708e007bef276071ad6bb9c7ad3b78ba57436a6b4f1d127421521ddb9de98ec605ffa1c3e1c1d7c1137a81bbe53a5f00e9145fd49833a9de9f0cdf2174ecc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
c3dc096c009dc1b497255626eede01b0

SHA1
cf2e92c115b38f0d0e1cd42307e72505f7b1e4b8

SHA256
d112d2aa9f0aeece3395b7009572b10943445de2b5a4b80fcb6cd73de982d74f

SHA512
70d00ea457d49eb9b82bd83c46223f4db819900859d634036c82b673d9331819a2281fe55350cc092724390f8edd84267471c974b1aa6b5787a41bd869cf7980

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
318B

MD5
60fbe95796c03dd1937ccafe8df3d8af

SHA1
bbb5fe749007540cc34868ddd96a97c4b5076ff9

SHA256
3759e3d6f4367ccba542e080ca77655c029b03e584d9391e5d9231e4b534fc04

SHA512
3cbe606cefce16a417bad841c071913c72d8cd8dc7ad8e4748cd4989826bc586cd0237cbeea456db295df828c6cff68af2214ca3ca1fab7319de68abbc68ecd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
e4a503f2a94a16afa0fea7db6a6e3a86

SHA1
a40392fdad6a591c2f8add9e7eef0aaa183b5202

SHA256
0c77f2941e1dfa63738c3799ce75c40d45799ec57fae8aa0578c7a4ecb6bbe83

SHA512
0b8f110ba3f43d802fd75733445cbb608b7a69f91738122b57be045141021c8716a0cafce849ab066ffd7f6b9aa6e02ffbb7b449b0493999dba660da4826f4ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
e9412c7a188ba8c0d5e595f6f522fb27

SHA1
809d98d4d578990887849e173378a38262b16eb3

SHA256
13f285a940bc844f09efa73870fef18573829da47527d95b5001e5a2df79c182

SHA512
b0223b189e88f1df1b6dfff4c76bdd8ae6ec5f742f734e90354b3f769da08e22122791458d17f3fd01589962512494e8e7545af7171354014e3fede9ba12b43a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
3978064b6be392f9afa74930e98f32eb

SHA1
88165b88adf99e3bf6d2b53bb4fc5eb0de9a0361

SHA256
7f338d0406ecc7fe3adf8c1683e5666366bc7de22cd20a26d8409d3ff956ff42

SHA512
fa63ca1abeb57cb20c953648afc87cd27c9d34a2a61be1eb08bfbf617ee1577999bebf6ac7bab9dff72e4b98d62093f995de9a4f06127683f5da58cb8fc30baf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
b3e4dc87a5ca7e9c67148b6c94843248

SHA1
3e741a43d41e2d7580f1b9d6f57d89c9da65c7b3

SHA256
7fbb7f7330795d8b320cd886f63a34e8e7a9afe29dbb83d69043a6986ffb8b96

SHA512
3dffa5998d8b86d01e2458ae5b70b5a136bcb6aed0bea839f95d752dd9100f62ce9c827505678128723520a788bfb38c74a2501f4c638d347f478bd231aa25fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ed942fb260bd85a9ed0f4969a6670e21

SHA1
7e10a80f62ddfee34970a483c33c5ae2feace4cc

SHA256
09c6bf0ff2b4acfdcc1f22c29433abc87a2ab7b721e92b97bafbb1d2931de377

SHA512
814507f81e43147cd2cb45e0b9974e1cdcf690f27b15797e1a48089d32ec3e11c06b96b0ad2695cd19ef84c3ffc9706aebec50f51850dbcc0049595e4ee3d93c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
16f2fb38eff9aa59d5b94edc9e9af11b

SHA1
7ffe2c265b4e1ccc917b1bf8c34e715d3e89fcc4

SHA256
ad30ca9ff72712be5d3796ada91fe7dbc47338323b668ffde1dc29cfadc6ef6e

SHA512
eee0f3aba7689fd70578faf98848725283d3e133d6de462a6a3bcd8de9d6e142e8127eb37982b856c3741af66889c75e0e087822de1dd1e09f10d5d90f19a684

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1d5e119e7e538a914281a58231b1a628

SHA1
859ef6c852c2ca307038a31876b88ddf27ca2724

SHA256
b1a11311bda2a5ea3932dcd54ffc7b698a8de1f51549ce338fd5fb7fc0df054b

SHA512
32fc6d0605def44b8f8050cca8aff81acb0b73c36ccdfcaa15ed85e8605bc6fb2995729c59d40bafbbb4abc402f1ca8fedeb8603a8a8b0115d22307b52380ef8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
4e1a0757b9c4ae991ad64339991776f7

SHA1
44281eda65c180ce658cfa6f3febefd2063cd958

SHA256
3ea54272ea1240f6e2a779c89478db5cf9fe63f4475c9f29c9240ba11b9152c2

SHA512
3e5b5ac61dc171f50e90f7822939460be91afa27735bb81ba5ffa7acd896f74d2f638278a5aca61209a740a319c3de9cfb3a57f8562519c1b41347810eb89c64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
25fd5c861e2e36c58f25b68ac0f691ca

SHA1
74fab253eda31308f77af668de7c3de54f8261ad

SHA256
660b2c13981f04841bab60ee5964e2bd0826a0e28b1f9d41bf515a9eaf6f7ff7

SHA512
056d1fe11b0952f3c598800b3634b466e7841db5019d38c62fc5d336fe304877fb2c13344f3b4405c5dcdd7fdf189e17671b6ac2eecd06a10c4a907647f32506

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt

Filesize
917B

MD5
58161c86da589b3623e58c5abb4da2e6

SHA1
99e1bcd0010b779c811cc5f3c47e6ae9a3d5953b

SHA256
cee36a7c11972988d78cd8d0967501fbb6007f20fa485bf3aabc29ca238f4379

SHA512
f2424a3b56c293af2990cd9f875d24f0c79c740a4e362c00647d565990a52e7baa17fa7289982d7d31944ca42669a3d882a6a3cb3b9d8a27e9e88a6d8ef42dcd

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_wxlizal5.1lq.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\Desktop\blackrock\LMgwPLLUMYUCMYqNCHLJ.ps1

Filesize
5KB

MD5
13e37ce0c6fd5ca118fca61d6dbbd7c2

SHA1
2a084d1ef095c30e92283eda758383a83fc3ec19

SHA256
ebfdea1721914a504465ea474edc3f823c3e13fc71c86f04f4793c61e5070d92

SHA512
34a3aeed8e223987fe511dc74805f47e0d97e10afc46e1b60520dfbb5e7def8803a9e5e116913c5debeffeba7b0d74fc743867534a99f43fc57e16b45285556e

Download Submit
C:\Users\Admin\Downloads\blackrock.msix:Zone.Identifier

Filesize
77B

MD5
aae4378892ee80014807f1f8e1396892

SHA1
a93a27c75fe28243da7df6e62fbe6c23b48b6026

SHA256
cfd0adff1f1fa0729685e59b382cfca1c9b7930e78e998e168107193d5f11c45

SHA512
e86f64b7d1a4caeb623d74b90f9b5c6f9f4474d338afe8254048242202ab167e4419429b3bdcbaa94b856f6d9fb22b6b5db4f2fab7e82c2541ece641c8192c53

Download Submit
memory/3552-240-0x000001CBF16E0000-0x000001CBF1702000-memory.dmp

Filesize
136KB

Download
memory/3552-245-0x000001CBF1BB0000-0x000001CBF1D26000-memory.dmp

Filesize
1.5MB

Download
memory/3552-246-0x000001CBF1F40000-0x000001CBF214A000-memory.dmp

Filesize
2.0MB

Download