Analysis
-
max time kernel
211s -
max time network
214s -
platform
windows11_x64 -
resource
win11 -
submitted
10-11-2021 17:45
General
-
Target
2011-VizSec-Malware-Images.pdf
-
Size
3.6MB
-
MD5
7b78e9ac838082818c7bfaecfe8aaf1c
-
SHA1
87ff7ef37bd35d97ea0316398e762cd642df64a6
-
SHA256
daaa306996365e4f12c89c8e8262d7785eb22c8ac8b2aa077dad328b2db4420e
-
SHA512
7a3a217c1147dbec728403d84c9989436829221ce66b6f0d28555930a9e18eb66ee176b37f7c8d57a8a90c975c0ad1efbf409dc3e906ae2a90fb461bc10dd042
Malware Config
Signatures
-
Suspicious use of NtCreateUserProcessOtherParentProcess 2 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Checks SCSI registry key(s) 3 TTPs 4 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 8 IoCs
-
Modifies data under HKEY_USERS 4 IoCs
-
Suspicious behavior: EnumeratesProcesses 14 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
-
Suspicious use of AdjustPrivilegeToken 10 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\2011-VizSec-Malware-Images.pdf1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2011-VizSec-Malware-Images.pdf2⤵
- Adds Run key to start application
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.107 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.62 --initial-client-data=0x100,0x104,0x108,0xa0,0x10c,0x7fffd7d946f8,0x7fffd7d94708,0x7fffd7d947183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,12720099430071861628,11144803733636617893,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,12720099430071861628,11144803733636617893,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,12720099430071861628,11144803733636617893,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12720099430071861628,11144803733636617893,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12720099430071861628,11144803733636617893,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12720099430071861628,11144803733636617893,131072 --disable-gpu-compositing --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --field-trial-handle=2132,12720099430071861628,11144803733636617893,131072 --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=5056 /prefetch:63⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.62\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.62\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,12720099430071861628,11144803733636617893,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.62\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.62\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,12720099430071861628,11144803733636617893,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12720099430071861628,11144803733636617893,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12720099430071861628,11144803733636617893,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12720099430071861628,11144803733636617893,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4220 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12720099430071861628,11144803733636617893,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4312 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12720099430071861628,11144803733636617893,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12720099430071861628,11144803733636617893,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:13⤵
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe" ms-settings:dateandtime3⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,12720099430071861628,11144803733636617893,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4956 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12720099430071861628,11144803733636617893,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:13⤵
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe" ms-settings:dateandtime3⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window /prefetch:53⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.107 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.62 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffd7d946f8,0x7fffd7d94708,0x7fffd7d947184⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,5476587056678860604,9377167250141228247,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,5476587056678860604,9377167250141228247,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,5476587056678860604,9377167250141228247,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:24⤵
-
C:\Windows\system32\sihost.exesihost.exe1⤵
-
C:\Windows\system32\SystemSettingsAdminFlows.exe"C:\Windows\system32\SystemSettingsAdminFlows.exe" SetTimeZoneAutoUpdate 02⤵
- Modifies data under HKEY_USERS
-
C:\Windows\system32\SystemSettingsAdminFlows.exe"C:\Windows\system32\SystemSettingsAdminFlows.exe" SetTimeZoneAutoUpdate 02⤵
- Modifies data under HKEY_USERS
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\ImmersiveControlPanel\SystemSettings.exe"C:\Windows\ImmersiveControlPanel\SystemSettings.exe" -ServerName:microsoft.windows.immersivecontrolpanel1⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s BthAvctpSvc1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datMD5
a2fe2972c1054ade67296c5f0257be0a
SHA11ccafd0282ab039ae624ffb0fa5d2203e18ef78e
SHA2560785cd2a6ab2abb13394da20061a7768cef827de5764c76d00e38bca17202bcf
SHA51263c508b4c2897918a038764750c05793828e12167a636baf526c0505da766f8add89678eb82a3acda083e8cfec00fa002ce8648b33088e9a5222927823bd2db7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0MD5
937f70f44ad5f3075a896f4d41e4c778
SHA167296c8dd317a166c8fa61cf5d25cdfdcc096a3b
SHA256edb0cb6eb38db82f5f70b17797309ee3140022022804aff712ca57101f818fb2
SHA5128862544c1f81c2311fb09b83a9b7c6c182d3badc4adc64445bd105651c2d35de1cd5d3ac7905f68408e38770add34300e44782018f2d930b9592f023d53076eb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1MD5
36cefdb5d269885b733cf6540bb3ba04
SHA14071e80cc2c8291b3f2d6d9fe6a64eae4fa074f6
SHA256788d92dfe7f11a3cd8b7437a1d9cb0c94b5674f96480ea898502720513f6cab7
SHA512680a2a3f6d6e9592a7261f1cf0ada9335e6a97fab2070510780bd9db7740d36d7ee0d36916300f57c9690a5b22bbe7c38e64e8d5cf1ed5b2322735849befe87b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOGMD5
24820dc3fdbb92da8b0f86e44cbad81e
SHA1ec370cd8438fe66adb9d85900ba45d7bfce3a6de
SHA256c6235757e8d99f135b06f4bb5e71c4f28f4d19606cf6f72261234be1d1e073d3
SHA512531be669c2541d9c9858abda8616f20a728f3da36ecf77251b29d683fa66a509fa3a9000d9868d892205a762b06219f9bb1f93e93bd110e9638b514e1f927d30
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HistoryMD5
3083c5a59ba7a699368167087f2d4f2d
SHA1764e2ed23c76fb57786abe4e15083042915175c4
SHA256718cfae57eceff9c02a5386bc73c1ee3b1aed3dc2ae701fabdd231246b08d0b5
SHA512fc428d501b7e93b43264c3e28cf5d117f2ba4feab67e55a6bee1702ded1110c19ea0c1afda69821250126cdfd0931ede209899cb73720862e486ec52e636ddd2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOGMD5
88adf45113bf4a299facd34ed2fc335b
SHA19cff620a02c805a0d42762096ae5214639a6bc82
SHA2564b13fc76b5579a9f6be4c62f5c21e74fa7ee1ac416c0022579b6719f0095ec19
SHA512acc0e2ae2722a4d53b78f460eb95c46bf6012e4ae0e0194386e276e5fbc958c785ebe419c849de988b67de1ed9ac7854c8a17c17af844e7b6ca00656893f278f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateMD5
1231418ae02699b39a2201c74c2caf9a
SHA1863afb04776f91120153c33310b16623494bf73a
SHA25625c2b929e4bda8f9278e1fb9bd7017312dcee6f12137b8f19955195cc19a3fb1
SHA512fa99cd1400af72e023b83c1c950414ea7a1d0975d5c6d6916f33a5c94cc0e01de821cc2f4aa4d856e61b2f4969ce2f648642d2b2d8cf1edf2030eda516f8e9dd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesMD5
324e253c00b88028e42ede63d43b4563
SHA151cf057a5547b56f8722ebbf7a2a8689ec9a7fee
SHA2561d9d85ed789b65c82d1752bc102dc304b15798df126657cf2c427282aa5e2d6c
SHA51292f915fe8884be34c49d982098d0d5f68e50b154169d7a6a8c45aae8c4af28f40576dd97e75306a481d309d4b96b2fad108830a409c2eab41770ba30fc884426
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.logMD5
c036a5875b30486f37339ca50c677a08
SHA11055168a4505083c3f4af6dca3e86897c353f081
SHA25640b34fbd8354c2d27a86d58af91dacd45f8e044dc6a69d7534725f3f0bf003ee
SHA512c66057499338c81fc73fafe56bb155f98f332d5e562757b43d5795584feb5c7f74a5738ddd027303726e8aec303e00ad54a42b87617897226aad16418757cb17
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOGMD5
a1870b010756f6a670911f9d7b0504db
SHA1549d2bf5f442f9d91a2c1ffb52ed4191e6426420
SHA256ae6bb8e3ccbec405966f2743d362f886505dac71d7ac9d1cc44c48f431a06d94
SHA512a24eab5132f50b6eaad63892cea0ae7099a22704136a7503db74d541faf11911c4e5717865ebb5c796b598fd0ffe69e68d3d7f6cbd2fa053fc58d63feaaa0a7f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.logMD5
c0fb3aa1fc9875a580f4df1336e97af4
SHA15036ac3927daae2bf2ff2ecc2df0a9ae8c433a0d
SHA2564c6618561fa01fc5229b30af1d94c7e5db622b04efc5f6b74406f304bf49bf2f
SHA5125591ea120e4ff6af5dbb23a2242aee3362a9c597d595d8d9cf690e777b32a5ed6fc2d6ecb57b5cd9eeefb0675c6dd42d51d102b2be338d710842c394f14b5cfd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOGMD5
54065b5c2f472119dccda3c561c49219
SHA10d8ec3468fcd0e8c1739cb73ae64991e5a6a1dfe
SHA2565c45c18eac97c34ed6573a4dbf7ecd7bb6ec2a552f912d5ee3520691b9d2b562
SHA512970665ed8f7e2df836e8d518d25577c59f0e5ece0268ef9b923e01e9e7c83347bc115c2ae36e6d7d66b85af278a981d1692a73b31f8b2102f3bcd5d359e87fec
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOGMD5
3d7f2b6e9f36fc233f5e035b45644bec
SHA14b1b5fff55885d282ba20fda2633489c8c6e9da9
SHA2568bbf73cc764bf6dd78689b2b08e990e56faaaccbcfe629a5c036b48ac7073a4f
SHA5120b24e5941377323dbcc214412deea989c445703a0990abc32f7b507af9bf5de4e4da62ffbdb6148108f43b95178e0d64e6152ddcb029c5e55ef243a81cd859aa
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited LinksMD5
5ed071f696fa3cc06250098fde2b47f4
SHA15bcc23b4e9580d6fce59c88dc64461fdbf6b62b4
SHA256f55ce45c6cfe4a236bdfdde46d908265df11ecc4aabb1345201f5688ec84ca60
SHA5121dcd40d8f718d79eb37351540c807921c9bee16a0cabe793b36fcee14b714950ef676c37775f578c9590dc59b34f0434b987b29bbeaf60198faa0e0fdd826517
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1MD5
0d3cf21872c471c04b01b98a0c9ed6f3
SHA1e65f4d0bd49f1d49acb695dc23796b0d937f4bdc
SHA2563143c59e02db72daf5051265dbc458663bf3c7392507741212fef8b61c13322b
SHA512d500b631ba73d0e20f933a23a395c9cd51d5e2079f841c9f8d2dec300d0e16a2460449d1acca6bca40d684b68b27c1b44158431419c7fcb0a718d166c88f3974
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last VersionMD5
74192ac76d9a4902d5cd66dd037ba596
SHA186902716cc3d9884f1028cbfa5c04af482c12823
SHA2564c7e33ab675acaa508d78e7e0a39c944000cb7e1a2e96605652aee2b162559bc
SHA51275702248c344655bacc0b2a106a24d497c53a33b4d3f40c1d439fb40f9b93eaa644afe7aa1a25abca743128b67e5a0d2bfa08e2c3c3f592bc64aa37a3094f2d4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateMD5
4f611afce08f649783d3c0926448c7e1
SHA15cc7f9e5322b901205624de3829ccf0e82eb0f71
SHA256c18b1bc09e93f315e55fcff3595ab8493bcd1c1bd0e19f3e8f1bdd676b26cfc2
SHA51212dfea0cae80d91e161be22c687892314c75272601849ad3fd2ef8a3db948b027479c32dc6837b22038df10c08e66569b109d36c3e983f5e3923e041d2067229
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1MD5
7c281782f9ecd2eacb28455f2f85aa95
SHA10e3d5314ecd0fd6fa7a55a1a7c458aef2919487f
SHA2563e9c4a49b7d5c96bf07a209ab202cb78fcafa64683df377d97e7ead9de719053
SHA5128d03e6d45a7bfbf3f9d747f09f2d2eece421aae38fcb6004f4647a3989966dd6c982b828987299ec84d6866a0377b9acfa36e53c07b6313b96ddaaad94bb7c77
-
\??\pipe\LOCAL\crashpad_1084_TRXEJQAGTZPDWSOHMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
\??\pipe\LOCAL\crashpad_2020_IDQWSPHGNSHAEMBVMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/760-223-0x00000260339A0000-0x00000260339A2000-memory.dmpFilesize
8KB
-
memory/760-211-0x0000000000000000-mapping.dmp
-
memory/760-222-0x00000260339A0000-0x00000260339A2000-memory.dmpFilesize
8KB
-
memory/760-219-0x00000260339A0000-0x00000260339A2000-memory.dmpFilesize
8KB
-
memory/760-215-0x00000260339A0000-0x00000260339A2000-memory.dmpFilesize
8KB
-
memory/828-207-0x000001E395DF0000-0x000001E395DF2000-memory.dmpFilesize
8KB
-
memory/828-202-0x0000000000000000-mapping.dmp
-
memory/828-209-0x000001E395DF0000-0x000001E395DF2000-memory.dmpFilesize
8KB
-
memory/828-208-0x000001E395DF0000-0x000001E395DF2000-memory.dmpFilesize
8KB
-
memory/828-206-0x000001E395DF0000-0x000001E395DF2000-memory.dmpFilesize
8KB
-
memory/984-189-0x000001FE28F60000-0x000001FE28F62000-memory.dmpFilesize
8KB
-
memory/984-188-0x000001FE28F60000-0x000001FE28F62000-memory.dmpFilesize
8KB
-
memory/984-187-0x000001FE28F60000-0x000001FE28F62000-memory.dmpFilesize
8KB
-
memory/984-186-0x000001FE28F60000-0x000001FE28F62000-memory.dmpFilesize
8KB
-
memory/984-184-0x0000000000000000-mapping.dmp
-
memory/1084-146-0x0000000000000000-mapping.dmp
-
memory/1084-147-0x000002991C770000-0x000002991C772000-memory.dmpFilesize
8KB
-
memory/1084-148-0x000002991C770000-0x000002991C772000-memory.dmpFilesize
8KB
-
memory/1320-284-0x0000000000000000-mapping.dmp
-
memory/1424-221-0x000001E263800000-0x000001E263802000-memory.dmpFilesize
8KB
-
memory/1424-214-0x0000000000000000-mapping.dmp
-
memory/1424-220-0x000001E263800000-0x000001E263802000-memory.dmpFilesize
8KB
-
memory/1424-217-0x000001E263800000-0x000001E263802000-memory.dmpFilesize
8KB
-
memory/1424-218-0x000001E263800000-0x000001E263802000-memory.dmpFilesize
8KB
-
memory/1428-258-0x0000000000000000-mapping.dmp
-
memory/1444-159-0x000002464BBA0000-0x000002464BBA2000-memory.dmpFilesize
8KB
-
memory/1444-154-0x0000000000000000-mapping.dmp
-
memory/1444-158-0x000002464BBA0000-0x000002464BBA2000-memory.dmpFilesize
8KB
-
memory/1536-161-0x000001BDC36F0000-0x000001BDC36F2000-memory.dmpFilesize
8KB
-
memory/1536-163-0x000001BDC36F0000-0x000001BDC36F2000-memory.dmpFilesize
8KB
-
memory/1536-156-0x000001BDC36F0000-0x000001BDC36F2000-memory.dmpFilesize
8KB
-
memory/1536-155-0x00007FFFF89D0000-0x00007FFFF89D1000-memory.dmpFilesize
4KB
-
memory/1536-153-0x0000000000000000-mapping.dmp
-
memory/1536-162-0x000001BDC36F0000-0x000001BDC36F2000-memory.dmpFilesize
8KB
-
memory/1536-157-0x000001BDC36F0000-0x000001BDC36F2000-memory.dmpFilesize
8KB
-
memory/1536-152-0x000001BDC3366000-0x000001BDC3367000-memory.dmpFilesize
4KB
-
memory/1624-245-0x0000000000000000-mapping.dmp
-
memory/1960-244-0x0000000000000000-mapping.dmp
-
memory/2020-259-0x0000000000000000-mapping.dmp
-
memory/2140-167-0x00000237FB5F0000-0x00000237FB5F2000-memory.dmpFilesize
8KB
-
memory/2140-168-0x00000237FB5F0000-0x00000237FB5F2000-memory.dmpFilesize
8KB
-
memory/2140-164-0x00000237FB562000-0x00000237FB563000-memory.dmpFilesize
4KB
-
memory/2140-165-0x0000000000000000-mapping.dmp
-
memory/2168-232-0x0000000000000000-mapping.dmp
-
memory/2176-149-0x0000000000000000-mapping.dmp
-
memory/2176-150-0x0000021802140000-0x0000021802142000-memory.dmpFilesize
8KB
-
memory/2176-151-0x0000021802140000-0x0000021802142000-memory.dmpFilesize
8KB
-
memory/2604-238-0x0000000000000000-mapping.dmp
-
memory/2828-252-0x0000000000000000-mapping.dmp
-
memory/2828-171-0x00000279B890A000-0x00000279B890B000-memory.dmpFilesize
4KB
-
memory/2828-174-0x0000000000000000-mapping.dmp
-
memory/2828-179-0x00000279B89D0000-0x00000279B89D2000-memory.dmpFilesize
8KB
-
memory/2828-178-0x00000279B89D0000-0x00000279B89D2000-memory.dmpFilesize
8KB
-
memory/2828-181-0x00000279B89D0000-0x00000279B89D2000-memory.dmpFilesize
8KB
-
memory/2828-177-0x00000279B89D0000-0x00000279B89D2000-memory.dmpFilesize
8KB
-
memory/3152-190-0x000001D86E274000-0x000001D86E275000-memory.dmpFilesize
4KB
-
memory/3152-191-0x0000000000000000-mapping.dmp
-
memory/3152-194-0x000001D86E3F0000-0x000001D86E3F2000-memory.dmpFilesize
8KB
-
memory/3152-193-0x000001D86E3F0000-0x000001D86E3F2000-memory.dmpFilesize
8KB
-
memory/3504-197-0x0000022EBDD00000-0x0000022EBDD02000-memory.dmpFilesize
8KB
-
memory/3504-195-0x0000000000000000-mapping.dmp
-
memory/3504-196-0x0000022EBDD00000-0x0000022EBDD02000-memory.dmpFilesize
8KB
-
memory/3572-262-0x0000000000000000-mapping.dmp
-
memory/3988-203-0x000001B766580000-0x000001B766582000-memory.dmpFilesize
8KB
-
memory/3988-204-0x000001B766580000-0x000001B766582000-memory.dmpFilesize
8KB
-
memory/3988-199-0x0000000000000000-mapping.dmp
-
memory/4412-225-0x0000000000000000-mapping.dmp
-
memory/4516-277-0x0000000000000000-mapping.dmp
-
memory/4744-271-0x0000000000000000-mapping.dmp
-
memory/4920-182-0x000002659DFF0000-0x000002659DFF2000-memory.dmpFilesize
8KB
-
memory/4920-180-0x000002659DFF0000-0x000002659DFF2000-memory.dmpFilesize
8KB
-
memory/4920-175-0x000002659DFF0000-0x000002659DFF2000-memory.dmpFilesize
8KB
-
memory/4920-173-0x000002659DFF0000-0x000002659DFF2000-memory.dmpFilesize
8KB
-
memory/4920-170-0x0000000000000000-mapping.dmp
-
memory/4920-169-0x000002659DE9B000-0x000002659DE9C000-memory.dmpFilesize
4KB
-
memory/4976-242-0x0000000000000000-mapping.dmp