Analysis
-
max time kernel
986s -
max time network
997s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
-
submitted
13-09-2024 22:26
General
-
Target
MantiWPF/MantiWPF.exe
-
Size
6.1MB
-
MD5
fa3704c1b0f62d8ecb03c446809dcf3e
-
SHA1
24651cc1662a716ff33859c2304910b56a172f84
-
SHA256
c09ee558bdb5dd6c3dc9a97bfae1e6b3b7f0a4c938ceef277f4c27fc1a7f8964
-
SHA512
814a4242cf5fb8f0313694c3d0490ec8164677ae140ddeeed524f1347d7516ae722cf05ee23c01cd75469442628f7055ce62944a89bb4d4e48807bfc27ea34b6
-
SSDEEP
196608:Isx+7ftUO47qMAeoDM9mfsCPprPRC+aSiFt:Ia+7fKO47RAMUfTPpr5C
Malware Config
Signatures
-
Drops file in Windows directory 1 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 9 IoCs
-
Suspicious behavior: AddClipboardFormatListener 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 14 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs
-
Suspicious use of AdjustPrivilegeToken 7 IoCs
-
Suspicious use of FindShellTrayWindow 52 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\MantiWPF\MantiWPF.exe"C:\Users\Admin\AppData\Local\Temp\MantiWPF\MantiWPF.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff0fbfcc40,0x7fff0fbfcc4c,0x7fff0fbfcc582⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1848,i,6318924046300707152,10316027812718208973,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1844 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2116,i,6318924046300707152,10316027812718208973,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2124 /prefetch:32⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2212,i,6318924046300707152,10316027812718208973,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2220 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,6318924046300707152,10316027812718208973,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3232 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3184,i,6318924046300707152,10316027812718208973,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3304 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4436,i,6318924046300707152,10316027812718208973,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4424 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff0fdc3cb8,0x7fff0fdc3cc8,0x7fff0fdc3cd82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,2920398468325295028,9513641636606225439,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,2920398468325295028,9513641636606225439,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,2920398468325295028,9513641636606225439,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2524 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2920398468325295028,9513641636606225439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2920398468325295028,9513641636606225439,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2920398468325295028,9513641636606225439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2920398468325295028,9513641636606225439,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,2920398468325295028,9513641636606225439,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3344 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1928,2920398468325295028,9513641636606225439,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2920398468325295028,9513641636606225439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2920398468325295028,9513641636606225439,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2920398468325295028,9513641636606225439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2920398468325295028,9513641636606225439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2920398468325295028,9513641636606225439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2920398468325295028,9513641636606225439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2920398468325295028,9513641636606225439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2920398468325295028,9513641636606225439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1696 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,2920398468325295028,9513641636606225439,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3608 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2920398468325295028,9513641636606225439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2920398468325295028,9513641636606225439,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2920398468325295028,9513641636606225439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4536 /prefetch:12⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\DataExchangeHost.exeC:\Windows\System32\DataExchangeHost.exe -Embedding1⤵
-
C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
1KB
MD52cf2fda0726e6d89b69ea3f92951ee50
SHA1c95d93e4a60c1769a5d119b35fde7cf28e880397
SHA2563d4756d9a36cbf357778438aac63d92fedfcb7cf3f3b724897a0411b561ddc42
SHA5121fec65a9a9ac1ffd1cd649c23f85afd1fcb2a22d5699d236dc2043381fbe2768c05803d9fcf3f4fb13addab69bfc28d7ca05625f458ddf2ede8859bddd46196d
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending ReportsFilesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
356B
MD5fdc8e722c1121f43da77d31a354b90e0
SHA1167a3abd41e528038133233124668d6385b5c024
SHA2567c37840375050f4680ce0afb846c9ed3d0679bf647beddbd68efe7393b29da11
SHA5128d821dad764cd7e22c2a35c82d9e4cb071953c7278205f179aa9ab72669e3cf66efe8d4535cdbeb4c1689fc2827f0f0380522ee66f3fe0141fd177b5c2fc7035
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\bd3301aa-93d4-45fd-b3f1-cfb5b2b148b6.tmpFilesize
8KB
MD58d5b3e6695b57a927d33cb5e5fec7895
SHA1a64d175cbfab9743b225cb68159de5dbe38a5ee9
SHA2564d6cb2e39ccaad445dcbe758d022534241239b09b137a6b63eb5f020a600b4bf
SHA5129dc96d10c051079ba77ae39c58635b0e16af25fae705d79a88d4fc6bd2788cdde647c8993576b1148f55c604b2460231fc287fc6e329dc69795ad25120a6528e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
100KB
MD5ba60e8c6ddf61373f2fdf839815efdc0
SHA1d39f4b231044461c02fe58eef43f4b116b8a2b52
SHA256823f8abed32cc8bab8972d1f19160ba9db91b2fab25ad4dbed08a54538326151
SHA512ce113b97e2079e8a41a34cce430d91c2590034a38b5891ae26c83d9cd6825f604c4ec6f5d691d7d8865e6216255d896ad1c44507f495fa433a23f776880203ff
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD55578283903c07cc737a43625e2cbb093
SHA1f438ad2bef7125e928fcde43082a20457f5df159
SHA2567268c7d8375d50096fd5f773a0685ac724c6c2aece7dc273c7eb96b28e2935b2
SHA5123b29531c0bcc70bfc0b1af147fe64ce0a7c4d3cbadd2dbc58d8937a8291daae320206deb0eb2046c3ffad27e01af5aceca4708539389da102bff4680afaa1601
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD50487ced0fdfd8d7a8e717211fcd7d709
SHA1598605311b8ef24b0a2ba2ccfedeecabe7fec901
SHA25676693c580fd4aadce2419a1b80795bb4ff78d70c1fd4330e777e04159023f571
SHA51216e1c6e9373b6d5155310f64bb71979601852f18ee3081385c17ffb943ab078ce27cd665fb8d6f3bcc6b98c8325b33403571449fad044e22aa50a3bf52366993
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
144B
MD5ebd96ba6a62c655c42baaf7aec1869ec
SHA15bec3a29fd02376676268e14642ebdabf62d1e10
SHA25649a4ed35207079debe3f9f0ae6a6fc621bdf3bf03268b3b223e2fd93d58fab80
SHA512367c216ddbee0a22d044c42dbe9c0b766243e9cf7285de7a19209c6495e6d2a0bfecd8dd5501d35570e86346f5c1e9dfe36b5910811394702f14c02a4538f0b2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
696B
MD57fe6e7128976324d654ed8b636f95111
SHA15d2022f29a1260f029708317d51c818532b7efce
SHA2566cae8d895f14068523037ef2828a9e1160ad1445f97b63f41e47cbae183cdd21
SHA512e0da4a17433c4826da494fea667064b2f5e2edf7055e94c44ff7b3ef2cf735080d0e0dcd7f384079be152603ffe65aa1c0eb8be24bea65d7b7fd79f22b793f42
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
696B
MD5b0b43e8644014c820d28f16bdc8b68c8
SHA1f3dc483bd1842c4888842b12c8a65ad3ae35665e
SHA25631c62441d0146e4e04df858810f3b30630a9b10a0f5a714bf5eddd62cc084bea
SHA5126a4024db27d8910daf139d58981ec8112a33b6304dcb100517f0391dc1551ceeab3c3e301a0debe56da523380f8c6df5c2b7f58738f089328c3efac18f69631b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD599fbb61519dcf356e941a8fbf3e4a803
SHA126dcf6cf3d6639f3d75fd19b9b9d7e0e2bd89acb
SHA2566373f031322332c1ffefe82f52ef659e2fcb496ba275ce199b1f7ad7b548ca6b
SHA5126a5fa0d3661ba223e0a7d6df30c8466a06e74fa7dc35d974f49387ae4eee9d051fca924300a786f149c7c2f46431886b91281ed33efba285b6473d20b7b0162a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD56b30b7422c181d994b994f38e7bf6db2
SHA1d81f4c46c42598aed040d8d86f30898eb9eb69a1
SHA2565bbdfc3801455fa2bcbfea4365aeb0fd565d0ea35e380654ffe3f6952fbf2cdb
SHA51288dc6afdc7de343ae09107a783c30a38e6055a7c9701ffb09a4d6bda7d6e6ae1fdc12a09e70807d87e8db3784b91de770bf0556ae73231f092fe76103c92c9e2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5b6e4257bd51734be79719fc9e884a097
SHA1f584eaf4fb703de2f344cbc29b4d8b6dbe5245d9
SHA256967ec347477c7f533a6b440bed753f9d7a7bd8775a0e6969cbc2700cc01d82b6
SHA512392a469ea3f4febb10d860e6a1ddaed0c612584d439ee53533a74dfdf83a0e52866723a58bda31aee1e97b07197af2142baea41ff207051b2713a7a969f80fe8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD53a0629c49ab7f1e7059b9f48eecd66e9
SHA1d19f965bfbc7f7498b7d22c657513b4534b741c4
SHA256c68cf0ff53d461746705562bf7b5fc91e4c785a180fa923b08c040b2e2e06848
SHA5127c94afb5405be9e4f966e9a6d20bd3ebad405e4c99a977f7a37ee655c18539a0e830c7fa5c9ded7ebf19b297f376031c4fe0d52f509ca3f37e91e723a29e6cce
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
10KB
MD58bdc455826bdcd6af46529feb3c5314a
SHA100d27990f4517a48db9a7952602af531eff9686c
SHA256e7cb04ed95f44e7cd6cb00a320412440f2b4cb5de73e4f048788a8745629a1ac
SHA512acfaf6a25134109a7a42b206696f6adae04efcd76a3922a9545c144c777fbd0da1b041862c3f343ddd798510cc6667ad689d8782da0dfc2fd3c9ed4b700b4ad8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5a1ce99866662234981db9628519b729e
SHA1e83d4f09672cbaa4cb55c81df94a43f3b2ed53fd
SHA256b91b41fd7892cf962c4c9a2c0db78745ac057fe263a05637ff11c4892fdf2716
SHA512e8ee4f63f72d15f3d5f5250d4e1f19327f0628b79705d978fdf30c9876b66912a25a8cdb216f768fa375506c3c53429d3344037fab4aaac1c9550a34f01e59a5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5df5b070735a94c028820485b9609b306
SHA16008b3deb3787ca888552567ff77abcd63354666
SHA25656796c5362b50bef8e4d71e783b3960c6fcaabf9afd94b92c396036139449da0
SHA5127e50e5972838be09c60374eb9028b7d83bf3b9c14c917ac92aa8cfcb1f4d630b2523a416de7579cfcf58fcadc542cf3b87f140e99e21aa5b12a313ead559bdcb
-
C:\Users\Admin\AppData\Local\Temp\TCD1134.tmp\sist02.xslFilesize
245KB
MD5f883b260a8d67082ea895c14bf56dd56
SHA17954565c1f243d46ad3b1e2f1baf3281451fc14b
SHA256ef4835db41a485b56c2ef0ff7094bc2350460573a686182bc45fd6613480e353
SHA512d95924a499f32d9b4d9a7d298502181f9e9048c21dbe0496fa3c3279b263d6f7d594b859111a99b1a53bd248ee69b867d7b1768c42e1e40934e0b990f0ce051e
-
\??\pipe\crashpad_4104_EHBMUTYQKPGVOSWQMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/1724-0-0x00007FFF02183000-0x00007FFF02185000-memory.dmpFilesize
8KB
-
memory/1724-6-0x00007FFF02180000-0x00007FFF02C42000-memory.dmpFilesize
10.8MB
-
memory/1724-5-0x00000197C59A0000-0x00000197C5A52000-memory.dmpFilesize
712KB
-
memory/1724-4-0x00007FFF02180000-0x00007FFF02C42000-memory.dmpFilesize
10.8MB
-
memory/1724-3-0x00007FFF02180000-0x00007FFF02C42000-memory.dmpFilesize
10.8MB
-
memory/1724-7-0x00007FFF02180000-0x00007FFF02C42000-memory.dmpFilesize
10.8MB
-
memory/1724-1-0x00000197A9B10000-0x00000197AA13A000-memory.dmpFilesize
6.2MB
-
memory/1724-2-0x00000197C4690000-0x00000197C511E000-memory.dmpFilesize
10.6MB
-
memory/4084-304-0x00007FFEE4470000-0x00007FFEE4480000-memory.dmpFilesize
64KB
-
memory/4084-309-0x00007FFEE19F0000-0x00007FFEE1A00000-memory.dmpFilesize
64KB
-
memory/4084-310-0x00007FFEE19F0000-0x00007FFEE1A00000-memory.dmpFilesize
64KB
-
memory/4084-308-0x00007FFEE4470000-0x00007FFEE4480000-memory.dmpFilesize
64KB
-
memory/4084-307-0x00007FFEE4470000-0x00007FFEE4480000-memory.dmpFilesize
64KB
-
memory/4084-306-0x00007FFEE4470000-0x00007FFEE4480000-memory.dmpFilesize
64KB
-
memory/4084-305-0x00007FFEE4470000-0x00007FFEE4480000-memory.dmpFilesize
64KB