hxxps://www[.]youtube[.]com/

Analysis

max time kernel
146s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
21-02-2024 10:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3852	msedge.exe
3852	msedge.exe
116	msedge.exe
116	msedge.exe
3664	msedge.exe
3664	msedge.exe
2528	msedge.exe
2528	msedge.exe
1860	identity_helper.exe
1860	identity_helper.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 116 wrote to memory of 4272	116	msedge.exe	15
PID 116 wrote to memory of 4272	116	msedge.exe	15
PID 116 wrote to memory of 2384	116	msedge.exe	74
PID 116 wrote to memory of 2384	116	msedge.exe	74
PID 116 wrote to memory of 2384	116	msedge.exe	74
PID 116 wrote to memory of 2384	116	msedge.exe	74
PID 116 wrote to memory of 2384	116	msedge.exe	74
PID 116 wrote to memory of 2384	116	msedge.exe	74
PID 116 wrote to memory of 2384	116	msedge.exe	74
PID 116 wrote to memory of 2384	116	msedge.exe	74
PID 116 wrote to memory of 2384	116	msedge.exe	74
PID 116 wrote to memory of 2384	116	msedge.exe	74
PID 116 wrote to memory of 2384	116	msedge.exe	74
PID 116 wrote to memory of 2384	116	msedge.exe	74
PID 116 wrote to memory of 2384	116	msedge.exe	74
PID 116 wrote to memory of 2384	116	msedge.exe	74
PID 116 wrote to memory of 2384	116	msedge.exe	74
PID 116 wrote to memory of 2384	116	msedge.exe	74
PID 116 wrote to memory of 2384	116	msedge.exe	74
PID 116 wrote to memory of 2384	116	msedge.exe	74
PID 116 wrote to memory of 2384	116	msedge.exe	74
PID 116 wrote to memory of 2384	116	msedge.exe	74
PID 116 wrote to memory of 2384	116	msedge.exe	74
PID 116 wrote to memory of 2384	116	msedge.exe	74
PID 116 wrote to memory of 2384	116	msedge.exe	74
PID 116 wrote to memory of 2384	116	msedge.exe	74
PID 116 wrote to memory of 2384	116	msedge.exe	74
PID 116 wrote to memory of 2384	116	msedge.exe	74
PID 116 wrote to memory of 2384	116	msedge.exe	74
PID 116 wrote to memory of 2384	116	msedge.exe	74
PID 116 wrote to memory of 2384	116	msedge.exe	74
PID 116 wrote to memory of 2384	116	msedge.exe	74
PID 116 wrote to memory of 2384	116	msedge.exe	74
PID 116 wrote to memory of 2384	116	msedge.exe	74
PID 116 wrote to memory of 2384	116	msedge.exe	74
PID 116 wrote to memory of 2384	116	msedge.exe	74
PID 116 wrote to memory of 2384	116	msedge.exe	74
PID 116 wrote to memory of 2384	116	msedge.exe	74
PID 116 wrote to memory of 2384	116	msedge.exe	74
PID 116 wrote to memory of 2384	116	msedge.exe	74
PID 116 wrote to memory of 2384	116	msedge.exe	74
PID 116 wrote to memory of 2384	116	msedge.exe	74
PID 116 wrote to memory of 3852	116	msedge.exe	73
PID 116 wrote to memory of 3852	116	msedge.exe	73
PID 116 wrote to memory of 4292	116	msedge.exe	75
PID 116 wrote to memory of 4292	116	msedge.exe	75
PID 116 wrote to memory of 4292	116	msedge.exe	75
PID 116 wrote to memory of 4292	116	msedge.exe	75
PID 116 wrote to memory of 4292	116	msedge.exe	75
PID 116 wrote to memory of 4292	116	msedge.exe	75
PID 116 wrote to memory of 4292	116	msedge.exe	75
PID 116 wrote to memory of 4292	116	msedge.exe	75
PID 116 wrote to memory of 4292	116	msedge.exe	75
PID 116 wrote to memory of 4292	116	msedge.exe	75
PID 116 wrote to memory of 4292	116	msedge.exe	75
PID 116 wrote to memory of 4292	116	msedge.exe	75
PID 116 wrote to memory of 4292	116	msedge.exe	75
PID 116 wrote to memory of 4292	116	msedge.exe	75
PID 116 wrote to memory of 4292	116	msedge.exe	75
PID 116 wrote to memory of 4292	116	msedge.exe	75
PID 116 wrote to memory of 4292	116	msedge.exe	75
PID 116 wrote to memory of 4292	116	msedge.exe	75
PID 116 wrote to memory of 4292	116	msedge.exe	75
PID 116 wrote to memory of 4292	116	msedge.exe	75

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe1a1446f8,0x7ffe1a144708,0x7ffe1a144718
  2⤵
  PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,4042579439046036810,1273392402079472387,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,4042579439046036810,1273392402079472387,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:2384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,4042579439046036810,1273392402079472387,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:8
  2⤵
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4042579439046036810,1273392402079472387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4042579439046036810,1273392402079472387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4042579439046036810,1273392402079472387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4042579439046036810,1273392402079472387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
  2⤵
  PID:1420

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4572

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe1a1446f8,0x7ffe1a144708,0x7ffe1a144718
  2⤵
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,4868472492105359931,7520933236968562465,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,4868472492105359931,7520933236968562465,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,4868472492105359931,7520933236968562465,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:2660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4868472492105359931,7520933236968562465,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:1316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4868472492105359931,7520933236968562465,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4868472492105359931,7520933236968562465,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4868472492105359931,7520933236968562465,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:2088
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,4868472492105359931,7520933236968562465,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8
  2⤵
  PID:3368
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,4868472492105359931,7520933236968562465,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4868472492105359931,7520933236968562465,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:1676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4868472492105359931,7520933236968562465,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3836 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4868472492105359931,7520933236968562465,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,4868472492105359931,7520933236968562465,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3616 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3396

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
39e5f7d169a91e3a8fe202d6c92e35ae

SHA1
d6fa61b25d54a363dd582fddb8f35a8b5b89644a

SHA256
1e6f3662cc0e6c833350ff8e726d85153ee3403ecac5b3ec8c1b50b429a92e64

SHA512
78aaadd80c0df4a1aee9a3623c53a9f6c596879a3edaefae8f6304c9b4f8954055a04a7f6a8009b8dde49abbce5dbc215586c622566934c3fc4eb635c21b84f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
efc9c7501d0a6db520763baad1e05ce8

SHA1
60b5e190124b54ff7234bb2e36071d9c8db8545f

SHA256
7af7b56e2f0a84ae008785726f3404eb9001baa4b5531d0d618c6bdcb05a3a7a

SHA512
bda611ddba56513a30295ea5ca8bc59e552154f860d13fed97201cdb81814dd6d1bca7deca6f8f58c9ae585d91e450f4383a365f80560f4b8e59a4c8b53c327d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
433313ccaafa6e74b0a35bd7efefea9c

SHA1
76aa27f58fb3e72b2295ed7d4bedf7adc020f921

SHA256
a5384acef8aaaeb55a3b8f1e6ec7bf06b4582a848fe7c2fa73aef039712f7a20

SHA512
f69c99190022f712720137356b6f3bdc4ac9699aac4a16332603224ad1e3225307f505c6865cdf13780d5b5fcbb88b870158e75a193b318a8e8568f85c007fb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
a6f4c35854ee55f0c9d2a951d1ac81d7

SHA1
9cbaac19c078ca43380ded8c53fc604e1674f987

SHA256
342d66340861cec95ae2e24356fcf6f5f8cbbcc0eafa0d38d7772524faecd38e

SHA512
f65a67ab46d58b5559d053dae313f67cf54e1e58be40f0661c2255b476ace0cdaf82c6634f477aa3274484c19dff6e993bb13b174bcb05d5e35d34535e9b987f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
2606f749581e257f8cbab5ee294c2c46

SHA1
d61b459f3b5dbbae69e5b348ea71f962760f9ad8

SHA256
1ec05a24f3470550a196e1cf05a37764f85a35a6e22c2bf8ac6b75fcc1baac7f

SHA512
ce62f3b8b36c17f478e3c37c6e823eedbcf748f1626224e814149e841efc9a407c2ec2a98593d6864a22608439e2330f6eb36822ddc34ee69bc5bb3791cbbc1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
0479770c9fa809e852c2a3d53160d16e

SHA1
a089884be3e7bd9fda49d2014bbd81f13f0824e2

SHA256
b59f8158605cd988e010f47d6e45e8a3dc23a9776b3c8cab87feaff0b76f6b3b

SHA512
479ca9632b7079fd10ad418af7fbdc7f0ee70ad75c2bf1aff76cef492b740f1057156c781809ab726cbee4739d26884710833b8906f71c306ce0c5accc0dddf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
1ca2357ca1b1d58033f20f09f1112ef8

SHA1
fc25ed8d259d4ccc41121918015dfbea5ccf567c

SHA256
c6340130cf2dc419ddc7f824ebb9f7aa27310f2eb29628be6e7c514aa791f1a2

SHA512
1c47c9f1b80af881c3f5094adba8efbebb2b346b989aa8945391c95edc42bfa5d47a885805e757d341ee9717e6461aae8c380dd1178c9376c81f398cb0591244

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
56c033e189382ad5d0c11ad2f7501d23

SHA1
ca1fabc0ef2054f0a36aeb60147eaf560316b9b1

SHA256
01976fefb1fed19db7995f26242d12752e22f6807f04340a9c2543686c1e666a

SHA512
ce8e852f94759348b952b1aaf466ded3597ac14ee89880870bcd0597f61bb098c78389503dbaf7b22de395f6198be2124218d8ae4ecaa9c5a126ea13ca8e7d13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
cb1850efbe776c99dc1411357eccb517

SHA1
f5cc4d466071a775a5272feb89aa92e11849c896

SHA256
311040bd8caf391bdf572565ac2e5a73884a25774b660d7d291ff7d26dc25981

SHA512
0101f08f0ab83c134d17d34cb0e44da7250a8e31bef609c944d32bf032714f65aedff2946ac043b27bc31c7154b5881f4efa84d023208d8b71f1e0aa4a6d0f3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
6ab702fddeb0431065266cc4f0ab151a

SHA1
424be2b23b335ab192e64aad40a3b1f0f34bae7b

SHA256
85c1e6ca6324fa071e72c777124c3839175b39f73cac7aef3f40416231f94949

SHA512
21b55f144e359a722fb2170657eeea0789bef2110ab0081f973b673d103d55d3c2f7de1f847610dfece42c9dab35113570d919ab100e3f127fe00f91c297bf32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
326B

MD5
81a316a9637601eb52e1c356f52e817f

SHA1
817c652c8298163a20a5cd554372ee5113af6ed2

SHA256
74f8727b09e83d6cacc404b8d20a2790e50669ebb6472a643b470438d258131e

SHA512
f166c11788e7fa487555935f0aaf965c40a2c3287b0ee6350b87fb3f78c8652f5d02a111dce085921fb4a29a20727fddf0a15f7c5a087fb021ccfdb0216411ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
8KB

MD5
51b80957902d092c98097ace14de46ef

SHA1
8bf6ac2fca9035c6db88cc9ca946e66b3c6bf7e5

SHA256
0b29f6f9b450a68f1558d85e6d3b73b9defdd5d74bc6404bd98f4dcb97d88055

SHA512
4eff53f5941721dcb72149a1c7e9253e99bccd5f0ab9de974953e984d993538269ffa45f171fa5afb8d0c766d0f4488d9f1362508ce3c4c61edd50e231550ae8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
93B

MD5
c796765c99e228b2479a4f9d8e68e7b7

SHA1
06dedc2e6760d6da3d5309ac38dd2b08023a872e

SHA256
35f27b408d007f9a67dd5fc6c2654470c15d96185241b33c7e0e8e117a030ce7

SHA512
86caf515045730a2ad346acefac28c7ed77982904d5b30a5d7fdafbd5f033cc6d12aa8296ecc0c2e29ef27881eb596bad81beca7a3ca3ccb177c6306cca9fd61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
b19ef8f66d431f22c1c0b95452588a79

SHA1
26ae571572bf422c3261028135012aa8cbc1a2b8

SHA256
27792e4d2ddac816eedd7a285c4452a22677e84e161f89ed663825e1f8470044

SHA512
717ec3d17ca2706b45da30657a7cbce6c553a6203857a96b5e3bc9909a4e7bd0a5cbf106a50b6d3424966f39ffe5beff4ac2112beb25505763d76d248c91544d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1012B

MD5
617938725896ff06f83fd8e56936b919

SHA1
f26862764489efa20b83a0490228c003564314f6

SHA256
0bb607e3fca23c790e70c282186a73af25c4a00ab50f355935fb736f060c7140

SHA512
e73fd1bd59cedac97768b2443c86951a345ca44b904682a5ff41f7a36f7e597c104000a3c2df42ec50e5e2f99e2dc724f699c5de0dbb041fa5f83a8427240616

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c3c06182ea0b44dd37bc090db28293a2

SHA1
98ed6526ffa8d4338ef8c7454e42718a6d0da15e

SHA256
f1b9911107bcece8d54ce684382f3dacc43a84e317a62b3d1365946d722d83f2

SHA512
a45f3a6f714d37c2b07eb3150a8bad096ab243cf1bcc2d6d0c8d7d8a702182fedc9c46bb4118efc0cc0b671817cfe9d1f11cfa0d5a6e91984800cf8f1dd760db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2fed0c1021cf2da6dcf5d22016363af3

SHA1
3584acc4e40249ebb72ac16ca4e90c851a52facc

SHA256
824e261ee9de31ed24c3bcd3b7ee159fb4766591ef3cebcd5220c71dee4e66cc

SHA512
51f1fe59ca9f7983dcf2ccede156c77eada6dae8188afba6322fb55ffc4906570a2538d7173ec9dedf917a6de85584681d3c8eefd2141c4e2d1c7d5abf4e5258

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1810834f5e7fa0e7ae0f7760843ed94e

SHA1
e18433dc519ded0af0abe715e2c3b460f104e46c

SHA256
2df8cd13e64bf1641a444c931f11de93488247ecb43215801110d6de97bef1a6

SHA512
194734eb8e730685121fa16ed41df207f8c6de21a8cff87e1454c2a4fd4f0e66459b54c948ee7dffde915e663f7b190d54f26e493d3430973079aac0eb857711

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
04453cb2e1aaf17a67fdb58a9a903187

SHA1
7e6463376185d762f6c1ad879fd313d3c63818a1

SHA256
7db9adc55d70b5bc64ae3306ce494f609f6b35c202dc5dfd44cc9b11593c50e2

SHA512
fb17ddf5ff10562be9121aa7f3e8b87882615586d4262088e7038e9110242118b66fa399e8c0a334eebe5e183f4a5786d6fcde5ca5a4e39da79b720b47bda566

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
8e457b86fdda23c4d49f9a4585b8351d

SHA1
655694c8a2038c22c804af5c80064f342d8fe1b3

SHA256
15fb172756e36c14c419f615463145879f1893602e674cfdf4e130fa588f4659

SHA512
644b8705fd4b453de09f2ff0438a547379245e25e46b11c52b30a8e69a88655d0cea3bb685b4eb00c739b730c76f0adc32b6d5ef0f599b8066365908a7590ad5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e029efe70912cf57d40d04c01776d41d

SHA1
94eba5604a8e4523d23565ac3ebcdcda4005e4eb

SHA256
57cd696aea3594a27f18b3636da302823ca687c6a326ff9ed2b578a23a96ac37

SHA512
3c380b2c1530a103030562135f9b71eb36a15c49ea96082f64f717e7045ea578ecbec2d1f53cd569d720f7e37a3c091f9bc6ff3dfecde6775658c1c51a03f01b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
313B

MD5
2887a30530306e170f794e0e83893ebf

SHA1
7c193faaf819263ac6a0ac1af6b1226b459f1273

SHA256
8a760b01daa62612b4f865914aada7304cdd5ae1ec1729aa4407f627dbeed3b4

SHA512
f58a6655258c593315369233b4d3d782467b457c1c056d7fc1eb5b83effec4e300988aa8a505aaac7041fdfb70a480bf81f9fadc3f10e3f8e2bfcb649c5d01c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
5cc15b693664c1a397e21659decd0191

SHA1
e8aecf93fd4df6641750ab83ecdf803aeeb5ec9d

SHA256
b955b54efd33c5a847e55023e71beab7f9e1f8444bcf9ba7f9f368fdc8c136c4

SHA512
6b93f821badca21fc42f08ad7f285646e92a59833693cd855c4040bc2e86ff9e8bbe679a96f83d96625e6be08f1e6ddc905594f10d665f394338fb96ae445bb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13352986081890372

Filesize
3KB

MD5
81f68aa814f7f62844b14e3b26c9fa1a

SHA1
79e669de641006d29a766952dc43b512e587f9a7

SHA256
99d3b1a02896e9f434b95066eb07bb1d41d9e465ed42dfa8b87ba0783d19bc07

SHA512
6034372866aac2e01efb70397c5c2273fe78f2acd76e0faaa1eda25718ee29076a554bb7b479fdc4de7c4fbcf5367f87925b8db0a036a7b293fe2a8a8f4869f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13352986082730372

Filesize
3KB

MD5
b4731b8a4b6e6e036d471d45da59dd59

SHA1
2d967f6512fffd6b2648cb809db38727a45d83df

SHA256
816d5817feb68317b55433dc0f7610038945d7db0331f76cbf327bff3d539c8a

SHA512
4d5608bffce3e191c845ce47939d361065c7cc9b196fb572e4bda99e1b8494b2922551126055290a9f4da9f42924c6387366db943f1951bee86df94ee9bf7630

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
a42e66e659e11afa518ea202bd0d8365

SHA1
44c00874d2ba7e4fcad2ada5494b78e3580816d6

SHA256
863813eb5dc1df00c3ce430ac801cc5b9d10d91660b4c197171a78b537b8a03e

SHA512
b11a9358e06e43bed26a3b2f86d7b8bf2d32fea9b98ae304779b9e34ca9ff1ed21f457d7b5fe9e717a7937fd4d76ae7c199e3ead44ecdec0d4d68b1656d22339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
f804816066e536055810c518784e34f1

SHA1
996d55ced0f085fbaf0d7f1b1499420b505e13e7

SHA256
bfcc210b01c6eaa5c53c5e3d01c78a49b8fd17c944da0353bd3287949803c5f7

SHA512
473db5c6112ced1aa937910378ff88072c0a2a9e81a3006363386f5d120b6b09645477f88efa6d22350c7dc469860dc55c41d8dc826ba4a1eada0fa1e070f68f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
5237643ff0a036d2c2111cd9bd93bd7e

SHA1
f37329542061e31acb6f14f360c2317ec5f70c9c

SHA256
74635a69faaed65aeb1b0bdb01327621fe17ae6099030180f13bc77d7ed945fc

SHA512
368e57c2a65ada82ad2fabfffbf83f3b5cb63a12a972c7fe4d0ef7ad6850c37f3173834207bf53d16af17b77a19313d5ba8291b787cb7123d991bbbf200c7250

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
77a68c98abda9aed26f8d41a4e14a2cc

SHA1
d9b5945a748a99cfd60b436a9a90047a1a9b3f38

SHA256
372d7d26ad4dade34a048475ab083d72f10383ac1b41a1ec91352c095d2b0645

SHA512
1eadf5f977a29132e85568fa9b53c6a2c23ce15a377f2dc8e131cc7408b3f858d5ef23792e2dd4931bcacb37a90c543edabcf96a5d1856da1bb08653fb6f7907

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
d5e0266d63ec2ea128f161ca40da80e7

SHA1
471534db434b7edfb12bd589160840ddaebc1a44

SHA256
ae2b9f7a458ab7b7ec50f615e73056df73e7d062fc8d9f4af2b3e7b39120ad89

SHA512
4e0a532636daf3b1c45f501e5b19ed7b20f4faca7cabca01914a940a062ee67e38bed7669a4b247d9777fef12f2a57d0d4cb8e49012b3d348df19b938144aa7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
944680429a6b162fe9d1c6b3e02d7ff5

SHA1
c0d6ded61271ce5fba65f26508430e66c3934b50

SHA256
f84b68f7f7ee833b3d514085dcabc5179841cd056542e8d0f5c44dc12e4f2687

SHA512
0254f7491ccdea5514635b1e06102711566bb0273969a1dd054825ad96c0e05a041759209f5a9d5cbfdbf913a90682a9f36574dd224ba6b604b39870798f74f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
594B

MD5
815f63dbab70a01d17cf85bafed246cc

SHA1
4d3d5fb9dcf562f8998c0a288f1b5c28eebf33ef

SHA256
6116286079c5b62c8246d7452ae98486d4bb9187463ab21f2a35745c86060d86

SHA512
2d7227045ecb37008801f7f6997f35031eb61f14d79a519b63349d0cacd9d76598744652d94ff1978c6d8174c01f33abf19731509c6651eaa09609cd3a0cdb1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
912ec364dd313bbfb937f01042956fec

SHA1
8b70fd9c3d6ea7b3453cd093c0b66cba89fca2e0

SHA256
2a205edf96d6201d84d93cc2388bf3a15ee89452b613f33d0afe45e495b44b8a

SHA512
4b0d25306dfbf00b4feaa6bcc62c58dc02225d6f1b4f5ec1ce071261060bd5c2541a7d15649ef24c636b2e7ad090a96f6374fedf7fac163b7c043081993cb23d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
b15fe0eae8425882af7cf8104c77effe

SHA1
2362cbc25bc6d2a349b836b167c33c02f6858c97

SHA256
508af0c3fa0bee214e1257e4df4d0eaa2093aaacc3db01a2f0cf1b8fb4f7a60a

SHA512
c44c672785dc33046ff0d35b733512e108446695f4bdbf2596e81697d7a25f51d35640c3f6f501da13fa9c30d470e1b9a7d138972b89519ea6fa8a7792b33979

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
a04d839e20fa86a98663489342199b5c

SHA1
7e1368534980954ff2f8a6b7e749a1f1895ac45c

SHA256
ac24558b9cb56e05b6945a3b17b3af0498d82a43aea76823c8b60f11315ce529

SHA512
e29f091634f313074e9d40c2736af0fddae0f89fbbfdec888d00ca365893b5d40b05c8f8e3ca7ccbc0ed5512c3f23056be6a34de709b4c318cda376b29f0f917

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
cd7ebdfdb076026e80b491d8070716aa

SHA1
17a1834da7bfeb07e880c4f75db2e49f9cf6243c

SHA256
64bfffbfe9cc7236031efd7a8665cfa91ea67b5fc6ca2300ada37484b5b26ef3

SHA512
b13bfc679c345ec825337fbd9ccf7aa7efb343ed638f5e81b686dd1b39e32341db78fd0a4b643e7106758935f19129ac04c62555528d54f8879cdfad9f016b0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c7f0e0448cb1a5c7e9381b26ab45e21a

SHA1
92d156479b8486fc2caf82a05728984115e650c7

SHA256
19beb6aabb2dc330ba848b6df99a5c01b240761867492da4033e1d252f46209b

SHA512
8afec43bd11f43b99c84523b8d12c595aba3e6b863b2767b0f97f97e2d08096a8750024dfa12ed8c0c9b60c98ffd62ee3bc2880998bddbd8bf4a9f91ddbf4585

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
480501f358241e1da4af951d42d0b858

SHA1
72a78c0b4fac6da1786634fd3a9dea0e44c0f3cf

SHA256
518c4af2bffa4566afb8684bd9bbdd09c18b799416d4fa0dce4f4190b0f5e3a8

SHA512
15f14750e3a1e11fec2bf1c2a55d175df27281c8179774559a2b70e89f8fc463a3941ca9338365b8f0f46323afc3987b0936fdfcccea742c0c62f144d501d5dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5fe94a9c2426ea548f81f55ac5bc6ba8

SHA1
d5333d56058904220a9d6422b6a8c9373f1adb5f

SHA256
1becb655ce735fe0d51832e0892f87f2422fddb808aa9e8b4e7c2a325808e571

SHA512
dbcc9e178556178aee66a40466aed520eec709a68c6aa272d6c5b7cecf3271ec7feedc08bb945d5270547e597194e6d81b93fa3b5ae8f8fa579be690a810481f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
5B

MD5
3c581f8b2500126db78befad0b6902b6

SHA1
50e19eba75305e691863ae1722a567956667b74f

SHA256
29df11850a0aaba4bdfe14ea87f6cf84c36a93ff8335492f698d02eaa8c483ab

SHA512
2cc02419c634380c3de6473828dbbcb8928c66dbab80c8149e41d50d12db51d198765d2473211cd8e5826970e4d9fa264505d56e3e65cb0165980681718b384b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
93770cbb198c0e5bd009eb751346c4f2

SHA1
dc1fc0b1486069d32582400f195e408a631c2457

SHA256
726813f36e10c389d1e40120fafe70a0b33aed520e5a5c44efe7018d64fd8e73

SHA512
2a5eb9e08dd58df71ae7938447daa707b20bfcab5013052a81eaa4c90d01f5c46ba01c45321e6c78f394bd3d01277e338adebdd2052cf690a5accca2f2ec7984

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres

Filesize
2KB

MD5
8d17dfcd5e5b95dc7f78d285ea02a740

SHA1
632ebbbb49905cc686980ad0e6e6162c9f88248b

SHA256
1e1b8c1675fee8c1d2ec38795d199d4f3993c987464b71636a9a6f331054a87e

SHA512
abee05d1c96948d94c80da905be7d6fc89b2a98a1ac804b573dc7fcbd7cd34d51c9f424f1fdf6206cd2f51625e29827c29199d2f22fd82fedb9f1cc5b056e8e5

Download Submit