Overview
overview
3Static
static
3MantiWPF/MantiWPF.exe
windows11-21h2-x64
1MantiWPF/M...pet.js
windows11-21h2-x64
3MantiWPF/M...dm.dll
windows11-21h2-x64
1MantiWPF/b...sample
windows11-21h2-x64
3MantiWPF/b...sample
windows11-21h2-x64
3MantiWPF/b...sample
windows11-21h2-x64
3MantiWPF/b...sample
windows11-21h2-x64
3MantiWPF/b...sample
windows11-21h2-x64
3MantiWPF/b...sample
windows11-21h2-x64
3MantiWPF/b...sample
windows11-21h2-x64
3MantiWPF/b...sample
windows11-21h2-x64
3MantiWPF/b...sample
windows11-21h2-x64
3MantiWPF/b...sample
windows11-21h2-x64
3MantiWPF/b...sample
windows11-21h2-x64
3MantiWPF/b...sample
windows11-21h2-x64
3MantiWPF/b...dex.js
windows11-21h2-x64
3MantiWPF/b...dex.js
windows11-21h2-x64
3MantiWPF/b...nge.js
windows11-21h2-x64
3MantiWPF/b...ref.js
windows11-21h2-x64
3MantiWPF/b...ype.js
windows11-21h2-x64
3MantiWPF/b...dex.js
windows11-21h2-x64
3MantiWPF/b...ess.js
windows11-21h2-x64
3MantiWPF/b...ery.js
windows11-21h2-x64
3MantiWPF/b...nse.js
windows11-21h2-x64
3MantiWPF/b...yer.js
windows11-21h2-x64
3MantiWPF/b...dex.js
windows11-21h2-x64
3MantiWPF/w...p.html
windows11-21h2-x64
3MantiWPF/w...ary.js
windows11-21h2-x64
3MantiWPF/w...ler.js
windows11-21h2-x64
3MantiWPF/w...sha.js
windows11-21h2-x64
3MantiWPF/w...ipt.js
windows11-21h2-x64
3MantiWPF/w...sal.js
windows11-21h2-x64
3Analysis
-
max time kernel
145s -
max time network
153s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system -
submitted
05-10-2024 10:25
Static task
static1
Behavioral task
behavioral1
Sample
MantiWPF/MantiWPF.exe
Resource
win11-20240802-en
Behavioral task
behavioral2
Sample
MantiWPF/MantiWPF.exe.WebView2/EBWebView/Subresource Filter/Unindexed Rules/10.34.0.55/adblock_snippet.js
Resource
win11-20240802-en
Behavioral task
behavioral3
Sample
MantiWPF/MantiWPF.exe.WebView2/EBWebView/WidevineCdm/4.10.2830.1/_platform_specific/win_x64/widevinecdm.dll
Resource
win11-20240802-en
Behavioral task
behavioral4
Sample
MantiWPF/bin/Editor/.git/hooks/applypatch-msg.sample
Resource
win11-20240802-en
Behavioral task
behavioral5
Sample
MantiWPF/bin/Editor/.git/hooks/commit-msg.sample
Resource
win11-20240802-en
Behavioral task
behavioral6
Sample
MantiWPF/bin/Editor/.git/hooks/fsmonitor-watchman.sample
Resource
win11-20240802-en
Behavioral task
behavioral7
Sample
MantiWPF/bin/Editor/.git/hooks/post-update.sample
Resource
win11-20240802-en
Behavioral task
behavioral8
Sample
MantiWPF/bin/Editor/.git/hooks/pre-applypatch.sample
Resource
win11-20240802-en
Behavioral task
behavioral9
Sample
MantiWPF/bin/Editor/.git/hooks/pre-commit.sample
Resource
win11-20240802-en
Behavioral task
behavioral10
Sample
MantiWPF/bin/Editor/.git/hooks/pre-merge-commit.sample
Resource
win11-20240802-en
Behavioral task
behavioral11
Sample
MantiWPF/bin/Editor/.git/hooks/pre-push.sample
Resource
win11-20240802-en
Behavioral task
behavioral12
Sample
MantiWPF/bin/Editor/.git/hooks/pre-rebase.sample
Resource
win11-20240802-en
Behavioral task
behavioral13
Sample
MantiWPF/bin/Editor/.git/hooks/pre-receive.sample
Resource
win11-20240802-en
Behavioral task
behavioral14
Sample
MantiWPF/bin/Editor/.git/hooks/prepare-commit-msg.sample
Resource
win11-20240802-en
Behavioral task
behavioral15
Sample
MantiWPF/bin/Editor/.git/hooks/update.sample
Resource
win11-20240802-en
Behavioral task
behavioral16
Sample
MantiWPF/bin/Editor/fileaccess/index.js
Resource
win11-20240802-en
Behavioral task
behavioral17
Sample
MantiWPF/bin/Editor/fileaccess/node_modules/accepts/index.js
Resource
win11-20240802-en
Behavioral task
behavioral18
Sample
MantiWPF/bin/Editor/fileaccess/node_modules/es-errors/range.js
Resource
win11-20240802-en
Behavioral task
behavioral19
Sample
MantiWPF/bin/Editor/fileaccess/node_modules/es-errors/ref.js
Resource
win11-20240802-en
Behavioral task
behavioral20
Sample
MantiWPF/bin/Editor/fileaccess/node_modules/es-errors/type.js
Resource
win11-20240802-en
Behavioral task
behavioral21
Sample
MantiWPF/bin/Editor/fileaccess/node_modules/escape-html/index.js
Resource
win11-20240802-en
Behavioral task
behavioral22
Sample
MantiWPF/bin/Editor/fileaccess/node_modules/express/lib/express.js
Resource
win11-20240802-en
Behavioral task
behavioral23
Sample
MantiWPF/bin/Editor/fileaccess/node_modules/express/lib/middleware/query.js
Resource
win11-20240802-en
Behavioral task
behavioral24
Sample
MantiWPF/bin/Editor/fileaccess/node_modules/express/lib/response.js
Resource
win11-20240802-en
Behavioral task
behavioral25
Sample
MantiWPF/bin/Editor/fileaccess/node_modules/express/lib/router/layer.js
Resource
win11-20240802-en
Behavioral task
behavioral26
Sample
MantiWPF/bin/Editor/fileaccess/node_modules/negotiator/index.js
Resource
win11-20240802-en
Behavioral task
behavioral27
Sample
MantiWPF/workspace/Sirius/Assets/startup.html
Resource
win11-20240802-en
Behavioral task
behavioral28
Sample
MantiWPF/workspace/vape/GuiLibrary.js
Resource
win11-20240802-en
Behavioral task
behavioral29
Sample
MantiWPF/workspace/vape/Libraries/entityHandler.js
Resource
win11-20240802-en
Behavioral task
behavioral30
Sample
MantiWPF/workspace/vape/Libraries/sha.js
Resource
win11-20240802-en
Behavioral task
behavioral31
Sample
MantiWPF/workspace/vape/MainScript.js
Resource
win11-20240802-en
Behavioral task
behavioral32
Sample
MantiWPF/workspace/vape/Universal.js
Resource
win11-20240802-en
General
-
Target
MantiWPF/workspace/Sirius/Assets/startup.html
-
Size
2KB
-
MD5
76abec15c05d3648314753229c3711ec
-
SHA1
ff5aeea2f61ba8333120d918ab0789488dd6d3f9
-
SHA256
fc035c892d7d627438d28387d22ac26f3e3ebb4933a935f3ebec506bee9a3c18
-
SHA512
85a5a8bd02fc294f6bb4a0118be3c90f5d0d74e461e199ef3afb1aca9462015c2fb0c073f330514a298848c59d2fd7a83c8eac49c664790481ddfb4b30e266bd
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exepid process 3396 msedge.exe 3396 msedge.exe 4396 msedge.exe 4396 msedge.exe 2152 identity_helper.exe 2152 identity_helper.exe 708 msedge.exe 708 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
msedge.exepid process 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
Processes:
msedge.exepid process 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 4396 wrote to memory of 1992 4396 msedge.exe msedge.exe PID 4396 wrote to memory of 1992 4396 msedge.exe msedge.exe PID 4396 wrote to memory of 4900 4396 msedge.exe msedge.exe PID 4396 wrote to memory of 4900 4396 msedge.exe msedge.exe PID 4396 wrote to memory of 4900 4396 msedge.exe msedge.exe PID 4396 wrote to memory of 4900 4396 msedge.exe msedge.exe PID 4396 wrote to memory of 4900 4396 msedge.exe msedge.exe PID 4396 wrote to memory of 4900 4396 msedge.exe msedge.exe PID 4396 wrote to memory of 4900 4396 msedge.exe msedge.exe PID 4396 wrote to memory of 4900 4396 msedge.exe msedge.exe PID 4396 wrote to memory of 4900 4396 msedge.exe msedge.exe PID 4396 wrote to memory of 4900 4396 msedge.exe msedge.exe PID 4396 wrote to memory of 4900 4396 msedge.exe msedge.exe PID 4396 wrote to memory of 4900 4396 msedge.exe msedge.exe PID 4396 wrote to memory of 4900 4396 msedge.exe msedge.exe PID 4396 wrote to memory of 4900 4396 msedge.exe msedge.exe PID 4396 wrote to memory of 4900 4396 msedge.exe msedge.exe PID 4396 wrote to memory of 4900 4396 msedge.exe msedge.exe PID 4396 wrote to memory of 4900 4396 msedge.exe msedge.exe PID 4396 wrote to memory of 4900 4396 msedge.exe msedge.exe PID 4396 wrote to memory of 4900 4396 msedge.exe msedge.exe PID 4396 wrote to memory of 4900 4396 msedge.exe msedge.exe PID 4396 wrote to memory of 4900 4396 msedge.exe msedge.exe PID 4396 wrote to memory of 4900 4396 msedge.exe msedge.exe PID 4396 wrote to memory of 4900 4396 msedge.exe msedge.exe PID 4396 wrote to memory of 4900 4396 msedge.exe msedge.exe PID 4396 wrote to memory of 4900 4396 msedge.exe msedge.exe PID 4396 wrote to memory of 4900 4396 msedge.exe msedge.exe PID 4396 wrote to memory of 4900 4396 msedge.exe msedge.exe PID 4396 wrote to memory of 4900 4396 msedge.exe msedge.exe PID 4396 wrote to memory of 4900 4396 msedge.exe msedge.exe PID 4396 wrote to memory of 4900 4396 msedge.exe msedge.exe PID 4396 wrote to memory of 4900 4396 msedge.exe msedge.exe PID 4396 wrote to memory of 4900 4396 msedge.exe msedge.exe PID 4396 wrote to memory of 4900 4396 msedge.exe msedge.exe PID 4396 wrote to memory of 4900 4396 msedge.exe msedge.exe PID 4396 wrote to memory of 4900 4396 msedge.exe msedge.exe PID 4396 wrote to memory of 4900 4396 msedge.exe msedge.exe PID 4396 wrote to memory of 4900 4396 msedge.exe msedge.exe PID 4396 wrote to memory of 4900 4396 msedge.exe msedge.exe PID 4396 wrote to memory of 4900 4396 msedge.exe msedge.exe PID 4396 wrote to memory of 4900 4396 msedge.exe msedge.exe PID 4396 wrote to memory of 3396 4396 msedge.exe msedge.exe PID 4396 wrote to memory of 3396 4396 msedge.exe msedge.exe PID 4396 wrote to memory of 2376 4396 msedge.exe msedge.exe PID 4396 wrote to memory of 2376 4396 msedge.exe msedge.exe PID 4396 wrote to memory of 2376 4396 msedge.exe msedge.exe PID 4396 wrote to memory of 2376 4396 msedge.exe msedge.exe PID 4396 wrote to memory of 2376 4396 msedge.exe msedge.exe PID 4396 wrote to memory of 2376 4396 msedge.exe msedge.exe PID 4396 wrote to memory of 2376 4396 msedge.exe msedge.exe PID 4396 wrote to memory of 2376 4396 msedge.exe msedge.exe PID 4396 wrote to memory of 2376 4396 msedge.exe msedge.exe PID 4396 wrote to memory of 2376 4396 msedge.exe msedge.exe PID 4396 wrote to memory of 2376 4396 msedge.exe msedge.exe PID 4396 wrote to memory of 2376 4396 msedge.exe msedge.exe PID 4396 wrote to memory of 2376 4396 msedge.exe msedge.exe PID 4396 wrote to memory of 2376 4396 msedge.exe msedge.exe PID 4396 wrote to memory of 2376 4396 msedge.exe msedge.exe PID 4396 wrote to memory of 2376 4396 msedge.exe msedge.exe PID 4396 wrote to memory of 2376 4396 msedge.exe msedge.exe PID 4396 wrote to memory of 2376 4396 msedge.exe msedge.exe PID 4396 wrote to memory of 2376 4396 msedge.exe msedge.exe PID 4396 wrote to memory of 2376 4396 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\MantiWPF\workspace\Sirius\Assets\startup.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4396 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe15373cb8,0x7ffe15373cc8,0x7ffe15373cd82⤵PID:1992
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,13556386657494825557,16327471983177251975,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:22⤵PID:4900
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,13556386657494825557,16327471983177251975,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3396 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,13556386657494825557,16327471983177251975,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:82⤵PID:2376
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,13556386657494825557,16327471983177251975,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3132 /prefetch:12⤵PID:3480
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,13556386657494825557,16327471983177251975,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:12⤵PID:3124
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,13556386657494825557,16327471983177251975,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3964 /prefetch:12⤵PID:392
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,13556386657494825557,16327471983177251975,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:12⤵PID:3692
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,13556386657494825557,16327471983177251975,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2152 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,13556386657494825557,16327471983177251975,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:12⤵PID:3740
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,13556386657494825557,16327471983177251975,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:12⤵PID:4680
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,13556386657494825557,16327471983177251975,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4020 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:708 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,13556386657494825557,16327471983177251975,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4656 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1428
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1944
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4952
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5a8276eab0f8f0c0bb325b5b8c329f64f
SHA18ce681e4056936ca8ccd6f487e7cd7cccbae538b
SHA256847f60e288d327496b72dbe1e7aa1470a99bf27c0a07548b6a386a6188cd72da
SHA51242f91bf90e92220d0731fa4279cc5773d5e9057a9587f311bee0b3f7f266ddceca367bd0ee7f1438c3606598553a2372316258c05e506315e4e11760c8f13918
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5058032c530b52781582253cb245aa731
SHA17ca26280e1bfefe40e53e64345a0d795b5303fab
SHA2561c3a7192c514ef0d2a8cf9115cfb44137ca98ec6daa4f68595e2be695c7ed67e
SHA51277fa3cdcd53255e7213bb99980049e11d6a2160f8130c84bd16b35ba9e821a4e51716371526ec799a5b4927234af99e0958283d78c0799777ab4dfda031f874f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD57833075e1bbfd16f50d850e6446af1c1
SHA150041a55fed6388315e50b86f652f5bf6a01a0c8
SHA2564ca4a4fff3dda49734d84ae81853c95720177f2a733af75f4274e3ca49de6411
SHA5125a672e378ed4dd8fec590ae12af587636136e98048285ef49f07938f187a7761dd8931bb1ff2aa010646d44e4ed08c4a9b22bd0a41bd488dab2b3626bdd0843f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD518b95f713038dd6b1d1d3411944de5c4
SHA15c2900e01bb2857e32e13af02115711c79c49579
SHA256cbc5e61c95b9a8551066ba6e5012844e21a11f2ccfbc227f292b9a27196aa4d0
SHA5127b7be42f36dee46942d2b61d1e2451ec179340e3e6c9a68fec6982555816cfad831fe6edd996720aaf74821b8322661397c844bb2f4c1f25e060b8017f503d10
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
10KB
MD5b17285b509524a3f59793979b7d640f2
SHA1e1b2ec7ac51efb6fc98458be41f5b577e341488c
SHA256dd5bcc9972a61ee84117baee181c19202f42ee480b0cecd38c7e112b9132f869
SHA51234c995bc317a5ef833b0c2c554868c9a46e51c89d660ec15b39e1333496f2a4df07623e06c67c01aefd604431292e25c0a71849cc740b83d57bc0e8a85ff3740
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
10KB
MD5632965a1061838ea7acdda1bd01f2cf0
SHA14569e8a06102d06e960564fda830faccf13f39cc
SHA2563d9a6f2724910f90409be9d8b4cee831e1d044d8bc98e67f6bc25df91e8fedeb
SHA5120d5a7fd9ed7217f25093b4fef0fb39ed1abfa335bca1e28188873965feec0a6b16be6e4784992415209212e63d14807939f16ee3fa7ecdf175ab53b61eab13be
-
\??\pipe\LOCAL\crashpad_4396_TPGSKQAVJIQLRDMZMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e