hxxps://mega[.]nz/file/a2IUAJLa#oGd8JnhYqzhzhrWgHiDmj2ERo_3nSO_lA6F6lrzhr-s

Analysis

max time kernel
335s
max time network
319s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
22/08/2024, 02:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/file/a2IUAJLa#oGd8JnhYqzhzhrWgHiDmj2ERo_3nSO_lA6F6lrzhr-s

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 6 IoCs

pid	Process
3048	main.exe
5740	main.exe
5276	MantiWPF.exe
5680	MantiWPF.exe
1276	MantiWPF.exe
3552	MantiWPF.exe

Loads dropped DLL 48 IoCs

pid	Process
5740	main.exe
5740	main.exe
5740	main.exe
5740	main.exe
5740	main.exe
5740	main.exe
5740	main.exe
5740	main.exe
5740	main.exe
5740	main.exe
5740	main.exe
5740	main.exe
5740	main.exe
5740	main.exe
5740	main.exe
5740	main.exe
5740	main.exe
5740	main.exe
5740	main.exe
5740	main.exe
5740	main.exe
5740	main.exe
5740	main.exe
5740	main.exe
5740	main.exe
5740	main.exe
5740	main.exe
5740	main.exe
5740	main.exe
5740	main.exe
5740	main.exe
5740	main.exe
5740	main.exe
5740	main.exe
5740	main.exe
5740	main.exe
5740	main.exe
5740	main.exe
5740	main.exe
5740	main.exe
5740	main.exe
5740	main.exe
5740	main.exe
5740	main.exe
5740	main.exe
5740	main.exe
5740	main.exe
5740	main.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4384	msedge.exe
4384	msedge.exe
944	msedge.exe
944	msedge.exe
3452	identity_helper.exe
3452	identity_helper.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
1824	msedge.exe
1824	msedge.exe
5740	main.exe
5740	main.exe
5740	main.exe
5740	main.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: 33	5236	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5236	AUDIODG.EXE
Token: SeRestorePrivilege	5924	7zG.exe
Token: 35	5924	7zG.exe
Token: SeSecurityPrivilege	5924	7zG.exe
Token: SeSecurityPrivilege	5924	7zG.exe
Token: SeDebugPrivilege	5740	main.exe
Token: SeDebugPrivilege	4888	taskmgr.exe
Token: SeSystemProfilePrivilege	4888	taskmgr.exe
Token: SeCreateGlobalPrivilege	4888	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
5924	7zG.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 944 wrote to memory of 4152	944	msedge.exe	85
PID 944 wrote to memory of 4152	944	msedge.exe	85
PID 944 wrote to memory of 4284	944	msedge.exe	86
PID 944 wrote to memory of 4284	944	msedge.exe	86
PID 944 wrote to memory of 4284	944	msedge.exe	86
PID 944 wrote to memory of 4284	944	msedge.exe	86
PID 944 wrote to memory of 4284	944	msedge.exe	86
PID 944 wrote to memory of 4284	944	msedge.exe	86
PID 944 wrote to memory of 4284	944	msedge.exe	86
PID 944 wrote to memory of 4284	944	msedge.exe	86
PID 944 wrote to memory of 4284	944	msedge.exe	86
PID 944 wrote to memory of 4284	944	msedge.exe	86
PID 944 wrote to memory of 4284	944	msedge.exe	86
PID 944 wrote to memory of 4284	944	msedge.exe	86
PID 944 wrote to memory of 4284	944	msedge.exe	86
PID 944 wrote to memory of 4284	944	msedge.exe	86
PID 944 wrote to memory of 4284	944	msedge.exe	86
PID 944 wrote to memory of 4284	944	msedge.exe	86
PID 944 wrote to memory of 4284	944	msedge.exe	86
PID 944 wrote to memory of 4284	944	msedge.exe	86
PID 944 wrote to memory of 4284	944	msedge.exe	86
PID 944 wrote to memory of 4284	944	msedge.exe	86
PID 944 wrote to memory of 4284	944	msedge.exe	86
PID 944 wrote to memory of 4284	944	msedge.exe	86
PID 944 wrote to memory of 4284	944	msedge.exe	86
PID 944 wrote to memory of 4284	944	msedge.exe	86
PID 944 wrote to memory of 4284	944	msedge.exe	86
PID 944 wrote to memory of 4284	944	msedge.exe	86
PID 944 wrote to memory of 4284	944	msedge.exe	86
PID 944 wrote to memory of 4284	944	msedge.exe	86
PID 944 wrote to memory of 4284	944	msedge.exe	86
PID 944 wrote to memory of 4284	944	msedge.exe	86
PID 944 wrote to memory of 4284	944	msedge.exe	86
PID 944 wrote to memory of 4284	944	msedge.exe	86
PID 944 wrote to memory of 4284	944	msedge.exe	86
PID 944 wrote to memory of 4284	944	msedge.exe	86
PID 944 wrote to memory of 4284	944	msedge.exe	86
PID 944 wrote to memory of 4284	944	msedge.exe	86
PID 944 wrote to memory of 4284	944	msedge.exe	86
PID 944 wrote to memory of 4284	944	msedge.exe	86
PID 944 wrote to memory of 4284	944	msedge.exe	86
PID 944 wrote to memory of 4284	944	msedge.exe	86
PID 944 wrote to memory of 4384	944	msedge.exe	87
PID 944 wrote to memory of 4384	944	msedge.exe	87
PID 944 wrote to memory of 3948	944	msedge.exe	88
PID 944 wrote to memory of 3948	944	msedge.exe	88
PID 944 wrote to memory of 3948	944	msedge.exe	88
PID 944 wrote to memory of 3948	944	msedge.exe	88
PID 944 wrote to memory of 3948	944	msedge.exe	88
PID 944 wrote to memory of 3948	944	msedge.exe	88
PID 944 wrote to memory of 3948	944	msedge.exe	88
PID 944 wrote to memory of 3948	944	msedge.exe	88
PID 944 wrote to memory of 3948	944	msedge.exe	88
PID 944 wrote to memory of 3948	944	msedge.exe	88
PID 944 wrote to memory of 3948	944	msedge.exe	88
PID 944 wrote to memory of 3948	944	msedge.exe	88
PID 944 wrote to memory of 3948	944	msedge.exe	88
PID 944 wrote to memory of 3948	944	msedge.exe	88
PID 944 wrote to memory of 3948	944	msedge.exe	88
PID 944 wrote to memory of 3948	944	msedge.exe	88
PID 944 wrote to memory of 3948	944	msedge.exe	88
PID 944 wrote to memory of 3948	944	msedge.exe	88
PID 944 wrote to memory of 3948	944	msedge.exe	88
PID 944 wrote to memory of 3948	944	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/file/a2IUAJLa#oGd8JnhYqzhzhrWgHiDmj2ERo_3nSO_lA6F6lrzhr-s
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff877946f8,0x7fff87794708,0x7fff87794718
  2⤵
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,16284030617072860785,17362830540302591836,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,16284030617072860785,17362830540302591836,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,16284030617072860785,17362830540302591836,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
  2⤵
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,16284030617072860785,17362830540302591836,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,16284030617072860785,17362830540302591836,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,16284030617072860785,17362830540302591836,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 /prefetch:8
  2⤵
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,16284030617072860785,17362830540302591836,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,16284030617072860785,17362830540302591836,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,16284030617072860785,17362830540302591836,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,16284030617072860785,17362830540302591836,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,16284030617072860785,17362830540302591836,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2144,16284030617072860785,17362830540302591836,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5584 /prefetch:8
  2⤵
  PID:5184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,16284030617072860785,17362830540302591836,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1260 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2144,16284030617072860785,17362830540302591836,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4840 /prefetch:8
  2⤵
  PID:4228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,16284030617072860785,17362830540302591836,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2144,16284030617072860785,17362830540302591836,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5976 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1824

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1864

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3808

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x534 0x53c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5236

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2348

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\MantiWPF\" -ad -an -ai#7zMap3256:78:7zEvent8916
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5924

C:\Users\Admin\Downloads\MantiWPF\MantiWPF\main.exe
"C:\Users\Admin\Downloads\MantiWPF\MantiWPF\main.exe"
1⤵
- Executes dropped EXE
PID:3048
- C:\Users\Admin\AppData\Local\Temp\onefile_3048_133687671605082687\main.exe
  C:\Users\Admin\Downloads\MantiWPF\MantiWPF\main.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:5740

C:\Users\Admin\Downloads\MantiWPF\MantiWPF\MantiWPF.exe
"C:\Users\Admin\Downloads\MantiWPF\MantiWPF\MantiWPF.exe"
1⤵
- Executes dropped EXE
PID:5276

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4888

C:\Users\Admin\Downloads\MantiWPF\MantiWPF\MantiWPF.exe
"C:\Users\Admin\Downloads\MantiWPF\MantiWPF\MantiWPF.exe"
1⤵
- Executes dropped EXE
PID:5680

C:\Users\Admin\Downloads\MantiWPF\MantiWPF\MantiWPF.exe
"C:\Users\Admin\Downloads\MantiWPF\MantiWPF\MantiWPF.exe"
1⤵
- Executes dropped EXE
PID:1276

C:\Users\Admin\Downloads\MantiWPF\MantiWPF\MantiWPF.exe
"C:\Users\Admin\Downloads\MantiWPF\MantiWPF\MantiWPF.exe"
1⤵
- Executes dropped EXE
PID:3552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
5981fc2c5d9b7079cfec324bc56f5a2b

SHA1
74a42f50f63eb7aa624bcabc205b830b38102eb4

SHA256
a9ea767d5eb4c2801836ed6b7e23110c6b1ef085ca9689c91e5e2b56cf994cce

SHA512
53c45118d9b7b47a9b0480212a8d02f0a705c05e5ea93b5c8b5b42bde156bc780b6f6b626a126803baaa30e312a5a9ccabb37042761bd23a09ed67381baa43ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\00\00000000

Filesize
4.5MB

MD5
ff3b318d387ec786300a40f06738bd15

SHA1
888f1cd73033e421ed768bee51ca8fdeb39d1a5c

SHA256
48f2a0b3eb182ac4a7e6e2229e778d077ef3185322707ee44ff1cdc06a995d5a

SHA512
fecefe312cd4dace348b2248431d90759fae55b6f0da7ba45f4558d1cd05be723594c3fdbcdc8ef074b1993ac8d545bb53679210b46d30096f9d673b3d8d04c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
378B

MD5
af05d368d62bebdd93f3734a594b9af9

SHA1
5d90871cbd526ea8d35fd8aac7156cfedc32ab96

SHA256
f9689b41fab269c622b30f49052de0a259492bc593880939925a725763f86a5c

SHA512
fb7275a26562983ccdab520d780be22ec3536a69b8a1543cc1e76c7a275d646f320165fbbef6b8fbd84f225a4c6c14e67c0631376dbce38f87ffeb4a40d4da48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
378B

MD5
76a06ded37b0f7b92c36c2d6b7c0dfac

SHA1
409e72588e39f9569ee541aeebe4ed311def4f5e

SHA256
277bc452a098479c57e1d9d3a0838277061301bf36795f20706c095c741ed5cc

SHA512
5c5c93f3a4e81602327123d498d3c55c325f3a654061774d5060012aafc8a02974425b62a25a56ca0f5f87bf4562be9bcc33199fd0355173454b1dfb507e9c5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
375B

MD5
669b82ebe7bfcb83c38ad9e32f3d1887

SHA1
4568153ccc0ac3798d635021857995b9917b08ea

SHA256
99c0974b8a69c1a93d0a8ce3f05f36ce75e3941f220675b6eb3b23133a9e8525

SHA512
7374ac2354274a54f617d5a4439119f77450b5b777e8afe7639140892eb8e693d07c17890cc56a90f38a73a57129045d0f43becd5aec8374ab1e38a9b398faaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old~RFe57e00f.TMP

Filesize
335B

MD5
6d4bbf00ff6379fac957f83d604180f3

SHA1
3ca634afa2dfe6b460cee7d107c044207ccc767d

SHA256
7b573c520f60ae81513e190029c1831dc99871836d301f551653c866f29f622d

SHA512
1efff89f29c033455f98dac0e5528e0e5e519cac8e27d7fa34abe65857856e7efec5b91147a96f25c17793ebf22c6500bde579b6eaf2e53ec0fef9ff28808c43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
188B

MD5
008114e1a1a614b35e8a7515da0f3783

SHA1
3c390d38126c7328a8d7e4a72d5848ac9f96549b

SHA256
7301b76033c2970e61bab5eaddaff5aa652c39db5c0ea5632814f989716a1d18

SHA512
a202fc891eace003c346bad7e5d2c73dadf9591d5ce950395ff4b63cc2866b17e02bd3f0ad92749df033a936685851455bcdbfad30f26e765c3c89d3309cb82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
188B

MD5
e08735d8d04f386ff229cfdd8a901096

SHA1
e90c5ea41031dec6fee120cc3dff12883d030394

SHA256
dc42a69331760dd72e43c530f6bfe4baeaf1e8ac68edd7e6ac80d131afe9c0d0

SHA512
a1459dfe83ad0ce30a3c50bd9de00e56a57f66b6b96eda248288d5de02cb0bc5c22797e0a33188bfc09a66a0695e6b3c57ba5f0d743abf2c6e5a4b66bfd75386

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ea18263d996ad8d3785d296a5238d221

SHA1
b344edb0a0ba93c74b9dfce067578808b1fda689

SHA256
49898bb593e05576202fec8f238af17d2736267f7f20093278792df6a0c0ec92

SHA512
0cabc6c0a3df92b5e6fdcb40fc947e9b24006e183f4f8d1d0c84ad45947f3faf2ed25cc3a0494ee7c82726ac37dba1fce855805eed58de1f0b9de42e39e9149c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
01c3b20e3e87264238dd9b4f75a8a218

SHA1
f2586457eaa64d6f6939338e41123f2e32307f6b

SHA256
8183068a69899e07bedf859e5d9ab618c313aea04c3ffa37e740b48b432ef9b8

SHA512
50dac65387039854b7277383477bf759a413610e3b62fd5bae79f2f86cf30d4143e1850ef4c70c5c3f8b4741c321d9db6c2f8055bf6f50a98eadc505aa13c784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c9474e2c07cd78322d2c387ea4ed3a7d

SHA1
a15953a9943581c9f340cc6326446216def1ad83

SHA256
2e7d7065a5c5797a78e18a94ad320eca292ef1ae37c2474a6adfa09c96a5131d

SHA512
77f9e3b340a7754bebfc1243f51ea82ef1c9cc102efb3c4f6c35237aede655fd61dedb13de82e550e063e2c6468e077a8f12ac20cbdbf9fb584c856639d1e76e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
2170a46b081b1549465162793611d9ce

SHA1
8f4df25d28341338a9e710eafaa631b4bc28a3f7

SHA256
3aba033cde6bbc51cf274c7242e46a17352195eb6bbe9961e78eed56be094d7c

SHA512
fd78faceb5837c717a3386627d2c03ebcd501dd0d8e25d95d6dbfa84eda3077c473fe20b9b4918ec0df71adc40f108121eef27ae942087815638374353b048e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57d4c5.TMP

Filesize
48B

MD5
da46bf5bb1c8a538c25d938165fe579e

SHA1
5bdfdaea0671521d3fba4e4a213182490723fdce

SHA256
95329b74e3a9d8824220c0093942cd1a8a94ab957cf04b6f17177e75fee94d53

SHA512
62087400dd0a5e2539644610761424c0b7633e31340d1b192858fef4ca1cfd9159c41a3d680ab6c899dbe0b1c22f3477db92fad25036d6c3128d692b903938aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4d256ea2994b90f4049c0fece9703d6b

SHA1
8a94cdb2ac8455fee618712c8893feeb14b3b6ca

SHA256
6e45c8d1d189294e5b3b11c72362db4e09d4ef896f1887909285a48fee9e92e6

SHA512
67094ffb82950b44c453c89d85b7676ad035d9e56ddd07b889f8ccaceaccd0eebe3eaa3e2b39d523f9ddbe9a8bf87467bd1ec29c1a79da532706a78a117bcfa7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
1c2d38a80f98b87f74198fff2c3c8e1f

SHA1
1a70fe790014073d715744ef57cbf6b0d1bd208b

SHA256
15ac2a53f238eb36e11e7fef4bda276b83f64bec69fc48ab4eac3fa5c7ca62ef

SHA512
311438954732ca6bb92ffc25713c5406de762f474429d205a1db78089546494e79a9ecac3c72738b71597acdba72965c4793aa33742e6cbb07965a6733f0739b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
dd1fbcc46185d7b0a71623a02dbe7fb3

SHA1
f34da979a1ec0f8072dffc63d4b62925db530e0d

SHA256
3025d158ad92f7c067bec1e1e7040124a23af52e48f142e2b6049695e2dfef7b

SHA512
364f560de90f7771b5b3e653ccf1bb8a782c0ca2a0ed73a6a5c7d385d1de4065ec160a032de62d4f0028d67902511862a651c13c8edc2f79732e7553ac5e25af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
816abdec45bf7324cb17f4ff00a54e62

SHA1
c8018387f00cf225bcd4729f1697de7543e3c612

SHA256
1793f76708691031ffe01468535ab6127c56dcd9229e4107f76f80139468a430

SHA512
8c0bdb5426352929a1e3099c05c2b78fdb8e48475d03bdc1e001bbc0c7f23527d91095d83caf0575c7bbe5a6f6d2cf3b39e29f786991bc6668ffe74f89118366

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_ctypes.pyd

Filesize
122KB

MD5
fb454c5e74582a805bc5e9f3da8edc7b

SHA1
782c3fa39393112275120eaf62fc6579c36b5cf8

SHA256
74e0e8384f6c2503215f4cf64c92efe7257f1aec44f72d67ad37dc8ba2530bc1

SHA512
727ada80098f07849102c76b484e9a61fb0f7da328c0276d82c6ee08213682c89deeb8459139a3fbd7f561bffaca91650a429e1b3a1ff8f341cebdf0bfa9b65d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_hashlib.pyd

Filesize
64KB

MD5
da02cefd8151ecb83f697e3bd5280775

SHA1
1c5d0437eb7e87842fde55241a5f0ca7f0fc25e7

SHA256
fd77a5756a17ec0788989f73222b0e7334dd4494b8c8647b43fe554cf3cfb354

SHA512
a13bc5c481730f48808905f872d92cb8729cc52cfb4d5345153ce361e7d6586603a58b964a1ebfd77dd6222b074e5dcca176eaaefecc39f75496b1f8387a2283

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_queue.pyd

Filesize
31KB

MD5
b7e5fbd7ef3eefff8f502290c0e2b259

SHA1
9decba47b1cdb0d511b58c3146d81644e56e3611

SHA256
dbdabb5fe0ccbc8b951a2c6ec033551836b072cab756aaa56b6f22730080d173

SHA512
b7568b9df191347d1a8d305bd8ddd27cbfa064121c785fa2e6afef89ec330b60cafc366be2b22409d15c9434f5e46e36c5cbfb10783523fdcac82c30360d36f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_tkinter.pyd

Filesize
64KB

MD5
276791cca50a8b8a334d3f4f9ff520e2

SHA1
c0d73f309ef98038594c6338c81606a9947bd7f8

SHA256
a1c74836bad3d9b0aaec8dccd92e552b5ad583bfea7ef21cd40713a265d94f7e

SHA512
ef1ed2eacf86885531fc0963c84c1c99773d963d5a709030df6cfee5027604e1402a55b6fe26019a3ab922fd27895d0e2ef5572a50195372b1bfb1539eac0dd0

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\certifi\cacert.pem

Filesize
284KB

MD5
181ac9a809b1a8f1bc39c1c5c777cf2a

SHA1
9341e715cea2e6207329e7034365749fca1f37dc

SHA256
488ba960602bf07cc63f4ef7aec108692fec41820fc3328a8e3f3de038149aee

SHA512
e19a92b94aedcf1282b3ef561bd471ea19ed361334092c55d72425f9183ebd1d30a619e493841b6f75c629f26f28dc682960977941b486c59475f21cf86fff85

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\charset_normalizer\md.pyd

Filesize
10KB

MD5
d9e0217a89d9b9d1d778f7e197e0c191

SHA1
ec692661fcc0b89e0c3bde1773a6168d285b4f0d

SHA256
ecf12e2c0a00c0ed4e2343ea956d78eed55e5a36ba49773633b2dfe7b04335c0

SHA512
3b788ac88c1f2d682c1721c61d223a529697c7e43280686b914467b3b39e7d6debaff4c0e2f42e9dddb28b522f37cb5a3011e91c66d911609c63509f9228133d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\charset_normalizer\md__mypyc.pyd

Filesize
120KB

MD5
bf9a9da1cf3c98346002648c3eae6dcf

SHA1
db16c09fdc1722631a7a9c465bfe173d94eb5d8b

SHA256
4107b1d6f11d842074a9f21323290bbe97e8eed4aa778fbc348ee09cc4fa4637

SHA512
7371407d12e632fc8fb031393838d36e6a1fe1e978ced36ff750d84e183cde6dd20f75074f4597742c9f8d6f87af12794c589d596a81b920c6c62ee2ba2e5654

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\tcl86t.dll

Filesize
1.7MB

MD5
108d97000657e7b1b95626350784ed23

SHA1
3814e6e5356b26e6e538f2c1803418eb83941e30

SHA256
3d2769e69d611314d517fc9aad688a529670af94a7589f728107180ae105218f

SHA512
9475cd1c8fe2e769ed0e8469d1f19cdf808f930cccc3baf581888a705f195c9be02652168d9c1c25ba850502f94e7eb87687c2c75f0f699c38309bc92b9004a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\tk86t.dll

Filesize
1.5MB

MD5
4cdd92e60eb291053d2ad12bf0710749

SHA1
31424e8d35459ba43672f05abba1e37c23f74536

SHA256
b30576b60aee548838243601952a05b70a9fc937f5a607f6b1413cd5ed04d900

SHA512
80c3bb58817578708e14ba173bfbe8f62fb54efa22feb8ff08b9eefa4462b74062654f956f965c7caa8aa16295229b58ef9eea8d2c4c94652bde1e61038e6ffe

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\zstandard\backend_c.pyd

Filesize
508KB

MD5
0fc69d380fadbd787403e03a1539a24a

SHA1
77f067f6d50f1ec97dfed6fae31a9b801632ef17

SHA256
641e0b0fa75764812fff544c174f7c4838b57f6272eaae246eb7c483a0a35afc

SHA512
e63e200baf817717bdcde53ad664296a448123ffd055d477050b8c7efcab8e4403d525ea3c8181a609c00313f7b390edbb754f0a9278232ade7cfb685270aaf0

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_3048_133687671605082687\_bz2.pyd

Filesize
83KB

MD5
5bebc32957922fe20e927d5c4637f100

SHA1
a94ea93ee3c3d154f4f90b5c2fe072cc273376b3

SHA256
3ed0e5058d370fb14aa5469d81f96c5685559c054917c7280dd4125f21d25f62

SHA512
afbe80a73ee9bd63d9ffa4628273019400a75f75454667440f43beb253091584bf9128cbb78ae7b659ce67a5faefdba726edb37987a4fe92f082d009d523d5d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_3048_133687671605082687\_lzma.pyd

Filesize
156KB

MD5
195defe58a7549117e06a57029079702

SHA1
3795b02803ca37f399d8883d30c0aa38ad77b5f2

SHA256
7bf9ff61babebd90c499a8ed9b62141f947f90d87e0bbd41a12e99d20e06954a

SHA512
c47a9b1066dd9744c51ed80215bd9645aab6cc9d6a3f9df99f618e3dd784f6c7ce6f53eabe222cf134ee649250834193d5973e6e88f8a93151886537c62e2e2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_3048_133687671605082687\_socket.pyd

Filesize
81KB

MD5
dd8ff2a3946b8e77264e3f0011d27704

SHA1
a2d84cfc4d6410b80eea4b25e8efc08498f78990

SHA256
b102522c23dac2332511eb3502466caf842d6bcd092fbc276b7b55e9cc01b085

SHA512
958224a974a3449bcfb97faab70c0a5b594fa130adc0c83b4e15bdd7aab366b58d94a4a9016cb662329ea47558645acd0e0cc6df54f12a81ac13a6ec0c895cd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_3048_133687671605082687\_ssl.pyd

Filesize
174KB

MD5
c87c5890039c3bdb55a8bc189256315f

SHA1
84ef3c2678314b7f31246471b3300da65cb7e9de

SHA256
a5d361707f7a2a2d726b20770e8a6fc25d753be30bcbcbbb683ffee7959557c2

SHA512
e750dc36ae00249ed6da1c9d816f1bd7f8bc84ddea326c0cd0410dbcfb1a945aac8c130665bfacdccd1ee2b7ac097c6ff241bfc6cc39017c9d1cde205f460c44

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_3048_133687671605082687\_wmi.pyd

Filesize
36KB

MD5
8a9a59559c614fc2bcebb50073580c88

SHA1
4e4ced93f2cb5fe6a33c1484a705e10a31d88c4d

SHA256
752fb80edb51f45d3cc1c046f3b007802432b91aef400c985640d6b276a67c12

SHA512
9b17c81ff89a41307740371cb4c2f5b0cf662392296a7ab8e5a9eba75224b5d9c36a226dce92884591636c343b8238c19ef61c1fdf50cc5aa2da86b1959db413

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_3048_133687671605082687\libcrypto-3.dll

Filesize
5.0MB

MD5
e547cf6d296a88f5b1c352c116df7c0c

SHA1
cafa14e0367f7c13ad140fd556f10f320a039783

SHA256
05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de

SHA512
9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_3048_133687671605082687\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_3048_133687671605082687\libssl-3.dll

Filesize
768KB

MD5
19a2aba25456181d5fb572d88ac0e73e

SHA1
656ca8cdfc9c3a6379536e2027e93408851483db

SHA256
2e9fbcd8f7fdc13a5179533239811456554f2b3aa2fb10e1b17be0df81c79006

SHA512
df17dc8a882363a6c5a1b78ba3cf448437d1118ccc4a6275cc7681551b13c1a4e0f94e30ffb94c3530b688b62bff1c03e57c2c185a7df2bf3e5737a06e114337

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_3048_133687671605082687\python312.dll

Filesize
6.6MB

MD5
d521654d889666a0bc753320f071ef60

SHA1
5fd9b90c5d0527e53c199f94bad540c1e0985db6

SHA256
21700f0bad5769a1b61ea408dc0a140ffd0a356a774c6eb0cc70e574b929d2e2

SHA512
7a726835423a36de80fb29ef65dfe7150bd1567cac6f3569e24d9fe091496c807556d0150456429a3d1a6fd2ed0b8ae3128ea3b8674c97f42ce7c897719d2cd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_3048_133687671605082687\select.pyd

Filesize
30KB

MD5
d0cc9fc9a0650ba00bd206720223493b

SHA1
295bc204e489572b74cc11801ed8590f808e1618

SHA256
411d6f538bdbaf60f1a1798fa8aa7ed3a4e8fcc99c9f9f10d21270d2f3742019

SHA512
d3ebcb91d1b8aa247d50c2c4b2ba1bf3102317c593cbf6c63883e8bf9d6e50c0a40f149654797abc5b4f17aee282ddd972a8cd9189bfcd5b9cec5ab9c341e20b

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_3048_133687671605082687\unicodedata.pyd

Filesize
1.1MB

MD5
cc8142bedafdfaa50b26c6d07755c7a6

SHA1
0fcab5816eaf7b138f22c29c6d5b5f59551b39fe

SHA256
bc2cf23b7b7491edcf03103b78dbaf42afd84a60ea71e764af9a1ddd0fe84268

SHA512
c3b0c1dbe5bf159ab7706f314a75a856a08ebb889f53fe22ab3ec92b35b5e211edab3934df3da64ebea76f38eb9bfc9504db8d7546a36bc3cabe40c5599a9cbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_3048_133687671605082687\vcruntime140.dll

Filesize
116KB

MD5
be8dbe2dc77ebe7f88f910c61aec691a

SHA1
a19f08bb2b1c1de5bb61daf9f2304531321e0e40

SHA256
4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83

SHA512
0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_3048_133687671605082687\vcruntime140_1.dll

Filesize
48KB

MD5
f8dfa78045620cf8a732e67d1b1eb53d

SHA1
ff9a604d8c99405bfdbbf4295825d3fcbc792704

SHA256
a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5

SHA512
ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371

Download Submit
C:\Users\Admin\Downloads\MantiWPF\MantiWPF\MantiWPF.exe.WebView2\EBWebView\Default\Code Cache\wasm\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\Downloads\MantiWPF\MantiWPF\MantiWPF.exe.WebView2\EBWebView\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\Downloads\MantiWPF\MantiWPF\MantiWPF.exe.WebView2\EBWebView\GraphiteDawnCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\Downloads\MantiWPF\MantiWPF\MantiWPF.exe.WebView2\EBWebView\GraphiteDawnCache\data_1

Filesize
264KB

MD5
b46ed63f097bf5236dd251baf474d262

SHA1
3214f2e2e81526835fc5e4a62e745df2f6c5a03c

SHA256
62b78993e651540178f3f561b056fcdd4ac94d5b877f700eb66960c3d5da5020

SHA512
5ad24473c65b05311b8c894f7ab629aa4d586e6af79997b546c9bda3c04cb3fd7c1304f0143dac14b12adf5e8023c8461b5367a3bc499fe38e3c13346889251e

Download Submit
C:\Users\Admin\Downloads\MantiWPF\MantiWPF\MantiWPF.exe.WebView2\EBWebView\GraphiteDawnCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\Downloads\MantiWPF\MantiWPF\bin\Editor\package\esm\vs\base\browser\ui\iconLabel\iconHoverDelegate.js

Filesize
368B

MD5
dff5cd240217dc0e722c27be242db91d

SHA1
244d1e7b3a10bb26e52ad9019e0e20f8bb3a72aa

SHA256
151caa77914089aa02273bb851f4b9a198eaab38da7eb9e4bdd7af8075c2dc57

SHA512
e6033e28f65f29ec3a7fc2e367bb6dd2909e38e5e5ccd267fe920e82c25de00c3cf5593db022dc1664ec00652882d5093121f2686788ee3eb60d0b2d87fef6d5

Download Submit
C:\Users\Admin\Downloads\MantiWPF\MantiWPF\bin\Editor\package\esm\vs\language\json\_deps\vscode-languageserver-textdocument\lib\esm\main.js

Filesize
10KB

MD5
722df93c13e5a9e4b3a42c515d6281e3

SHA1
e046b8875a0373f38e8135f6500bc9deb9b1cc34

SHA256
bb9e7de4f27538b132cd593302a62f8a42f433e1b0e04a1edb4472a97d6ddf46

SHA512
6e1db81e7286e7762cce5c281c1ddab227ab374c5c33ff45a5031275592a84fd47547b6ad496f302bbca0bbdc01ed899ff8ed87f22bb8b88973a257e345b70ac

Download Submit
C:\Users\Admin\Downloads\MantiWPF\MantiWPF\bin\Editor\package\esm\vs\language\json\_deps\vscode-languageserver-types\main.js

Filesize
66KB

MD5
f80215fcc9a89ba7be3bc0b32cacb094

SHA1
8449846cc76fc770a31e310882454f5d6beae342

SHA256
1adcb7cc0756472bc16ace850f3f5b6d5746ea4af2d75ad0785b967dd07bf9f1

SHA512
7187397ff691dfe558c00a8393d4d3d86b7ab8fdbed8b40ecd43c8ba3af40f8ceab0f78d001cc892ea0d5b5a36be4a559715a4385b39a6db1ce473b2883513b0

Download Submit
C:\Users\Admin\Downloads\MantiWPF\MantiWPF\bin\Editor\package\esm\vs\language\json\_deps\vscode-uri\index.js

Filesize
11KB

MD5
db7069b3b398babf3a2a97e7f7c3aa65

SHA1
2208bc3bb4548247d672cbd3368dbb992ce6d312

SHA256
15fce1bc78e59f11f36c62e31b6db98d10cf5810fcb8fceeecf9cbdd2ac9742d

SHA512
326716687bed34d862a71df1c7259988de21ef78af8829d2253f099988818200477df7e13f97fa78671d426a856feaa651d1c8350f7edac5d59ec9bc13f354d3

Download Submit
C:\Users\Admin\Downloads\MantiWPF\MantiWPF\bin\Editor\package\esm\vs\language\json\fillers\monaco-editor-core.d.ts

Filesize
37B

MD5
604924c7fd140e65f677cff5c06ea77e

SHA1
60adb20bf4cac895df6b31a4da98a4d2267ca3e6

SHA256
87b3728d7af0f6c25f9cdbedfbc093f5e46a24371910199a638a1a13e3444668

SHA512
34affd619893b93ebfeb0d19daf6c4768b0e3de7d4d8272058cd41608ef9a1f5ceb5951b0b8a7732dd4e3e020d51bda9c9509eed4a3a5705d3a1ad396d610af1

Download Submit
C:\Users\Admin\Downloads\MantiWPF\MantiWPF\bin\Editor\package\esm\vs\language\json\fillers\monaco-editor-core.js

Filesize
404B

MD5
40fc593844c4ee88ff8e87481824dda0

SHA1
c2d8bed92d90e685576812d7c62ac2db28af2185

SHA256
a27649c652a7abcefe0b54567eb64f1cdf9be521bab22cfb71718e816b160375

SHA512
0457cf90d188e803401555e57a24647e592830ddad9e9e73d64a89889ec6b40eb15d2330ba507c6bad2faceb6c14bb643b4557db1e68896354aa6a19a99ae357

Download Submit
C:\Users\Admin\Downloads\MantiWPF\MantiWPF\bin\Editor\package\esm\vs\language\json\fillers\vscode-nls.js

Filesize
1KB

MD5
1e2ca4b54776b992ed920a66940bca7a

SHA1
86ed5c8360d31c4763c05184fa4e7cc46cfa9354

SHA256
539191b86cffb8607fc04d0369756281f63bcb884cbe6ea729a668edf4018059

SHA512
fb249812b6587078d8a715d4c684af62db0ed05f6d80afb3374fe1f1e0a0a11b2c2551fcb738f3383b88152f95ca889c7c81543da7575d8d8b161d5c9ffea07b

Download Submit
C:\Users\Admin\Downloads\MantiWPF\MantiWPF\bin\Editor\package\esm\vs\platform\telemetry\common\gdprTypings.js

Filesize
12B

MD5
5c7f99e3d4eaae821996a487acc6a5e2

SHA1
9ff99e6a0a31241fe503c3c76a340bedfe2902b7

SHA256
f761c91419d0a89422a0004ef1a92929dd4d2d5e5c16758654d8b0467d1998c6

SHA512
9247b46a096ad45b486e4b83bb880a7d4e0da7731e3e64b8ba41513a0632932d3bfcf132b2d20e81e363c2595aa9a38d486111dc6365c0f014c1af25ec0be839

Download Submit
C:\Users\Admin\Downloads\MantiWPF\MantiWPF\bin\Editor\package\min\vs\base\browser\ui\codicons\codicon\codicon.ttf

Filesize
63KB

MD5
b13daaad214ef227a36fefd95d924380

SHA1
95791fc8733a4bae907859b1a46bd1115f90c983

SHA256
774c4acc42f27289850537e2b6e9b85f67fde54145f6f41876dc4f65b45a4a20

SHA512
ad05613494a490e01504a30e34d7fb5bc2e535d70b5e5d5154a81ad1acaa51c0e368a6fae6aaa0a42faaae63f7e751a98748a7c291056100b7ad687ff6ae687d

Download Submit
C:\Users\Admin\Downloads\MantiWPF\MantiWPF\workspace\.tests\isfile.txt

Filesize
7B

MD5
260ca9dd8a4577fc00b7bd5810298076

SHA1
53a5687cb26dc41f2ab4033e97e13adefd3740d6

SHA256
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27

SHA512
51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7

Download Submit
C:\Users\Admin\Downloads\MantiWPF\MantiWPF\workspace\OrionTest\111958650.txt

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
memory/1276-3747-0x000001F239170000-0x000001F239367000-memory.dmp

Filesize
2.0MB

Download
memory/3552-3748-0x00000290264C0000-0x00000290266B7000-memory.dmp

Filesize
2.0MB

Download
memory/4888-3718-0x0000025AAF9C0000-0x0000025AAF9C1000-memory.dmp

Filesize
4KB

Download
memory/4888-3716-0x0000025AAF9C0000-0x0000025AAF9C1000-memory.dmp

Filesize
4KB

Download
memory/4888-3717-0x0000025AAF9C0000-0x0000025AAF9C1000-memory.dmp

Filesize
4KB

Download
memory/4888-3728-0x0000025AAF9C0000-0x0000025AAF9C1000-memory.dmp

Filesize
4KB

Download
memory/4888-3727-0x0000025AAF9C0000-0x0000025AAF9C1000-memory.dmp

Filesize
4KB

Download
memory/4888-3726-0x0000025AAF9C0000-0x0000025AAF9C1000-memory.dmp

Filesize
4KB

Download
memory/4888-3725-0x0000025AAF9C0000-0x0000025AAF9C1000-memory.dmp

Filesize
4KB

Download
memory/4888-3724-0x0000025AAF9C0000-0x0000025AAF9C1000-memory.dmp

Filesize
4KB

Download
memory/4888-3723-0x0000025AAF9C0000-0x0000025AAF9C1000-memory.dmp

Filesize
4KB

Download
memory/4888-3722-0x0000025AAF9C0000-0x0000025AAF9C1000-memory.dmp

Filesize
4KB

Download
memory/5276-3712-0x00000225D13B0000-0x00000225D1DC6000-memory.dmp

Filesize
10.1MB

Download
memory/5276-3711-0x00000225B66D0000-0x00000225B6EF6000-memory.dmp

Filesize
8.1MB

Download
memory/5740-3673-0x00007FFF76050000-0x00007FFF7607A000-memory.dmp

Filesize
168KB

Download