Resubmissions
18-10-2023 11:55
231018-n3eblafd23 1018-10-2023 11:51
231018-n1evcafc92 628-05-2023 00:11
230528-agw3made73 1028-05-2023 00:03
230528-ab462sde57 1027-05-2023 18:54
230527-xj9stscg95 10Analysis
-
max time kernel
151s -
max time network
158s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
-
submitted
18-10-2023 11:51
General
-
Target
WannaCrypt0r.zip
-
Size
3.3MB
-
MD5
e58fdd8b0ce47bcb8ffd89f4499d186d
-
SHA1
b7e2334ac6e1ad75e3744661bb590a2d1da98b03
-
SHA256
283f40e9d550833bec101a24fd6fd6fbd9937ed32a51392e818ffff662a1d30a
-
SHA512
95b6567b373efa6aec6a9bfd7af70ded86f8c72d3e8ba75f756024817815b830f54d18143b0be6de335dd0ca0afe722f88a4684663be5a84946bd30343d43a8c
-
SSDEEP
49152:0x8KJHkctwJdVlgBq+q1vqtWdhQIajy4AsOLgVv+L3QXz+B7m1qyapDgJmeiTLW:0x8KJX+dVHvtzaj3xWgw79icXW
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 38 IoCs
-
Suspicious use of SendNotifyMessage 35 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\Explorer.exeC:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\WannaCrypt0r.zip1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="744.0.610479694\145511840" -parentBuildID 20221007134813 -prefsHandle 1916 -prefMapHandle 1908 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {30725ec9-a546-4156-a5b7-0f9675e7ad1c} 744 "\\.\pipe\gecko-crash-server-pipe.744" 1996 21691104758 gpu3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="744.1.1973534037\313121747" -parentBuildID 20221007134813 -prefsHandle 2368 -prefMapHandle 2364 -prefsLen 20974 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4865d84a-ce0a-4b08-9e69-eb487c68baae} 744 "\\.\pipe\gecko-crash-server-pipe.744" 2396 2168fee3858 socket3⤵
- Checks processor information in registry
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="744.2.482434097\933018872" -childID 1 -isForBrowser -prefsHandle 2880 -prefMapHandle 3208 -prefsLen 21077 -prefMapSize 232675 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f4962ca3-0e40-429a-98f8-b3b12f1ea40c} 744 "\\.\pipe\gecko-crash-server-pipe.744" 3184 216940b4c58 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="744.3.726724729\1369347612" -childID 2 -isForBrowser -prefsHandle 3628 -prefMapHandle 3624 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2a900820-7a1b-42a1-892d-e35b1dbdd5d5} 744 "\\.\pipe\gecko-crash-server-pipe.744" 3636 21683668d58 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="744.4.1168629563\1589597275" -childID 3 -isForBrowser -prefsHandle 4584 -prefMapHandle 4580 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {420459e9-e5ec-4c62-8892-914ded8ee817} 744 "\\.\pipe\gecko-crash-server-pipe.744" 4596 21695b86158 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="744.5.61715453\880044290" -childID 4 -isForBrowser -prefsHandle 4960 -prefMapHandle 4956 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {80f94af9-384f-4947-b2aa-7931fe6c520e} 744 "\\.\pipe\gecko-crash-server-pipe.744" 4932 216964f6858 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="744.7.1235339990\956232795" -childID 6 -isForBrowser -prefsHandle 5296 -prefMapHandle 5300 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {48787a2d-cd95-4f61-81a6-74629112fdf8} 744 "\\.\pipe\gecko-crash-server-pipe.744" 5288 21696572458 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="744.6.1678537526\1997663417" -childID 5 -isForBrowser -prefsHandle 4944 -prefMapHandle 4936 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f2c213ca-ad41-4129-8343-7e35d5ea733a} 744 "\\.\pipe\gecko-crash-server-pipe.744" 4676 21696571558 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="744.8.1376198139\1108626248" -childID 7 -isForBrowser -prefsHandle 4660 -prefMapHandle 4744 -prefsLen 26671 -prefMapSize 232675 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f1aed3d-d696-4ea1-a197-121d89db56a5} 744 "\\.\pipe\gecko-crash-server-pipe.744" 4628 21683671f58 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="744.9.1297750338\930350709" -childID 8 -isForBrowser -prefsHandle 4992 -prefMapHandle 4952 -prefsLen 26671 -prefMapSize 232675 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {def9d2cf-8c53-4439-8cc7-329ed09b9053} 744 "\\.\pipe\gecko-crash-server-pipe.744" 5076 216946b3a58 tab3⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdcb5d46f8,0x7ffdcb5d4708,0x7ffdcb5d47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,8768316392154168761,13807493046164070555,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,8768316392154168761,13807493046164070555,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,8768316392154168761,13807493046164070555,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8768316392154168761,13807493046164070555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8768316392154168761,13807493046164070555,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8768316392154168761,13807493046164070555,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8768316392154168761,13807493046164070555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4568 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8768316392154168761,13807493046164070555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8768316392154168761,13807493046164070555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,8768316392154168761,13807493046164070555,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3500 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,8768316392154168761,13807493046164070555,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3500 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8768316392154168761,13807493046164070555,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8768316392154168761,13807493046164070555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4452 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8768316392154168761,13807493046164070555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8768316392154168761,13807493046164070555,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8768316392154168761,13807493046164070555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8768316392154168761,13807493046164070555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2068,8768316392154168761,13807493046164070555,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5020 /prefetch:82⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD516c2a9f4b2e1386aab0e353614a63f0d
SHA16edd3be593b653857e579cbd3db7aa7e1df3e30f
SHA2560f7c58a653ae1f3999627721bad03793edc1e9d12e8f5253c30b61b8478f5c81
SHA512aba1ed22c7b9ae1942d69a7cd7a618597300ae5c56be88187ddec6227df056f81c1d9217778d87fa8c36402bce7275d707118ff62d3a241297738da434556e06
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
528B
MD5089275a3921330deb80f40ac9afc6390
SHA1a7503b27302ce0ee4f67aaf268c70ae16aeb2f38
SHA25686a7b50c1dea96b82e323933399dcb8a435806cf34682cb0a4923a1287648532
SHA51260f25711f03638f07ba6cba59853baeff05f288c30ff23ddb4c6c74468ee540f9ceef87aa7d2bab2a27a3399219f67c86c294c7ada71cc3e4e7b3a2312fe7d69
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
120B
MD57354c2b500a6987a03c60c007a73b553
SHA1c7e24912c24fba27524119d2aa4a66fc1f485cc4
SHA256935a2213bf3f962367318edc16be27a03b04120332df68f7fa4e4056c1e27fee
SHA51243667fb0f25d991680aec499a34b98c73cab31a48d3aafecbcf07fee947091baf671b8f1417d8e09925903e2c4503b91c5cb0c8056576a87bf6dfc2ecac8cf7b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
794B
MD5eded067207dfac5a4779eca96aed4c0a
SHA16c3bc4f679fef506236999425129958e9f0094b3
SHA256455e1fd76bf4f6720bdbcbf6177d8fe5b6bf336f46b081c29eac4e40ab1a853c
SHA512901ce9f1556ef6255045ddb4ada66854ebd7f6cbd5394a70d3f7c1564843c56d02459bf6f07861afdd17aac708e4797071e9ad663df0b77036b9d4cba7307a45
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5f464faf55b802ef801c50448d5e3899e
SHA103de932ab13dfb787eab11b9f8ca861ece8494a7
SHA256e7ac8e3559f0431aa3bf09d96c07e4460005b77f06f6f7327a5344fcc4ba9408
SHA512cb8924c8ab1a43c122a2e180032c763358d1a48d6f3ebfff2cf5ace5278efd90fb68469dc580f3c66db5ba2b0ad55c0d116f5b321ea21cb5af9c85bff0520e63
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD577a3deec04417baf64daffb28cdabe76
SHA15618db33cf71d592fe87bdabf26f503d0efe481f
SHA256027c4fccc72347103cd89966defd3091ad542f54496ef14000115fdd12933cf5
SHA512f3de0e09734af9971b9ead163f87592e6723e45994fbe790bb051fea9d38ddee0a84bcc299ab9e0d5eb0eb0cb75ee25e2ca32167da3b90d04031aad05d6e2299
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD535e29720aa4e278586c55c2969067667
SHA16b6a83a4318816b410ed8a1dedf9612ed8aca9f5
SHA256398ee4e4c4213c425d06ed273e87887b2ac4b77e7c3da5b021dc95d136435534
SHA512b57544aa665e13f989e3fd1a4e45fa0808515d7bd2cf634fc370de593864a085e0d52efc0cfbe10a2fe07f881c7c459af41e0f2174fa791e85c538920101011d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5c5c949c59008a94fed4bebf12d00f6c8
SHA196c425701b34a775f706aad3e4e809f18cf78b06
SHA25665ab7e46fe7e54766a1493b1b5df62e9d68e4065532675e45d4e58d5a90db8d0
SHA512107f3a00ff375bd89b8cf028f3f45144420508581fea0e7c3d6bb12fd2f82dfc34bf5644804dbff436596b0c1b5a24881d742a9f38dd3f9241e6caeb3cc415ae
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5c1b1e624998037a57f9aa498c1b78bca
SHA11be309e0ad91b2b4260a239b836e176b627c0b89
SHA256b67ae74ca928392dbbee52647203c22aebb8899565184fbd87d5d17241506ce4
SHA5121f77290e101d988b0559fa187a5d971ca8568837374c534b8dbeec534db46ffc413d3457f53502e70e6a47a1ec2867fe74cc845a271240697b856beaaf0b69bd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure PreferencesFilesize
24KB
MD5699e3636ed7444d9b47772e4446ccfc1
SHA1db0459ca6ceeea2e87e0023a6b7ee06aeed6fded
SHA2569205233792628ecf0d174de470b2986abf3adfed702330dc54c4a76c9477949a
SHA512d5d4c08b6aec0f3e3506e725decc1bdf0b2e2fb50703c36d568c1ea3c3ab70720f5aec9d49ad824505731eb64db399768037c9f1be655779ed77331a7bab1d51
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
875B
MD58799b7b14f0ba93c44d5818c932439a2
SHA1ef4fb9ef88fe8e14ab5cc378b937fa1cd6218232
SHA2569662e52457c811fccddc7b19ba9e9946be5e64ca113c2e06a4f8e0e775cc2449
SHA5125cecc37ed3a0ec1f301c3ccafdffa1fd82ecee4fc2a51ab8dcca94d54b5b5b39c0f32eed30be138847d56a1e41f9329aa6c5d63a1d5926eef488cace55a6fda1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5e55726e0437610e4c1fcadb236d46baf
SHA15837d467e8e8684fef4760ff35c9e21fd9377a6b
SHA256d120a178924f5bd69409d8c83a28a253ab9315c92d6b224850b13dbfc36771cb
SHA51248062604cffccc9ed59c54b51e285d05ddd87f06c293ffb85a007b0bed2a25562c7db1ce609d602f0c5447a9e68d8d55520062382c30f4540fed4394d45bb88a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59285e.TMPFilesize
203B
MD554fce77a8ff09c69ca9274354a0f6524
SHA1702f4e847a4773a1db72500ed9bba300777d30c3
SHA25673bf904dd76bf4bd1d8b5e354985da515bdd3defe9a1db4a1cb8d7557c749392
SHA5124cc0499833846bdd250e148b47160c4b744c4812c65e4de92ec8e2458ea313a65c396c73d3fe049d721e8dd2647127e56b5f53aea08cd48de6597b36700c8df7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
10KB
MD5f3eb3058d22780ce26ad7e3c25f53bdf
SHA16f70a1197c15e79c59285de6c1bcd962aa635b50
SHA2563a6ec62d1bfd9f91e03ecaae8603b948c112345e48837c3fea89d60436c37474
SHA512ffac1a3953354272e94ff80aa9ba819e27943939267e93615e90f27ce88eed87f29a9d59a1f9139ab6c9dcd3a0916867c3b859d42cd59b43dd23a804537f13e2
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ddwqx74p.default-release\cache2\doomed\26455Filesize
9KB
MD5f56347be365d2fbb71b3165164ae1d74
SHA141a2e83c4763f7a2cc3293e13b9f5d96c6692313
SHA256cc3f307f2fb6c9015b3e28e5d99878501063935c70e28c88a875ef91b68106b5
SHA51279736abc35f3596422eedd11f2630c7c19c9984fdd5c18194a8dfc74a8b277a5a44fd91320cdd99af2045243160d342d1d6f9339848ab68048bc541a1bc9fd62
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ddwqx74p.default-release\prefs-1.jsFilesize
6KB
MD52434fcb0357592b3de5197649814938b
SHA165c81d3e33d7385ec0e837dce8faef0122e5bc7a
SHA2568fab7bb1a14b1e9b5eb327e00975dd56272266b636d1d6f590c0423b8b479612
SHA5129e2be9f055700195b7961437895bae3ca71e607d0913270fa5869e639f49b0768da6f103afb699a23b6ee6d67fded45a26b0672483aac07e14db786421c152cb
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ddwqx74p.default-release\sessionCheckpoints.json.tmpFilesize
259B
MD5c8dc58eff0c029d381a67f5dca34a913
SHA13576807e793473bcbd3cf7d664b83948e3ec8f2d
SHA2564c22e8a42797f14510228f9f4de8eea45c526228a869837bd43c0540092e5f17
SHA512b8f7c4150326f617b63d6bc72953160804a3749f6dec0492779f6c72b3b09c8d1bd58f47d499205c9a0e716f55fe5f1503d7676a4c85d31d1c1e456898af77b4
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ddwqx74p.default-release\sessionstore-backups\recovery.jsonlz4Filesize
1KB
MD5c825c9e75b4f3c812a9f3f45e835c60f
SHA116872279443a90f78fd70f00d3d2b5e42eb1e011
SHA256897f019590b86bee1409447ffd4a1f3d46cc6653092b1fdb1bcb4ca15e07330f
SHA5121c5e89114fb81cc5a94246eee8360f1a8812cb5aefb02c9fadc1c3e7f3f0435003cf0dff42ec8c9ef145c3bb3088c6cfce609e6dad5cb922b60dca4f37afcccb
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ddwqx74p.default-release\sessionstore-backups\recovery.jsonlz4Filesize
1KB
MD532614bd51dbcf8a92eab7e032c7bac61
SHA1b137e1eea4b4129511706a1c994633b593a47ef1
SHA2567996ccc6f084f9bb3fcc7859fc6637e372a4cbb1ac769827c2c1d655f86f4bd5
SHA51240b8211afb943ee22419937d52589de7d30bdc4b7304eec566b9fdf655b1660b720f86533615892512d8cc115f14b9d9cadc4cdc28019783ef90204861d790d6
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ddwqx74p.default-release\sessionstore-backups\recovery.jsonlz4Filesize
2KB
MD5cdf16cbba76230519b782bea982f848b
SHA15486dd2a2479d1f339d9e9d06d297f43e3f21548
SHA256863d2fe0f1d4fd18ce4c2b6dbb78ece9e5ae2065e54ffebe87e71b5865ca8809
SHA512e7de0844cfa073282a2f68fa2f57e5d7a5a4bae86c67cc08752a92040cc0dcec5089907eefac8cda678c071d58c3a41286573e994e59ce58871d077b6cf49a1b
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ddwqx74p.default-release\sessionstore.jsonlz4Filesize
2KB
MD52da351176636612ff84c157754c30478
SHA100958b54e4a687684cac179bd8ca4f219c2bd784
SHA25632846a2a7adf8072d23bbece5b2c1e718941fd6d95c1d7310ef54c5216316e03
SHA512f9ca9e25cb97738f23522972c1088c031e7d8699cf017c7c5f01c797e5a7c8542ddc39f0ce247d01dedd9719ef19585f27c89c694756408e4dac32ab8ebda25d
-
\??\pipe\LOCAL\crashpad_4048_BWTLAMITGUSZHUVSMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e