Resubmissions
07-07-2023 19:28
230707-x6vx7aah77 1009-05-2023 07:16
230509-h34zcsgf4w 827-03-2023 11:00
230327-m3yjssdb46 1025-03-2023 07:43
230325-jkn1vsdh4z 825-02-2023 11:28
230225-nldnqsda92 1025-02-2023 11:28
230225-nk69nada89 125-02-2023 11:24
230225-nh4qrada83 1015-01-2023 04:46
230115-fd3c5aab55 1006-12-2022 18:59
221206-xm59taea79 10Analysis
-
max time kernel
1800s -
max time network
1224s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-de -
resource tags
-
submitted
25-03-2023 07:43
General
-
Target
fucker script.exe
-
Size
104KB
-
MD5
db0655efbe0dbdef1df06207f5cb5b5b
-
SHA1
a8d48d5c0042ce359178d018c0873e8a7c2f27e8
-
SHA256
52972a23ab12b95cd51d71741db2cf276749e56030c092e2e4f0907dcb1fbd56
-
SHA512
5adc8463c3e148a66f8afdeefc31f2b3ffeb12b7641584d1d24306b0898da60a8b9b948bb4f9b7d693185f2daa9bd9437b3b84cebc0eabfa84dfcef6938e1704
-
SSDEEP
1536:m5iT3FccnYWkyjWpOku3yUyJCbyVAvy7+fRo:3LOcxkyjW3wvHq
Malware Config
Signatures
-
Modifies Installed Components in the registry 2 TTPs 2 IoCs
-
Executes dropped EXE 2 IoCs
-
Modifies system executable filetype association 2 TTPs 24 IoCs
-
Registers COM server for autorun 1 TTPs 64 IoCs
-
Enumerates connected drives 3 TTPs 2 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Detected potential entity reuse from brand microsoft.
-
Drops file in System32 directory 16 IoCs
-
Drops file in Program Files directory 2 IoCs
-
Drops file in Windows directory 6 IoCs
-
Program crash 18 IoCs
-
Checks SCSI registry key(s) 3 TTPs 64 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Checks processor information in registry 2 TTPs 64 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 64 IoCs
-
Modifies Internet Explorer settings 1 TTPs 32 IoCs
-
Modifies data under HKEY_USERS 64 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious behavior: AddClipboardFormatListener 5 IoCs
-
Suspicious behavior: EnumeratesProcesses 58 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 3 IoCs
-
Suspicious behavior: LoadsDriver 64 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\fucker script.exe"C:\Users\Admin\AppData\Local\Temp\fucker script.exe"1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20449041⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xb0,0xfc,0x100,0xf8,0x104,0x7ffb6be446f8,0x7ffb6be44708,0x7ffb6be447182⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 4664 -s 19723⤵
- Program crash
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --lang=de --service-sandbox-type=utility --mojo-platform-channel-handle=2616 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3820 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4356 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --lang=de --service-sandbox-type=collections --mojo-platform-channel-handle=3844 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6648 /prefetch:12⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6836 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --lang=de --service-sandbox-type=video_capture --mojo-platform-channel-handle=7028 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --lang=de --service-sandbox-type=audio --mojo-platform-channel-handle=7052 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4456 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4400 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4152 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4048 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7644 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6948 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4432 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4484 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7336 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=printing.mojom.PrintCompositor --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --lang=de --service-sandbox-type=print_compositor --mojo-platform-channel-handle=3520 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9080 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9556 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9568 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8004 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9692 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7036 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3940 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9060 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3868 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7768 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7332 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7300 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9424 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6396 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9296 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3928 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10040 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9960 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9988 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9848 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10028 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9996 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9168 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9172 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings2⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x238,0x23c,0x240,0x214,0x244,0x7ff66ca55460,0x7ff66ca55470,0x7ff66ca554803⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=8540 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=8540 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12160 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12436 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12660 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4532 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7484 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14616 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14792 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14760 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14820 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14824 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14848 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14872 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14896 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14984 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14900 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15032 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12144 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14936 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15008 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14888 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11540 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15844488714384588632,16610762651440012043,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11636 /prefetch:12⤵
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"1⤵
- Modifies system executable filetype association
- Registers COM server for autorun
- Checks processor information in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" /update /restart2⤵
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exeC:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe /update /restart /peruser /childprocess /extractFilesWithLessThreadCount /renameReplaceOneDriveExe /renameReplaceODSUExe /removeNonCurrentVersions /enableODSUReportingMode3⤵
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447781⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb6be446f8,0x7ffb6be44708,0x7ffb6be447182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,2876735906954912235,9085557417273125229,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:32⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,2876735906954912235,9085557417273125229,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:22⤵
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\werfault.exewerfault.exe /h /shared Global\8a3517d5e89f49899f9775b6782e00c6 /t 3176 /p 31721⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20449042⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb6be446f8,0x7ffb6be44708,0x7ffb6be447181⤵
-
C:\Windows\system32\werfault.exewerfault.exe /h /shared Global\8dbebf5bcb2f4cc9baa68e859e216d12 /t 4980 /p 34641⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"2⤵
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447862⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb6be446f8,0x7ffb6be44708,0x7ffb6be447183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447782⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb6be446f8,0x7ffb6be44708,0x7ffb6be447183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447782⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x78,0x108,0x7ffb6be446f8,0x7ffb6be44708,0x7ffb6be447183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447782⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb6be446f8,0x7ffb6be44708,0x7ffb6be447183⤵
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
- Modifies system executable filetype association
- Registers COM server for autorun
- Checks processor information in registry
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447822⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0x90,0x10c,0x7ffb6be446f8,0x7ffb6be44708,0x7ffb6be447183⤵
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
- Modifies system executable filetype association
- Registers COM server for autorun
- Checks processor information in registry
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447862⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb6be446f8,0x7ffb6be44708,0x7ffb6be447183⤵
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447862⤵
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"2⤵
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447822⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb6be446f8,0x7ffb6be44708,0x7ffb6be447183⤵
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20449042⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb6be446f8,0x7ffb6be44708,0x7ffb6be447183⤵
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447862⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffb6be446f8,0x7ffb6be44708,0x7ffb6be447183⤵
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447862⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb6be446f8,0x7ffb6be44708,0x7ffb6be447183⤵
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"2⤵
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20449042⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb6be446f8,0x7ffb6be44708,0x7ffb6be447183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447862⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb6be446f8,0x7ffb6be44708,0x7ffb6be447183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447862⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb6be446f8,0x7ffb6be44708,0x7ffb6be447183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447822⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447822⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0x9c,0x104,0x7ffb6be446f8,0x7ffb6be44708,0x7ffb6be447183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447862⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb6be446f8,0x7ffb6be44708,0x7ffb6be447183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20449042⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb6be446f8,0x7ffb6be44708,0x7ffb6be447183⤵
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20449042⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb6be446f8,0x7ffb6be44708,0x7ffb6be447183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447782⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xb0,0x104,0x7ffb6be446f8,0x7ffb6be44708,0x7ffb6be447183⤵
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447862⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb6be446f8,0x7ffb6be44708,0x7ffb6be447183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20449042⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb6be446f8,0x7ffb6be44708,0x7ffb6be447183⤵
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵
-
C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE"C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE" /recycle2⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447862⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb6be446f8,0x7ffb6be44708,0x7ffb6be447183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447782⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb6be446f8,0x7ffb6be44708,0x7ffb6be447183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20449042⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb6be446f8,0x7ffb6be44708,0x7ffb6be447183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447782⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb6be446f8,0x7ffb6be44708,0x7ffb6be447183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447862⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd4,0x108,0x7ffb6be446f8,0x7ffb6be44708,0x7ffb6be447183⤵
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447782⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb6be446f8,0x7ffb6be44708,0x7ffb6be447183⤵
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447782⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb6be446f8,0x7ffb6be44708,0x7ffb6be447183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447822⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb6be446f8,0x7ffb6be44708,0x7ffb6be447183⤵
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20449042⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447782⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xd4,0x110,0x7ffb6be446f8,0x7ffb6be44708,0x7ffb6be447183⤵
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447782⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb6be446f8,0x7ffb6be44708,0x7ffb6be447183⤵
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20449042⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb6be446f8,0x7ffb6be44708,0x7ffb6be447183⤵
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20449042⤵
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"2⤵
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
- Modifies system executable filetype association
- Registers COM server for autorun
- Checks processor information in registry
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"2⤵
-
C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE"C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE" /recycle2⤵
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"2⤵
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
-
C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE"C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE" /recycle2⤵
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"2⤵
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵
-
C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE"C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE" /recycle2⤵
-
C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE"C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE" /recycle2⤵
-
C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE"C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE" /recycle2⤵
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
-
C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE"C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE" /recycle2⤵
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"2⤵
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵
-
C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE"C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE" /recycle2⤵
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"2⤵
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵
-
C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE"C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE" /recycle2⤵
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵
-
C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE"C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE" /recycle2⤵
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"2⤵
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵
-
C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE"C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE" /recycle2⤵
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"2⤵
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
-
C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE"C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE" /recycle2⤵
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
-
C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE"C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE" /recycle2⤵
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 5828 -s 198162⤵
- Program crash
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
-
C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe"C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe" -ServerName:microsoft.onenoteim.AppXxqb9ypsz6cs1w07e1pmjy4ww4dy9tpqr.mca1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 6248 -s 37522⤵
- Program crash
-
C:\Windows\system32\wwahost.exe"C:\Windows\system32\wwahost.exe" -ServerName:Microsoft.MicrosoftOfficeHub.wwa1⤵
-
C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\LocalBridge.exe"C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\LocalBridge.exe" /InvokerPRAID: Microsoft.MicrosoftOfficeHub prelaunch1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 452 -p 6248 -ip 62481⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\system32\werfault.exewerfault.exe /hc /shared Global\b3b5abebd48e485f84af1bb440004cb1 /t 5148 /p 62481⤵
-
C:\Windows\system32\werfault.exewerfault.exe /h /shared Global\50ee0c8ed5e74ecc8d97f61b32e8b962 /t 1860 /p 58281⤵
-
C:\Windows\system32\werfault.exewerfault.exe /hc /shared Global\1e61364e0e0f47eb81af52c98d8fbd3f /t 7472 /p 69881⤵
-
C:\Windows\system32\wwahost.exe"C:\Windows\system32\wwahost.exe" -ServerName:Microsoft.MicrosoftOfficeHub.wwa1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb6be446f8,0x7ffb6be44708,0x7ffb6be447181⤵
-
C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe"C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe" -ServerName:microsoft.onenoteim.AppXxqb9ypsz6cs1w07e1pmjy4ww4dy9tpqr.mca1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 7792 -s 33202⤵
- Program crash
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 948 -p 7792 -ip 77921⤵
-
C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe"C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe" -ServerName:microsoft.onenoteim.AppXxqb9ypsz6cs1w07e1pmjy4ww4dy9tpqr.mca1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 7380 -s 32762⤵
- Program crash
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 940 -p 7380 -ip 73801⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb6be446f8,0x7ffb6be44708,0x7ffb6be447181⤵
-
C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe"C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe" -ServerName:microsoft.onenoteim.AppXxqb9ypsz6cs1w07e1pmjy4ww4dy9tpqr.mca1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 5976 -s 32882⤵
- Program crash
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 1016 -p 5976 -ip 59761⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 8688 -s 20282⤵
- Program crash
-
C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe"C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe" -ServerName:microsoft.onenoteim.AppXxqb9ypsz6cs1w07e1pmjy4ww4dy9tpqr.mca1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 9024 -s 30802⤵
- Program crash
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 540 -p 9024 -ip 90241⤵
-
C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe"C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe" -ServerName:microsoft.onenoteim.AppXxqb9ypsz6cs1w07e1pmjy4ww4dy9tpqr.mca1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0x9c,0x104,0x7ffb6be446f8,0x7ffb6be44708,0x7ffb6be447181⤵
-
C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe"C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe" -ServerName:microsoft.onenoteim.AppXxqb9ypsz6cs1w07e1pmjy4ww4dy9tpqr.mca1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 11000 -s 33282⤵
- Program crash
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 828 -p 11000 -ip 110001⤵
-
C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe"C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe" -ServerName:microsoft.onenoteim.AppXxqb9ypsz6cs1w07e1pmjy4ww4dy9tpqr.mca1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 11248 -s 33922⤵
- Program crash
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 828 -p 11248 -ip 112481⤵
-
C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe"C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe" -ServerName:microsoft.onenoteim.AppXxqb9ypsz6cs1w07e1pmjy4ww4dy9tpqr.mca1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 936 -p 4664 -ip 46641⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 720 -p 6492 -ip 64921⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 464 -p 1004 -ip 10041⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 6492 -s 26361⤵
- Program crash
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1004 -s 56361⤵
- Program crash
-
C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe"C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe" -ServerName:microsoft.onenoteim.AppXxqb9ypsz6cs1w07e1pmjy4ww4dy9tpqr.mca1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 6724 -s 30802⤵
- Program crash
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 832 -p 6724 -ip 67241⤵
-
C:\Windows\system32\dwm.exe"dwm.exe"1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 11012 -s 58842⤵
- Program crash
-
C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe"C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe" -ServerName:microsoft.onenoteim.AppXxqb9ypsz6cs1w07e1pmjy4ww4dy9tpqr.mca1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 768 -p 6048 -ip 60481⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 6048 -s 15721⤵
- Program crash
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 804 -p 6048 -ip 60481⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 6048 -s 15721⤵
- Program crash
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 748 -p 8688 -ip 86881⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 10356 -s 40002⤵
- Program crash
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 836 -p 10356 -ip 103561⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s seclogon1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 904 -p 11012 -ip 110121⤵
-
C:\Windows\system32\dwm.exe"dwm.exe"1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 9608 -s 36482⤵
- Program crash
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 592 -p 9608 -ip 96081⤵
-
C:\Windows\system32\dwm.exe"dwm.exe"1⤵
-
C:\Windows\system32\dwm.exe"dwm.exe"1⤵
-
C:\Windows\system32\dwm.exe"dwm.exe"1⤵
-
C:\Windows\system32\dwm.exe"dwm.exe"1⤵
-
C:\Windows\system32\dwm.exe"dwm.exe"1⤵
-
C:\Windows\system32\dwm.exe"dwm.exe"1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4a0 0x2b41⤵
-
C:\Windows\system32\sihost.exesihost.exe1⤵
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
-
C:\Windows\system32\sihost.exesihost.exe1⤵
-
C:\Windows\system32\sihost.exesihost.exe1⤵
-
C:\Windows\system32\sihost.exesihost.exe1⤵
-
C:\Windows\system32\sihost.exesihost.exe1⤵
-
C:\Windows\system32\sihost.exesihost.exe1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 840 -p 5828 -ip 58281⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc1⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000f4 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000108 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000e8 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000d0 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000b8 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000128 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000009c 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000e4 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000b8 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000d0 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000110 000000841⤵
- Modifies system executable filetype association
- Registers COM server for autorun
- Checks processor information in registry
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000e4 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000114 000000841⤵
-
C:\Windows\system32\wbem\WMIADAP.EXEwmiadap.exe /R /T1⤵
- Drops file in System32 directory
- Drops file in Windows directory
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000009c 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000120 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000110 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000fc 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000f8 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000104 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000108 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000108 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000108 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000108 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000c8 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000012c 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000128 000000841⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000100 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000fc 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000108 000000841⤵
- Modifies system executable filetype association
- Registers COM server for autorun
- Checks processor information in registry
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000120 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000108 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000128 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000120 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000012c 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000100 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000108 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000012c 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000120 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000100 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000120 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000110 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000080 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000e4 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000110 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000080 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000e8 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000d0 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000dc 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000100 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000d0 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000e4 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000d0 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000e8 000000841⤵
- Modifies system executable filetype association
- Registers COM server for autorun
- Checks processor information in registry
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000100 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000080 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000fc 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000c8 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000108 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000d0 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000100 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000d0 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000012c 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000128 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000144 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000110 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000e8 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000e8 000000841⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000110 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000010c 000000841⤵
- Modifies system executable filetype association
- Registers COM server for autorun
- Checks processor information in registry
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000010c 000000841⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000144 000000841⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000b8 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000108 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000010c 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000e8 000000841⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000128 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000120 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000d0 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000d0 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000b8 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000100 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000fc 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000012c 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000011c 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000110 000000841⤵
- Modifies system executable filetype association
- Registers COM server for autorun
- Checks processor information in registry
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000130 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000010c 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000108 000000841⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000d0 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000120 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000fc 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000110 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000d0 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000104 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000110 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000b8 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000080 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000d0 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000b8 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000080 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000b8 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000128 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000b8 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000010c 000000841⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000010c 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000dc 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000010c 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000011c 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000110 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000e0 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000f0 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000fc 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000154 000000841⤵
- Modifies system executable filetype association
- Registers COM server for autorun
- Checks processor information in registry
- Modifies Internet Explorer settings
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000130 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000128 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000168 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000170 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000f0 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000160 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000134 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000140 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000013c 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000011c 000000841⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000164 000000841⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000013c 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000134 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000f0 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000158 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000144 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000134 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000e8 000000841⤵
- Modifies system executable filetype association
- Registers COM server for autorun
- Checks processor information in registry
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000118 000000841⤵
- Modifies system executable filetype association
- Registers COM server for autorun
- Checks processor information in registry
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000015c 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000e0 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000164 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000010c 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000144 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000e4 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000134 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000128 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000124 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000108 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000b8 000000841⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000c8 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000108 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000e4 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000154 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000019c 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000104 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000100 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000160 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000f4 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000e0 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000b8 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000184 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000110 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000b8 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000160 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000e4 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000f8 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000164 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000f8 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000118 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000b8 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000013c 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000c8 000000841⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177Filesize
471B
MD54f8e212f4aa2ff84660468b2b2225c2c
SHA1566c7caa953a4ecb629fe749556a563797316741
SHA2563f1439ed21c98735968c9a4b7c9786c79419e9498173bc0b1c3ac29674c942c6
SHA512239e2362499adcc25a9472b6c394e02f85963b388d1c8d8d61c11e74f9771475958e71c65479ecdbfab54af5654c474c766f54c0fb4996be78de6b0c6f75f56a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_C5130A0BDC8C859A2757D77746C10868Filesize
471B
MD540d9ae689debd9c9a702040ef0232793
SHA11b434f3c2f5d8daefd6cf04dfb201a939f100e62
SHA25647a3eebcacdf6f2d2690e9c63aec83562f27c6408c20429ba82f7a056ff4151e
SHA5129f38e4034a5563c9e3ffae41a5b2c855227451ef847323e26bab231561776aeb9d84ea9b1ae417d51380f1a6547415d203ebb852573ae442d126bf585510ded8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53Filesize
471B
MD51595fe35b2947cb664071b8be82e2b99
SHA1006ea74b216fd4f58ff9fa8ec3e5a9b2203f78bd
SHA25650d902a7669b7fc41e583bcb19e4b10bc868fb7ab010d54cb44110bf83888d55
SHA5123b448e221cf9180f95765e13b55ada76181ae0f395bb4de8173dae43ee6b9e2054abc1a751f535f7c0fc0aa7fbee9d831cd9a7a9a4356aac843e3e5b6345fbdc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177Filesize
412B
MD588e2792347597c97845bb83db1d71420
SHA146ecead35744de7e392f74727ff655a6d972e42c
SHA2563d5a3e578f15849dca073dabc77e8b4195b0849d994266bf40d62d5850356961
SHA5124811849486776fafaa97fe783a2f03ba0be6cc812eb44d74d03a8b5e77f93938b0a10e2764700f4763c58ce1e2add523dabdd273fa15dec8659c3b96694181f7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_C5130A0BDC8C859A2757D77746C10868Filesize
412B
MD51c0654ae79a209302bd9df54a3acbac0
SHA15848ac3002ca0bdb84bed69b876f4b27f9cf13c6
SHA25695982ffea3ed2fd2e9f780a3f890a611392c5dc163f22f4808a16f1b65b21d53
SHA512703d7bcc6d237ac12646cb8ab23ec2a89f54e329ae4300b8f6dd899e34d79611cb0b85f86fd4ca4922ceeccf35dc2120dea1343a8aa0dc7022c6ac69edcdd97a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53Filesize
442B
MD57a2f8a4b3350d93329d4bf2141680aa9
SHA142d030492f77a8020be1bb68cb84cc4549944072
SHA2563eddc35206fb197f39c28930463a9de3f995a9ad138b1047c71517f1a42009d6
SHA5124765c0add3abbd0a30861e169141fdbbd5630cfc9134596f3c09182b56510c3bf36fd9644be1dd806f615beb1a16265a9d5267950605317a4c07bace331502b4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5cd4f5fe0fc0ab6b6df866b9bfb9dd762
SHA1a6aaed363cd5a7b6910e9b3296c0093b0ac94759
SHA2563b803b53dbd3d592848fc66e5715f39f6bc02cbc95fb2452cd5822d98c6b8f81
SHA5127072630ec28cf6a8d5b072555234b5150c1e952138e5cdc29435a6242fda4b4217b81fb57acae927d2b908fa06f36414cb3fab35110d63107141263e3bba9676
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5cd4f5fe0fc0ab6b6df866b9bfb9dd762
SHA1a6aaed363cd5a7b6910e9b3296c0093b0ac94759
SHA2563b803b53dbd3d592848fc66e5715f39f6bc02cbc95fb2452cd5822d98c6b8f81
SHA5127072630ec28cf6a8d5b072555234b5150c1e952138e5cdc29435a6242fda4b4217b81fb57acae927d2b908fa06f36414cb3fab35110d63107141263e3bba9676
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5cd4f5fe0fc0ab6b6df866b9bfb9dd762
SHA1a6aaed363cd5a7b6910e9b3296c0093b0ac94759
SHA2563b803b53dbd3d592848fc66e5715f39f6bc02cbc95fb2452cd5822d98c6b8f81
SHA5127072630ec28cf6a8d5b072555234b5150c1e952138e5cdc29435a6242fda4b4217b81fb57acae927d2b908fa06f36414cb3fab35110d63107141263e3bba9676
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD51d40312629d09d2420e992fdb8a78c1c
SHA1903950d5ba9d64ec21c9f51264272ca8dfae9540
SHA2561e7c6aa575c3ec46cd1fdf6df51063113d277012ed28f5f6b37aea95cd3a64ac
SHA512a7073247ae95e451ed32ceeae91c6638192c15eaad718875c1272eff51c0564016d9f84690543f27df509a7d579de329d101fbf82fed7cbeb27af57393de24ac
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD51d40312629d09d2420e992fdb8a78c1c
SHA1903950d5ba9d64ec21c9f51264272ca8dfae9540
SHA2561e7c6aa575c3ec46cd1fdf6df51063113d277012ed28f5f6b37aea95cd3a64ac
SHA512a7073247ae95e451ed32ceeae91c6638192c15eaad718875c1272eff51c0564016d9f84690543f27df509a7d579de329d101fbf82fed7cbeb27af57393de24ac
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD51d40312629d09d2420e992fdb8a78c1c
SHA1903950d5ba9d64ec21c9f51264272ca8dfae9540
SHA2561e7c6aa575c3ec46cd1fdf6df51063113d277012ed28f5f6b37aea95cd3a64ac
SHA512a7073247ae95e451ed32ceeae91c6638192c15eaad718875c1272eff51c0564016d9f84690543f27df509a7d579de329d101fbf82fed7cbeb27af57393de24ac
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD51d40312629d09d2420e992fdb8a78c1c
SHA1903950d5ba9d64ec21c9f51264272ca8dfae9540
SHA2561e7c6aa575c3ec46cd1fdf6df51063113d277012ed28f5f6b37aea95cd3a64ac
SHA512a7073247ae95e451ed32ceeae91c6638192c15eaad718875c1272eff51c0564016d9f84690543f27df509a7d579de329d101fbf82fed7cbeb27af57393de24ac
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD51d40312629d09d2420e992fdb8a78c1c
SHA1903950d5ba9d64ec21c9f51264272ca8dfae9540
SHA2561e7c6aa575c3ec46cd1fdf6df51063113d277012ed28f5f6b37aea95cd3a64ac
SHA512a7073247ae95e451ed32ceeae91c6638192c15eaad718875c1272eff51c0564016d9f84690543f27df509a7d579de329d101fbf82fed7cbeb27af57393de24ac
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5dfeee58d8e9ccc6ffa537d5b4782ed65
SHA1995bd4512e107fe1274eba41e49984403e075f31
SHA2561a35071ba780d220a4e2d5c2c696563b316ba36993191563953059f70f6ae884
SHA5123f598ed40475c4ebc65df2b9d1ce35bd29792cd0bddc2c02ab4a1776cf8a814523261bd130118ce5f5b16f111fe060ec185397fc7a6dd5539f442f8fb1444ad6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5dfeee58d8e9ccc6ffa537d5b4782ed65
SHA1995bd4512e107fe1274eba41e49984403e075f31
SHA2561a35071ba780d220a4e2d5c2c696563b316ba36993191563953059f70f6ae884
SHA5123f598ed40475c4ebc65df2b9d1ce35bd29792cd0bddc2c02ab4a1776cf8a814523261bd130118ce5f5b16f111fe060ec185397fc7a6dd5539f442f8fb1444ad6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001Filesize
292KB
MD5fe5a2893e794fde825f1f81ce58069d3
SHA1b6504426426485d7f101cc977821b90f887e81c9
SHA2566d34efaa549497cfaab006127b3a2972de32107f90bb546e5ab58f366263d66f
SHA512b82e91c199cff3fbf32f74ca6e308270a88df6b5c1ebea685fcda9e3b96a6f665fb40b1526f3af0f4585c0020a2ebb3f65e5483f664c50ed232a250f2e60b506
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002Filesize
208KB
MD5071bb289e3df2fbbc0934b4938205d4c
SHA180327009ae5a103558db5478590fc29b79b90aac
SHA256ade8067055df4334df200b438f8d96aac86c5b2a38f10787426fcf0d9c0bb764
SHA51254509a380e10cea0293133e7201e79c5bfdb749a14bf5a2013906f21e366a9fb33172539dd161f843958212d589140ac025c3574be5128d750619f7777196b99
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003Filesize
51KB
MD56ac2dfe90eb92f3e73f455336fb398d0
SHA128c6222c9adf5611aa0a9711aadce61b121f1e01
SHA2563c39fdff9ff023b20fcd57492ce73477638f794f92de4af613e3acd11489fc4e
SHA512b89edf1774589c8b01776e7e25cd462698b96bd8747f8dc4857c45ce4c218ed4ca6ac8aadba205a64fff2db66b5b2f596df6c9362974515df16134c329089c54
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004Filesize
22KB
MD509800dff9a5770bdc368ae73ec89b229
SHA152864194fec1b7fa70ba6e8bda68f0d8f27b21d1
SHA256d981d06eaec00bf7feef2b5dc799c3b50332ee867b8048109d45cb6a97e52557
SHA5121b13a260a4e39b6f828784f0e8be9c2d0e22c6c1fc5b4bb53aeb4a1311f54dc1427b5a5a38656e7652bafd652aef59a70b0c4e81cad54c83f7547f0454c6d84a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005Filesize
35KB
MD5d95e11ceb03f2345a320093cab78025e
SHA161a86a14316100b63da779f7e173849643e687f5
SHA256e51a46060665f507a73982f7aa0a4088fc5b371023c237fefa0a1d806b56f6b0
SHA51280bc373efe00d567e441ac8a4af23fffd4b682277b54c784a0b43908cd246b70e3afb975e716ff2fda0bc052eca45260cd2915fec5840f158350defe6f5270c2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006Filesize
46KB
MD52e744c49aa5fba485a4adc739a1d0a8c
SHA150a39eaccf0626bd036dc609788cfde7cecdf1a4
SHA256ac751dd8981de091bcc80a2432a3af6896fca7a7bfd8282dcb50fa6042bd5f7a
SHA512a43572de28291469abf082a41f7067950cf90e46ec68283dd53639747c7b25bd6d93dbef3b9e5a4859843eaacd96694596889f2e957d20706e76afb66c615c51
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007Filesize
55KB
MD5b9b96f0df533bda0cc6a5b48b347ae06
SHA15894b4216e57c2cd1fb444bc0003c4a844ef7953
SHA256fb2acda8c8d2b1a3a22ffeca3d77bab9c8da9f526da8ec1bacebd4c59d5c6a50
SHA512ad17dbdef9a14d7ea15ae37b61736c2346cfff76158be5534faae9f298a88fcff997fa1b86707bf39f79bcf45c4e220d80565dc0999c6f8f01e84cc580a3581f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008Filesize
110KB
MD56d46038395262d49dc441dd32a52bd69
SHA16d42ccb1011f761e18e2c233985d647960eea719
SHA256de69ad1376046dd3dcc36742266facaf8bc2f4f6645b6edf4360daed6ff99716
SHA5126bc345c7ea9783b31459ee16a59b950e43896becae140f0b34ea2acbb65ffc2200fc2bb94dae327cac67b3b9a9267d084029045d5de15b52a8c52fdd2a4056a0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000aFilesize
17KB
MD535893ff010a9cb8af65b4a9c944140a7
SHA1c765628849e861ebd79103ef7455adf2ebe064c2
SHA256222a835cc9204eb4d64b349d0195d6d1a62ce6859f5ef7334dba18c2265b9456
SHA5125705596a7b9ca7e3781f30c5b6dd47494bd369ad8d344e64b3f5f98accfaf96fc5ffce8fef39df36b0367d35a74f272c8abe335b494356d10aaa499caa7d2b9e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000bFilesize
37KB
MD55e71c40aaa27dcfea19d7de24dcca58d
SHA1618239e0a0e0038ee4a8bb82115e24aaa9a37dfd
SHA2567841a9a76fcacd3ff43f26e65a97b6daf10e2da993a17b2ebbb9236455f952fb
SHA51288754a54a084964be7b51861c681d5b5d2826b17e1879862e7c31a4bd9173f102b50c3c5ee9efea7e3383f645b1a619cadc2226b6ea8427c347b4658c1e9a270
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000cFilesize
70KB
MD5c017bcfa358fbe5472bc88e9e601d064
SHA1d26143033fc2d594dacb0a1004249a8ac34391b5
SHA25615daa0913d6079904266e1d05fd991cde9b5e64a608720d4353fc108050afa91
SHA512318553eb38ce7285f089e01a15dc5f678b9d5f17c45cefa00b3958de9d426cfbe5eac4ad498697fcd021fd3114d507fc4f5030f1108fdc235766e01f8544192f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000eFilesize
111KB
MD5806286a0f78d08247365c9cf31baa7fd
SHA15cec548406790001b9943cbec3ddfea5f9e4c9c6
SHA256828e6272304ef87e4c83ff8e0d3f116049b9c054933087311a684247c53ca424
SHA512e422fe3d1e9d34ad68d6437d72935b19a51dc219b6f444b074a02801d2dea79e0b6cf0c9fd478da4e618fc820770abbdf2a08a89aa052a3e89e29e0ee0e0d43b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000fFilesize
31KB
MD5390a7cc327b3095071c65434a0d1245e
SHA1c50a7763572a3ac723034ba89a57ffbca95bcc95
SHA256498007bad4b6cb8564015a3b9013e251bdd75da590a1d500bcdbd9e745cee855
SHA512bbd49579099440ea4d8910b0a43bf31cdc85c02995f515478f45c90beeeea1017bd21daa3d7bec3a732ba71350a0f948cfe4359b44638b6c601e3db4ee91a25e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010Filesize
19KB
MD5e7ca24dc3a47160c9af0d45e48f1f911
SHA1c689e79b895a18c9f1334d6eff56744ae22739b6
SHA256abb85c399c274734c689156024267ece39c2b96d82c752065c9a649a8abb4c42
SHA5121b6c6e386b8ae1202e7699b2a56c7573ef44661c7c4977b0a9e261c576066ec3c536ea94c7a4cbb5d70ebef2405ad71aa1e3a10c2a9340c69831db53e2fccabd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011Filesize
17KB
MD57916a894ebde7d29c2cc29b267f1299f
SHA178345ca08f9e2c3c2cc9b318950791b349211296
SHA256d8f5ab3e00202fd3b45be1acd95d677b137064001e171bc79b06826d98f1e1d3
SHA5122180abe47fbf76e2e0608ab3a4659c1b7ab027004298d81960dc575cc2e912ecca8c131c6413ebbf46d2aaa90e392eb00e37aed7a79cdc0ac71ba78d828a84c7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013Filesize
34KB
MD550674b9cd8d0d8036a019b5cca800e0a
SHA1a8e5ce6fd5adf000d1b79b5c457120dae503c93b
SHA256b30336589d1bed274c654dd538474d6e1717250752079ef3992549eea2cee844
SHA5126c68b543f5e57bfe6c9da9aeef56448542aeafb03c2551da344fc056b1f27861e6db70189e48b5d29890e342246e58ac92c123200bf3ba2b16abf8b3b6b8fbff
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016Filesize
175KB
MD57107c752f3901d95bdc4e9d46ac2b6d8
SHA1747a0d933dc2ef38a98fa11a44ba661ec6a5eae3
SHA256c4a5ecaf090da5f8115afcf0d4b723810054ecf3de31acc5ea6d48f9eb2d4111
SHA51271d4ff3fa6c9a902b299302109d034d4610ac8a31ace170f09a3f66bd0d1259c41361fc29f2205fec6eb49995ffc73563399a6ccc536b8412bf1064485caabd2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001aFilesize
159KB
MD578450fe21afa3391dc4dc62d5f1e09f2
SHA18aed39e81b26f10dd32c5b131eb7493d6d41b06a
SHA2564903f015531ad7a745aa8c5155780c51adba6e0f671607c3fa1447795f33b794
SHA51246db3beebdbfc0ae2b4e6d8f015e0f122851cf57662d5f445e2c4cd4f7ca2097690a610247e08f789685411d75b018cc35bc0a679b4dcf9e68c9fa164f347256
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001dFilesize
165KB
MD534049e45a502035c1ee78f0b0967588e
SHA1dd604c54963f4ae0cb4cc1c6890b66822a6d7b82
SHA256a84c114bbb185448de945b27fca0b6ee207f4801505e3046f35db050f4720eaf
SHA51207b046af74583dc5ccb2dd1a636042b36dd4ee50aa6e7a3871cc26bec7aee823dcb2ef8bae3f465a374b04ae92b8cfb90f41ad3a76a0d2db1b6ca764d8eb204c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020Filesize
142KB
MD5d6af9aa9348fe1ca41ffd089360113dd
SHA1a28df62210b5b6ee33a878cd83599a192e79a21f
SHA2565f9867bf603cfb0cc88416567bac162b4d8bf1eb9553291521161ed959bd84c5
SHA51247e02059184e145720f571d2a8ffe2567eb51ed9a29d0c6a4f309381ef61741922b023df8b4277f0a4a50a00feb75fe66795539d96a83d1883b10e36468e75ed
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023Filesize
43KB
MD5820f40594a0e8d5f9d58546208aa9060
SHA1e17ed5116a34c432013a244c979ac9da53829d74
SHA256f8f708049e1e1609af3959cd21eaf313c8192d3e962887a7a2e1f9b353d3fc80
SHA51295879b255a90ccdc41c8696bf7aa05796db56528fc4be78f2d13eb2233740ac8cf0f92bdeaa169ebc5c745f3e76ee9fc67d2626160b9e01c5f5a19b8cbea605f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025Filesize
25KB
MD5d0263dc03be4c393a90bda733c57d6db
SHA18a032b6deab53a33234c735133b48518f8643b92
SHA25622b4df5c33045b645cafa45b04685f4752e471a2e933bff5bf14324d87deee12
SHA5129511bef269ae0797addf4cd6f2fec4ad0c4a4e06b3e5bf6138c7678a203022ac4818c7d446d154594504c947da3061030e82472d2708149c0709b1a070fdd0e3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0194991d321ee7f3_0Filesize
275KB
MD5b968b37cc06e35e1fddfe56ac4ff6505
SHA193dbd88b4c6d565d971630818593556b3e2c5843
SHA2565eeab5b888c62a01b991f5ecf4af1337fffaf06f4872c16952c1c376a074728c
SHA512a5bc6f9e44ddefe246c3499a8acd63045acdf0bd33ecc79bd1fbc61bd7f72b8fdc01f874ccde94c101db4393e4f429c3b0963dc19a126afb169360c87a1f449b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\02cc1486611dd29a_0Filesize
189KB
MD5ff8e7033e32572df2a858514a36f9da6
SHA193fb9d54544db7eaf0ca21b5ad9eb56239fb9299
SHA2563071e96d3a17af70b183f9f4cdf6be25bdccb759486c94692608599729ebe262
SHA512b18164e6e2d792bef29cc9aafa9155b27cdfad4242fb7da8fbf8036ffd2a93fa6877ea28c8c8cc861b7333f44457dec50748f2061f403474565e0e373ea35554
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\15833c1149e8baad_0Filesize
1KB
MD5a0a2484c29e2b1eb1c3def403f38b9a1
SHA11bace2ea2620034dc928ab950d120f36c0c8922a
SHA256eb5113b7db148377e4326653a03e1a144883714dc995f28d78f86dfa568a53cd
SHA512b943f4fe7f94d847abd6f98fa8ff9c441cea0a14575906b5f2fd2cfd3de58e0cbd7bd71a0497c44b0ada94ec8e1b77f26c9c094c8a483f7fa4f57df4a725aa37
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\16b88613bc64c760_0Filesize
340B
MD5787cf48536f6a2bc085dc783b625ca92
SHA1ce2e6a77af663715e072dfc0249c9c3a6fb26cfc
SHA25619352b872969fffe1df6f8ea5ce2a2914167735b5744481f33bb1346f6c27d30
SHA512ed74a0054d62b48dc62123915dbcb37ab91b8a8504447218bcc34d1cf33f1aee2e56f45ecd4aaa090c22f5a02b2385fcdc09bfe40ff41cdbb707e84ac5951363
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2264a9e92037021a_0Filesize
95KB
MD5553fa469f7e8575985fb7bf83ce8f68a
SHA1ca1eb4faffcbe249dc9a464cded5b7f3d35c8945
SHA2563c90545f98669c873ea2a9af76dc25d49d4122e82054134376e171ab5b9c59cc
SHA5128be347a8661941810923d12a01ea8ac375befaba4e89b184c5ee53e98462adbf34f55a24e451e1cf7e12466eb99ef037f66b0424e38c39405d3310024b0cd4ea
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3cc669e21631edad_0Filesize
115KB
MD5b7d8d96ceda3c2490f1b60985c652641
SHA1a8ed2a6a469dbb10f115559d29f2bd3e5145f3d8
SHA256bc52a57e68ea4c0a4a8c8d4c609a9e1734d26a0eb43d6614ae631e6135dcc0cb
SHA512a675a85b584e40b7ab273c3a9bb98c923356a4a6fffe5b0118446e31558c06b9e1b4f1d61feefc34cf936e930e94743523ff6bcca3f1ae2b145314dd351ae50e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3f167c48740bca48_0Filesize
334B
MD50379485cc825f2c2f38fcf1d877dbfb0
SHA1e906c640f8b8b1aa9d256b6a9f6c657828774829
SHA256fbb535326d00acb85452d3eade2bc04e926c8ee19b66aef3f1df3391f5d5a0bf
SHA51217b3c02448a8ffffedaa334a88b04ca76da7e7fc370363b763db72f8f8171fd8e07fbaea915bf2f906f9617094b84a259443905e0338260264f317a89d81fbd5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4419202dd5a510d5_0Filesize
105KB
MD551a161d4b323307598fd8d5439de4001
SHA14bafffa5659773f130372627061f44f1011bdd48
SHA2560e682e816b7ff35912f64bff5fb7f519b10a172fbca9193b7358aa929c735eb5
SHA5126f4b2f0e93d09942ede6e62e8613011cd993784782a9f44a57cc2b8377fbf56bc250d602e7759ec1d1afa6749ceff9d6fed6bdf8f7a000e81fb88bd60f418ef7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53967352bfc3a05b_0Filesize
153KB
MD54fed19fa483b9def84862ddcb7f127d9
SHA1c87dbcc471c069c0d8f12dbea9ff55048935030b
SHA256c6ca7e22466f77ee22192bce786475bc7f6d3ab922990a05f3b22b957f453cea
SHA51213894d26222914dd39eca9fd7f1637cbe84834c2f16db16258d58ddc0d1b725f0b09a8a90f0895a8fe641e8dbb3a5a5f388f9aef07c8c37d1afedcb7010a786d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\56ed3fcdf95b36ce_0Filesize
311B
MD5c8de58f48dd305bbeaa94d0c06bfa984
SHA1967248b74b2c0fd15a64c4cb673a3dbe3716b247
SHA2566dc09d68840e999f338558d5ddc979a5270a5f101fb48b7466dab8c6bc80a074
SHA5126c09f65d52108328dbde412d560d98fad3ff615faeaf5060119d94b95b716f1f73962130185da963b22a0fd253cf94e3cfc07fb425982b7fe1854634f99242f4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5727382f9067765e_0Filesize
269B
MD5ffd08b47138686677100f41d6fc10e41
SHA1945609dc8779ea18fbe7905149fd59410f37d190
SHA25664ea2b4a2abbd762e1031bcbfc0094553889fff6682ce97cf038d097905a8eef
SHA512a5ae21baaf6b7b13a05d5f64d2a8a61c7a627c838242f276576a034ff8c4f7c905c6090744f3f3d9e3edfd41bcd7667ec9a01dadf79f2265a560f6113d6ce35f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5d148823111d2043_0Filesize
181KB
MD5f642a69c95fdcf59af9a747cdb3b8861
SHA144289d5a192daf79508070bda9045aa2234b3b92
SHA256d0d9f2f14dfe77b1d48045d571dabb2cd5fb5d34054583b22f2c1871488868f4
SHA5128fb9789f3796ad2bc19a6ef4709f8b916f33705c874f14bb7a635603ad62b714286c316ed03afb8deb2e68d125024cc868b321043a9decc2cc7b22019dccb379
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7d4fa1898bae5092_0Filesize
270B
MD56fe9cd528e6e6650f3293360682b7e0b
SHA13795b9b01373e3e47fb46c1bf3afa182c7f86faa
SHA256439d899b1bded370622f42cf679bd480822f09d75fdf6c6a081cae5ad341f46c
SHA512124b422192aed76ac1d2cf044a4825f0c6ac37291de87a93cbb62d07b3475c268e01ce31f966bdbd31c41aee474f397f729a1357c1eb3b78b4d125ede5623344
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7efbd352fc1df2d7_0Filesize
10KB
MD53c0fbb45cbda795b8d9a26ad4813547a
SHA1069775d16afdd5d684b9ea60a281fcbfe780b9cf
SHA2569e0779943c323138a02eaa9ef4e62e78b0b420bc5527847c3873198d7c36b3f2
SHA5129a8d1a99731b245a5e6dbece3d05bb510dc54a395381d938c5f3c482ed8498553c6c46f4a84e963967cc473ee6f874fabea0db3aadd541e07da8ea868f865548
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\843978158b8814db_0Filesize
270B
MD5c2070a3e5bf521c362d8fd1ff2fc33ac
SHA10366fa8f8ac23e3eba9aee74f8c47059f37bd477
SHA256b3a3a45e3ec7e33932467798c97d6016795d733eecece863c14fdeb998978f29
SHA51203a62ef6493194daab8bd233b9e0bd493fe94094cc17d7a7e1b5772d2fbf646562a3152bf1e6fd4a794aa1d845406c1377e95746feb99a19f44ca5682494f367
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\90b474be9f408104_0Filesize
108KB
MD5ca2c190ff0426f60718c397a0a77feef
SHA12780416cbf0ecc45d780d4f1fc7894953de1296f
SHA256aca2c8e1f73402ba3b3c5109c8b5c485687d00a7536370ec3b58392f17a48015
SHA5123df9e844eb1d5a28bf1060c867e9bc9c812254b95fd10d60880f94ce02dfd1700c1d2d148bc1504be17bb5a78c64fe584835ad3accb239a03f50209002d11c1b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\adbf10162cfe7f8d_0Filesize
67KB
MD5149999e385644cf5604c6fb0fb43a5b7
SHA1a02612d3041297a991ff2349bd860764ac19ce21
SHA256d258d6c2c8dfde810430de0983a47fcef11916937e6f24661cb5e4388a87efea
SHA5124945606975b8219b3265f27d1874c91fd9f4f3b163172d7c26ceb80dc2a189cf5f43e3756d6fc17116f412af91078d4162d03ff003a5658a01f921b37f862f97
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e2131e63b4829799_0Filesize
29KB
MD567f04e52bd339dcbc985f991aa0d186a
SHA1b7532752a37b20839172e64ef0886bce50a4b7da
SHA256c49f0564cf439b695645df59abb4d76605772f0cb9130244d14a37b520a8ff66
SHA512298a8a8def51c5b5eafb396522f3ac13e7f15d1d2eb1478ae8e07459428163aebd11add9d87f96cd719389538f9c2e04b00132461e63f34880fc0535d0efa963
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
168B
MD52da9fcc97abd9cc4193ec553ec1fbf27
SHA190499a2793ad5a96365e0d1b3b2cc34aa8ccc69a
SHA2568fd60e774a2f9490bddb73f0946723c2f0210e125073d242742476a722f17fa4
SHA512b2a4d9634b1cfb6017b1030ef5b308d0a0bac4e23030486d750e23382546f15948b5cef1466dfba30799cc998ff03c0cb65120d320b32628d9136ee16259d9c0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5919e7.TMPFilesize
48B
MD5c3fc3782571b1747758f937c7f0223ed
SHA16fa492df9ede425a90b9ae08dc2f483c5274947f
SHA256d53844eec6ec302eb7d2f09082912a113df6f3b485a37e78a3731d64fe774424
SHA512b84072aee93e7574a2dcf5aac9e4f17aa4d905075cec8c4dd0006f729e09442f71cc5aeea9513621b214be254ee23199aff0d26dae6741553c5a876643edcbf7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnkFilesize
2KB
MD5b238ba27ff126835a216d34e1518fb7f
SHA1ecdb431a4cb70a068b81f891dd7629bed3884d37
SHA256e4aaa35f7ed458e99e7e8ed2376ce438aa5fbfbf9c3a4b693607054eec729855
SHA512a40dffc524e0e6e0133dd3759f25402df4fc387578f85a13d3bd2ace0ff428904e08f04cf2e90f19d0ed885482a2f95eb50426f66a56328b639813ee8ad6329b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
584B
MD5b79fc28738971156c4492b1bd234bf87
SHA14927de88abc17c03de1fe99efd9abbee4d0c0360
SHA256ac50ae252033c7ce1118ad6e73aac529a7a5eb9ddc4f26885e8d7d503f86ef11
SHA5125a66f42fa701d9cdefbedec0c1ce135b16c69cdfd2aa027c07c3d0ea1f4f87bea3cb2659cb0490fcff2b98cb559df0dc43e17e8b665d95300d0d9903a9f454b3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
584B
MD5cc4adf49f17ac3e24c577bee5963455d
SHA15971524862910db7bd01b965dd1a55a8b70ec44c
SHA256a3f80a5533fc886c9e3bd0873de625993da5375b8545bfd8b5ea23121d7f3af1
SHA5120763c88d69ac06ab0f99ccfba152b7d813b9ae98e4dbd506ea527c136fcab0f164560b20e7065cc32eca490ee63534ef884cd41c6673552d73b9a921bd680ed1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
1KB
MD5efb277ad438c9aac28551dbcf764cb65
SHA18a49c87f6658ae49674736f1f7f2b4fd50145813
SHA2564b3c93f2c9abd04dc67ce4cdebdb82a7afa97c73512ffbb4da09c7e28a89292e
SHA512044ec00a8146f3e1a593610ee5a1fc1f4dc74c5b03ff8069cb71c850aba8c268cbe76c4c220be9487270694826f1f36a23c6f44692d6884fb531fd978ee81c29
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5881b5675ac1d4952dc3461a5a51871e4
SHA14a75967ab7c812e1c9dd3c0267285d50b3b03631
SHA2569e306c05fbd89f41bcc08f3e880789b4b7d88185c221f6ffbfe5a5cb16267e95
SHA51212e5897942cec012bd94cfa0342c40590dbcb655228b36d6daa214f9a6caa3753392a965a1c59b99674db25aae2a1b99fc2429557d92492944bf8292c7a3e6e9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD520857656f92918e2804470d5af452491
SHA18975f6c948731763f88bc8c420306b5665555129
SHA256b97ec6325ac1c5fe7554f4db23cec6d782c6eb50a436eb30e6be80aa6752f291
SHA5122c4e185203e7c58a9b2135f4da7f109878e77111dd56339351dac572157fba92d4c3862ca758cd5d6bc596ff0955555b2778dac408373e4e368ae47d6f0353d6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD59db87fe0d7dbe0ccf5a3c3cc23c9dea5
SHA16c521eff4c1525b45d7a597bb3a2b3c60d5bf72f
SHA256a6631c501ecc54fe0fa67390de15832101e653afada56ab6818af7dedac8ddd5
SHA5121657f0378c5b2360623432731f3247a6fbabf29c64a7594889138a0ea560c91af91d9ab689557ef56ade53851c0a6628d8fd950a3f049b3bc101fd5409e1dc29
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
8KB
MD5814c30c66cc3a3cded1f1e6b40a1d51f
SHA1ad28e77df44de3143648a05b27c006dffabf0505
SHA256ecf9fea04d7bb6dc40cac6cbd1c88e78044b278d4f2590b9b3c1a8fca4f3e9f7
SHA5129b3e44e37772c78c5c3d1a8a1c2b4431b145ef2a25182a71832b6a52d7bc9ed53c3dc038b50e8145bea280dcf5056714535d41aba2822f93d48136876f89054c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
8KB
MD541df3e535c20a498a262d78fe559dcad
SHA10cae9fbfb9538b3b168eee445faac4263bb26692
SHA256573b549770a5ebf2bc77991c93b8eb15c484247aa4bf093a7239458707763b46
SHA512cce35122435aaa37e3d3be9dd903e460cf540290d7fdcb9662ecf01bb9dfa7f9aa9a5752da64163d7aa9fe8f4ec9e10a2d86efa14efb8e2b2deada0db3088726
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
8KB
MD561e86f1fd7d3fe28090728f1173959d4
SHA1ddbc7d06848dbf6e7ceca5777140b4529e8db7c1
SHA256d43d80989f6642308732de7f8cd7b92453e90730a82d7ecbd2fc8505ec781ee1
SHA51228a88218286ed45e9c908039cb0339234feb190533918e2ff38271d960cbf436218d7f1abf56fc955a5093c190cab8c2c207295ef37fa9876d94eed528d3eb2a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5b882b0327f2430fc567681583d92b307
SHA1d7ff5d8265f101d592002cf2b6c08547521b313b
SHA256a0ae8347ca47f818037d9442bbc73291a388ca4c456b1e93eb6f52e28d29c411
SHA512dde007778933e762760418f17cfbba1c816de5c3cd3d9a4e331a0a055bf6d6cc83036cf70d2458956d051bd859fe00b1e6caed0c4d8b704b271aa1093121a753
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
8KB
MD599f2527011789d33567f4c4fddcb8ae1
SHA190b91b41f582c0d1178d55a455dd1ed2417fc335
SHA2563ad6ac22114437712b2a8d5e062fd61c4605faddb7fcfe64e7efa64ea19a62c9
SHA512a6f5d7e6bafe473f08729f6c52dbbd9b798cdb1ff2f6ead2dfb5ceb653f247daece7b9d154c1eade9b6bd7b447f65b1b7682ae375f584444411674291a8ec83c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure PreferencesFilesize
24KB
MD51463bf2a54e759c40d9ad64228bf7bec
SHA12286d0ac3cfa9f9ca6c0df60699af7c49008a41f
SHA2569b4fd2eea856352d8fff054b51ea5d6141a540ca253a2e4dc28839bc92cbf4df
SHA51233e0c223b45acac2622790dda4b59a98344a89094c41ffdb2531d7f1c0db86a0ea4f1885fea7c696816aa4ceab46de6837cc081cd8e63e3419d9fcb8c5a0eb66
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD528c264016aa8bd30b91f331d2422ba66
SHA1fad5f48538e65e55c61ac37cf3fce112b11c5fbc
SHA25629e3fa93e99ac8b8a6839b72c32eaff201c792943a550bb98fb39f6afdeab1ce
SHA5126ddfc7df8f92aebd2a27a02d31c500228791fa8c3e56c3f905ed5bb9c0618dacf898b477faebbc163cb785db523bb93ffce591f2344d80e12b8de5152c4ecc59
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD54a36869b2c1573aade2810dcb979a926
SHA177d2013e1c6b3aa48762918418d272b21a2eddc9
SHA25601ad644850a0cddceefd48155d78a8f3f6564d4b8a47b7c22530b8bbe515f114
SHA51283c10d552f9537c3ae7e1a3275d289c8a043826afcbc5e1630f4670429a3d398993573b3a919eb336e95fff07fe6f3f7879e4efb04fb4cea369fa7e4e86bdc5c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5c69f7f06efeed2472bf817d9fc117faf
SHA1fcfdd9cf68556f40065382edbec432439f3ba9b4
SHA256f6d3d21325ed8c53d28dbc8f64024a84916359b3e1bde79341e4ba23d33c5f1d
SHA512b3e83ef848da01f3590ad31220f50a0478305f8e259e08262478d9a1355ef6d0a5c3ebec81d9f2c22cb78570f5efc4759aec7abbb22c711f3cd1d346b4bb271e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
2KB
MD5f5f8fe7fe6f3feb3139fc62cc6efc5a5
SHA1a60cf5c92ba41c9034db047d5fdb9df2bbf876cf
SHA2565d9b3c9f0c40afeb3111d535ced6efb9a6f7dfae2d289d691b73c620454fd104
SHA51289a4ecf360be11601645b557352b3ba6684dcc18404da8e66583fb8080ad1903edf4baa1eef23fc677f46dc9a8c6436a7949ce50af043af3feb29fe114cb2f5d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
2KB
MD5a9048dd107de6af319f2d254a35b1f04
SHA17789d3c19548c7bdf2ff47b89888305045883940
SHA256be87ad3cad1c5bc252ac42f02201aa1c4adefb9c017e71be778a8114f22b73b7
SHA51213dd6d365bea3f1aeafb8c06d35c878af82dce685eaefab48e4933d7c7b0d309ccef834bd3fb0877879f5971d96613d55d4b25cc0597a479ecfb04caac316a94
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
2KB
MD57a3d3a344a6f5f5a35200fe1638516ee
SHA1946cda1addb476b4ed09fa6ff7b2d901d91ded6d
SHA256145fbd7bd773051a61f941b56871805784fab32ce23b29688245e241bde214d1
SHA512bfda33990f088930cf81db2f16cd5f6f77c98ce5bec190ff63961f86d4c0e4cc1f2a54ac2ca20111d13256d9f57e88981e07584a274638604d47e440dde98f6a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
2KB
MD5ff11fc4442de34ac950e5967791ee1d3
SHA10fe44349e2a9eb0a679b60258d19d2b747ecf7f8
SHA2562e455ea645816aedf48d661048e521760f28f7cdc1966489589c6fa98e0b04e0
SHA512841be7a2547e1bb1eea86a578f6e25fcfe6c00b94278aae91180b59dde6a23b542a37fa0252242bf326627d0c561fd4f093baddaa3388910ceff8d1cbcfbc3d4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
2KB
MD57585ad8705096f6e981f32737b30b746
SHA12ef15aa0b850c8ca648a21760b337eeb12bc97e4
SHA256746c607ea5e7e57d79e821d167c4667fa9e2790c1df5948bbc95c8e51c02bf36
SHA51259dec6cfe313b01e66aeca794205a2f835fe2cddc28ae68af5e415f06e6ea67b89c76f9bf7edbd536d3fcdd077b47758a42622f58fb5306b97506310b0eeaff3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5789f415eb03c4d1c679eb14ee00fb382
SHA18e2a2326251e84cf600eab3e27da42a5073fedfb
SHA256a7e7de76ae3beebb3ae5ad6549948383bf89987aa56f32f463b120c0f72cfbac
SHA512a3be533188c071da07994512b7fab44e8636f9829801e8ea5ffde29964c6d37c56baed4e635e3ad4ca1c1ddfb9bc4d8a3256a45990b8afd8cf50d465908eca54
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
2KB
MD5b6fa00b0a89b429e6cedd15375b06024
SHA1f56531772a2df93b0a2cb33cca03e40f86b63871
SHA256f68fac6000ceed845b8d0f8e711e4dae60a7b93370f318412f80357226c4fb9c
SHA51210624407ea3c88fedf3dcf4f833eb1a67e80805c1532ea6dbfccaf482c24a2e6151249eb1097fc1acb93949499706da32c03585e71eb74c9f357b7d7636c0dd1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
2KB
MD535b9f082022e25a8336c6e29923ec336
SHA16d0bc8f3fa26e792fdb650b2b80d06ff2a4b9a34
SHA256e86e797c9f831b932162711615245e3f3a5059c12412324d02ef248354bccfea
SHA51270980d67d9518af2ab6b92d88a21b31f62c7c2b0d76271632ae718a0ec71c36eaeb185ac1f9fd8d6be996c5a6b2607ffef8ab8c622d762d87f0df2dd536a0b83
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
2KB
MD57341b38570d0e48dec1dd82df601809f
SHA167dc42d53f78ddccb3ff99171c337b2f856f1f9d
SHA2568f7f3bce65ebe5c3dfca7bd3d4a1259e6f403324b2e8ac0c2c2c10909998a45c
SHA512595b9d2a62012a213f6a7e68ef8544b8c4f9cb45056df3c919ea0c3e1d021c1e2894f514902757c07f5cc9412a28df1eced013d562a6da75754c87cab70676fb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
2KB
MD5427ad6104e4e6302ce1c3ce39d5a6275
SHA13a02d50d545bf7c1e818ef7ffcad675df1191392
SHA25636f1f40a9158532dfb9919ce73237b50af206713dbf5fe69bc413a733ddc7e89
SHA512b06067f671e990e9a88f73d9e6f6daa3ce866f8afd7637ff8c6b27958c35bb4ed168600af804b77599491fb2701988b0a3faa13ef2a302054a096557b526b3c8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
2KB
MD532b6333587d89b81603b3226481064fa
SHA162e28610716edebd3c7e61a85460096ef91d988e
SHA25661ce10cfd8cb36dcb4a50171f1daf41ad2514f822b3b3b3fb237dce3a18582ef
SHA512e273a360f4ce51cf75141fbfa598b1fc3fcb93f009e69562650b2ad8a08496ed3894209b147c49db3809477575e3a035b97a0d251ed05d1623b6cdc8c5df826b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b4e8.TMPFilesize
707B
MD52fc35af4cc64a0dc520631137554b2b2
SHA1bd5cf54e890dd2e4d973f261063cd491e6c0a373
SHA256574aaa380885795cc52969dcf609fd293330756b04f04cc35e4d7057e7844e4a
SHA512aba8e0ed66e74a3e66d3a7b60de59900752fb7eb5825638dbdf825a7d005b4ba417a64f9949f0cc120483c5f5076fd7e60adacf5af208a6ec10a32317a0cfd24
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\af3f9f28-c080-4eed-a53e-8832c89b6a65.tmpFilesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d284101b-fe7a-4c82-a9e9-3541c9ec8fc3.tmpFilesize
70KB
MD5e5e3377341056643b0494b6842c0b544
SHA1d53fd8e256ec9d5cef8ef5387872e544a2df9108
SHA256e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25
SHA51283f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
2KB
MD5738b50e1b8ee7d9f7694551577c9d938
SHA16cc0303116b9ad86d0a35c5f621c0db0e14363fe
SHA2567f87002c6b0165192b3e1de6c7cbfdabe90f71a0ad43460ecf15e47bd8bf177f
SHA512922b7e8eeccf9b7fef5dfadce3a254b91bacb18a682d6278190bb5953a5e6d0614d2e382d5bb9a7c5c4a05e706602d816d4c28d7063029396936b53dccbb1858
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
2KB
MD5738b50e1b8ee7d9f7694551577c9d938
SHA16cc0303116b9ad86d0a35c5f621c0db0e14363fe
SHA2567f87002c6b0165192b3e1de6c7cbfdabe90f71a0ad43460ecf15e47bd8bf177f
SHA512922b7e8eeccf9b7fef5dfadce3a254b91bacb18a682d6278190bb5953a5e6d0614d2e382d5bb9a7c5c4a05e706602d816d4c28d7063029396936b53dccbb1858
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
9KB
MD509b94492ac682416e3b44d2a29e2e9ca
SHA128add27efcbb7bb0e67188cea0db398ac9583f9b
SHA256e3e760d38509c813539265f3e36dceaa83852b6e8d04036ff3919bad7686f976
SHA512992b3a859e76e2ee8dcba1361652686046bae950f4548fd633f2ba497f76ceeb78453cf2ad333767db7f112ba7c9620121a5d6b2dcee82c5f8e2bbc9955526db
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD515cc4e631f91525263217fd5afc4566c
SHA1bb78e936221d46e7f2ce55c9b1845132db473274
SHA256c7d602e23d75ed1bf270c8c761b2cd7f1f01e6173af4f5b9314b2b9a502ffa9f
SHA512b1b916d84223861b425451442b579e0f8888af9916dbe41fb458d2267923415d6ea03b20b573e069b7aa3b7dbf90df4d39d5acf58d0f8b90124831de5b7a634d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD501df90d6717bd5d614122db346a89f8c
SHA1f4e16a985449d5754ef41119668040b6f5798138
SHA256432b99b7716b10aa7aabd36ec022912171152dcc5db02cef5bdefd0a74fc4a8c
SHA512b0bed8aa86992a66672c4bec36201dd65823d31f80661309c258d70b1dbdba7dd82c8f455b9aaa286a08b54d838c730363f0ed1e2e6d678e4421702597e3ac56
-
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\3E35DB4C-EBA4-4E25-A2E0-AD12B2B0D723Filesize
152KB
MD5a99c62d74d414cbfd8ea19d79357547d
SHA1bae4a5a3647c50f672862f124d548765a0dc09d8
SHA256f6548cea3d9e26825ee7c6d70b8bc0f2754fcf4477bc38c76a1731212c061281
SHA512728991615d51aa22252a2396a827eabfc949e57df8bb3c97ffc957f7a8d31484a3dae89f1a435c0377dd97c8834ffaee8887ff1db563e99cd652d5b64d421520
-
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\winword.exe_Rules.xmlFilesize
329KB
MD549197d4a91c33d9ec952ff98318e296a
SHA17d87bb7418298e9aa71bc88e65789fa537a6ed1e
SHA256a98a89d805bfa81e15eb1a88ff08f63e6a652769357043a12db2b27250942abd
SHA51214424a8436d2c363d9776384ecde188032ec70d8dd6428ca54ecbb59acaabf5cf61007f87a14c4e02d5c143d6105c19127301feac6f79c5cc34f5d801ada73b2
-
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\winword.exe_Rules.xmlFilesize
329KB
MD549197d4a91c33d9ec952ff98318e296a
SHA17d87bb7418298e9aa71bc88e65789fa537a6ed1e
SHA256a98a89d805bfa81e15eb1a88ff08f63e6a652769357043a12db2b27250942abd
SHA51214424a8436d2c363d9776384ecde188032ec70d8dd6428ca54ecbb59acaabf5cf61007f87a14c4e02d5c143d6105c19127301feac6f79c5cc34f5d801ada73b2
-
C:\Users\Admin\AppData\Local\Microsoft\Office\DLP\TenantInfo.xmlFilesize
76B
MD50f8eb2423d2bf6cb5b8bdb44cb170ca3
SHA1242755226012b4449a49b45491c0b1538ebf6410
SHA256385347c0cbacdd3c61d2635fbd390e0095a008fd75eeb23af2f14f975c083944
SHA512a9f23a42340b83a2f59df930d7563e8abd669b9f0955562cd3c2872e2e081f26d6d8b26357972b6d0423af05b2392bddbb46da769788e77fd169b3264ff53886
-
C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\excel.exe.db-walFilesize
1.4MB
MD5245f518d80ff767462a224121f6b2b14
SHA18113465dfd3ba97ec67c940d109877038ea73137
SHA256dd01ad95ef69dfa3fdf6393b672a0b0bc0053e9f0963434973b6532aa42c32f9
SHA512553e9913cd08748f8aed37b74a40cd0a20fa2ebe3786f15ac8c9b2cad7d4a11ca23ada92b6baff319045795912862f07b2f3f653c1dd65c8d94543644c7721b8
-
C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\winword.exe.db-walFilesize
8KB
MD5522ae2e6ac980e28bdb87f3d204960c7
SHA161919ba8629505b1b9868eec988a425dcd35784c
SHA25656b4019e9ce48c41a704c3f464093e922cbd0019141c71c6aefbe1d96a9151a7
SHA51281a1b02f6833ab32350d97888ef5d480c9f5ea7e953d0614451d45c96f3f9e2d704e8a89f95ee737f67efeac8fe455815e33d476ddc0a9c140951f4db3cd8201
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exeFilesize
40.2MB
MD5fb4aa59c92c9b3263eb07e07b91568b5
SHA16071a3e3c4338b90d892a8416b6a92fbfe25bb67
SHA256e70e80dbbc9baba7ddcee70eda1bb8d0e6612dfb1d93827fe7b594a59f3b48b9
SHA51260aabbe2fd24c04c33e7892eab64f24f8c335a0dd9822eb01adc5459e850769fc200078c5ccee96c1f2013173bc41f5a2023def3f5fe36e380963db034924ace
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\Personal\SyncEngine-2023-3-25.847.7020.1.aodlFilesize
256B
MD5754e2832b69085da2e05578b46f7398f
SHA14f317385e8178385bf6c488e5c1cbc1a09c6903e
SHA256c27ff9ccdae9b57f8539617e879a7b2293e4c07a770ec2048c84de1cd2e29c2e
SHA5126f9058ba42991805f3c1ef8f03b5b242d9014acd4b647d54483ceddd249aabe010726ac818661b6fa8360a2a1705fc25adf9dad8e071971739981209dc199649
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\settings\Personal\logUploaderSettings_temp.iniFilesize
38B
MD5cc04d6015cd4395c9b980b280254156e
SHA187b176f1330dc08d4ffabe3f7e77da4121c8e749
SHA256884d272d16605590e511ae50c88842a8ce203a864f56061a3c554f8f8265866e
SHA512d3cb7853b69649c673814d5738247b5fbaaae5bb7b84e4c7b3ff5c4f1b1a85fc7261a35f0282d79076a9c862e5e1021d31a318d8b2e5a74b80500cb222642940
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\settings\PreSignInSettingsConfig.jsonFilesize
63KB
MD5e516a60bc980095e8d156b1a99ab5eee
SHA1238e243ffc12d4e012fd020c9822703109b987f6
SHA256543796a1b343b4ebc0285d89cb8eb70667ac7b513da37495e38003704e9d88d7
SHA5129b51e99ba20e9da56d1acc24a1cf9f9c9dbdeb742bec034e0ff2bc179a60f4aff249f40344f9ddd43229dcdefa1041940f65afb336d46c175ffeff725c638d58
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\setup\logs\DeviceHealthSummaryConfiguration.iniFilesize
77B
MD565001e7806c0998df106a2aba8ee344b
SHA12a028c3d2b89b99f821f45b8a6f770375f165b32
SHA256e961f166bf0e7c1880da4d1bdf9c4c4317cc8ac297d302b904ff0dc5c2bf3700
SHA512b8bf7cf7dc96915afbdd23e0fb7dba924e566cc65232a264d2b0ad62018d2911482a8c1f0f1c873e3b5bbb557775de7629801bd77a807f044af6cfcf0e5c955b
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.dbFilesize
28KB
MD501861d21220444a535da620923946366
SHA1519377e1a31d593e5fbcc4fb290ebe9ee50c323a
SHA2569038f7e8155b481c1967494812c85f9617e2d522f2526e2adf469936d28d117f
SHA51260bd38388f7a1c5d357daf0a26d015cbf74de43b02bb9d57e863389faa19a1e9085329d17f2cd482fe4f86a68ee9d0bae054c3f9c205be2e92bc711e74166425
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.dbFilesize
28KB
MD5c92fd2619ca1b51283889ddaaa411495
SHA12d814dc9244d5bd083e410c3e1033817414b4bcb
SHA25674d0e74a324e3293ad995036086090ee3056be4c4a74cbd3c0e72d875c6a4dc5
SHA512f8aaa88ec0c896e8806cdab40c15a28a3d142822c66816746c03511bda3f37758b48a34f705f33a0e5d49e635a2c93ff87d4f1958d672980b17cfe1f407734af
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S1Q31HZS\update100[1].xmlFilesize
726B
MD553244e542ddf6d280a2b03e28f0646b7
SHA1d9925f810a95880c92974549deead18d56f19c37
SHA25636a6bd38a8a6f5a75b73caffae5ae66dfabcaefd83da65b493fa881ea8a64e7d
SHA5124aa71d92ea2c46df86565d97aac75395371d3e17877ab252a297b84dca2ab251d50aaffc62eab9961f0df48de6f12be04a1f4a2cbde75b9ae7bcce6eb5450c62
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalState\ThirdPartyNotice.html.~tmpFilesize
104KB
MD5effecce1b6868c8bd7950ef7b772038b
SHA1695d5a07f59b4b72c5eca7be77d5b15ae7ae59b0
SHA256003e619884dbc527e20f0aa8487daf5d7eed91d53ef6366a58c5493aaf1ce046
SHA5122f129689181ffe6fff751a22d4130bb643c5868fa0e1a852c434fe6f7514e3f1e5e4048179679dec742ec505139439d98e6dcc74793c18008db36c800d728be2
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\X2AZMHV0\microsoft.windows[1].xmlFilesize
97B
MD5acf6e71bd429d1fb8563dcb0c86214db
SHA11a2860484d282939f3030bdd7e2b91e3bf6b57b7
SHA256219004f75faaa05d16757f2a5792ea2b1eeea9db8333437e4d0967354f94b240
SHA512bff38279460a137cb9392c2f193552698a75574b8b55058a97723971603687518780fd968d913219c6364e340787de5455381eadefc4c9c7fb41c4867b5d6d09
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{6b41bb39-50a2-4d0c-97bc-f5ef59c1c2af}\0.1.filtertrie.intermediate.txtFilesize
5B
MD534bd1dfb9f72cf4f86e6df6da0a9e49a
SHA15f96d66f33c81c0b10df2128d3860e3cb7e89563
SHA2568e1e6a3d56796a245d0c7b0849548932fee803bbdb03f6e289495830e017f14c
SHA512e3787de7c4bc70ca62234d9a4cdc6bd665bffa66debe3851ee3e8e49e7498b9f1cbc01294bf5e9f75de13fb78d05879e82fa4b89ee45623fe5bf7ac7e48eda96
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{6b41bb39-50a2-4d0c-97bc-f5ef59c1c2af}\0.2.filtertrie.intermediate.txtFilesize
5B
MD5c204e9faaf8565ad333828beff2d786e
SHA17d23864f5e2a12c1a5f93b555d2d3e7c8f78eec1
SHA256d65b6a3bf11a27a1ced1f7e98082246e40cf01289fd47fe4a5ed46c221f2f73f
SHA512e72f4f79a4ae2e5e40a41b322bc0408a6dec282f90e01e0a8aaedf9fb9d6f04a60f45a844595727539c1643328e9c1b989b90785271cc30a6550bbda6b1909f8
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133242074892976745.txtFilesize
77KB
MD50cab183286dca7664a41a23b61bb8a12
SHA1d1f571f47c3aaf19610ec03cf0c2d9999d235ab7
SHA2564ff6e7446b23b078fffe8670439a1e85b36d86b2e3f4e4be12b6c921f1e99399
SHA51239b94952a752f6173fb6c9edfec3a36a650d0d6e49d1fc4eb011787315903e5d97948c033b68e20382d31767ffb966662445d950e9c6d619a2dceb3c4e86baaa
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\SettingsCache.txtFilesize
801KB
MD5f1cf4337c201c880528cfd12111e103c
SHA18b1870cc3b0c43c8bfc88fb65d245da58e82651e
SHA256aa5a3795294bcf13c6482f98209e65d40ba8fe6030e3588cc77e9cab0424d339
SHA51275cfca0a9b339aaff950597e8aedf0cd3db090cc819816890e7f76abdac89aeb1562ea569aba77b35242563ac30770497e8e30d65efb378a1c97d10314bac5b2
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\CortanaUnifiedTileModelCache.datFilesize
11KB
MD53042adac840b34eba3c2a9869c5d3f8a
SHA14e6ddc4a2f24312795544ecc01a7d298cd511049
SHA2562320f5a5a4cb796ef667dbce0e31e700ebbd3609f0f576d9e43e60f804d6f56d
SHA5128bad5ed4ba5f0ba3e7afa25fa1172d4c9a64a6cc79496aed9ebdb47fcf8391a21210f7cc0f6b5cff3a6305e82dd7d897b70510d430a77f55be4f71b2241b6417
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.datFilesize
16KB
MD5437c1bf43dacbc298361a193b00e228c
SHA10e55fa89c7d8b88ca622ce28493a67cef9045708
SHA2564dae37937f8ad7abd2074d70dbbc00102b49ba129fd2d42c521225e0a49ced7e
SHA512c15ef8f94b386b23b6d451592760414cdbe40bc7879a7cbfe32af5eb191099c21eec3db757febabbda38d125a005db49606ba2fa304fc2300eaf7ba5a230bf4c
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftofficehub_8wekyb3d8bbwe\AC\INetCache\3O8OSVB1\unauth-apps-image-46596a6856[1].pngFilesize
6KB
MD546596a6856f213069be3ece1b3238a08
SHA160639eb093a094354453a62b77144271f8dbc0ca
SHA2568211691e5045749653ddef81d2f291d43467ff0001ff93f8184f0506cb06e2a2
SHA51234ea62a6b988aa4eb67ca38b161916f402e1b5e8ac4bfef38de4c523695b73e1002c2ce36496d366eebde59ab8bcb53a6b507e19be0d0304a3c78602c47d4954
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftofficehub_8wekyb3d8bbwe\AC\INetCache\3O8OSVB1\unauth-checkmark-image-1999f0bf81[1].pngFilesize
291B
MD51999f0bf815bce72e4ff30c9f11057c8
SHA1f4f3b71117510404afb11a0ca4a4394b04d2537b
SHA25692e650094cd9a15483537c9cc43dd043211be6a0d3f5ebc1ac6326b989811554
SHA5124af6740b7526f8fc592331ea967ec05f3245d98795ee384aae0801289dd5370d69729edb7a06b8f720af013dd761b0dc4bd49f1260a35c452970eccbd824ec62
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftofficehub_8wekyb3d8bbwe\AC\INetCache\3SV7GQ7B\lockup-mslogo-color-78c06e8898[1].pngFilesize
4KB
MD578c06e8898d2ac40434fb9f09053f06e
SHA1269b39d77bfa1eeb114ad12d626b6f41953e5267
SHA25680697da1af54cc7e68f99dac55b6aff97d9fc5ce6ea09232f521e4aa3477e52e
SHA512f5be00bcb099ff7fc7603bfe879fd9916b3126f26f67ab29c0f8e4a4bf920d6232de75e5bf9c08dfb55151eac198128453883aa2d803557493d5089441fa8912
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftofficehub_8wekyb3d8bbwe\AC\INetCache\3SV7GQ7B\microsoft-365-logo-01d5ecd01a[1].pngFilesize
19KB
MD501d5ecd01a39dd692652f7db80bcc32c
SHA176b8a218e6c060a604ae672603255f3088944bb7
SHA25649cd37dc72b251b9b3a2cf5059694ee40d37cc9e9ab983b8f8ec33e8a20c39ba
SHA5127cacf16706cfbeaa065d81be5c46d33b784c4e80889239199e1c74a2df3a4227adf962d230cf03aecd7400c13824fe8e68ad0ce5617d4050c225fbb495af0c6c
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftofficehub_8wekyb3d8bbwe\AC\INetCache\3SV7GQ7B\pwa-async-styles.cd4e1f71cda644f8f08d.chunk.v7[1].cssFilesize
44KB
MD5d20234a69b66376efb129575948bbabe
SHA174c123660f37d38a58d661ca12370fa9014b4deb
SHA256e793bf6629b84ed770aa3c790f461817688e82482395688468df2861e85d2a91
SHA512611582f668303fb75a203b865f7a654f9ed7e7ba8726dffef5187144ee6d4d0621247299b3d29f1dbd154a17b66bd9f8ddd2504c63e1756882e106b73f8e9e48
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftofficehub_8wekyb3d8bbwe\AC\INetCache\K71VIP3B\pwa-35de8a913e[1].cssFilesize
2KB
MD535de8a913ed36c87f09eecb5382d4508
SHA10515124f02131186df891eb2ee56dd0bddcad08a
SHA256bbb2c121b6203f78bf51905d2d69154e080ce45ba1ef08eab07439851ecdcc4e
SHA512f30a37df8aabae9805e03f69aa9a9942bf4a3a3146d1dd8da9cc5cac713f0cfd6a2505f7fa5cf466ca7d070f986077610af8ec2c602682700fa518d16f7ac801
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftofficehub_8wekyb3d8bbwe\AC\INetCache\K71VIP3B\pwa-bundle-853cf7d01cf5013e3abe[1].cssFilesize
88KB
MD516e08be5d3737c49d2d75b7ea5421d6f
SHA11c5268829ac8528efe87b87cfdcec6158f0dfd7a
SHA25698d356a6ee21394457e7e66bbfd22389e7710fd562c67639dc5ad6c46f862d67
SHA5123976fe9ecba6438fecfc013cb2a13502471b0778e3e9144e1fb8b41f18653eb81f21f6a1ce219dc4d861daa151a804d4e2de4ba9d2468c9118a81a395a1dc9e8
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftofficehub_8wekyb3d8bbwe\AC\INetCache\RRWYM0T0\ew-preload-inline-24c3f0df0a413bbefb38[1].jsFilesize
11KB
MD50759d3a31dd0995d72ac69916cf99465
SHA12a64dd70d399d5a2fb0eba470f731350b47a19b3
SHA256374caa9b658d90b6ea1e264f6db3c12f466d3c4d06232e10e9c6289a2dda3f0d
SHA512bdce883a16e3778c59bfd10dce26ecfafab156752d0b4587439b9a36cdf652f013efbb4b8aa254885fbeda63ce7248b9b59a6ec782642e8df13f0dfee18f8416
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftofficehub_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776Filesize
471B
MD5e41dbd6a21aa9c446d4a52b72f5ff819
SHA1b08de2c3775503ec7ed801de04e75af7e2dfb6d3
SHA256f5e933c32071f3dccef838d2d99dcbbabc6bd22dc1bd66c1467394748c66181e
SHA512d32e2fc879ac9f838c9755e4e63465d105f5a81286979bc1019c9c40250ad689335de44dc2b9da47a12dc018aab520de6622f40db0a82c755bedd6f84a05f317
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftofficehub_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177Filesize
471B
MD54f8e212f4aa2ff84660468b2b2225c2c
SHA1566c7caa953a4ecb629fe749556a563797316741
SHA2563f1439ed21c98735968c9a4b7c9786c79419e9498173bc0b1c3ac29674c942c6
SHA512239e2362499adcc25a9472b6c394e02f85963b388d1c8d8d61c11e74f9771475958e71c65479ecdbfab54af5654c474c766f54c0fb4996be78de6b0c6f75f56a
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftofficehub_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776Filesize
434B
MD5dc6910bcad15f10d0e04f8719d34e89e
SHA1c6bc3becaffe8f24a9aea390defa2e9cf3ba945a
SHA256ef2f12fb91c05f3475e08de6f518dd15ab0ed83af3a843d075b5afb3b5cbc91f
SHA512098e0ef858827e2a947fe74304ec086a8fcb6ad97bcb7adc400ad4012f2f9989899d4dc1c53e436ec3488c94e7e4960e5add75da98615356e638a33e8887b019
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftofficehub_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177Filesize
442B
MD552e648433fcd7c044cd8e4ad9ec825b8
SHA1aee8f0b1ee474ccee65d461ba372f7d56f6daa07
SHA25681d14c8d9a760f8bd92286b3b2ae343c3ce2eedfd4c46360b621ef75766e7c92
SHA51243350530955c8090c85f381f53179f61493dfd855a46e29870277f99ee64438091e325642e48b97c1e594a1bea29ff1b1ba9eba8d4196b59c45fecaa9e31379f
-
C:\Users\Admin\AppData\Local\Temp\238F311.tmpFilesize
26B
MD5e0a0ed720424ba7cabbcaf3c3b88385a
SHA1a7d9472f31a0886f1069ba87e2f752adaf2ebd67
SHA256eb569fcefe72a453ea7216a1ca3a9d756371cfa73b0a984b25e5e5d86b7f2f31
SHA512e5a025ddf5cb4302af6d6593757c29aaaad4afb84ee29dc0d03a1b1d3041f253b6de022dd59c02cd67d9d9e977631152a2da6bcff219adef3459a99a529d9dd5
-
C:\Users\Admin\AppData\Local\Temp\tmp7A81.tmpFilesize
35.9MB
MD55b16ef80abd2b4ace517c4e98f4ff551
SHA1438806a0256e075239aa8bbec9ba3d3fb634af55
SHA256bbc70091b3834af5413b9658b07269badd4cae8d96724bf1f7919f6aab595009
SHA51269a22b063ab92ca7e941b826400c62be41ae0317143387c8aa8c727b5c9ee3528ddd4014de22a2a2e2cbae801cb041fe477d68d2684353cdf6c83d7ee97c43d4
-
C:\Users\Admin\AppData\Roaming\Microsoft\Document Building Blocks\1033\16\Built-In Building Blocks.dotxFilesize
3.5MB
MD545b3206b0a14eb850f21a52116f021ea
SHA1f287403bed53875136f30a99350e90b93772b9c3
SHA256c6407f48bae9ff72044f64b06622076a84d9e8f36a9e0f4f0632a5e644adb6aa
SHA51213cd2891e896257271d6a1263295716855847cfd55cbe05c9420b1c4ea677f6535596888695e79ad5918ea1d01984a9482a717b86f6de4e064bb8bc154a6f80c
-
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnkFilesize
2KB
MD5b238ba27ff126835a216d34e1518fb7f
SHA1ecdb431a4cb70a068b81f891dd7629bed3884d37
SHA256e4aaa35f7ed458e99e7e8ed2376ce438aa5fbfbf9c3a4b693607054eec729855
SHA512a40dffc524e0e6e0133dd3759f25402df4fc387578f85a13d3bd2ace0ff428904e08f04cf2e90f19d0ed885482a2f95eb50426f66a56328b639813ee8ad6329b
-
C:\Users\Admin\AppData\Roaming\Microsoft\Office\MSO0127.aclFilesize
12KB
MD5a199290d19a8efb39c1624fb54fca817
SHA1c1b6de661c962c5d34d05073953b1e728577cbf9
SHA256ec973cf7949d0c2609b1abd60f2a16918a155090ba9d9ac6ea3cb941b1456d25
SHA512701e9ec7a0c294ae845a67d4816ea3628edd355f2548ccad64331498b7ac1c749781511f95c7f04f330eee4ec806dd1832f46b141c42a9fe03d9d6f6ba3886c7
-
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.datFilesize
202B
MD5dd0c1d22223d8d0e4e271a25a6576eb5
SHA124db1209d718bd8eb443da6eec2ee28d39aaecd8
SHA256c5b636a315f8af0aac9068a2517dbb1fe136a77b9baefd12af102e65b28a13e2
SHA512fe7568b22218c10b268c115f2209ffa8282777e354a9ce0980857879c0364f005fb6af69627e95286a8229191d34e97479498986c657c6d4a394e54731653195
-
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.datFilesize
202B
MD5dcbba7ff6ead0957350ca20e0e60824c
SHA14a45545c27cdb9f4a325da651119d56a07795803
SHA256b370b73d6a19fe1bcf13682b327ff22eb16c61cf7f8698dc8bea0044379a5a29
SHA512bbc96aea96048b0adb5824c3b7e635d32720c5f268f0db55310869c58e1f994d36c3c3940d7ce564739eb463ddc633c176ea7bc453438a2b91de797e340abf43
-
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.datFilesize
202B
MD5dcbba7ff6ead0957350ca20e0e60824c
SHA14a45545c27cdb9f4a325da651119d56a07795803
SHA256b370b73d6a19fe1bcf13682b327ff22eb16c61cf7f8698dc8bea0044379a5a29
SHA512bbc96aea96048b0adb5824c3b7e635d32720c5f268f0db55310869c58e1f994d36c3c3940d7ce564739eb463ddc633c176ea7bc453438a2b91de797e340abf43
-
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lexFilesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-msFilesize
8KB
MD5e276b6a9b9e548eb929b067f8a54ada2
SHA19f2cf8747dea2e34bcbf18df2e92078af8dfd7b4
SHA2560379cfde84db46d0645374e7f1c80a081601a7502473345067160ca00ed98ae7
SHA512aa03f568a1ae461fb7e1cca9a350dd97325f247a365628e236fe8faf866e01785eab6a46f4c80f28e6484dcad6b78dfe6d6ac14d86ef9936e72bd81b3a703530
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-msFilesize
7KB
MD5076b1d9c482a4cf5dd1d1b96a91d9228
SHA13b3ec6f243d82d148c8633c4176fc56a27e1407f
SHA256d78356183c63c0516b5a72c8f7cb93417fad55205aac8e62b8c8bf8c3196a654
SHA5125e83ebc4233cea7a9558ec2b32b1b4cc1c04566a9f0df209ef67000831cb5cf87e9ca407a14c8bf4466d81c8495053d693c0f003c370616931093262b0be84dd
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\fb3b0dbfee58fac8.automaticDestinations-msFilesize
8KB
MD551eadff024cba0da58c716bc8cae633b
SHA1e80c7ad927f0381005502972b6af185107413b5f
SHA256926791baa4d812663ac700eeedb4c17165f5518f9bbb9c737d86fa89e35d9f33
SHA5125f6a6bfc8800e4d6c36b9443ff038b0b0ff7367ccff8916f86a72629c5fedf65efe5a5eea682a116ca0eed5d7763740830e154d12cc6072a4d58a037127029ff
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-msFilesize
3KB
MD5f882cc8bca20849a5fc3bd9c6979e6b8
SHA161af7bb85e26d373648cafce85af1277e858cbd1
SHA256fc4fcfca042fc8230a2b56752f4c2f976f8d3e97bcbe8cc271fe75435ac5529f
SHA51231cadada3218bcef0a1bc6d7e703c2952624342e5eec85ea02e093a259e0d803141b98830c1ad5c0d0fec8f580fcad7f4e38551847337862ce44fa790852a796
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-msFilesize
3KB
MD5056c254c0fad15315a09431bec138643
SHA1e74bd19e3a492e042c913e6ff79001796e8f61b1
SHA256750366f66a3dcae6bdac6739a4abadac395eefbfa92081c9e2a1f8739b3f5caa
SHA512c0e49547684623c810d054edd7000a4c7560320e520cb2bc181be887cf2cff8b889a5b174e346a2dbac7025a8633f62a64ed92e3eb46ae3ca6470dd4e24b07b6
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-msFilesize
3KB
MD535a0f0328aa997ddf03e89622e90581f
SHA19b482e076b2828dcad66d430725529951ec14fdd
SHA256ba8c486fc19882fded8965ceeda1bb1b093f59c15edacb66919b593dd1f3dcdb
SHA512a727ac2196810786670a24177ac44f7549171760c0f65f6c76913f45720df7786e47ca56bd97ae5abbc2c283894624651f85e478dc65f3f84c43deca6c4d4a4c
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-msFilesize
3KB
MD535a0f0328aa997ddf03e89622e90581f
SHA19b482e076b2828dcad66d430725529951ec14fdd
SHA256ba8c486fc19882fded8965ceeda1bb1b093f59c15edacb66919b593dd1f3dcdb
SHA512a727ac2196810786670a24177ac44f7549171760c0f65f6c76913f45720df7786e47ca56bd97ae5abbc2c283894624651f85e478dc65f3f84c43deca6c4d4a4c
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-msFilesize
3KB
MD533dcbf10c9ccd6555b89113b9bf4ba36
SHA1b0fd5f9ceb49c67f7ea8119c374681aaaefa35a7
SHA256b4a40fc15af2ab4f10bc28319c699c74fa5b899d9dcb39a1b4795ac0556d0333
SHA5120d212e155fb692f561ff7c86e4b687423d43771f3b2b9ff44f3799affccf1a5c5d94fc43c9abd0413aea9ab1c210a9d3deee7834dac6a98a5a9d6ad4bfa6b3da
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-msFilesize
3KB
MD5c8eff2aa1b9963a7729271a339551412
SHA135cce50e869d93bf27ea7be74132dc595cd4b9e0
SHA256b4ae2f40b373202def71d6db49cf213cabd7ac7e6418258fbf510ee219dca98d
SHA51223fb4ce5e48be808afe2448ef61b1bf6ce39d7df7ca2548107d0d73009eb244ec6de443340dbf9243980a1debcffcc19cf02221fb233479889ab63e36497a37f
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-msFilesize
3KB
MD5c8eff2aa1b9963a7729271a339551412
SHA135cce50e869d93bf27ea7be74132dc595cd4b9e0
SHA256b4ae2f40b373202def71d6db49cf213cabd7ac7e6418258fbf510ee219dca98d
SHA51223fb4ce5e48be808afe2448ef61b1bf6ce39d7df7ca2548107d0d73009eb244ec6de443340dbf9243980a1debcffcc19cf02221fb233479889ab63e36497a37f
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-msFilesize
3KB
MD5a860896ea37a11e10801dce579afb33f
SHA178be75a0a551f14eb79ffeed578727752f9960b7
SHA2565086529a2350ffa2a10016cdd85253c4ce0e2d0fbb05b238d37cc75684b1b4c0
SHA512c207cc0602f25db863bf2d6d87a1c63d86517e72fd5c71e28c5bcbf040d22926a685eefbe5afd075e9e0bf96092d89945c331d95577e03afd5ab06ac26e15ec6
-
C:\Windows\INF\vhdmp.PNFFilesize
7KB
MD5fc81c6575f616edeeefcf63bd7bd2d99
SHA138f97310253e8edde8ffce62634dc1710ac74373
SHA2568dd1a037a4d13b8dfe866ddb871a755d2308221d54ee6dd91bc60f9a003df43b
SHA51251fd2243b52c96f524864cca3d86492a1375b734b228bbd6db2014db66a2d638615b221a706748849a723b38da4f3280abaa8a348dafa6f4ea60fc8bb26e3282
-
C:\Windows\System32\perfc007.datFilesize
142KB
MD51bd26a75846ce780d72b93caffac89f6
SHA1ff89b7c5e8c46c6c2e52383849bbf008bd91d66e
SHA25655b47d0f965800c179a78314b6489d02788a44fa2ce00f68b2d860440216927a
SHA5124f5e14637e9e89700f1ee2d0e575d26d4f3d164d859487f1471bf4410dec6d0d7dbf552c6f791c12388be035c6b974610cda8882c6394438e2220b79e4d74e9e
-
C:\Windows\System32\perfc00A.datFilesize
147KB
MD56d4b430c2abf0ec4ca1909e6e2f097db
SHA197c330923a6380fe8ea8e440ce2c568594d3fff7
SHA25644f8db37f14c399ea27550fa89787add9bfd916ffb0056c37f5908b2bac7723e
SHA512cf28046fb6ab040d0527d7c89870983c02a110e9fe0ecf276395f080a3bd5745b920a79b3ce3bb820d7a5a878c0d13c37f67f4b5097245c5b93ca1111c1e830b
-
C:\Windows\System32\perfc00C.datFilesize
141KB
MD56adbb878124fcd6561655718f12bff5f
SHA11711619dda04178fb47eea6658da6ad52f6cf660
SHA2560b16ac631d596f85f0062dbe5da238c0745bd4c033207cba2508465c7c7983cf
SHA51288ec8b3c4670970900ef8fdaf0865e24a5bbc9c0ca375eb6ce12e8d8a3ec08c8a45dfc8ae3c7f4ff1974d5e4b53e0905c5dffadb852e730eb8097a22cd750006
-
C:\Windows\System32\perfc010.datFilesize
142KB
MD5d7d1b8bc2cf56644da193ee364a777f9
SHA14dd169d3f3034db20cd30e424cc02b7eb4b28ae2
SHA25641e5824ff8d0e3cd25724f39f2857974db5ecd3acc84d0b28d971ee31a34a74e
SHA5122cb675e2eab0992c0d3fd70a300b676ff4994ca43d8ec60dcb0138314a28639e7d51d7a60639de1b6c801052dc5d30fb8acbd8ce61014e017725bfce48dadaaa
-
C:\Windows\System32\perfc011.datFilesize
125KB
MD5eef14d868d4e0c2354c345abc4902445
SHA1173c39e29dbe6dfd5044f5f788fa4e7618d68d4d
SHA2569f32176066529c5699d45728fcad1bccce41d19dded4649b49cb24f7eef9ce7f
SHA512c926f13a0fc900dd7d740e2d7d33cdd1902ece0bfb44b6e1f5fed6ffd348c3e7d71089fb9792e38799e8df6573bc09e67bbe132cf9c2ae0a7199534dc5d959ee
-
C:\Windows\System32\perfh007.datFilesize
710KB
MD582d7f8765db25b313ecf436572dbe840
SHA1da9ed48d5386a1133f878b3e00988cbf4cdebab8
SHA2563053aa67e9cb37cd6f9645ef3bec8d43b1863afd852d3860ea73fcd83c7010c3
SHA51259766b408b548dc020b54c79a426b361112c33c7263c16ca2e69485dadca05fb4c63b6433063e77c6a9e28a43ec6d3c8206ea702a33b79151fa6309d83b316a8
-
C:\Windows\System32\perfh009.datFilesize
680KB
MD5407f4fed9a4510646f33a2869a184de8
SHA1e2e622f36b28057bbfbaee754ab6abac2de04778
SHA25664a9d789cc9e0155153067c4354e1fc8baf3aa319fa870a2047482450811f615
SHA5121d420ea7ac787df81bbc1534e8fac89227f54fffff70c08c6d2da385762e6c5766448ab4a47aae1c5cbc671776522b6fb6d9c27870b505ae101462bce912867e
-
C:\Windows\System32\perfh00A.datFilesize
754KB
MD54e62108a0d4a00aa39624f4f941d2595
SHA17fbff1d3ac293c715a303ac37da0ceb12591028b
SHA2563df3adaa8bd1ec4dd99bf304c7a1b0d513097fbeb8648efad4b127c5522c3263
SHA512c79a483e4012d8c97f4a2188fdc27ea04bae24993b12487551872f1413a1a0884197dc71d13ba1dfd32c9b2c93089761f6f3ec37f0bb19e209dbf19283462126
-
C:\Windows\System32\perfh00C.datFilesize
762KB
MD5f0aadc378bf104a4ded850bf8214a32f
SHA1ec5c34131cc08b38a5cd8c891c908fe6da4d9e95
SHA256721ba15ce5668712c527c7d4b4ee8fb86e22c25cf18209ed6539362ad02a829a
SHA512873ebcd4cc2c339f90628a62185357c0ba7132ffd9034eb5af2418119fe08dca8b892bdc51eb45b1d1ac01ffa65edea1ddcca5a08f41e738b2bece3e2f13448d
-
C:\Windows\System32\perfh010.datFilesize
751KB
MD582e56f9621c3961913859fee9ebecef1
SHA1d861df1e11ffabdda0d79feb6aedda8ded111625
SHA256f33066dc47a70f746029668e0dcb41bd284db39f69829350ef1634cea40b14d4
SHA5124b77462d9b5ab77f4d201ba54384d74d3d3c5095a514efbc5691ce247b76f9510c0c2671280b00a06a0766ae756c9e3a5ffb8bb56ed7d95648c41a9abcd62640
-
C:\Windows\System32\perfh011.datFilesize
466KB
MD5725300df47e21bf6adc1e51b0646efc1
SHA102f12225661de7e1082eb7ea08c2ba332c789514
SHA2567caeabba4ea91169828c6aad0975eb69e0e70229e4e4c5c263eb62a6d51308c3
SHA5120bdd332e598415d091643da9b0ea1a2bc18fe9a716f7fc56e1599cca1fbbcd8c049dfa66d3b6015c4651c277101059ae2ca172138510ad3258a8eeda8b1b13af
-
C:\Windows\System32\wbem\Performance\WmiApRpl.hFilesize
3KB
MD5b133a676d139032a27de3d9619e70091
SHA11248aa89938a13640252a79113930ede2f26f1fa
SHA256ae2b6236d3eeb4822835714ae9444e5dcd21bc60f7a909f2962c43bc743c7b15
SHA512c6b99e13d854ce7a6874497473614ee4bd81c490802783db1349ab851cd80d1dc06df8c1f6e434aba873a5bbf6125cc64104709064e19a9dc1c66dcde3f898f5
-
C:\Windows\System32\wbem\Performance\WmiApRpl.iniFilesize
47KB
MD540b778225a1abcd93b6c03c410599a94
SHA110a9069ddb6eb032d450894c6c94f85704b1f887
SHA25640dd2732b634f11150bbc2d0fb6ea49ede1928bef97dc028286733134ad53d6e
SHA512f2c64e4510421d5d8a8dceb37032f0d8dfb2b58808a48b3344ac7e9823be8b3a7bb2b5cd349a6eb8ce53f7e531d42616f275ca7cede0afd6734560377856af55
-
\??\pipe\LOCAL\crashpad_2200_AUDDFIIPARYHYTZWMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
\??\pipe\LOCAL\crashpad_3984_OIZIPYBYJPESEYTAMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/180-179-0x00007FFB493E0000-0x00007FFB493F0000-memory.dmpFilesize
64KB
-
memory/180-151-0x00007FFB4B810000-0x00007FFB4B820000-memory.dmpFilesize
64KB
-
memory/180-158-0x00007FFB4B810000-0x00007FFB4B820000-memory.dmpFilesize
64KB
-
memory/180-155-0x00007FFB4B810000-0x00007FFB4B820000-memory.dmpFilesize
64KB
-
memory/180-153-0x00007FFB4B810000-0x00007FFB4B820000-memory.dmpFilesize
64KB
-
memory/180-157-0x00007FFB4B810000-0x00007FFB4B820000-memory.dmpFilesize
64KB
-
memory/2132-612-0x000002317B940000-0x000002317BA19000-memory.dmpFilesize
868KB
-
memory/4244-176-0x00007FFB493E0000-0x00007FFB493F0000-memory.dmpFilesize
64KB
-
memory/4512-260-0x0000000000400000-0x000000000041D000-memory.dmpFilesize
116KB
-
memory/7140-464-0x00007FFB4B810000-0x00007FFB4B820000-memory.dmpFilesize
64KB
-
memory/7140-468-0x00007FFB4B810000-0x00007FFB4B820000-memory.dmpFilesize
64KB
-
memory/7140-463-0x00007FFB4B810000-0x00007FFB4B820000-memory.dmpFilesize
64KB
-
memory/7140-467-0x00007FFB4B810000-0x00007FFB4B820000-memory.dmpFilesize
64KB
-
memory/7220-580-0x0000024245690000-0x00000242456B0000-memory.dmpFilesize
128KB
-
memory/7220-600-0x0000024245650000-0x0000024245670000-memory.dmpFilesize
128KB
-
memory/7220-615-0x0000024245A90000-0x0000024245AB0000-memory.dmpFilesize
128KB
-
memory/7528-779-0x0000026A2D110000-0x0000026A2D214000-memory.dmpFilesize
1.0MB
-
memory/7528-498-0x0000026A11060000-0x0000026A1106E000-memory.dmpFilesize
56KB
-
memory/7528-508-0x0000026A2B520000-0x0000026A2B52A000-memory.dmpFilesize
40KB
-
memory/7528-509-0x0000026A2B550000-0x0000026A2B558000-memory.dmpFilesize
32KB
