hxxps://eprst251[.]boo/files/Asana[.]msix

Analysis

max time kernel
150s
max time network
273s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
01/05/2024, 19:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://eprst251.boo/files/Asana.msix

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://asana.com/

Signatures

Blocklisted process makes network request 1 IoCs

flow	pid	Process
100	6140	powershell.exe

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
70	api.ipify.org
71	api.ipify.org

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
1256	msedge.exe
1256	msedge.exe
2144	msedge.exe
2144	msedge.exe
2792	identity_helper.exe
2792	identity_helper.exe
2244	msedge.exe
2244	msedge.exe
5956	powershell.exe
5956	powershell.exe
5956	powershell.exe
6140	powershell.exe
6140	powershell.exe
6140	powershell.exe
5300	msedge.exe
5300	msedge.exe
2044	msedge.exe
2044	msedge.exe
6136	identity_helper.exe
6136	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeRestorePrivilege	5532	7zG.exe
Token: 35	5532	7zG.exe
Token: SeSecurityPrivilege	5532	7zG.exe
Token: SeSecurityPrivilege	5532	7zG.exe
Token: SeDebugPrivilege	5956	powershell.exe
Token: SeDebugPrivilege	6140	powershell.exe

Suspicious use of FindShellTrayWindow 62 IoCs

pid	Process
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
5532	7zG.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2144 wrote to memory of 2684	2144	msedge.exe	83
PID 2144 wrote to memory of 2684	2144	msedge.exe	83
PID 2144 wrote to memory of 4396	2144	msedge.exe	84
PID 2144 wrote to memory of 4396	2144	msedge.exe	84
PID 2144 wrote to memory of 4396	2144	msedge.exe	84
PID 2144 wrote to memory of 4396	2144	msedge.exe	84
PID 2144 wrote to memory of 4396	2144	msedge.exe	84
PID 2144 wrote to memory of 4396	2144	msedge.exe	84
PID 2144 wrote to memory of 4396	2144	msedge.exe	84
PID 2144 wrote to memory of 4396	2144	msedge.exe	84
PID 2144 wrote to memory of 4396	2144	msedge.exe	84
PID 2144 wrote to memory of 4396	2144	msedge.exe	84
PID 2144 wrote to memory of 4396	2144	msedge.exe	84
PID 2144 wrote to memory of 4396	2144	msedge.exe	84
PID 2144 wrote to memory of 4396	2144	msedge.exe	84
PID 2144 wrote to memory of 4396	2144	msedge.exe	84
PID 2144 wrote to memory of 4396	2144	msedge.exe	84
PID 2144 wrote to memory of 4396	2144	msedge.exe	84
PID 2144 wrote to memory of 4396	2144	msedge.exe	84
PID 2144 wrote to memory of 4396	2144	msedge.exe	84
PID 2144 wrote to memory of 4396	2144	msedge.exe	84
PID 2144 wrote to memory of 4396	2144	msedge.exe	84
PID 2144 wrote to memory of 4396	2144	msedge.exe	84
PID 2144 wrote to memory of 4396	2144	msedge.exe	84
PID 2144 wrote to memory of 4396	2144	msedge.exe	84
PID 2144 wrote to memory of 4396	2144	msedge.exe	84
PID 2144 wrote to memory of 4396	2144	msedge.exe	84
PID 2144 wrote to memory of 4396	2144	msedge.exe	84
PID 2144 wrote to memory of 4396	2144	msedge.exe	84
PID 2144 wrote to memory of 4396	2144	msedge.exe	84
PID 2144 wrote to memory of 4396	2144	msedge.exe	84
PID 2144 wrote to memory of 4396	2144	msedge.exe	84
PID 2144 wrote to memory of 4396	2144	msedge.exe	84
PID 2144 wrote to memory of 4396	2144	msedge.exe	84
PID 2144 wrote to memory of 4396	2144	msedge.exe	84
PID 2144 wrote to memory of 4396	2144	msedge.exe	84
PID 2144 wrote to memory of 4396	2144	msedge.exe	84
PID 2144 wrote to memory of 4396	2144	msedge.exe	84
PID 2144 wrote to memory of 4396	2144	msedge.exe	84
PID 2144 wrote to memory of 4396	2144	msedge.exe	84
PID 2144 wrote to memory of 4396	2144	msedge.exe	84
PID 2144 wrote to memory of 4396	2144	msedge.exe	84
PID 2144 wrote to memory of 1256	2144	msedge.exe	85
PID 2144 wrote to memory of 1256	2144	msedge.exe	85
PID 2144 wrote to memory of 760	2144	msedge.exe	86
PID 2144 wrote to memory of 760	2144	msedge.exe	86
PID 2144 wrote to memory of 760	2144	msedge.exe	86
PID 2144 wrote to memory of 760	2144	msedge.exe	86
PID 2144 wrote to memory of 760	2144	msedge.exe	86
PID 2144 wrote to memory of 760	2144	msedge.exe	86
PID 2144 wrote to memory of 760	2144	msedge.exe	86
PID 2144 wrote to memory of 760	2144	msedge.exe	86
PID 2144 wrote to memory of 760	2144	msedge.exe	86
PID 2144 wrote to memory of 760	2144	msedge.exe	86
PID 2144 wrote to memory of 760	2144	msedge.exe	86
PID 2144 wrote to memory of 760	2144	msedge.exe	86
PID 2144 wrote to memory of 760	2144	msedge.exe	86
PID 2144 wrote to memory of 760	2144	msedge.exe	86
PID 2144 wrote to memory of 760	2144	msedge.exe	86
PID 2144 wrote to memory of 760	2144	msedge.exe	86
PID 2144 wrote to memory of 760	2144	msedge.exe	86
PID 2144 wrote to memory of 760	2144	msedge.exe	86
PID 2144 wrote to memory of 760	2144	msedge.exe	86
PID 2144 wrote to memory of 760	2144	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://eprst251.boo/files/Asana.msix
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe3bd946f8,0x7ffe3bd94708,0x7ffe3bd94718
  2⤵
  PID:2684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,17855097066027877398,10477764914872296095,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,17855097066027877398,10477764914872296095,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,17855097066027877398,10477764914872296095,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8
  2⤵
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17855097066027877398,10477764914872296095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17855097066027877398,10477764914872296095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,17855097066027877398,10477764914872296095,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 /prefetch:8
  2⤵
  PID:3796
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,17855097066027877398,10477764914872296095,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17855097066027877398,10477764914872296095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17855097066027877398,10477764914872296095,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2116,17855097066027877398,10477764914872296095,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5684 /prefetch:8
  2⤵
  PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17855097066027877398,10477764914872296095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,17855097066027877398,10477764914872296095,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5932 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17855097066027877398,10477764914872296095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17855097066027877398,10477764914872296095,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
  2⤵
  PID:4808

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:540

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4504

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2592

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\Asana\" -spe -an -ai#7zMap6908:70:7zEvent10973
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5532

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "-Command" "if((Get-ExecutionPolicy ) -ne 'AllSigned') { Set-ExecutionPolicy -Scope Process Bypass }; & 'C:\Users\Admin\Desktop\Asana\usJzY.ps1'"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5956
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
  2⤵
  - Blocklisted process makes network request
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:6140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://asana.com/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:2044
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe3bd946f8,0x7ffe3bd94708,0x7ffe3bd94718
    3⤵
    PID:4504
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,8292744825927670295,17807583699133191966,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
    3⤵
    PID:5212
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,8292744825927670295,17807583699133191966,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5300
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,8292744825927670295,17807583699133191966,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2980 /prefetch:8
    3⤵
    PID:4184
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8292744825927670295,17807583699133191966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
    3⤵
    PID:4680
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8292744825927670295,17807583699133191966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
    3⤵
    PID:4944
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,8292744825927670295,17807583699133191966,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 /prefetch:8
    3⤵
    PID:4564
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,8292744825927670295,17807583699133191966,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:6136
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8292744825927670295,17807583699133191966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
    3⤵
    PID:5884
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8292744825927670295,17807583699133191966,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
    3⤵
    PID:4472
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8292744825927670295,17807583699133191966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
    3⤵
    PID:2160
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8292744825927670295,17807583699133191966,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
    3⤵
    PID:3556
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8292744825927670295,17807583699133191966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
    3⤵
    PID:5860
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8292744825927670295,17807583699133191966,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
    3⤵
    PID:6044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5072

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2a70f1bd4da893a67660d6432970788d

SHA1
ddf4047e0d468f56ea0c0d8ff078a86a0bb62873

SHA256
c550af5ba51f68ac4d18747edc5dea1a655dd212d84bad1e6168ba7a97745561

SHA512
26b9a365e77df032fc5c461d85d1ba313eafead38827190608c6537ec12b2dfdbed4e1705bfd1e61899034791ad6fa88ea7490c3a48cdaec4d04cd0577b11343

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3faa64217a07241616fd762384359d69

SHA1
eabfcd9308b69d08e4739c46d6d87422b83243e8

SHA256
28d9b2fd2d28f294183ba6f960296a6b7ef9ed312b67f97016ab528189bdf4ee

SHA512
7b5c13fc338a401724528f944eea0ecfbd4949c179f1044a21c670155a3604ddc6190b732f7957f8a3fd01e298195a1a99134f77f8f1273f1dc3a9fed40b6d96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
553e78e9368f47c6de1004590b953f7c

SHA1
c9cf553c2a9dac21274500d46463784536a3d032

SHA256
6ce04ac470378b8f67701d1ae479112c93d2fc8222f61cdddd520a8db9ca6431

SHA512
cc2c5c52a68a9867ab224c7236719c0071b1de295884ba12244ef76c384466233cac9434b0117e0ec594d8925c7e8d5103bb56d3d4ca90d89062211af07464d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fbe1ce4d182aaffb80de94263be1dd35

SHA1
bc6c9827aa35a136a7d79be9e606ff359e2ac3ea

SHA256
0021f72dbca789f179762b0e17c28fe0b93a12539b08294800e47469905aeb51

SHA512
3fb0a3b38e7d4a30f5560594b1d14e6e58419e274255fb68dfe0ca897aa181f9ce8cb2048403f851fd36a17b0e34d272d03927769d41a500b2fe64806354902f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
86956cc33356ae1e1654046b597bc1c0

SHA1
e1cc18f97733b472020ea0b81fe60ed9d48ccf0b

SHA256
9301072e6b47982b8d8da08981caefd9418fb4ffa260292aeb20b6a98b28767d

SHA512
cc921b35bef146feb3edb66425f2223cb8c7e1a16a154816c34fe8e83d2b4605c4adfc24711f06c4153acdba4bf26eaea5e3804bf1217161cc54c95db48cd1f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
91c354f3594fe3500fb9d1fb2422963f

SHA1
b6b964157aa67295b01e0275c56ea6fcf4591d07

SHA256
f02ecb2677076c3b7049594309d0d0a9f29be35ec121df24af0100eaf3daf14e

SHA512
7e5b10f26b2f44ce7eb7b236e8a82e9632dc0b21a2f5801947644440a2d8b5d5fed27c2e5311b0bce75659934be1a49158f1d2c73ba9a912133690316ff7143d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
862228886bf6a977ce8e491dc4eec487

SHA1
c0852163f8be1acbbae0b0354b8f7110d72c3e11

SHA256
0db53b729f1c31a59ed1171e36e80ca25f9db54f7b972532c8a24fc8cc7c1e5a

SHA512
bd4627bb3fb560e3d116a4d5c1bd2379a1eecccc48a1026fd1e9c8f42847445d43e4ad71c3b6531be4041ca167f77928426a2fd5f2377cd139b2dd7d066c83d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
175c5eb5ee52407b671c95c5b671c4f7

SHA1
3ecf8ec0aac0a4bdf89a912965f8ac9f221b26ae

SHA256
c3ed525f386bc2886cf8d8efad187685fd5a51a175898a22c7f5a226ff3318aa

SHA512
162bd120f1ecf286de3aa4433a0a47afb9be4f68bfd2df3ca0d45709867bb819356b0cc342e93aecb079ed4774c2caa2c10db545bea9ec1b7141cb96c11c4885

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
a0d317c047331e68969cba11b21b5671

SHA1
1635554fb83d2cdced733af5c7b326739f953a6b

SHA256
ff6207db6bcbfebe83ab8c0e5c6781857ab818179cd118cb383a13a6e198e4c0

SHA512
2eead7b29950a1326ab40beb23a014ae5b383e246a03defe73ced181397013d187849ab53cf62d94ade713a5be522b5f99e6882544cd8b96c0c0013d8dc9293c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
20b4b499b0eb8bad9029a2253f4ce2fe

SHA1
d5006d32884b28654312805e1a5b72bee5c33950

SHA256
3b5daca7dc15efb2d3f0666c3740ea84b1825bd8c4ebfa0b999248459e023795

SHA512
57e61e4eab6cf29fbc233608c680a66753d9333297bc30389e40119b426432dd37c54588fcfe094995f9b749385ca9289e90f9d7420feaae2582891490c601d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
19a5d52c4e9a0eaa11cabba59da96038

SHA1
961ac9e6aaa68b034166a60cbd44d6b85b7bd16d

SHA256
32291d010b2955dbced41af6b5da7a4896797e6480e677b913573b9ccb143b7b

SHA512
e5fd00a0c5f9a066830fe49b5ab6a6116616be7086c4277aae9feead8775b74c8291bd710b5c544c8a9cbd51366d0b99b01366bfd30877cedf03ad84cf87ad28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
28KB

MD5
2b70cb49e76f428d716d60d1806d799d

SHA1
3771cf14444e69b57869534b4422b780e1708099

SHA256
cc55b65eb1926d2e46b16b605b7fa6a25228fe7427397a49c56283a31c3e6f7f

SHA512
139ca918ecb25d7d5756baa681b75a53a31841818e9de28dc0aec9429ef58a9cedaeb4fa7a1561c58d56ace8cef687521a2fc3adbc803e570b1992611afd2115

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
a6c53a9c87b0a91ab66737033eb035ac

SHA1
753ec6fdcf18df889b197f6191c4e7cdb50b77ca

SHA256
cdf2ab701e61dfb8ffb4580da999af8caa490ec85610db2f8c2592430c4f03ad

SHA512
97f3b839973c6b715fc18cb0fc0e0f479fc1614680412f086fa90359e8318ec8cb95b0b2f2e2d97a0a46153e3e36e3cd43b0366a5642703c0c125a3b62e3962e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor

Filesize
36KB

MD5
cf4b0a74bdc68a111bd7ccbd8569daa5

SHA1
e567e83b8db5476018dfed63802d0f60690c8139

SHA256
f79fc9fca22eace1d33311f380f135b75b30baa639f2d819fa437580ef268b6d

SHA512
4ffda967282821d319e22334cc4410eb8883b436654c2ffa65a7a75fdac296a349a672c734e8fed023b9b34d5f17d1af611f81d433108f898459b5ae412dac9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
8e9491b2b964714ba142444bed73be5f

SHA1
263952b1864830cfe1334728c7c18f46988af88e

SHA256
ca5c2fdae6b2b76f7166452cd024aacf756fdb701b7599e9809a8f7ee8a9e36f

SHA512
1662eeb834fd26739f1232451e5facf4bc040342f21bcad686b0310f2711f10efdf51411506028f1ef70c5528ab24ce2a95b644112d3d0e8fc46aaab4c44c6a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
75b33c3b096977452214c735d461f440

SHA1
1e568df95f6a4bbb830c8bcf87f199ea8f50c403

SHA256
d690d860618ec70739925863e2bea40d85e3ae437cee254defa6203e0b7b267a

SHA512
bc708a61c3086e38983c61b23cc3d3d8a02b7f4629c98ea4a7221b4e6778eddc1e6c76a3da2fb5742d71dc15bee693c3999088a4cd02a531ee0d990b200287df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ad08837933544471467b20b2e900b272

SHA1
dfe7275345293a2269778a29f7799b9fd217581a

SHA256
900308c1457553db65e1788314f16f56e3e4f730ea6cc7ee9322c1b46d3161f7

SHA512
542ca46495c0fb56a4cb13aa1981a0f8dc42597ba444e1773d7404e65b501033f02d36f6ad80eeb853ae2910e5d40878e88013f521a1a0d27720bdd7a3e55247

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7c5bf88100544c97c6967edba9491147

SHA1
64fb83bebc016c8de0dff6e0e5089ec4a82048f5

SHA256
3a6334589f11dafe795197f3a7e58580f5a1fc4ab5c69466b962e00f68fa9614

SHA512
b1f7590f47c1597e4f25bf13e3e4445f5098224ef2403bb72a30c9ed3f11048c18f60a48a738ab7116ff0c76a68db72ad7ba3c69c6810b994febf4104006fe3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
596e710db4089f9ae4baaf48f7539bec

SHA1
f34d248ab32d1530e7ca5746fdda14f02f3ec9ec

SHA256
2838e1218b09d76a4e26b9112a90af81eca6d9c9516d9ffa0126c67b1be9124d

SHA512
33b0489c58e349feecbc2cdb91e7a70493574874c055bc78310bb2e9404b5ba848e7e61f557d7510a38bae469cab9673c349e27f419c104fb708f1c121088cb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
27c8b44cecfd357bac30c270c278743a

SHA1
8e71881c90ce0b68c5e7ffa8b24ede19760aea8c

SHA256
5fee5c62f5b6109cd16b6dd1f2aaa2ff5b3b7c7cacd732fc3e1503eb3a478d1e

SHA512
cf816918655fa4732f1878b8d794fe2ccd6989bcb51fee3ade472eec04a0c1f853f5976242df2c94354096f3b24525c87e64c6187cecd55a95588c78a97b91c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1f73857e2753c7c232bdf2acf88bf3a5

SHA1
bf692cee77f87d5cadea91299da7e5d3504087a7

SHA256
b5ead267dffdefdaaa337a338260d2f57a7cba7a8ea53fa8a840343a506dde4e

SHA512
533b016475882a7f60d8fe6bd2d37d0550d6138ae21c8d00fdd3d0515e719a85baa94561be1b2ccc78fab3e6bb5caf935c5f483cea8fab46cecdbf3f69916133

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps

Filesize
33B

MD5
2b432fef211c69c745aca86de4f8e4ab

SHA1
4b92da8d4c0188cf2409500adcd2200444a82fcc

SHA256
42b55d126d1e640b1ed7a6bdcb9a46c81df461fa7e131f4f8c7108c2c61c14de

SHA512
948502de4dc89a7e9d2e1660451fcd0f44fd3816072924a44f145d821d0363233cc92a377dba3a0a9f849e3c17b1893070025c369c8120083a622d025fe1eacf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
175B

MD5
6153ae3a389cfba4b2fe34025943ec59

SHA1
c5762dbae34261a19ec867ffea81551757373785

SHA256
93c2b2b9ce1d2a2f28fac5aadc19c713b567df08eaeef4167b6543a1cd094a61

SHA512
f2367664799162966368c4a480df6eb4205522eaae32d861217ba8ed7cfabacbfbb0f7c66433ff6d31ec9638da66e727e04c2239d7c6a0d5fd3356230e09ab6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
322B

MD5
93e3fa98654e9539f997d2c64e8f273b

SHA1
e0a26095e5df86d23c9b73ae23f419dd3659ac18

SHA256
362fd12b8b3dac6d24b98a2568eb0dc8511e41fe895e2f32a12e160019eb53c6

SHA512
1ad1e7509d1d1423ebe195c1c9ef146f2ff5877fcef07a6f6a363e979df40a2d5904dfdd47f6cbe7b6b2dad45a3e1460b8a0fbb6b8730899e908408e264b7271

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13359066545122798

Filesize
461B

MD5
7e2f8c412eb001efc1c0a9791951f4a7

SHA1
1f1337f107b469c0e86a5942a884e521953457d9

SHA256
188e012fe8853308a3c444ed13b11728c6691b5db27db2b7d420f00f806c26c1

SHA512
e2ab1991fcfb28298c0389969353c170bfaeb65138ff741e5637cf20e7cf3182e73a878aafbda3795e72064e8e73332084e9c3f9218a9a2986170bd241032af9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13359066545419798

Filesize
933B

MD5
622dd994f69aabab2e50621df10edb02

SHA1
e8172710763c6cce399d71ad4efd38889a7b7d8c

SHA256
c4187ee002f0b5b9743f326448c7c0b0d8ea4175de226d5a7d078facaebc9cc8

SHA512
1efd5aa5ca06af7f195f1b6baab905e1901b8cc25908bca2a4268d5b503f561f341327f72f11f8e8272bf89bbe5885684b168c23038f84d9b64b13fb297f7b76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
3c2564464913b300646bb78756dd3f72

SHA1
d0aea6993a07a6b1fdabc3dd28e192643532442c

SHA256
854178e8ac3fd0aed97d982c4691c286206adf72c5f56482ed7984cf694b26d3

SHA512
b22d416f1dcf8fcb71db022a5273d0b0ed6493830b28d5116512468e18e601f308ad859adfcf4128bdc2a1946e1603dc85069300d760677cc188687230c1f94a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
fe979ea8c2b2afd44168169057db46e7

SHA1
bd61fb4a241cd11b5cfa71a293146af8e25856ad

SHA256
618d2e006c6dc1f25c2e453a7936fe27886c84f38fd4eb5e36d2069e014b1e6e

SHA512
58fa1df2d6630e00174725d3898622457be0b8acf6d612e6630cb65693f76706de3d1febec457a36e3879c998b7b4701aa6e101a5b7589237b4feb1dea29809c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG

Filesize
136B

MD5
33c3f19d6c544882c076cf8921810430

SHA1
c4e879f47d76ecd410edc78c998afab9f28d6c68

SHA256
3afd4fd6dfc6862e7f4c6ddf6b4385eabf2e975b48fbb8b72c3a00b41592e599

SHA512
473072e259e5ea3e9ea19505825f3fd9b8cc2e01bb5fd65dd8bf5c7b2bb85532ea0b33788d4fa31ec07cc593c653f0b46ea2f790a6d7c15fb53e86a279481bcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004

Filesize
50B

MD5
031d6d1e28fe41a9bdcbd8a21da92df1

SHA1
38cee81cb035a60a23d6e045e5d72116f2a58683

SHA256
b51bc53f3c43a5b800a723623c4e56a836367d6e2787c57d71184df5d24151da

SHA512
e994cd3a8ee3e3cf6304c33df5b7d6cc8207e0c08d568925afa9d46d42f6f1a5bdd7261f0fd1fcdf4df1a173ef4e159ee1de8125e54efee488a1220ce85af904

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
7a508d5474077f31ec11e858aa349062

SHA1
3753f4b3c8b843a159dd0e4f9557b09a0ded32e4

SHA256
11fbc38567545d33a4e10ab62ede729e8701bdcee20d8f37f370d8823a530f10

SHA512
ab3f09d21253322bc5654794dc6cbc985fd247953d91ef9955acb5f5028bcb61317dfce0e0db8bfb78efa828ad4698e54994056b0755a1785ca739c9ef805854

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
2KB

MD5
75fa2bbb3837e5c53b39740e15c04c7a

SHA1
0b399837ae2be5d8a5f76e2c33e240d485ae8408

SHA256
b26933480f6f17908ba6b10462c66e95988d629956f9cda9fe27e24102704b34

SHA512
48a79a9acc8c112539db888386be210639ec4499ef53730032fc2fa92aa64639ac397b949c3751f366889ec868569d6e9446cff1e721c763429ff16d81e66c94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
1fc86658ba030b59c296a46b421abc2f

SHA1
f706581f4fb313d94c334e67e813b06f06192f67

SHA256
511f392e38a55b103ae90bf49d840f75b805d9852bf9560434fab9e94dfd177d

SHA512
62e7eef22be4eb5b22a0e340a6d0144ceb78b916587b41c8b2895c5bfa9332cb0dcc8576e6da0227b297bc67c59fb2c811905190dd2807bd73f4eaa51d5adf45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
565B

MD5
a4cb885fc497be8771c6f5a46660a570

SHA1
64dd259e0c8af8d952d0364d065739e09f2385d9

SHA256
8bf6defed211b7f5e719ce2a7ab70707bb751abe69c22caa6c1848134fb0fdb9

SHA512
c85d0e08d55ea8757fdb20535a9f88e40e208750cb5650903d254d7518d8a2bbd0edbe40eb4d1f4d2db42b5238c7c72d4c3a6ed475b583c1cee7d26a05ba053c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
de6d7fca08c45d15889ca64948fcb700

SHA1
be3f1946387c7bd436360c814b6345e1f579fa05

SHA256
2f8a8e2a956fda087605f4dc49fba3671c029baac79a5007d458673d063582bb

SHA512
858908598124e41535d336882d8687052c0d3cd49a619c59a604f547cce7c6450f57840c199aacceae78010707c423660107274fb78cb288ed8bf706d0e14cf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
fe505ddcb32bcead0b78ed5970e6f6bf

SHA1
e39363185a7ed4d166857aa4dd1623c40e4ca62a

SHA256
9825bf1e9453f645422969f2863ff5e8f52774529eef647e85d5cd44a0aee118

SHA512
8aae488776ed2c9d41faee19038b40e67cd92fd7afc0c9f08b40d833795c90b799786d411345ef745c3f4440daf652ec497f54bb33e25fae1d1703dbf42ea7bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
ce69d652875956fe57063b856e2ee831

SHA1
2d627da14b851a227237af174fab9c29512ea7d2

SHA256
c0942cce3bac1038a2929acb970541d1e3b86b75b507a677e4b7da66c59a2b0d

SHA512
a18885c6316c60ac7adf82c1400d9d7eaf1f42e7f36f8b0027d0f34ceaf668fcc1f54a172c59f132b5674043a4f0b43b7a89a6bb0074549a8773885ae5114c74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
ec37e9f661878e268b5abcde88677809

SHA1
07e1af39029420ccb1908494e64605e792f45ee6

SHA256
37d63ed0ae3dc99da7e5a82d6c17efe518481bc4f044a721c8c61aaa80db97ca

SHA512
1a57d8c7c3ec82659f9b6df85c43f3c83c900d1a97ef39ed55beb9a33b6ad2f57c6711f07a28e5d9cc91ddc866b1ed5be8dccc005efa403de6aa72af0c3bafbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6bb960d3fb0d5faeb41ec415d6ae150a

SHA1
87f48e8f701f8025193bd20ca4ba6ae4d1380810

SHA256
18eeef510463b6f1ff40ae1b7c4973a8bed63e06010416ced5764a8900558eb4

SHA512
9a1b6866779c1dd26ea453dedf8ec6d9447aa5ad9a296346a6137d7b61b125f66d516fb804c6dfe839347aaea5ad6e952dde0d3ec87589c908c941523840265e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
13140f1f730a134df2ce8540625b2360

SHA1
e0c720a7facbe5290a57b941cfbcd205051542d6

SHA256
6178be511202eefd2926671311b909ad1010ea39544f0c9f329e77f16b6e1104

SHA512
b014c8f18544fa52cac038e1f201737cdff34bd073c3c4c3f1bf7b7daa492a66e314e7a52e947a75ad5dd1d90d6f550b1050d8e1500f4d2614eeab6bcb61f91e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f94d4eec06b8faca9044391c274b6289

SHA1
4507b68a5a6c6495786b9714814cd25f60d57642

SHA256
7b8279ad2da3dc60ecad1870432c8135604bccbe51862371363d85194b76b8bb

SHA512
3127404a542d3bdafa5b716cec3965588b3af7b0b492fd7f72f5769be545e1685643716ad7dc3187f9f95c1d332eef3fe61c4a264d184e78470cfcdec05e4fa1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
e43f560623a0da0af276f4e5f9be0ffe

SHA1
73b2cc944aeaf08ee560afa4b5d2a6841d1a1e4d

SHA256
6da62b8df1532ae8ad89e245e5b477f9211b6366f3a16cb5119f19b7e54f41d8

SHA512
fc991bc0a9e2bfd5e790f8a38fe5a037234c458afd493070f4b0125aa290d83fe59eaa1baf1f7c9a8e157428f9a337e3c2c1741e92fc0766b5744137f171c426

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
28bd01eaa111aed1691355f8461d0c83

SHA1
bc4c6de771ef4f4a0ccf79ce855bb70b330ed013

SHA256
df1fd4fff13a6cb222befabc69162c2f1e3ef908abdd0932025ea6bafddba203

SHA512
4924a5411eaaebe9cd55da71bd0af984c26e7f7c1484fa73ffbde8aeb17d5e4078ee9944baa1dfe060c637378fc525a74fa65f0a14c65ae82d716ca03f5d8f8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
3b7f526f5f59ebbc2e1a34f749183b4e

SHA1
3660137a2848d30fe20f0251b8d1484c9121879f

SHA256
360534daa59baf8cc3f9a2ba8be7a1fbd915c94f3610a6eab56d9eb9e50fd2f8

SHA512
342fd3c689529a395cadf1f929409bb7e9b133c71034ad5cedd42069b259a31405d5aafef3b182b7e95e3e09334e84436ecbc9f66a049285446f842945e28935

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_xtri5x1e.0b0.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\Desktop\Asana\usJzY.ps1

Filesize
6KB

MD5
8ede71440d02f3d250a3ac50eef4280f

SHA1
b97e6ebd28ca3cb9e45ea6ecd8e2b2a9323c5bc6

SHA256
5e9362dba53021ab588e396e1cb28100718471f07c5dd5cafa6bf5728f014b97

SHA512
77f23d7ae4aeab44048f72e34b45f8a0e7b2872711319e028fa685812fa63905f3dbd87daa3950151ac41805104a2e65b9dd6371b270beb0952f6eada559772b

Download Submit
C:\Users\Admin\Downloads\Asana.msix

Filesize
1.0MB

MD5
c50aa8af85636796521e490b2e0b34dd

SHA1
208e615fd62249af697856734fb0e80bb1f58739

SHA256
bdd89826ab8d3e3c03833b1ea8e4b0a34c80f13bfa5882e5b82f896cec41d141

SHA512
0f8dd1ba05e92238723d4f8ed096d6b6bdb55ee913b9834e37d3fdd294c6f1613f84c64bd492ef25f8ade4763f613423517202480a5da65116ffc83034e5a93d

Download Submit
memory/5956-205-0x0000025E4F840000-0x0000025E4F862000-memory.dmp

Filesize
136KB

Download
memory/5956-211-0x0000025E69990000-0x0000025E69B06000-memory.dmp

Filesize
1.5MB

Download
memory/5956-212-0x0000025E69D20000-0x0000025E69F2A000-memory.dmp

Filesize
2.0MB

Download