hxxps://edpuzzle[.]com/classes/66bcf68a38cc80b9e9339eee

Resubmissions

13-11-2024 21:07

241113-zyl2esylbv 10

13-11-2024 20:48

241113-zlxx6ayjey 10

Analysis

max time kernel
292s
max time network
301s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
13-11-2024 21:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://edpuzzle.com/classes/66bcf68a38cc80b9e9339eee

Score

10^/10

google discovery phishing

Malware Config

Signatures

Detected google phishing page
phishing google
A potential corporate email address has been identified in the URL: edpuzzle-answers@latest
phishing
Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service
T1102

Processes:

flow ioc

234 raw.githubusercontent.com
235 raw.githubusercontent.com
231 raw.githubusercontent.com
232 raw.githubusercontent.com
233 raw.githubusercontent.com
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

flow	ioc
234	raw.githubusercontent.com
235	raw.githubusercontent.com
231	raw.githubusercontent.com
232	raw.githubusercontent.com
233	raw.githubusercontent.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
944	msedge.exe
944	msedge.exe
4156	msedge.exe
4156	msedge.exe
5156	identity_helper.exe
5156	identity_helper.exe
5924	msedge.exe
5924	msedge.exe
5924	msedge.exe
5924	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

Processes:

msedge.exe

pid	process
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe

Suspicious use of FindShellTrayWindow 28 IoCs

Processes:

msedge.exe

pid	process
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4156 wrote to memory of 736	4156	msedge.exe	msedge.exe
PID 4156 wrote to memory of 736	4156	msedge.exe	msedge.exe
PID 4156 wrote to memory of 1504	4156	msedge.exe	msedge.exe
PID 4156 wrote to memory of 1504	4156	msedge.exe	msedge.exe
PID 4156 wrote to memory of 1504	4156	msedge.exe	msedge.exe
PID 4156 wrote to memory of 1504	4156	msedge.exe	msedge.exe
PID 4156 wrote to memory of 1504	4156	msedge.exe	msedge.exe
PID 4156 wrote to memory of 1504	4156	msedge.exe	msedge.exe
PID 4156 wrote to memory of 1504	4156	msedge.exe	msedge.exe
PID 4156 wrote to memory of 1504	4156	msedge.exe	msedge.exe
PID 4156 wrote to memory of 1504	4156	msedge.exe	msedge.exe
PID 4156 wrote to memory of 1504	4156	msedge.exe	msedge.exe
PID 4156 wrote to memory of 1504	4156	msedge.exe	msedge.exe
PID 4156 wrote to memory of 1504	4156	msedge.exe	msedge.exe
PID 4156 wrote to memory of 1504	4156	msedge.exe	msedge.exe
PID 4156 wrote to memory of 1504	4156	msedge.exe	msedge.exe
PID 4156 wrote to memory of 1504	4156	msedge.exe	msedge.exe
PID 4156 wrote to memory of 1504	4156	msedge.exe	msedge.exe
PID 4156 wrote to memory of 1504	4156	msedge.exe	msedge.exe
PID 4156 wrote to memory of 1504	4156	msedge.exe	msedge.exe
PID 4156 wrote to memory of 1504	4156	msedge.exe	msedge.exe
PID 4156 wrote to memory of 1504	4156	msedge.exe	msedge.exe
PID 4156 wrote to memory of 1504	4156	msedge.exe	msedge.exe
PID 4156 wrote to memory of 1504	4156	msedge.exe	msedge.exe
PID 4156 wrote to memory of 1504	4156	msedge.exe	msedge.exe
PID 4156 wrote to memory of 1504	4156	msedge.exe	msedge.exe
PID 4156 wrote to memory of 1504	4156	msedge.exe	msedge.exe
PID 4156 wrote to memory of 1504	4156	msedge.exe	msedge.exe
PID 4156 wrote to memory of 1504	4156	msedge.exe	msedge.exe
PID 4156 wrote to memory of 1504	4156	msedge.exe	msedge.exe
PID 4156 wrote to memory of 1504	4156	msedge.exe	msedge.exe
PID 4156 wrote to memory of 1504	4156	msedge.exe	msedge.exe
PID 4156 wrote to memory of 1504	4156	msedge.exe	msedge.exe
PID 4156 wrote to memory of 1504	4156	msedge.exe	msedge.exe
PID 4156 wrote to memory of 1504	4156	msedge.exe	msedge.exe
PID 4156 wrote to memory of 1504	4156	msedge.exe	msedge.exe
PID 4156 wrote to memory of 1504	4156	msedge.exe	msedge.exe
PID 4156 wrote to memory of 1504	4156	msedge.exe	msedge.exe
PID 4156 wrote to memory of 1504	4156	msedge.exe	msedge.exe
PID 4156 wrote to memory of 1504	4156	msedge.exe	msedge.exe
PID 4156 wrote to memory of 1504	4156	msedge.exe	msedge.exe
PID 4156 wrote to memory of 1504	4156	msedge.exe	msedge.exe
PID 4156 wrote to memory of 944	4156	msedge.exe	msedge.exe
PID 4156 wrote to memory of 944	4156	msedge.exe	msedge.exe
PID 4156 wrote to memory of 760	4156	msedge.exe	msedge.exe
PID 4156 wrote to memory of 760	4156	msedge.exe	msedge.exe
PID 4156 wrote to memory of 760	4156	msedge.exe	msedge.exe
PID 4156 wrote to memory of 760	4156	msedge.exe	msedge.exe
PID 4156 wrote to memory of 760	4156	msedge.exe	msedge.exe
PID 4156 wrote to memory of 760	4156	msedge.exe	msedge.exe
PID 4156 wrote to memory of 760	4156	msedge.exe	msedge.exe
PID 4156 wrote to memory of 760	4156	msedge.exe	msedge.exe
PID 4156 wrote to memory of 760	4156	msedge.exe	msedge.exe
PID 4156 wrote to memory of 760	4156	msedge.exe	msedge.exe
PID 4156 wrote to memory of 760	4156	msedge.exe	msedge.exe
PID 4156 wrote to memory of 760	4156	msedge.exe	msedge.exe
PID 4156 wrote to memory of 760	4156	msedge.exe	msedge.exe
PID 4156 wrote to memory of 760	4156	msedge.exe	msedge.exe
PID 4156 wrote to memory of 760	4156	msedge.exe	msedge.exe
PID 4156 wrote to memory of 760	4156	msedge.exe	msedge.exe
PID 4156 wrote to memory of 760	4156	msedge.exe	msedge.exe
PID 4156 wrote to memory of 760	4156	msedge.exe	msedge.exe
PID 4156 wrote to memory of 760	4156	msedge.exe	msedge.exe
PID 4156 wrote to memory of 760	4156	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://edpuzzle.com/classes/66bcf68a38cc80b9e9339eee
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd452846f8,0x7ffd45284708,0x7ffd45284718
  2⤵
  PID:736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,2014063999649653464,9347501111549462993,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,2014063999649653464,9347501111549462993,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2452 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,2014063999649653464,9347501111549462993,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8
  2⤵
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2014063999649653464,9347501111549462993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2014063999649653464,9347501111549462993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2014063999649653464,9347501111549462993,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2014063999649653464,9347501111549462993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2014063999649653464,9347501111549462993,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2014063999649653464,9347501111549462993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2014063999649653464,9347501111549462993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:2116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2014063999649653464,9347501111549462993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2014063999649653464,9347501111549462993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2014063999649653464,9347501111549462993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2014063999649653464,9347501111549462993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
  2⤵
  PID:1120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2014063999649653464,9347501111549462993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,2014063999649653464,9347501111549462993,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6832 /prefetch:8
  2⤵
  PID:2096
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,2014063999649653464,9347501111549462993,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6832 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2014063999649653464,9347501111549462993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6548 /prefetch:1
  2⤵
  PID:5348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2014063999649653464,9347501111549462993,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:1
  2⤵
  PID:5356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2014063999649653464,9347501111549462993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1
  2⤵
  PID:5508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2014063999649653464,9347501111549462993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1
  2⤵
  PID:5768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2014063999649653464,9347501111549462993,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:5776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,2014063999649653464,9347501111549462993,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6868 /prefetch:8
  2⤵
  PID:5440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2014063999649653464,9347501111549462993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7096 /prefetch:1
  2⤵
  PID:5436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2014063999649653464,9347501111549462993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6860 /prefetch:1
  2⤵
  PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2014063999649653464,9347501111549462993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:5428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,2014063999649653464,9347501111549462993,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6472 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5924

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:768

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2380

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5544

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Bookmarks

Filesize
1KB

MD5
f219ab84ece638e2b2e210b55aa5491c

SHA1
313e6e7faaa41562b75f049a3c235df3063915da

SHA256
547ba3eb8eac4cc923da7b946029ab8299885d3e826411011f9fb487e44a406c

SHA512
2b02f505cc48031d50c14f85cb456cba4c433da669368b9867adc26a259ee6c7e53c1479118e4a36737ae5138a632862d6956e313c77ff9708f58879748fc1a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Bookmarks

Filesize
1KB

MD5
ceef69c3cccbf7535b325eb621f24127

SHA1
90fa16697c581d1a27c99086a0e1effe6c293ed1

SHA256
6dc5a03064e0554457da9294dcf256b82377e74d8685b96ef2e15b2185e3c7df

SHA512
a8adb3925d5cbbddfc8b61b89e31d42993979dc581803cb0348c4d3afe56bd213f98da0c7816a1782d59b0e428b987156dff448dcf4bdf296d3d7286c4d3a5a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Bookmarks~RFe585a02.TMP

Filesize
1KB

MD5
015cc1a81616e1a1109e9c04665f232d

SHA1
3f4e0763422ec42972c65d313856600e437a1b65

SHA256
204cfc6c55a29b8551d26fb10b751c3a0a5d9b89b6388eed21772ab50e02ab88

SHA512
344041166364cf15e5486a9a69d641f2251149a2aefb5da1b477e99fe1ce91d2da715917ee357089e608173050992b96731725f1a234864c152160bcd0347f68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
51KB

MD5
f61f0d4d0f968d5bba39a84c76277e1a

SHA1
aa3693ea140eca418b4b2a30f6a68f6f43b4beb2

SHA256
57147f08949ababe7deef611435ae418475a693e3823769a25c2a39b6ead9ccc

SHA512
6c3bd90f709bcf9151c9ed9ffea55c4f6883e7fda2a4e26bf018c83fe1cfbe4f4aa0db080d6d024070d53b2257472c399c8ac44eefd38b9445640efa85d5c487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000049

Filesize
407KB

MD5
935e690349b29f0a32c0ac2d37b68998

SHA1
720ce1d1496b460009f9b23a1553c1317647b195

SHA256
e0d7117b3d783ece54474f350e59281f9d53f222a97b419bb005d9c66c636a96

SHA512
78a50a602eb8f2d760eec57aeb8fc971f16f723547293569de1b47cc4683ab5bc4e8566a5e6fdadfef29940fee1e8342d9940b9415b9fa80d2265ab6aaa97e9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
4fa9cbd01b16a90b4e364e8f49735e28

SHA1
e922912d8ab411f499757b516d7c68ca7263139f

SHA256
b87f88357bfa14a3b6f80a8db6aedc52b403063d03b6e7d1a5e5ec3c5bc9678a

SHA512
039188fda3f7845370da6495b7f8254ae658f772569a6f0767c4843a8ad54f3186096ca38aab2a62ecd4eb6f91d8d0eedbf29e49dc6f587d4569e70af5f16c8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
68e8c100345a763784f013d1cd431ffe

SHA1
0a43fbd7c911dcf98b9adf50bc752a6679275700

SHA256
fab631736540d7c9157f19717380a55cebb979b66890d94ae4bb1cb00c82d664

SHA512
3dc1d563e23f533c23e8c46e3e396aa1d160a2edf93054ea4db8eae9c5194d95624fa4c23645b2b75bcead9ef27139768f3bcf3903da525b903b3bd3b4d2c149

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtubeeducation.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
a84d5068c7e8967a0c2666db908fc682

SHA1
5729785de752abc46d88c3cd3efe5b468bda5835

SHA256
2f2955b81c2241799501a1c90073d65bac394ffd971d7a214dba64ce8cac4b2b

SHA512
4ef637655d3cc1c89c6ebb5ee5eaf28a03c4a0135ac63ba126ad486b949cead69d258c6c398efe1b64848dd27b29b22eef098238bd69fb8eeb368d631ef0dbf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
159f9030132a656acf8ee6e5cf94948b

SHA1
71d983e40c36bf416d5756dca1178bfab6e12783

SHA256
db310e8e3ec905166502c7e595bb26d374595610107e5f1086fef073ac44f1dd

SHA512
abaa9dc891800ba404ead23d457dc0c14077067a7aae3c5ae4a22fb1a221373d101ddaff710ea2da273ade39358fe99fb7fadb4ddb080235b7c3a3e0437099a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
3c9175f620d241912dae43b2ad72343b

SHA1
863a78c5c5044c852183829ed6d5ba82ba92313c

SHA256
7c7e7a9baf0764f98cde691b0db764b378b487667f3b89a4d5207ebff6ec0a3f

SHA512
e2e2df28433d7035334d9779b38a95a147463569b67fd4de60b7c388fbab81078891a6f6cf37ca81d474f03bb7d8c827c207b59eb14692d789a030c622b9f12e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
010e6da87e08e752969108dbfc768564

SHA1
f1a17f7de229110b97ff203e5382b9d4779705d4

SHA256
d4dcbe107898d7d1443da6048b5d726dc698d76fa5dd3b012978bb220737fa7c

SHA512
83bb601dec92612abe049434f7fbb43e0ea0f5c6fdbeec3d35b43c83b12a5ebe5e8b12b6d801e4a46b2f436d3b2c5ba712df7e82f5e20ba038c3a4cd4ce867aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a0bd49b42689dcfffc0e0a665b3ca743

SHA1
ce7d86e1971b14c9ed5b529b218e0e45742a0c24

SHA256
00194948044b0716940f8fd0da137ed1ee2762980a736812ebdb6d486356fbac

SHA512
d2dc6471a49c66075cc71c6da1d9b0990c5562ffa70bd7d5e110f06e689a135612225ce71a9addc6f0fca0473aa6b34bb4bdfd8b4fdc922a7ff1537d685367bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b44d35a006d47c84957f41c05fb5becf

SHA1
4f43971e72c26cd443647711fa882eecc30b8c5e

SHA256
a0ed5cde47488d715b84c1a8cc0b1f85c7c0749b9eaa780927d8222ade5e4bfa

SHA512
8503134750742e2cf5172b256190a28785d748026f1697fdcbad7053eae4b129f78181d446ad8dbf06148ce6ae6419797a61e4a85cffab161afa238d4c46c29d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a980c170af941bdc9a02a4089d7f10fb

SHA1
906f33e71ff65e8766d777bfd481586a622a090f

SHA256
cf280b2f55034d2fedd34fce326a1f8044263c9f3ccfdcd4aa1f1553f08c4d0f

SHA512
4fcda23644991d402335d0790e64a026773799d98dcb5d5e1c3e02e047a669f3249c24c4e60b800800a4a07405f3b9d90b3b87981b98c28d85ab7d4b70848b3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d6c1054247bbe0a9485b7400247073ea

SHA1
29fe57fdffa4f0ee51ab29adb8a3ab1ce48aa53c

SHA256
263a99718226ce77a6fa6352fcdeca869b9da30b3a4a5eb2a679e2eb35b3e409

SHA512
173e95790a8a7e5c8bfb3c35fb5efa31c24a3baf7117a82b92ca71b066a8c9ebfa5a354aa6447968e9df8676b3af5cf3573770109eab927de709b0d3abd5a569

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
5d8b9e010f6a74112fff857ba8058d4b

SHA1
6e81698f6bc42c23cb1603720ab77959769b388d

SHA256
c8ec54407a3304d99a0d00bbe940159760f9bb41e17544188de2f3e9f0e25248

SHA512
fcd6c10e6967342e1c98cde5c76ab5350d15a2927d4f21f4dd81d176441466f1eb6beb24cef36a5403dfaefbad5ef27fdf65c380ecd386ed90708ca3ade82922

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
e7cd1007feac492ddf4ba6510fe8fa6b

SHA1
7786c2872757b3c9d5af86378987ba31e6c33dcc

SHA256
819eb0ba260eedf1d5d83ae04ad860ca03b45ef4c6549c8412cb4f59c664467b

SHA512
4aa958ec17402f8c5e45eaaa35705d43b59edd9b2dcd51e6189dd5ffe472914efdf4d4ef7dc11a6ce5da8fbb8a14e1f7e9e5700c6a1172eab4eebe86d4977027

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d5254c187d9fff6aab6f45e0008bf208

SHA1
08770943aff357c4659d6ce0bba402c985f3357c

SHA256
8fdcad61378a6a13eba58d943c274a799cd1d181229c97f823b42191ed0d633b

SHA512
81e39b191da6d37cdf4a361f133d24bf51880db5eb4482cb9d00dd2e4f5e99d543bdc08f33f57f1ec1bea273e6481e3af702b126599e34105a5c9d0803a63005

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\05270b17-9a35-45c4-b5c5-de1089d477f9\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\05270b17-9a35-45c4-b5c5-de1089d477f9\index-dir\the-real-index

Filesize
11KB

MD5
297b199d2c4275267a2f07d590437925

SHA1
35e05ed8281c0b8887ad7e0835db62a867da8758

SHA256
86c70c257f0ea23648dc1b312e118aa7676309fad968b628cd0d441567454128

SHA512
abd13f43b035b07b12086c5b37d4ac6c444bc200dae017e57f695b024f8602bda381ee67f0fbb4569a3714ad4fbe44256ac4898b27a99088f3c30ff22e5be513

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\05270b17-9a35-45c4-b5c5-de1089d477f9\index-dir\the-real-index~RFe59067e.TMP

Filesize
48B

MD5
77ae272c38bdb29db2107e06d08850b2

SHA1
a4e2f05597e43d1203205756bc90d84a693caf1c

SHA256
eff67dfaa8dd8002920b12d1c538b61fa380f12c4079d0e3df8bcd0394c15842

SHA512
752ebe67e1dc8b497fce2f61d343177fe4df51652328f3623412a7d27f491c8c80e02e6253e9e4b0e2cf92f3ea912e312f41caf0b0ee6c7ca657c142e442928c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\078f0229-4a69-4b55-ac54-8867e3599152\index-dir\the-real-index

Filesize
144B

MD5
67ba16667040fb563d685ad4c76c00cd

SHA1
4a9f83d88cc4a32a35e7c6191252cf0e80a5de41

SHA256
0a69a3d6db6d761d5755de27841f8020cfdbbec928f3e901b3e4195574b9eb74

SHA512
f7b07eb4351f86a7df165b7292f8c510518f3f87d2b31590c4e09a273f62b44a43e4b4718c83c3d2d92a478c5270172c30400d6dc453cdde5010902c3db7595c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\078f0229-4a69-4b55-ac54-8867e3599152\index-dir\the-real-index~RFe588ac6.TMP

Filesize
48B

MD5
4467d991f20741b52a344d0cbdd2490b

SHA1
24ba443bfabe6b5f353b36411c9662569e659f7c

SHA256
fdab2a37c87c6f6982c555afc3e92916787e92769d58c7595c31e660c1677be5

SHA512
2be51d3ee2219b8cbe6cfa4ea8d85c59ad7caa77d62f258c182a24088f035864f844c6acd4a7e2eef8502d18cb9f89f4b1d79c0cc06b092ed3eca45796f569c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\084bf824-0828-4b36-9150-d2ff2a12ba01\index-dir\the-real-index

Filesize
120B

MD5
e2bd6c86dd17514ab4711db7c359fa9b

SHA1
323cf07dedacef9b7809831c1dd8832c83967e03

SHA256
663decc88a71857fc965cf51a5d4ad74815fcfdfefdc3429aa91c64f13dc03c4

SHA512
8322d5c4e5bfbaff8e33d62e86e89e8c7f0867524fede877e253335c0a08601d8cbf3c299c7d2aeeb482d213d9c204eb4a785084e9f5f4e9efce0d0e19d0392c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\084bf824-0828-4b36-9150-d2ff2a12ba01\index-dir\the-real-index~RFe588c0e.TMP

Filesize
48B

MD5
63bb17be67c5a56782052dbb9e4b4415

SHA1
b31a397a0b235742a14d8dbfb5ed09cd0e93d4dc

SHA256
5768466885b2eeb70e7a6c0e9c21af4e86b495de53facc5b985afede9288ac6f

SHA512
758a06da23563ca729485e2a61ae688449621e2144858649fb728ddaa58b81491f561d6b7cd65368f88892a006f985add0bd717b910d5c464597bf4be71913d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\d2c2505e-7d84-4046-bc79-b2b89b38c6f1\index-dir\the-real-index

Filesize
72B

MD5
1523d54ed1945be8df32113925dae7c0

SHA1
98691ad167282317420fcf8f083a20df291319d7

SHA256
64964a9f1517ae9619a3052e2c47303085cb887b80f0ff64fdf13973c03342ed

SHA512
3dd7b6e34e59657b235ae24c559dc9bde4940d704c7c7009b70f8b2ac80bf6506356bccca4d898f02041a2aaf74047be8210a35f9e58ddcf9b54566d512c5469

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\d2c2505e-7d84-4046-bc79-b2b89b38c6f1\index-dir\the-real-index~RFe588c0e.TMP

Filesize
48B

MD5
91c9b4769c73045c1d8d8ef23f01077e

SHA1
cb0d1f0a43f751320b34233e2f8837a8ea0f622a

SHA256
7d5d545eefb097cdcb5951d7318aeb70dbcafc0bb3e5e0c6724b364eb84290dd

SHA512
0715022269010f1b2da3ad7d02549abe50946433cafa3ab0eb4c3977af3297d9afce4f3aabfa5c98fa70266462ac1e044615ed1adc72c960a835a583dd832b02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\index.txt

Filesize
130B

MD5
b55f0f5b8b567f95f9c83ddc592761ce

SHA1
de6516d223577111a3b05ac092dc36a8a0fff27b

SHA256
25f3dc1b20467996b4a02ccb7971da2bb17ee1a80c776881e89c4f55db16391b

SHA512
3b76a05c4ef92f42652603fb517d2e3bf089268261f04f2bbf201bb13a8925a13147087c7ac6ed1c888f31e1121cfc2500eecded6d03f15182a824512e496321

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\index.txt

Filesize
226B

MD5
efa4f461400524c3ab0fe7df8f38fb85

SHA1
e8200bd3120d17f43348f90de57a408e8e054330

SHA256
828fbcb31225502b229daa1c9311aca1c008f12730270df2a072ce2e4799d4d3

SHA512
078f673200b04e3bd230f120fd7c0a5a8f16f11f1eccb54b44fc609293499b60453014900316e9bad0c7f9734dfb416088ecfc469b8feb09c64f9f2bc45299f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\index.txt

Filesize
290B

MD5
6308aa4a5bb7f695b68aa1e044c2bb51

SHA1
5c6fa6741af2208e122494fa395194665194f010

SHA256
f97158273a069aa00d21e371d02fc5b0496b1a0c45b55ebcc964d82dc1535993

SHA512
0af7369523e029699487c4a43b86a670773293a9b25c44a4f14ba7e115f7862213a5cb169ae353916c29d2c736e140b9d4f74b03e7d79b940ddb0baa61656544

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\index.txt

Filesize
359B

MD5
fcb6cde6b36c3608302bcb92a4c38551

SHA1
d3a2aca119f2c5f28dfc765c31369715379166a0

SHA256
87942b4f01e466f0d3a53b23cc5f5914736af23f0bd61bb3e569a11e02f22353

SHA512
911f12920ba9216915e907ecebd125a3cac1a7302b3e9c8bb249207e734fe7f37894eead7540b1acd6cf9cceaad899ac3e925b5648d8f53d428200838533779c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\index.txt

Filesize
354B

MD5
ff3852d9efcd7f115dada858629fef8e

SHA1
f30a03d3e8381c5e30bcf4d71ea8ba70a993294e

SHA256
9ccb4279eb2d332399f5b4bd03df69df3124241dbbe3760518117c1c57b14c32

SHA512
3c2ba109fdf31f262661e94a48b0c699f0d34e67059d3fc1f029640aaa0f3466b3bcf70a5a0a709f202972056fe2bd5182bf171a68b1648584eafcc4728d9768

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\b83df0e93fd18ff75bc71615a01bcd30dabd5704\index.txt

Filesize
35B

MD5
4e075fef575216a5be604ff489007bc4

SHA1
07be26bf727b123395be443a9245bd10da60ab12

SHA256
f2065536beaee87b9034834258cecb9b53a30f0c61efa4749583ff59c5e79b64

SHA512
7cf1df56abc2e10d8785f387a0df7cce9688c6c829c467d8a07e2edcf64d2ce38ad3bddae50cdfa4c81bdf009501ff4dda0dec9096c057ab5a452a0b2391c292

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\b83df0e93fd18ff75bc71615a01bcd30dabd5704\index.txt

Filesize
99B

MD5
5676cec770798cf551dd68a32b64cde1

SHA1
30adee9d08d1e2b083fa942747c3fa54d30492c9

SHA256
70a8885ef8578e9f5ef8f25ee2bb079eae66090437182f6a33f452d25e4a4a43

SHA512
56fdc9587771ca5e60b4bf15bd09488e0af10a6be261ecd2f4b05b4f79d4e5b037957a28af43e2c249ea76049cab2ed249b5282ac04da54918a2743567bb05d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\b83df0e93fd18ff75bc71615a01bcd30dabd5704\index.txt~RFe58a9c8.TMP

Filesize
99B

MD5
5f6a613d1df43414ab2775f130137dfd

SHA1
cba2f74faad2c7599b30131a882237ffeb6fee64

SHA256
284c63971b794eccbaaee30fcb9e987e4724fce1c0f2fad07fa59d2ac882cf35

SHA512
fd5da27f97273c322bd2eda342e10df682f5bbd0ffcfcbe9e3ffb60411a1a9ecf42069c8e3df66462250807ecb4d87bdc8a3816110569f46e5f9816b59cc2018

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
66805a0ef9b0d58241e44c8455eefc2c

SHA1
15d94d2dce2ceae8a9d8410e7efed525154c8f6c

SHA256
fc99cff61bc79ff99d6e716e2132718c48dffcfb95490a6561b552df122ecce7

SHA512
3f9d843063151a388d1a28b851ce778f02ad24f5f73efc859f0cb0ae1540c3c78f0b171623a174a2898ae2f8ed2da7d505d053f55c9c00421e1ddefbe2e7b9cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe588855.TMP

Filesize
48B

MD5
1e65f927a1066e56830e8cfc4bde4576

SHA1
366ee224dd7300aafc1b8b3d4d43f576b8727114

SHA256
e2f1c20e3934f2c7929ff224f470c1f047159c22019d1ed96a1cef33a666169a

SHA512
bc86507ec9b9ef6deef8ce1ea023de09e2ebe1360db8e3ddce20f3b56ce090807e23ca98abb121caf3c6e48b893ec8ab0fa85ed2417502092476bf2ac4b629f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
47c23b5c75df02ceee47321562045c34

SHA1
d2da31537b67b326060767cfb81b4a3220019c42

SHA256
a33aa8252061f939d0c7a5722851298d9d88afd0eff7cc6eb3714e66c3c17b94

SHA512
a0c22437a3c2836d975f6ad780f7a67b4b722abcf93842f1ba9e58599d4c4e4e611c135ea85ac5c64f7c937b1784f2e4708dde3dae9108da5d357262844a931b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c7a638cecc20fa6ec897f3335ae083d5

SHA1
5faef52829626ebf12d90642ae6d231a0e4a0430

SHA256
bcacefcd988b9b97ed9a85eec4ef821e31b17def5c3ad50077d9e41137c09370

SHA512
d0b48923d2141ac9b32e9134e7feced6c0b627faae46b8735ac4810f3901b25cbfa9d049a456b637d66b323d92bbc62f4c3d570cb8af7216dbc3b4b350a6b30c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
2f7c2ef707bd4eda6129ec1d5d218bd8

SHA1
cb3159a85af187aa0311f90cae3eb2f4b13fdb1c

SHA256
9b386febbe5f255c191902245fe73807ec09a8bf27e1b7ff2d2e1296feec94d6

SHA512
b73da16f48710f8acadf10dd0291bc6b3c8d24b9433cd442355ccd32e17cbf64f9225c6c044a8e8d979712f0976ffd1b3721ca8bd4cd4f9b20e72cb79ae376f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e6f88ec39b54a4ce0b290afe12722eee

SHA1
a270014543657d99f2ae44bce691efbd4fd27850

SHA256
571c07052d2808e100edb00e9af1009230d674a47dbedffb35e8ac4880831667

SHA512
6f0369b3f080722fe0e2aa185d802d30497c0cb0155ba4a9215c1e8e8ebab5ac382200839531c1c6daf479c0092753cdb73c1da3f5c6dd6cec52621688f316b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
374b35661873862cac5c0a887e1b7916

SHA1
48c48d41bd6cccfc9f7502a1395d3f1a772c2d05

SHA256
cf9d8d392538149a6f886bf7e8b6f42b43a7666416b9f6eb41ef0abdace214f9

SHA512
c0a0793c024e4b144cea5f802c5f1879beabd51aefb8fcee4ae92d012e9a61f656813aefb439ec3666caf6bd30efe42398192a9a24613a5c8fd2ce7376bf414f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
04ab0d444af8c0842b9279fbb92b31cc

SHA1
49c0c641e5bd834d5a971824246f329bcd10af10

SHA256
97f6f25ee78e0a6c608f5986982c8cc607a0f269e53e140b90957510f7c2767a

SHA512
b702c47c4666972b5000f008a3126aa145ad303ae8d0fcf860ef8d1b899ab31b3ee887b06f4f7a10a5b3f95626be9fff9c1f7236a4011cececc682f09e0647ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9fe9b26f28a7c697c77ab8314fcee7fb

SHA1
3fce48258bf0e47bf7989f14f5ef68a427c772ba

SHA256
800c2c4ca3fa5b0a797d1dde05cc6aeb08a6678e64dadc8b7a6227554c3d439a

SHA512
e4e5183ac976372acd09b38149d5290ee85fd60557c4713ea0b969e7027c2269bce5486b8a7f496f9efd9865c6f9329ab374d12957d85dc3243ae96d61e63c80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
166bf34586e7e35bba4f4809dafb3f1b

SHA1
23c9eba4591ab674a2dd7faaf84f1f59e602963d

SHA256
b7c1376a7a9b92c2f400392ad4028597f63f3ad702beb378a65573bd7e16dccb

SHA512
e358cc15d2e15e155501f73cb12af36dc820b5278e21421d24ce76c7138bbaad3b8849d26ae6e5087de9ca14504611b4fcbff9fb90fd0be40967c2fca8250483

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
f2441f8aa4382dc29aba22e8afdfcf84

SHA1
b5491560287cf8add07c4c30f185fbddcdae90db

SHA256
0552dec5d10cf45f469365b9dd0829a13e98dc52de2c06bb40e8920962527640

SHA512
ca8baf7c3bed46b5f3d7883a59c6674b965b778d9bf2b9bb6303c66c1c16f3fcd972a3e067316fb7959dcaed8bbbb54b041785c10c96dbbaf0288b5039f9970f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
c1e5ede074839809eed8fe202582ea96

SHA1
086aa2f21cecb6e6c290829a6901ae171b94a80c

SHA256
9a6702b677c85be2e42853960ff5500dfbf2a468baf1cf38821b739749a29da1

SHA512
a90a943834cc4386904ddcf12406fcd11e8da1edf3ec904bded9bd2a1362c3feb1836dc7e7fe9222d4277bfeb995cb81a4d15e1c1fc45dba11b8f44c22dabd14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d3f9.TMP

Filesize
534B

MD5
23a1e30efa7be8ab60f6781a2b6011d2

SHA1
61e9733ef5bcdde0314f6300d52a81a2fa1448c5

SHA256
c2d95e68c55f792bb4c56e8db9a71ee8ebd8aeb6767a30fd1d79082953db8583

SHA512
2edc7c4130de4089fc2882be9a85e47fe753acf55569c6a52dc195e7b402699095a65e4eb399947fceeb7eddc13dbb4a491260923dec1501d21fd6e725cd13c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a75520c7dec449d4fae761faf5b1f745

SHA1
c37d08eb8a582c8a7197e2c6b26ed6e35f567c88

SHA256
44bfbe4c88680a0372d9480bd2b932c19c0fb1092e427bbe6765f3586c1066c9

SHA512
1ca2ad173b5cca9e3b53b5b4d7275f11863ebabdb6af6f7b3abe3017dd4b2c654b45475723954e7c90d51731792e092ce7c12d33dd7e114855704e59547e66fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
097d0edbbe989cf20cbd99474d2fa030

SHA1
a846f2612dc9cc0f04a2aaf8662f2c2f79ecea21

SHA256
353182ff08186db745dc0041bd4bf8abaede9d052fed820faf033b6ae24e81a7

SHA512
773456777f3858d2db190cd1859f43b6cb5bae8b51eb7ef6e5ccfa5ba4eb64c2faba451a9bb1f5829648c505946382555bc943169fb70c8757f1320248e09033

Download Submit
\??\pipe\LOCAL\crashpad_4156_DURIRWEHJSNEPNHS

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit