Resubmissions
07-07-2023 19:28
230707-x6vx7aah77 1009-05-2023 07:16
230509-h34zcsgf4w 827-03-2023 11:00
230327-m3yjssdb46 1025-03-2023 07:43
230325-jkn1vsdh4z 825-02-2023 11:28
230225-nldnqsda92 1025-02-2023 11:28
230225-nk69nada89 125-02-2023 11:24
230225-nh4qrada83 1015-01-2023 04:46
230115-fd3c5aab55 1006-12-2022 18:59
221206-xm59taea79 10Analysis
-
max time kernel
1801s -
max time network
1800s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
27-03-2023 11:00
Static task
static1
Behavioral task
behavioral1
Sample
fucker script.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
fucker script.exe
Resource
win10v2004-20230220-en
General
-
Target
fucker script.exe
-
Size
104KB
-
MD5
db0655efbe0dbdef1df06207f5cb5b5b
-
SHA1
a8d48d5c0042ce359178d018c0873e8a7c2f27e8
-
SHA256
52972a23ab12b95cd51d71741db2cf276749e56030c092e2e4f0907dcb1fbd56
-
SHA512
5adc8463c3e148a66f8afdeefc31f2b3ffeb12b7641584d1d24306b0898da60a8b9b948bb4f9b7d693185f2daa9bd9437b3b84cebc0eabfa84dfcef6938e1704
-
SSDEEP
1536:m5iT3FccnYWkyjWpOku3yUyJCbyVAvy7+fRo:3LOcxkyjW3wvHq
Malware Config
Signatures
-
Process spawned unexpected child process 19 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
description pid pid_target Process procid_target Parent C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE is not expected to spawn this process 9648 10440 msedge.exe 287 Parent C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE is not expected to spawn this process 11148 10440 msedge.exe 287 Parent C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE is not expected to spawn this process 4744 10440 msedge.exe 287 Parent C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE is not expected to spawn this process 2724 10440 msedge.exe 287 Parent C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE is not expected to spawn this process 7384 320 WerFault.exe 92 Parent C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE is not expected to spawn this process 3800 3788 WerFault.exe 96 Parent C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE is not expected to spawn this process 13648 14320 WerFault.exe 742 Parent C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE is not expected to spawn this process 6240 3520 msedge.exe 95 Parent C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE is not expected to spawn this process 4076 3520 msedge.exe 95 Parent C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE is not expected to spawn this process 15576 3520 msedge.exe 95 Parent C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE is not expected to spawn this process 15404 3844 WerFault.exe 921 Parent C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE is not expected to spawn this process 9192 16056 WerFault.exe 952 Parent C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE is not expected to spawn this process 15960 15680 WerFault.exe 951 Parent C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE is not expected to spawn this process 5328 9776 WerFault.exe 218 Parent C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE is not expected to spawn this process 6568 3996 WerFault.exe 1043 Parent C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE is not expected to spawn this process 3976 14484 WerFault.exe 1040 Parent C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE is not expected to spawn this process 8168 9904 WerFault.exe 1064 Parent C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE is not expected to spawn this process 15152 15092 WerFault.exe 1069 Parent C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE is not expected to spawn this process 10340 9744 WerFault.exe 803 -
Modifies Installed Components in the registry 2 TTPs 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe -
Checks computer location settings 2 TTPs 3 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation onedrive.exe Key value queried \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation OneDrive.exe Key value queried \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation OneDriveSetup.exe -
Executes dropped EXE 30 IoCs
pid Process 11344 msedge.exe 12760 OneDriveSetup.exe 5212 FileSyncConfig.exe 10704 wwahost.exe 2164 OneDrive.exe 3744 onedrive.exe 4480 onedrive.exe 14288 onedrive.exe 15208 onedrive.exe 14808 onedrive.exe 4108 onedrive.exe 13488 onedrive.exe 14224 msedge.exe 3272 msedge.exe 2004 onedrive.exe 13700 onedrive.exe 15364 msedge.exe 15592 onedrive.exe 15580 msedge.exe 9904 POWERPNT.EXE 3696 onedrive.exe 8748 onedrive.exe 16020 onedrive.exe 3996 POWERPNT.EXE 9432 WINWORD.EXE 11168 Process not Found 13696 onedrive.exe 2628 onedrive.exe 14012 Process not Found 16276 Process not Found -
Loads dropped DLL 64 IoCs
pid Process 5212 FileSyncConfig.exe 5212 FileSyncConfig.exe 5212 FileSyncConfig.exe 5212 FileSyncConfig.exe 5212 FileSyncConfig.exe 10704 wwahost.exe 10704 wwahost.exe 10704 wwahost.exe 10704 wwahost.exe 10704 wwahost.exe 10704 wwahost.exe 10704 wwahost.exe 10704 wwahost.exe 10704 wwahost.exe 10704 wwahost.exe 10704 wwahost.exe 10704 wwahost.exe 10704 wwahost.exe 10704 wwahost.exe 10704 wwahost.exe 10704 wwahost.exe 10704 wwahost.exe 10704 wwahost.exe 10704 wwahost.exe 10704 wwahost.exe 10704 wwahost.exe 10704 wwahost.exe 10704 wwahost.exe 10704 wwahost.exe 10704 wwahost.exe 10704 wwahost.exe 10704 wwahost.exe 10704 wwahost.exe 10704 wwahost.exe 10704 wwahost.exe 10704 wwahost.exe 2164 OneDrive.exe 2164 OneDrive.exe 2164 OneDrive.exe 2164 OneDrive.exe 2164 OneDrive.exe 2164 OneDrive.exe 2164 OneDrive.exe 2164 OneDrive.exe 2164 OneDrive.exe 2164 OneDrive.exe 2164 OneDrive.exe 2164 OneDrive.exe 2164 OneDrive.exe 2164 OneDrive.exe 2164 OneDrive.exe 2164 OneDrive.exe 2164 OneDrive.exe 2164 OneDrive.exe 2164 OneDrive.exe 2164 OneDrive.exe 2164 OneDrive.exe 2164 OneDrive.exe 2164 OneDrive.exe 2164 OneDrive.exe 2164 OneDrive.exe 2164 OneDrive.exe 2164 OneDrive.exe 2164 OneDrive.exe -
Modifies system executable filetype association 2 TTPs 64 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx WINWORD.EXE Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx onedrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" onedrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx POWERPNT.EXE Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx OneDriveSetup.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx onedrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" msedge.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx onedrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" onedrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx onedrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" onedrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" onedrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" onedrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx msedge.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" onedrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx onedrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" OneDrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx onedrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" onedrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" OneDriveSetup.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx onedrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx Process not Found Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" msedge.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx msedge.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx POWERPNT.EXE Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" onedrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" onedrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" wwahost.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx msedge.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx onedrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" onedrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" onedrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" Process not Found Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx onedrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" onedrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" msedge.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx onedrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" onedrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" Process not Found Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx msedge.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx wwahost.exe -
Registers COM server for autorun 1 TTPs 64 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\amd64\\FileSyncShell64.dll" OneDrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32\ThreadingModel = "Apartment" onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\WOW6432Node\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\LocalServer32 onedrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}\InprocServer32\ThreadingModel = "Apartment" onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\WOW6432Node\CLSID\{A3CA1CF4-5F3E-4AC0-91B9-0D3716E1EAC3}\LocalServer32 onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\WOW6432Node\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}\InprocServer32 onedrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\FileCoAuth.exe" onedrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InProcServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\amd64\\FileCoAuthLib64.dll" onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\WOW6432Node\CLSID\{2e7c0a19-0438-41e9-81e3-3ad3d64f55ba}\LocalServer32 onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\WOW6432Node\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 msedge.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 onedrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32\ThreadingModel = "Apartment" onedrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\WOW6432Node\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\FileSyncShell.dll" POWERPNT.EXE Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\WOW6432Node\CLSID\{2e7c0a19-0438-41e9-81e3-3ad3d64f55ba}\LocalServer32 onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 onedrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\amd64\\FileSyncShell64.dll" onedrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\WOW6432Node\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\FileSyncShell.dll" onedrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\WOW6432Node\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32\ThreadingModel = "Apartment" Process not Found Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32\ThreadingModel = "Apartment" msedge.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\amd64\\FileSyncShell64.dll" POWERPNT.EXE Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\WOW6432Node\CLSID\{6bb93b4e-44d8-40e2-bd97-42dbcf18a40f}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\OneDrive.exe\" /cci" msedge.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{20894375-46AE-46E2-BAFD-CB38975CDCE6}\InprocServer32\ThreadingModel = "Apartment" onedrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\WOW6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\FileSyncShell.dll" Process not Found Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{021E4F06-9DCC-49AD-88CF-ECC2DA314C8A}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\FileCoAuth.exe" onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\WOW6432Node\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\LocalServer32 onedrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\WOW6432Node\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\OneDrive.exe /cci /client=Personal" onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\WOW6432Node\CLSID\{2e7c0a19-0438-41e9-81e3-3ad3d64f55ba}\LocalServer32 onedrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InProcServer32\ThreadingModel = "Both" onedrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InProcServer32\ThreadingModel = "Both" msedge.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\WOW6432Node\CLSID\{2e7c0a19-0438-41e9-81e3-3ad3d64f55ba}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\OneDrive.exe /cci /client=Personal" onedrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\WOW6432Node\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\FileSyncShell.dll" msedge.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\amd64\\FileSyncShell64.dll" onedrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\amd64\\FileSyncShell64.dll" onedrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\WOW6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\FileSyncShell.dll" onedrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\amd64\\FileSyncShell64.dll" onedrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32\ThreadingModel = "Apartment" onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 onedrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32\ThreadingModel = "Apartment" onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\WOW6432Node\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 Process not Found Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{A926714B-7BFC-4D08-A035-80021395FFA8}\LocalServer32 msedge.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32\ThreadingModel = "Apartment" onedrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\WOW6432Node\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\FileSyncShell.dll" onedrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\WOW6432Node\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\FileSyncShell.dll" onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 onedrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\WOW6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\FileSyncShell.dll" onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 onedrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\amd64\\FileSyncShell64.dll" onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 onedrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\WOW6432Node\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InProcServer32\ThreadingModel = "Both" onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\WOW6432Node\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\LocalServer32 msedge.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{20894375-46AE-46E2-BAFD-CB38975CDCE6}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\amd64\\FileSyncShell64.dll" onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 POWERPNT.EXE Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\WOW6432Node\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\FileCoAuth.exe\"" msedge.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\WOW6432Node\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\LocalServer32 onedrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\WOW6432Node\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\OneDrive.exe /cci /client=Personal" onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C}\InprocServer32 onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\WOW6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 onedrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\amd64\\FileSyncShell64.dll" POWERPNT.EXE Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\WOW6432Node\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\FileSyncShell.dll" onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 wwahost.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32\ThreadingModel = "Apartment" msedge.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\LocalServer32 WINWORD.EXE -
Adds Run key to start application 2 TTPs 3 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce OneDriveSetup.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Delete Cached Update Binary = "C:\\Windows\\system32\\cmd.exe /q /c del /q \"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\Update\\OneDriveSetup.exe\"" OneDriveSetup.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Delete Cached Standalone Update Binary = "C:\\Windows\\system32\\cmd.exe /q /c del /q \"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\StandaloneUpdater\\OneDriveSetup.exe\"" OneDriveSetup.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives 3 TTPs 2 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\D: explorer.exe File opened (read-only) \??\D: explorer.exe -
Process spawned suspicious child process 4 IoCs
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
description pid pid_target Process procid_target Parent C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE is not expected to spawn this process 14064 13684 DW20.EXE 488 Parent C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE is not expected to spawn this process 16000 15680 DW20.EXE 951 Parent C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE is not expected to spawn this process 14800 9744 DW20.EXE 803 Parent C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE is not expected to spawn this process 17316 3916 Process not Found 89 -
Checks system information in the registry 2 TTPs 36 IoCs
System information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName onedrive.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer onedrive.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer onedrive.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName onedrive.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer Process not Found Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName onedrive.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer onedrive.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName onedrive.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer onedrive.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer onedrive.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName onedrive.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer onedrive.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName onedrive.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName onedrive.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName onedrive.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer onedrive.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName onedrive.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer Process not Found Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName Process not Found Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer onedrive.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName Process not Found Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer onedrive.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName onedrive.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer onedrive.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer onedrive.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName OneDriveSetup.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer onedrive.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName onedrive.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName onedrive.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName onedrive.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName OneDrive.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName onedrive.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer onedrive.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer OneDriveSetup.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer OneDrive.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer onedrive.exe -
Drops file in Windows directory 1 IoCs
description ioc Process File created C:\Windows\AppCompat\Programs\Amcache.hve.tmp onedrive.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Program crash 52 IoCs
pid pid_target Process procid_target 6476 9092 WerFault.exe 213 10524 9676 WerFault.exe 290 5880 7948 WerFault.exe 358 12812 10116 WerFault.exe 362 10420 7648 WerFault.exe 373 11700 7316 WerFault.exe 160 10492 9416 WerFault.exe 416 5320 1728 WerFault.exe 432 11956 6900 WerFault.exe 459 13348 1596 WerFault.exe 458 13644 13484 WerFault.exe 479 13992 336 WerFault.exe 78 8772 13380 WerFault.exe 502 7872 13416 WerFault.exe 500 13672 8464 WerFault.exe 396 13348 7872 WerFault.exe 506 380 11452 WerFault.exe 411 7384 320 WerFault.exe 92 220 8760 WerFault.exe 522 2368 12876 WerFault.exe 536 9660 14016 WerFault.exe 559 2184 3228 WerFault.exe 628 5704 12384 WerFault.exe 640 9752 13756 WerFault.exe 685 11420 10704 WerFault.exe 714 3800 3788 WerFault.exe 96 13648 14320 WerFault.exe 742 14540 14436 WerFault.exe 763 14552 14436 WerFault.exe 763 5812 2328 WerFault.exe 801 12788 8156 WerFault.exe 816 11500 1164 WerFault.exe 859 15404 3844 WerFault.exe 921 16340 16192 WerFault.exe 928 9192 16056 WerFault.exe 952 15960 15680 WerFault.exe 951 15984 8072 WerFault.exe 953 5328 9776 WerFault.exe 218 12764 8692 WerFault.exe 676 7860 4892 WerFault.exe 985 14012 1344 WerFault.exe 993 8800 8136 WerFault.exe 1004 6568 3996 WerFault.exe 1043 3976 14484 WerFault.exe 1040 8612 16380 WerFault.exe 1048 15156 15276 WerFault.exe 1059 8168 9904 WerFault.exe 1064 15152 15092 WerFault.exe 1069 14484 4572 WerFault.exe 1072 13544 11628 WerFault.exe 1076 4812 9024 WerFault.exe 752 10340 9744 WerFault.exe 803 -
Checks SCSI registry key(s) 3 TTPs 64 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000 explorer.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 explorer.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 explorer.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName explorer.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 explorer.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C explorer.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A explorer.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Capabilities explorer.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 explorer.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID explorer.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 explorer.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A explorer.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName explorer.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A explorer.exe -
Checks processor information in registry 2 TTPs 64 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 onedrive.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString msedge.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 ONENOTE.EXE Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 onedrive.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz msedge.exe Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 onedrive.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 msedge.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 ONENOTE.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz Process not Found Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 onedrive.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz wermgr.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString POWERPNT.EXE Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 onedrive.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz Process not Found Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 Process not Found Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz onedrive.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz POWERPNT.EXE Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz ONENOTE.EXE Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 onedrive.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz ONENOTE.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz ONENOTE.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 onedrive.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 Process not Found Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 ONENOTE.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz onedrive.exe Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 onedrive.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz onedrive.exe Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 onedrive.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString Process not Found Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz onedrive.exe Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 onedrive.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 POWERPNT.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString msedge.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz onedrive.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 onedrive.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString ONENOTE.EXE Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 onedrive.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz onedrive.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString Process not Found Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz onedrive.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 ONENOTE.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString wermgr.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz Process not Found Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE -
Enumerates system info in registry 2 TTPs 64 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer onenoteim.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU ONENOTE.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU onedrive.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName onenoteim.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS Process not Found Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WerFault.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WerFault.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily ONENOTE.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName onenoteim.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer onenoteim.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily ONENOTE.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU Process not Found Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer onenoteim.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU ONENOTE.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName onenoteim.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU POWERPNT.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily msedge.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS onenoteim.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName onenoteim.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS msedge.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS onenoteim.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName onenoteim.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS ONENOTE.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS ONENOTE.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU ONENOTE.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS POWERPNT.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName onenoteim.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU Process not Found Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS onenoteim.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS onenoteim.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS onenoteim.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS onenoteim.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS msedge.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer onenoteim.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS ONENOTE.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS ONENOTE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch explorer.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION msedge.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION msedge.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000" onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION OneDrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION Process not Found Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\IESettingSync explorer.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION onedrive.exe Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000" onedrive.exe Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000" wwahost.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION onedrive.exe Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000" msedge.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000" onedrive.exe Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000" onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION onedrive.exe Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000" onedrive.exe Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000" onedrive.exe Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000" POWERPNT.EXE Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\IESettingSync explorer.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION onedrive.exe Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000" OneDriveSetup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000" msedge.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION onedrive.exe Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000" onedrive.exe Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000" msedge.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION onedrive.exe Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000" msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000" onedrive.exe Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000" WINWORD.EXE Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION onedrive.exe Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000" onedrive.exe Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000" onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000" onedrive.exe Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000" POWERPNT.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000" msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000" onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION onedrive.exe Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000" onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION POWERPNT.EXE Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION POWERPNT.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000" POWERPNT.EXE Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION onedrive.exe Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000" onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION onedrive.exe Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000" onedrive.exe Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000" onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION onedrive.exe Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000" onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION onedrive.exe Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000" onedrive.exe -
Modifies registry class 64 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Interface\{a7126d4c-f492-4eb9-8a2a-f673dbdd3334} onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\WOW6432Node\Interface\{869BDA08-7ACF-42B8-91AE-4D8D597C0B33}\TypeLib msedge.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\FileSyncClient.FileSyncClient\CurVer POWERPNT.EXE Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} Process not Found Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Interface\{F062BA81-ADFE-4A92-886A-23FD851D6406} onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} msedge.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\WOW6432Node\Interface\{79A2A54C-3916-41FD-9FAB-F26ED0BBA755}\ = "IFileSyncClient2" msedge.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\SyncEngineCOMServer.SyncEngineCOMServer\CurVer\ = "SyncEngineCOMServer.SyncEngineCOMServer.1" onedrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\WOW6432Node\Interface\{2692D1F2-2C7C-4AE0-8E73-8F37736C912D}\TypeLib\ = "{909A6CCD-6810-46C4-89DF-05BE7EB61E6C}" onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\WOW6432Node\Interface\{9D613F8A-B30E-4938-8490-CB5677701EBF}\ProxyStubClsid32 onedrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\WOW6432Node\Interface\{466F31F7-9892-477E-B189-FA5C59DE3603}\TypeLib\Version = "1.0" onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Interface\{2387C6BD-9A36-41A2-88ED-FF731E529384} onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Interface\{1196AE48-D92B-4BC7-85DE-664EC3F761F1} onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\FileSyncClient.FileSyncClient\CurVer onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\WOW6432Node\CLSID\{A926714B-7BFC-4D08-A035-80021395FFA8} onedrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Interface\{2387C6BD-9A36-41A2-88ED-FF731E529384}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" wwahost.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\WOW6432Node\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\OneDrive.exe\" /cci /client=Personal" OneDrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\WOW6432Node\Interface\{1b7aed4f-fcaf-4da4-8795-c03e635d8edc}\TypeLib\Version = "1.0" onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\WOW6432Node\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} onedrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\odopen\ = "URL: OneDrive Client Protocol" msedge.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\OOBERequestHandler.OOBERequestHandler\CLSID onedrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\WOW6432Node\Interface\{8D3F8F15-1DE1-4662-BF93-762EABE988B2}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Interface\{EA23A664-A558-4548-A8FE-A6B94D37C3CF}\TypeLib onedrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\WOW6432Node\Interface\{B54E7079-90C9-4C62-A6B8-B2834C33A04A}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Interface\{10C9242E-D604-49B5-99E4-BF87945EF86C}\TypeLib onedrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\TypeLib\{082D3FEC-D0D0-4DF6-A988-053FECE7B884}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005" onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Interface\{D0ED5C72-6197-4AAD-9B16-53FE461DD85C}\ProxyStubClsid32 onedrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Interface\{B05D37A9-03A2-45CF-8850-F660DF0CBF07}\ProxyStubClsid32\ = "{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}" onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\TypeLib\{082D3FEC-D0D0-4DF6-A988-053FECE7B884}\1.0\HELPDIR Process not Found Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\WOW6432Node\Interface\{d8c80ebb-099c-4208-afa3-fbc4d11f8a3c}\ProxyStubClsid32 onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\WOW6432Node\Interface\{9D613F8A-B30E-4938-8490-CB5677701EBF} onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\WOW6432Node\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\LocalServer32 onedrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Interface\{2EB31403-EBE0-41EA-AE91-A1953104EA55}\TypeLib\ = "{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}" onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Interface\{2387C6BD-9A36-41A2-88ED-FF731E529384}\ProxyStubClsid32 onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Interface\{1B71F23B-E61F-45C9-83BA-235D55F50CF9} onedrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Interface\{8D3F8F15-1DE1-4662-BF93-762EABE988B2}\ = "IFileSyncClient10" WINWORD.EXE Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Interface\{5D5DD08F-A10E-4FEF-BCA7-E73E666FC66C}\TypeLib\ = "{909A6CCD-6810-46C4-89DF-05BE7EB61E6C}" OneDriveSetup.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\SyncEngineCOMServer.SyncEngineCOMServer.1\CLSID msedge.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\WOW6432Node\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}\InprocServer32\ThreadingModel = "Apartment" POWERPNT.EXE Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\TypeLib\{082D3FEC-D0D0-4DF6-A988-053FECE7B884}\1.0\FLAGS\ = "0" onedrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\WOW6432Node\Interface\{B54E7079-90C9-4C62-A6B8-B2834C33A04A}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" onedrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Interface\{da82e55e-fa2f-45b3-aec3-e7294106ef52}\TypeLib\Version = "1.0" onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\WOW6432Node\Interface\{B54E7079-90C9-4C62-A6B8-B2834C33A04A}\ProxyStubClsid32 onedrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{021E4F06-9DCC-49AD-88CF-ECC2DA314C8A}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\FileCoAuth.exe\"" onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Interface\{AF60000F-661D-472A-9588-F062F6DB7A0E} msedge.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Interface\{679EC955-75AA-4FB2-A7ED-8C0152ECF409}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Interface\{1b7aed4f-fcaf-4da4-8795-c03e635d8edc} onedrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\WOW6432Node\Interface\{fac14b75-7862-4ceb-be41-f53945a61c17}\ = "IToastNotificationEvent" POWERPNT.EXE Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\odopen POWERPNT.EXE Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\WOW6432Node\CLSID\{389510b7-9e58-40d7-98bf-60b911cb0ea9}\TypeLib\ = "{638805C3-4BA3-4AC8-8AAC-71A0BA2BC284}" onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Interface\{8D3F8F15-1DE1-4662-BF93-762EABE988B2}\TypeLib onedrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\SyncEngineFileInfoProvider.SyncEngineFileInfoProvider.1\CLSID\ = "{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}" msedge.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Directory\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\odopen\shell\open\command onedrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Interface\{5d65dd0d-81bf-4ff4-aeea-6effb445cb3f}\TypeLib\Version = "1.0" onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\WOW6432Node\Interface\{0f872661-c863-47a4-863f-c065c182858a} onedrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\ = "PSFactoryBuffer" WINWORD.EXE Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\WOW6432Node\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}\InprocServer32\ThreadingModel = "Apartment" msedge.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Interface\{3A4E62AE-45D9-41D5-85F5-A45B77AB44E5}\ = "IDeviceHeroShotCallback" onedrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Interface\{AEEBAD4E-3E0A-415B-9B94-19C499CD7B6A}\TypeLib\Version = "1.0" onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{389510b7-9e58-40d7-98bf-60b911cb0ea9}\TypeLib onedrive.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\TypeLib\{4B1C80DA-FA45-468F-B42B-46496BDBE0C5}\1.0 onedrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\WOW6432Node\Interface\{2692D1F2-2C7C-4AE0-8E73-8F37736C912D}\ = "IFileSyncClient7" onedrive.exe Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C}\InprocServer32\ThreadingModel = "Apartment" onedrive.exe -
Suspicious behavior: AddClipboardFormatListener 11 IoCs
pid Process 2984 onedrive.exe 3788 POWERPNT.EXE 3520 WINWORD.EXE 320 WINWORD.EXE 3916 WINWORD.EXE 10440 ONENOTE.EXE 12536 ONENOTE.EXE 2916 ONENOTE.EXE 2164 OneDrive.exe 14684 EXCEL.EXE 3520 WINWORD.EXE -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2984 onedrive.exe 2984 onedrive.exe 5520 svchost.exe 5520 svchost.exe 5528 msedge.exe 5528 msedge.exe 5488 msedge.exe 5488 msedge.exe 5440 msedge.exe 5440 msedge.exe 4484 msedge.exe 4484 msedge.exe 4484 msedge.exe 6300 msedge.exe 6300 msedge.exe 6740 wwahost.exe 6740 wwahost.exe 6044 LocalBridge.exe 6044 LocalBridge.exe 6044 LocalBridge.exe 6044 LocalBridge.exe 6044 LocalBridge.exe 6044 LocalBridge.exe 8836 msedge.exe 8836 msedge.exe 5220 EXCEL.EXE 5220 EXCEL.EXE 10768 EXCEL.EXE 10768 EXCEL.EXE 11168 EXCEL.EXE 11168 EXCEL.EXE 10440 ONENOTE.EXE 10440 ONENOTE.EXE 9140 msedge.exe 9140 msedge.exe 13060 EXCEL.EXE 13060 EXCEL.EXE 12692 EXCEL.EXE 12692 EXCEL.EXE 1708 msedge.exe 1708 msedge.exe 10300 msedge.exe 10300 msedge.exe 10300 msedge.exe 10300 msedge.exe 10596 EXCEL.EXE 10596 EXCEL.EXE 10236 msedge.exe 10236 msedge.exe 3932 msedge.exe 3932 msedge.exe 4992 EXCEL.EXE 4992 EXCEL.EXE 3900 EXCEL.EXE 3900 EXCEL.EXE 6036 msedge.exe 6036 msedge.exe 3960 msedge.exe 3960 msedge.exe 8380 msedge.exe 8380 msedge.exe 13084 msedge.exe 13084 msedge.exe 13084 msedge.exe -
Suspicious behavior: GetForegroundWindowSpam 7 IoCs
pid Process 3788 POWERPNT.EXE 7556 explorer.exe 3520 WINWORD.EXE 9744 POWERPNT.EXE 5528 explorer.exe 896 StartMenuExperienceHost.exe 3916 WINWORD.EXE -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs
pid Process 4484 msedge.exe 4484 msedge.exe 4484 msedge.exe 4484 msedge.exe 4484 msedge.exe 4484 msedge.exe 4484 msedge.exe 4484 msedge.exe 4484 msedge.exe 4484 msedge.exe 4484 msedge.exe 4484 msedge.exe 4484 msedge.exe 4484 msedge.exe 4484 msedge.exe 4484 msedge.exe 4484 msedge.exe 4484 msedge.exe 4484 msedge.exe 4484 msedge.exe 4484 msedge.exe 4484 msedge.exe 4484 msedge.exe 4484 msedge.exe 4484 msedge.exe 4484 msedge.exe 4484 msedge.exe 4484 msedge.exe 4484 msedge.exe 4484 msedge.exe 4484 msedge.exe 4484 msedge.exe 4484 msedge.exe 4484 msedge.exe 4484 msedge.exe 4484 msedge.exe 4484 msedge.exe 4484 msedge.exe 4484 msedge.exe 4484 msedge.exe 4484 msedge.exe 4484 msedge.exe 4484 msedge.exe 4484 msedge.exe 4484 msedge.exe 4484 msedge.exe 4484 msedge.exe 4484 msedge.exe 4484 msedge.exe 4484 msedge.exe 4484 msedge.exe 4484 msedge.exe 4484 msedge.exe 4484 msedge.exe 4484 msedge.exe 4484 msedge.exe 4484 msedge.exe 4484 msedge.exe 4484 msedge.exe 4484 msedge.exe 4484 msedge.exe 4484 msedge.exe 4484 msedge.exe 4484 msedge.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 7556 explorer.exe Token: SeCreatePagefilePrivilege 7556 explorer.exe Token: SeShutdownPrivilege 7556 explorer.exe Token: SeCreatePagefilePrivilege 7556 explorer.exe Token: SeShutdownPrivilege 7556 explorer.exe Token: SeCreatePagefilePrivilege 7556 explorer.exe Token: SeShutdownPrivilege 7556 explorer.exe Token: SeCreatePagefilePrivilege 7556 explorer.exe Token: SeShutdownPrivilege 7556 explorer.exe Token: SeCreatePagefilePrivilege 7556 explorer.exe Token: SeShutdownPrivilege 7556 explorer.exe Token: SeCreatePagefilePrivilege 7556 explorer.exe Token: SeShutdownPrivilege 7556 explorer.exe Token: SeCreatePagefilePrivilege 7556 explorer.exe Token: SeShutdownPrivilege 7556 explorer.exe Token: SeCreatePagefilePrivilege 7556 explorer.exe Token: SeDebugPrivilege 6740 wwahost.exe Token: SeDebugPrivilege 6740 wwahost.exe Token: SeShutdownPrivilege 7556 explorer.exe Token: SeCreatePagefilePrivilege 7556 explorer.exe Token: SeShutdownPrivilege 7556 explorer.exe Token: SeCreatePagefilePrivilege 7556 explorer.exe Token: SeShutdownPrivilege 7556 explorer.exe Token: SeCreatePagefilePrivilege 7556 explorer.exe Token: SeShutdownPrivilege 7556 explorer.exe Token: SeCreatePagefilePrivilege 7556 explorer.exe Token: SeShutdownPrivilege 7556 explorer.exe Token: SeCreatePagefilePrivilege 7556 explorer.exe Token: SeShutdownPrivilege 7556 explorer.exe Token: SeCreatePagefilePrivilege 7556 explorer.exe Token: SeShutdownPrivilege 7556 explorer.exe Token: SeCreatePagefilePrivilege 7556 explorer.exe Token: SeShutdownPrivilege 7556 explorer.exe Token: SeCreatePagefilePrivilege 7556 explorer.exe Token: SeShutdownPrivilege 7556 explorer.exe Token: SeCreatePagefilePrivilege 7556 explorer.exe Token: SeShutdownPrivilege 7556 explorer.exe Token: SeCreatePagefilePrivilege 7556 explorer.exe Token: SeShutdownPrivilege 7556 explorer.exe Token: SeCreatePagefilePrivilege 7556 explorer.exe Token: SeShutdownPrivilege 7556 explorer.exe Token: SeCreatePagefilePrivilege 7556 explorer.exe Token: SeShutdownPrivilege 7556 explorer.exe Token: SeCreatePagefilePrivilege 7556 explorer.exe Token: SeShutdownPrivilege 7556 explorer.exe Token: SeCreatePagefilePrivilege 7556 explorer.exe Token: SeShutdownPrivilege 7556 explorer.exe Token: SeCreatePagefilePrivilege 7556 explorer.exe Token: SeShutdownPrivilege 7556 explorer.exe Token: SeCreatePagefilePrivilege 7556 explorer.exe Token: SeShutdownPrivilege 7556 explorer.exe Token: SeCreatePagefilePrivilege 7556 explorer.exe Token: SeShutdownPrivilege 7556 explorer.exe Token: SeCreatePagefilePrivilege 7556 explorer.exe Token: SeShutdownPrivilege 7556 explorer.exe Token: SeCreatePagefilePrivilege 7556 explorer.exe Token: SeShutdownPrivilege 7556 explorer.exe Token: SeCreatePagefilePrivilege 7556 explorer.exe Token: SeShutdownPrivilege 7556 explorer.exe Token: SeCreatePagefilePrivilege 7556 explorer.exe Token: SeShutdownPrivilege 7556 explorer.exe Token: SeCreatePagefilePrivilege 7556 explorer.exe Token: SeShutdownPrivilege 7556 explorer.exe Token: SeCreatePagefilePrivilege 7556 explorer.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 3788 POWERPNT.EXE 320 WINWORD.EXE 2984 onedrive.exe 2984 onedrive.exe 4484 msedge.exe 4484 msedge.exe 320 WINWORD.EXE 3788 POWERPNT.EXE 2984 onedrive.exe 4484 msedge.exe 7556 explorer.exe 7556 explorer.exe 7556 explorer.exe 7556 explorer.exe 7556 explorer.exe 7556 explorer.exe 7556 explorer.exe 3788 POWERPNT.EXE 7556 explorer.exe 7556 explorer.exe 3788 POWERPNT.EXE 3788 POWERPNT.EXE 3788 POWERPNT.EXE 3788 POWERPNT.EXE 3788 POWERPNT.EXE 3788 POWERPNT.EXE 3788 POWERPNT.EXE 3788 POWERPNT.EXE 3788 POWERPNT.EXE 3788 POWERPNT.EXE 3788 POWERPNT.EXE 3788 POWERPNT.EXE 3788 POWERPNT.EXE 7556 explorer.exe 3788 POWERPNT.EXE 3788 POWERPNT.EXE 3788 POWERPNT.EXE 3788 POWERPNT.EXE 3788 POWERPNT.EXE 7556 explorer.exe 7556 explorer.exe 7556 explorer.exe 7556 explorer.exe 7556 explorer.exe 3788 POWERPNT.EXE 3788 POWERPNT.EXE 7556 explorer.exe 7556 explorer.exe 7556 explorer.exe 7556 explorer.exe 7556 explorer.exe 7556 explorer.exe 7556 explorer.exe 7556 explorer.exe 7556 explorer.exe 7556 explorer.exe 7556 explorer.exe 7556 explorer.exe 7556 explorer.exe 7556 explorer.exe 7556 explorer.exe 7556 explorer.exe 7556 explorer.exe 7556 explorer.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 2984 onedrive.exe 2984 onedrive.exe 2984 onedrive.exe 7556 explorer.exe 7556 explorer.exe 7556 explorer.exe 7556 explorer.exe 7556 explorer.exe 7556 explorer.exe 7556 explorer.exe 7556 explorer.exe 3788 POWERPNT.EXE 7556 explorer.exe 3788 POWERPNT.EXE 3788 POWERPNT.EXE 3788 POWERPNT.EXE 3788 POWERPNT.EXE 7556 explorer.exe 7556 explorer.exe 7556 explorer.exe 7556 explorer.exe 3788 POWERPNT.EXE 7556 explorer.exe 7556 explorer.exe 7556 explorer.exe 7556 explorer.exe 3788 POWERPNT.EXE 7556 explorer.exe 3788 POWERPNT.EXE 3788 POWERPNT.EXE 3788 POWERPNT.EXE 3788 POWERPNT.EXE 3788 POWERPNT.EXE 3788 POWERPNT.EXE 3788 POWERPNT.EXE 3788 POWERPNT.EXE 3788 POWERPNT.EXE 3788 POWERPNT.EXE 3788 POWERPNT.EXE 3788 POWERPNT.EXE 3788 POWERPNT.EXE 7556 explorer.exe 7556 explorer.exe 7556 explorer.exe 7556 explorer.exe 7556 explorer.exe 7556 explorer.exe 7556 explorer.exe 7556 explorer.exe 7556 explorer.exe 7556 explorer.exe 7556 explorer.exe 7556 explorer.exe 7556 explorer.exe 7556 explorer.exe 7556 explorer.exe 7556 explorer.exe 7556 explorer.exe 7556 explorer.exe 7556 explorer.exe 7556 explorer.exe 7556 explorer.exe 7556 explorer.exe 7556 explorer.exe -
Suspicious use of SetWindowsHookEx 64 IoCs
pid Process 2984 onedrive.exe 3788 POWERPNT.EXE 3520 WINWORD.EXE 3916 WINWORD.EXE 320 WINWORD.EXE 3520 WINWORD.EXE 320 WINWORD.EXE 3916 WINWORD.EXE 320 WINWORD.EXE 3520 WINWORD.EXE 3520 WINWORD.EXE 3520 WINWORD.EXE 3520 WINWORD.EXE 3520 WINWORD.EXE 3520 WINWORD.EXE 3520 WINWORD.EXE 3916 WINWORD.EXE 3916 WINWORD.EXE 3916 WINWORD.EXE 3916 WINWORD.EXE 3916 WINWORD.EXE 3916 WINWORD.EXE 3916 WINWORD.EXE 320 WINWORD.EXE 5480 msedge.exe 3788 POWERPNT.EXE 5480 msedge.exe 3520 WINWORD.EXE 3916 WINWORD.EXE 320 WINWORD.EXE 320 WINWORD.EXE 5480 msedge.exe 5480 msedge.exe 6300 msedge.exe 320 WINWORD.EXE 320 WINWORD.EXE 320 WINWORD.EXE 5480 msedge.exe 320 WINWORD.EXE 320 WINWORD.EXE 320 WINWORD.EXE 320 WINWORD.EXE 320 WINWORD.EXE 320 WINWORD.EXE 320 WINWORD.EXE 320 WINWORD.EXE 320 WINWORD.EXE 320 WINWORD.EXE 320 WINWORD.EXE 320 WINWORD.EXE 320 WINWORD.EXE 320 WINWORD.EXE 3520 WINWORD.EXE 320 WINWORD.EXE 3916 WINWORD.EXE 3916 WINWORD.EXE 3916 WINWORD.EXE 3520 WINWORD.EXE 3916 WINWORD.EXE 3916 WINWORD.EXE 3916 WINWORD.EXE 3916 WINWORD.EXE 3916 WINWORD.EXE 5480 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 656 wrote to memory of 1324 656 msedge.exe 90 PID 656 wrote to memory of 1324 656 msedge.exe 90 PID 3464 wrote to memory of 4972 3464 msedge.exe 93 PID 3464 wrote to memory of 4972 3464 msedge.exe 93 PID 1208 wrote to memory of 3784 1208 msedge.exe 99 PID 1208 wrote to memory of 3784 1208 msedge.exe 99 PID 4484 wrote to memory of 1708 4484 msedge.exe 98 PID 4484 wrote to memory of 1708 4484 msedge.exe 98 PID 656 wrote to memory of 5432 656 msedge.exe 102 PID 656 wrote to memory of 5432 656 msedge.exe 102 PID 656 wrote to memory of 5432 656 msedge.exe 102 PID 656 wrote to memory of 5432 656 msedge.exe 102 PID 656 wrote to memory of 5432 656 msedge.exe 102 PID 656 wrote to memory of 5432 656 msedge.exe 102 PID 656 wrote to memory of 5432 656 msedge.exe 102 PID 656 wrote to memory of 5432 656 msedge.exe 102 PID 656 wrote to memory of 5432 656 msedge.exe 102 PID 656 wrote to memory of 5432 656 msedge.exe 102 PID 656 wrote to memory of 5432 656 msedge.exe 102 PID 656 wrote to memory of 5432 656 msedge.exe 102 PID 656 wrote to memory of 5432 656 msedge.exe 102 PID 656 wrote to memory of 5432 656 msedge.exe 102 PID 656 wrote to memory of 5432 656 msedge.exe 102 PID 656 wrote to memory of 5432 656 msedge.exe 102 PID 656 wrote to memory of 5432 656 msedge.exe 102 PID 656 wrote to memory of 5432 656 msedge.exe 102 PID 656 wrote to memory of 5432 656 msedge.exe 102 PID 656 wrote to memory of 5432 656 msedge.exe 102 PID 656 wrote to memory of 5432 656 msedge.exe 102 PID 656 wrote to memory of 5432 656 msedge.exe 102 PID 656 wrote to memory of 5432 656 msedge.exe 102 PID 656 wrote to memory of 5432 656 msedge.exe 102 PID 656 wrote to memory of 5432 656 msedge.exe 102 PID 656 wrote to memory of 5432 656 msedge.exe 102 PID 656 wrote to memory of 5432 656 msedge.exe 102 PID 656 wrote to memory of 5432 656 msedge.exe 102 PID 656 wrote to memory of 5432 656 msedge.exe 102 PID 656 wrote to memory of 5432 656 msedge.exe 102 PID 656 wrote to memory of 5432 656 msedge.exe 102 PID 656 wrote to memory of 5432 656 msedge.exe 102 PID 656 wrote to memory of 5432 656 msedge.exe 102 PID 656 wrote to memory of 5432 656 msedge.exe 102 PID 656 wrote to memory of 5432 656 msedge.exe 102 PID 656 wrote to memory of 5432 656 msedge.exe 102 PID 656 wrote to memory of 5432 656 msedge.exe 102 PID 656 wrote to memory of 5432 656 msedge.exe 102 PID 656 wrote to memory of 5432 656 msedge.exe 102 PID 656 wrote to memory of 5432 656 msedge.exe 102 PID 656 wrote to memory of 5440 656 msedge.exe 101 PID 656 wrote to memory of 5440 656 msedge.exe 101 PID 4484 wrote to memory of 5472 4484 msedge.exe 108 PID 4484 wrote to memory of 5472 4484 msedge.exe 108 PID 4484 wrote to memory of 5472 4484 msedge.exe 108 PID 4484 wrote to memory of 5472 4484 msedge.exe 108 PID 4484 wrote to memory of 5472 4484 msedge.exe 108 PID 4484 wrote to memory of 5472 4484 msedge.exe 108 PID 4484 wrote to memory of 5472 4484 msedge.exe 108 PID 4484 wrote to memory of 5472 4484 msedge.exe 108 PID 4484 wrote to memory of 5472 4484 msedge.exe 108 PID 4484 wrote to memory of 5472 4484 msedge.exe 108 PID 4484 wrote to memory of 5472 4484 msedge.exe 108 PID 4484 wrote to memory of 5472 4484 msedge.exe 108 PID 4484 wrote to memory of 5472 4484 msedge.exe 108 PID 4484 wrote to memory of 5472 4484 msedge.exe 108 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\fucker script.exe"C:\Users\Admin\AppData\Local\Temp\fucker script.exe"1⤵PID:1676
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447781⤵
- Suspicious use of WriteProcessMemory
PID:3464 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047182⤵PID:4972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,10396958700018578767,14827998942994801175,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:5528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,10396958700018578767,14827998942994801175,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:22⤵PID:5460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20449041⤵
- Suspicious use of WriteProcessMemory
PID:656 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047182⤵PID:1324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,17986339753880145750,12721039058297276759,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:5440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,17986339753880145750,12721039058297276759,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:22⤵PID:5432
-
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3916
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"1⤵
- Registers COM server for autorun
- Drops file in Windows directory
- Checks processor information in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2984 -
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" /update /restart2⤵PID:11344
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exeC:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe /update /restart /peruser /childprocess /extractFilesWithLessThreadCount /renameReplaceOneDriveExe /renameReplaceODSUExe /removeNonCurrentVersions /enableODSUReportingMode3⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies system executable filetype association
- Adds Run key to start application
- Checks system information in the registry
- Modifies Internet Explorer settings
- Modifies registry class
PID:12760 -
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5212
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe/updateInstalled /background4⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
- Registers COM server for autorun
- Checks system information in the registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
PID:2164
-
-
-
-
C:\Windows\SysWOW64\wermgr.exe"C:\Windows\system32\wermgr.exe" "-outproc" "0" "2984" "3436" "3420" "3440" "0" "0" "0" "0" "0" "0" "0" "0"2⤵
- Checks processor information in registry
PID:12380
-
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:320 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 320 -s 56802⤵
- Process spawned unexpected child process
- Program crash
- Enumerates system info in registry
PID:7384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20449041⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4484 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047182⤵
- Suspicious behavior: EnumeratesProcesses
PID:1708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2432 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:5488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2296 /prefetch:22⤵PID:5472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:82⤵PID:5568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:12⤵PID:6172
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:12⤵PID:6164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3896 /prefetch:12⤵PID:6588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:12⤵PID:6712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:12⤵PID:5268
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:12⤵PID:7124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:12⤵PID:1840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:12⤵PID:7292
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:12⤵PID:7796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:12⤵PID:8024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:12⤵PID:8040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:12⤵PID:6108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6884 /prefetch:12⤵PID:7568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6900 /prefetch:12⤵PID:5600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7240 /prefetch:12⤵PID:7664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:12⤵PID:460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7420 /prefetch:12⤵PID:3872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:12⤵PID:6048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:12⤵PID:7684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4216 /prefetch:82⤵PID:7964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:12⤵PID:8112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:12⤵PID:5260
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8716 /prefetch:12⤵PID:5756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2340 /prefetch:12⤵PID:7976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8736 /prefetch:12⤵PID:6832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9100 /prefetch:12⤵PID:7920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9260 /prefetch:12⤵PID:7908
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9412 /prefetch:12⤵PID:7820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9552 /prefetch:12⤵PID:8248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9544 /prefetch:12⤵PID:8388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9740 /prefetch:12⤵PID:8424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9012 /prefetch:12⤵PID:8684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9044 /prefetch:12⤵PID:8596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=10036 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:8836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2364 /prefetch:12⤵PID:9112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10260 /prefetch:12⤵PID:8952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10276 /prefetch:12⤵PID:9064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10224 /prefetch:12⤵PID:9040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=10028 /prefetch:82⤵PID:8812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9000 /prefetch:12⤵
- Enumerates system info in registry
- Suspicious use of SetWindowsHookEx
PID:5480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9032 /prefetch:12⤵PID:9156
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8776 /prefetch:12⤵PID:6816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10216 /prefetch:12⤵PID:7768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10108 /prefetch:12⤵PID:10860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10804 /prefetch:12⤵PID:2848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11800 /prefetch:12⤵PID:8096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11784 /prefetch:12⤵PID:3876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10232 /prefetch:12⤵PID:10348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11776 /prefetch:12⤵PID:10400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9372 /prefetch:12⤵PID:10676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8960 /prefetch:12⤵PID:2676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9244 /prefetch:12⤵PID:10388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8648 /prefetch:12⤵PID:7496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8456 /prefetch:12⤵PID:7524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12344 /prefetch:12⤵PID:7512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12388 /prefetch:12⤵PID:7504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12276 /prefetch:12⤵PID:7296
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12316 /prefetch:12⤵PID:6868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11220 /prefetch:12⤵PID:3692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12200 /prefetch:12⤵PID:6808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12188 /prefetch:12⤵PID:3572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:12⤵PID:11692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12176 /prefetch:12⤵PID:7056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12168 /prefetch:12⤵PID:7288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12140 /prefetch:12⤵PID:4684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=9260 /prefetch:82⤵PID:12036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12152 /prefetch:12⤵PID:10584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12160 /prefetch:12⤵PID:10476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11788 /prefetch:12⤵PID:5524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10100 /prefetch:12⤵PID:7180
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings2⤵PID:2020
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0xe0,0x22c,0x7ff7bc385460,0x7ff7bc385470,0x7ff7bc3854803⤵PID:4960
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6540 /prefetch:12⤵PID:11260
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=16652 /prefetch:12⤵PID:6028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=16688 /prefetch:12⤵PID:13304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=16936 /prefetch:12⤵PID:6188
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=16016 /prefetch:12⤵PID:13280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=17772 /prefetch:12⤵PID:11832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=17144 /prefetch:82⤵PID:12072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8804 /prefetch:12⤵PID:12092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=16836 /prefetch:12⤵PID:12300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14200 /prefetch:12⤵PID:12340
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:12⤵PID:12308
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11064 /prefetch:12⤵PID:10296
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=12308 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:10300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=20472 /prefetch:12⤵PID:11456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=20128 /prefetch:12⤵PID:9816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10136 /prefetch:12⤵PID:8976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,17137873282006831953,4119197521639972934,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10776 /prefetch:12⤵PID:10524
-
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"1⤵
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3520 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20842672⤵
- Process spawned unexpected child process
PID:6240 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:3928
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20842672⤵
- Process spawned unexpected child process
PID:4076 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xf8,0x108,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:9120
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20842672⤵
- Process spawned unexpected child process
PID:15576
-
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3788 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 3788 -s 31042⤵
- Process spawned unexpected child process
- Program crash
PID:3800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447861⤵
- Suspicious use of WriteProcessMemory
PID:1208 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047182⤵PID:3784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,1928337908517652453,12145329684036223233,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:32⤵PID:5520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,1928337908517652453,12145329684036223233,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:22⤵PID:5452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047181⤵PID:5500
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"1⤵PID:5480
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447781⤵PID:5412
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447861⤵PID:5936
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047182⤵PID:6112
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5952
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20449041⤵PID:6960
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047182⤵PID:7044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447821⤵PID:7072
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047182⤵PID:7104
-
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"1⤵PID:6300
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447861⤵PID:6500
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047182⤵PID:6632
-
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"1⤵PID:6292
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"1⤵PID:6624
-
C:\Windows\system32\werfault.exewerfault.exe /h /shared Global\5fc21a5bf6eb41628a51f66eb07a9a77 /t 3180 /p 31761⤵PID:7180
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447821⤵PID:7344
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047182⤵PID:7408
-
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:7556 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447782⤵PID:7240
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0xd8,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:7936
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"2⤵PID:7948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447862⤵PID:4196
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:5152
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447822⤵PID:1980
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:7996
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20449042⤵PID:2260
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:7024
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447782⤵PID:8212
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:8292
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447822⤵PID:8872
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:8884
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"2⤵PID:9020
-
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"2⤵PID:9012
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
- Registers COM server for autorun
- Modifies Internet Explorer settings
- Modifies registry class
PID:9168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20449042⤵PID:9188
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447782⤵PID:9160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20449042⤵PID:9144
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
- Modifies system executable filetype association
- Checks processor information in registry
- Modifies Internet Explorer settings
PID:9712
-
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵
- Checks processor information in registry
PID:9776 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 9776 -s 42323⤵
- Process spawned unexpected child process
- Program crash
PID:5328
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20449042⤵PID:9800
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:10080
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"2⤵PID:9816
-
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"2⤵PID:9248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447862⤵PID:6340
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd4,0x108,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:9460
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447782⤵PID:9708
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:9840
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447782⤵PID:10032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447782⤵PID:6076
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:6396
-
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
- Registers COM server for autorun
- Checks processor information in registry
- Modifies Internet Explorer settings
PID:10180
-
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵PID:4864
-
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"2⤵PID:9616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447822⤵PID:10092
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:9668
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447862⤵PID:7944
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xe0,0x10c,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:9908
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=fallback-handler --database="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --exception-pointers=23416164761600 --process=176 /prefetch:7 --thread=23684⤵PID:14044
-
-
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
- Modifies system executable filetype association
- Modifies Internet Explorer settings
PID:9772
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
- Modifies system executable filetype association
- Registers COM server for autorun
- Modifies Internet Explorer settings
PID:8372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447862⤵PID:9820
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:5004
-
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
- Modifies system executable filetype association
- Modifies registry class
PID:6964
-
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"2⤵PID:5948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447822⤵PID:6140
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:4656
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
PID:5220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20449042⤵PID:9572
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:9516
-
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
- Modifies system executable filetype association
- Registers COM server for autorun
- Modifies Internet Explorer settings
- Modifies registry class
PID:2536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447862⤵PID:7388
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:7952
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵PID:5948
-
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"2⤵PID:8848
-
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"2⤵PID:6304
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
- Modifies system executable filetype association
- Modifies Internet Explorer settings
- Modifies registry class
PID:9016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447862⤵PID:9400
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:9716
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"2⤵PID:10668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447862⤵PID:10728
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:10756
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447862⤵PID:10740
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:10784
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20449042⤵PID:10812
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:10868
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447822⤵PID:10804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447822⤵PID:6304
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:8268
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447862⤵PID:10188
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:5188
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20449042⤵PID:5652
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:6552
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20449042⤵PID:10764
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:10852
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
PID:10768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447782⤵PID:10792
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:10976
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447862⤵PID:11156
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:10644
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20449042⤵PID:10936
-
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
PID:11168
-
-
C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE"C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE" /recycle2⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
PID:10440 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20837343⤵
- Process spawned unexpected child process
PID:9648 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0x44,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047184⤵PID:9856
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20837343⤵
- Process spawned unexpected child process
PID:11148 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047184⤵PID:6080
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20837343⤵
- Process spawned unexpected child process
PID:4744 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047184⤵PID:10408
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20837343⤵
- Process spawned unexpected child process
PID:2724 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047184⤵PID:11452
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=fallback-handler --database="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --exception-pointers=99325416767488 --process=176 /prefetch:7 --thread=141245⤵PID:13380
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 13380 -s 1286⤵
- Program crash
PID:8772
-
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 11452 -s 4845⤵
- Program crash
PID:380
-
-
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵PID:10540
-
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵PID:9140
-
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵PID:7200
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵PID:5612
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447862⤵PID:5140
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447782⤵PID:3568
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xf8,0x108,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:2168
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20449042⤵PID:10800
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:3092
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447782⤵PID:5548
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xf8,0x108,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:10640
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447862⤵PID:11708
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xdc,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:12132
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵PID:12828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447782⤵PID:12880
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:12912
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
PID:13060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447782⤵PID:7912
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:6300
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447822⤵PID:1444
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:6404
-
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
- Modifies system executable filetype association
- Registers COM server for autorun
- Modifies Internet Explorer settings
- Modifies registry class
PID:10132
-
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵PID:12652
-
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
PID:12692
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
- Modifies system executable filetype association
- Checks processor information in registry
- Modifies Internet Explorer settings
PID:13080
-
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵PID:13144
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447782⤵PID:6432
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xdc,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:7152
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20449042⤵PID:6700
-
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"2⤵PID:13280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447782⤵PID:12324
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xb0,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:12640
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵PID:5404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20449042⤵PID:12948
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:13284
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵PID:4340
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
- Modifies system executable filetype association
- Registers COM server for autorun
- Checks processor information in registry
- Modifies Internet Explorer settings
- Modifies registry class
PID:10104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20444812⤵PID:4860
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:11400
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
PID:10596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20449042⤵PID:3404
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:6464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,2475206232943166559,13257932099051786678,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:23⤵PID:8384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,2475206232943166559,13257932099051786678,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:3932
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"2⤵PID:9992
-
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4992
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
- Registers COM server for autorun
- Modifies Internet Explorer settings
PID:7592
-
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"2⤵PID:12688
-
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3900
-
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵PID:6036
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
- Modifies system executable filetype association
- Registers COM server for autorun
- Checks processor information in registry
- Modifies Internet Explorer settings
- Modifies registry class
PID:9680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447862⤵PID:4548
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:8220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,13462422727679790707,6924379459072840372,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2324 /prefetch:23⤵PID:8076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,13462422727679790707,6924379459072840372,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:3960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,13462422727679790707,6924379459072840372,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:23⤵PID:3436
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447822⤵PID:5064
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0x7c,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:5744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,8445912803788591661,13617292531487876623,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2288 /prefetch:23⤵PID:12844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,8445912803788591661,13617292531487876623,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:8380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,8445912803788591661,13617292531487876623,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2540 /prefetch:23⤵PID:9916
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"2⤵PID:10624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447862⤵PID:11716
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
PID:13084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,11299711723367912282,14443606011238472726,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:33⤵PID:2584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,11299711723367912282,14443606011238472726,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2320 /prefetch:23⤵PID:7444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,11299711723367912282,14443606011238472726,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2612 /prefetch:23⤵PID:3184
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵
- Checks processor information in registry
PID:7652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20449042⤵PID:7076
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:3096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,4527128283951403388,828312016439374786,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:33⤵PID:6428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,4527128283951403388,828312016439374786,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:23⤵PID:12000
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20449042⤵PID:4332
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,2415066825543937705,985545694500260383,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:33⤵PID:6812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,2415066825543937705,985545694500260383,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:23⤵PID:9232
-
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
- Modifies system executable filetype association
- Registers COM server for autorun
- Checks processor information in registry
- Modifies Internet Explorer settings
- Modifies registry class
PID:11652
-
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"2⤵PID:6052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447862⤵PID:8248
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:1596
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1596 -s 5324⤵
- Program crash
PID:13348
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,16389499482537478344,14225188624493659670,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:33⤵PID:3936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,16389499482537478344,14225188624493659670,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:23⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
PID:6036
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20449042⤵PID:8124
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd4,0x108,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:12952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,14057723172048377041,4076625188032714753,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:23⤵PID:2124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,14057723172048377041,4076625188032714753,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 /prefetch:33⤵PID:5796
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵PID:4496
-
-
C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE"C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE" /recycle2⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
PID:12536
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
- Modifies system executable filetype association
- Registers COM server for autorun
- Checks processor information in registry
- Modifies Internet Explorer settings
- Modifies registry class
PID:1480
-
-
C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE"C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE" /recycle2⤵PID:13376
-
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"2⤵PID:13448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447822⤵PID:13464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20449042⤵PID:13500
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:13532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1468,9872502209874512169,5600208947371008667,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1616 /prefetch:33⤵PID:14008
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447782⤵PID:13456
-
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵
- Checks processor information in registry
- Enumerates system info in registry
PID:13684 -
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DW20.EXE"C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DW20.EXE" -x -s 17763⤵
- Process spawned suspicious child process
PID:14064 -
C:\Windows\system32\dwwin.exeC:\Windows\system32\dwwin.exe -x -s 17764⤵PID:14288
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20449042⤵PID:13800
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:13812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,16024517102820516897,10918688167319646503,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:33⤵PID:14296
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,16024517102820516897,10918688167319646503,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2304 /prefetch:23⤵PID:14280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,16024517102820516897,10918688167319646503,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3064 /prefetch:83⤵PID:9260
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16024517102820516897,10918688167319646503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:13⤵PID:14320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16024517102820516897,10918688167319646503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:13⤵PID:5668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16024517102820516897,10918688167319646503,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:13⤵PID:6560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16024517102820516897,10918688167319646503,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4312 /prefetch:13⤵PID:6160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16024517102820516897,10918688167319646503,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4428 /prefetch:13⤵PID:10864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16024517102820516897,10918688167319646503,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:13⤵PID:9580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16024517102820516897,10918688167319646503,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:13⤵PID:9312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16024517102820516897,10918688167319646503,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:13⤵PID:4240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16024517102820516897,10918688167319646503,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:13⤵PID:7760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16024517102820516897,10918688167319646503,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:13⤵PID:1636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16024517102820516897,10918688167319646503,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:13⤵PID:7352
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16024517102820516897,10918688167319646503,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:13⤵PID:852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16024517102820516897,10918688167319646503,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:13⤵PID:4676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16024517102820516897,10918688167319646503,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:13⤵PID:9448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16024517102820516897,10918688167319646503,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:13⤵PID:11580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16024517102820516897,10918688167319646503,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:13⤵PID:11612
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2168,16024517102820516897,10918688167319646503,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5468 /prefetch:83⤵PID:9408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16024517102820516897,10918688167319646503,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3712 /prefetch:13⤵PID:9288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16024517102820516897,10918688167319646503,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3720 /prefetch:13⤵PID:12168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16024517102820516897,10918688167319646503,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3684 /prefetch:13⤵PID:11216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16024517102820516897,10918688167319646503,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3704 /prefetch:13⤵PID:5876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16024517102820516897,10918688167319646503,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:13⤵PID:7484
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2168,16024517102820516897,10918688167319646503,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5460 /prefetch:83⤵PID:11588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16024517102820516897,10918688167319646503,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:13⤵PID:11672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16024517102820516897,10918688167319646503,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3700 /prefetch:13⤵PID:2164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16024517102820516897,10918688167319646503,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3640 /prefetch:13⤵PID:3200
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16024517102820516897,10918688167319646503,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7196 /prefetch:13⤵PID:9608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16024517102820516897,10918688167319646503,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7248 /prefetch:13⤵PID:4112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16024517102820516897,10918688167319646503,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7268 /prefetch:13⤵PID:6072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16024517102820516897,10918688167319646503,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7280 /prefetch:13⤵PID:7284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16024517102820516897,10918688167319646503,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8040 /prefetch:13⤵PID:8616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16024517102820516897,10918688167319646503,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7252 /prefetch:13⤵PID:3336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16024517102820516897,10918688167319646503,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8068 /prefetch:13⤵PID:5976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16024517102820516897,10918688167319646503,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:13⤵PID:60
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16024517102820516897,10918688167319646503,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3752 /prefetch:13⤵PID:11096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16024517102820516897,10918688167319646503,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:13⤵PID:9412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16024517102820516897,10918688167319646503,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1044 /prefetch:13⤵PID:11676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16024517102820516897,10918688167319646503,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:13⤵PID:11972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16024517102820516897,10918688167319646503,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11048 /prefetch:13⤵PID:12020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16024517102820516897,10918688167319646503,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11044 /prefetch:13⤵PID:12016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16024517102820516897,10918688167319646503,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2768 /prefetch:13⤵PID:13612
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16024517102820516897,10918688167319646503,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11080 /prefetch:13⤵PID:11680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,16024517102820516897,10918688167319646503,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11420 /prefetch:83⤵PID:13440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,16024517102820516897,10918688167319646503,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11420 /prefetch:83⤵PID:1160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16024517102820516897,10918688167319646503,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11440 /prefetch:13⤵PID:4416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16024517102820516897,10918688167319646503,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12172 /prefetch:13⤵PID:9352
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16024517102820516897,10918688167319646503,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12236 /prefetch:13⤵PID:9116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16024517102820516897,10918688167319646503,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8244 /prefetch:13⤵PID:8752
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16024517102820516897,10918688167319646503,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8220 /prefetch:13⤵PID:5700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16024517102820516897,10918688167319646503,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10932 /prefetch:13⤵PID:5620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16024517102820516897,10918688167319646503,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1444 /prefetch:13⤵PID:10088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16024517102820516897,10918688167319646503,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8792 /prefetch:13⤵PID:2736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16024517102820516897,10918688167319646503,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12024 /prefetch:13⤵PID:7312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16024517102820516897,10918688167319646503,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4296 /prefetch:13⤵PID:1712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,16024517102820516897,10918688167319646503,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1300 /prefetch:23⤵PID:11900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16024517102820516897,10918688167319646503,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:13⤵PID:11984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16024517102820516897,10918688167319646503,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11512 /prefetch:13⤵PID:12808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16024517102820516897,10918688167319646503,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9972 /prefetch:13⤵PID:13232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16024517102820516897,10918688167319646503,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11972 /prefetch:13⤵PID:14248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16024517102820516897,10918688167319646503,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:13⤵PID:1964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16024517102820516897,10918688167319646503,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10764 /prefetch:13⤵PID:11388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16024517102820516897,10918688167319646503,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9376 /prefetch:13⤵PID:6416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16024517102820516897,10918688167319646503,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8592 /prefetch:13⤵PID:12100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16024517102820516897,10918688167319646503,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9464 /prefetch:13⤵PID:11216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16024517102820516897,10918688167319646503,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7756 /prefetch:13⤵PID:12968
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE"C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE" /recycle2⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
PID:2916
-
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"2⤵PID:14156
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20444812⤵PID:13532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20444812⤵PID:9180
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:13448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1444,16288104539091674116,14172883742253352843,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 /prefetch:33⤵PID:8692
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447822⤵PID:11508
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xd4,0xfc,0x100,0xe0,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:9996
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,13752912223069578828,4123029684029010762,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1608 /prefetch:33⤵PID:5372
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20444812⤵PID:12520
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:9040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,3312697264848361509,5328753865400422016,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 /prefetch:33⤵PID:9504
-
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
- Modifies system executable filetype association
- Registers COM server for autorun
- Modifies Internet Explorer settings
- Modifies registry class
PID:10232
-
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵PID:3152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20449042⤵PID:5244
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xc0,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:6724
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447862⤵PID:11468
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:14000
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447782⤵PID:880
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:11464
-
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
- Modifies system executable filetype association
- Registers COM server for autorun
- Checks processor information in registry
- Modifies registry class
PID:5828
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
- Modifies system executable filetype association
- Checks processor information in registry
- Modifies Internet Explorer settings
- Modifies registry class
PID:14100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447782⤵PID:14156
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:10488
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵PID:13508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447862⤵PID:11460
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:13352
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵PID:9736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447862⤵PID:8728
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xd4,0x110,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:7304
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵
- Checks processor information in registry
- Enumerates system info in registry
PID:9272
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20449042⤵PID:4640
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xb0,0xfc,0x100,0xe0,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:6904
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵
- Enumerates system info in registry
PID:5512
-
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵PID:9184
-
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵PID:5332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447822⤵PID:2856
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:3076
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447782⤵PID:2112
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0x40,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:8568
-
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
- Modifies system executable filetype association
- Registers COM server for autorun
- Checks processor information in registry
- Modifies registry class
PID:11548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447782⤵PID:13580
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xf8,0x108,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:10616
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20449042⤵PID:8620
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xf8,0xd4,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:8652
-
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵PID:11892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447822⤵PID:3352
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:1432
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447782⤵PID:3516
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:9808
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵PID:8756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447822⤵PID:14080
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:5588
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"2⤵PID:7372
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Modifies registry class
PID:12184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20449042⤵PID:11360
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:11340
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵PID:11596
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
- Modifies system executable filetype association
- Registers COM server for autorun
- Checks processor information in registry
- Modifies Internet Explorer settings
- Modifies registry class
PID:11476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447822⤵PID:7624
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0xd4,0x100,0xf8,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:11912
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵
- Modifies system executable filetype association
- Registers COM server for autorun
- Modifies Internet Explorer settings
PID:11892
-
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵PID:12236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447782⤵PID:9320
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:2336
-
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
- Modifies system executable filetype association
- Registers COM server for autorun
- Checks processor information in registry
- Modifies Internet Explorer settings
- Modifies registry class
PID:1368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447862⤵PID:9508
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xf8,0xd4,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:7868
-
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵PID:8564
-
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"2⤵PID:11900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447862⤵PID:11996
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:6560
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447862⤵PID:13600
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:4232
-
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
- Modifies system executable filetype association
- Registers COM server for autorun
- Modifies Internet Explorer settings
- Modifies registry class
PID:12580
-
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵PID:13136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447782⤵PID:11324
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:11748
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20444812⤵PID:9296
-
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵PID:7900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447862⤵PID:3884
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:13552
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447782⤵PID:13644
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:13820
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20449042⤵PID:8700
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xd8,0xfc,0x100,0xf8,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:13520
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447782⤵PID:14140
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xf8,0x108,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:640
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵
- Checks processor information in registry
- Enumerates system info in registry
PID:6468
-
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵PID:9364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447862⤵PID:4432
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd8,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:11336
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵
- Checks processor information in registry
PID:10612
-
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"2⤵PID:5496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447822⤵PID:10864
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:5620
-
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵PID:10704
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 10704 -s 12603⤵
- Program crash
PID:11420
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447862⤵PID:7216
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:6008
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵PID:12624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447862⤵
- Registers COM server for autorun
- Modifies Internet Explorer settings
- Modifies registry class
PID:8564 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xf8,0xd4,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵
- Enumerates system info in registry
PID:9184
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵PID:5524
-
-
C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE"C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE" /recycle2⤵
- Checks processor information in registry
- Enumerates system info in registry
PID:10600
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
- Executes dropped EXE
- Modifies system executable filetype association
- Checks system information in the registry
- Modifies Internet Explorer settings
- Modifies registry class
PID:3744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447862⤵PID:12744
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xf8,0x108,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:6788
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵PID:12456
-
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵PID:14320
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 14320 -s 4923⤵
- Process spawned unexpected child process
- Program crash
PID:13648
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"2⤵PID:7672
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
- Executes dropped EXE
PID:4480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447862⤵
- Executes dropped EXE
PID:11344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20444812⤵
- Enumerates system info in registry
PID:11532 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:9024
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 9024 -s 6164⤵
- Program crash
PID:4812
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2256 /prefetch:23⤵PID:8996
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:33⤵PID:12156
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3200 /prefetch:83⤵PID:14444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:13⤵PID:14476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:13⤵PID:14512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:13⤵PID:15216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3864 /prefetch:13⤵PID:14968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:13⤵PID:14136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:13⤵PID:2528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:13⤵PID:11408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:13⤵PID:11596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:13⤵PID:10020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:13⤵PID:14716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3872 /prefetch:13⤵PID:14864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:13⤵PID:13872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6636 /prefetch:13⤵PID:2188
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6828 /prefetch:13⤵PID:5728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6840 /prefetch:83⤵PID:932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6840 /prefetch:83⤵PID:7348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:13⤵PID:5352
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:13⤵PID:4052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7028 /prefetch:13⤵PID:14980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7092 /prefetch:13⤵PID:8136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:13⤵PID:9264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8064 /prefetch:13⤵PID:13788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8284 /prefetch:13⤵PID:6380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8556 /prefetch:13⤵PID:5684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3904 /prefetch:13⤵PID:6736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8848 /prefetch:13⤵PID:2200
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7188 /prefetch:83⤵PID:14604
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=9012 /prefetch:83⤵PID:12616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9044 /prefetch:13⤵PID:5056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9500 /prefetch:13⤵PID:11736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8456 /prefetch:13⤵PID:7756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:13⤵PID:13472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8008 /prefetch:13⤵PID:12076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:13⤵PID:3164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9696 /prefetch:13⤵PID:1168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6676 /prefetch:13⤵PID:7920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9280 /prefetch:13⤵PID:12972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7092 /prefetch:13⤵PID:14124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:13⤵PID:9904
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:13⤵PID:9660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7684 /prefetch:13⤵PID:6176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8036 /prefetch:13⤵PID:13328
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:13⤵PID:4868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9204 /prefetch:13⤵PID:3876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7220 /prefetch:13⤵PID:1924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:13⤵PID:14776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10276 /prefetch:13⤵PID:13140
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8816 /prefetch:13⤵PID:8824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11132 /prefetch:13⤵PID:14180
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11224 /prefetch:13⤵PID:8784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:13⤵PID:3228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11276 /prefetch:13⤵PID:15608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11416 /prefetch:13⤵PID:15644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11436 /prefetch:13⤵PID:15696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11876 /prefetch:13⤵PID:15820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12256 /prefetch:13⤵PID:15980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7172 /prefetch:13⤵PID:16068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12460 /prefetch:13⤵PID:16196
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12448 /prefetch:13⤵PID:16188
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12580 /prefetch:13⤵PID:16180
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12904 /prefetch:13⤵PID:16380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12940 /prefetch:13⤵PID:15380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13132 /prefetch:13⤵PID:16192
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 16192 -s 2324⤵
- Program crash
PID:16340
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9688 /prefetch:13⤵PID:15660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11068 /prefetch:13⤵PID:7672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9292 /prefetch:13⤵PID:5824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6904 /prefetch:13⤵PID:14376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6988 /prefetch:13⤵PID:11124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12300 /prefetch:13⤵PID:14892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:13⤵PID:10136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12704 /prefetch:13⤵PID:16084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13000 /prefetch:13⤵PID:14788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12228 /prefetch:13⤵PID:16060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2020 /prefetch:13⤵PID:2400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1052 /prefetch:13⤵PID:16344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8312 /prefetch:13⤵PID:9576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1856 /prefetch:13⤵PID:14932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:13⤵PID:9192
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12324 /prefetch:13⤵PID:12468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7024 /prefetch:13⤵PID:8340
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11556 /prefetch:13⤵PID:4648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10944 /prefetch:13⤵
- Enumerates system info in registry
PID:1164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12472670421617413809,8744026011257438293,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9864 /prefetch:13⤵PID:15084
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447782⤵PID:11036
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x40,0x100,0xf8,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:13588
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20444812⤵PID:14368
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd4,0xe0,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:14388
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"2⤵PID:14360
-
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵
- Suspicious behavior: AddClipboardFormatListener
PID:14684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20444812⤵PID:14652
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd8,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:14696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1456,6568724315858447328,2743806224735413525,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:33⤵PID:15176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1456,6568724315858447328,2743806224735413525,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2012 /prefetch:23⤵PID:15144
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447862⤵PID:4748
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:448
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447862⤵PID:13764
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:12344
-
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Checks system information in the registry
- Checks processor information in registry
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Modifies registry class
PID:14288
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
- Executes dropped EXE
- Modifies system executable filetype association
- Registers COM server for autorun
- Checks system information in the registry
- Modifies Internet Explorer settings
- Modifies registry class
PID:15208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447822⤵PID:8488
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:13808
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵PID:10524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447862⤵PID:5792
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:11720
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20449042⤵PID:6980
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:11952
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: GetForegroundWindowSpam
PID:9744 -
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DW20.EXE"C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DW20.EXE" -x -s 49523⤵
- Process spawned suspicious child process
PID:14800
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 9744 -s 29563⤵
- Process spawned unexpected child process
- Program crash
PID:10340
-
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
- Executes dropped EXE
- Modifies system executable filetype association
- Registers COM server for autorun
- Checks system information in the registry
- Modifies registry class
PID:14808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447822⤵PID:10492
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0xf8,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:1968
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447862⤵PID:4120
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:7776
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447782⤵PID:6056
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:3588
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵PID:12152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447782⤵PID:7488
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xf8,0x108,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:8660
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447862⤵PID:13656
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xb0,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:8508
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"2⤵PID:9880
-
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵
- Checks processor information in registry
PID:13632
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
- Executes dropped EXE
- Modifies system executable filetype association
- Registers COM server for autorun
- Checks system information in the registry
- Modifies Internet Explorer settings
PID:4108
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
- Executes dropped EXE
- Modifies system executable filetype association
- Registers COM server for autorun
- Checks system information in the registry
- Modifies Internet Explorer settings
- Modifies registry class
PID:13488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447822⤵
- Suspicious behavior: EnumeratesProcesses
PID:10236 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:9868
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447782⤵PID:13572
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:9396
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447782⤵PID:14220
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:10304
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447862⤵PID:12544
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:14680
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447782⤵PID:11740
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:2392
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447822⤵PID:14672
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵
- Modifies system executable filetype association
- Registers COM server for autorun
- Checks processor information in registry
- Modifies Internet Explorer settings
- Modifies registry class
PID:5612
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20449042⤵PID:4852
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0xd4,0x100,0xf8,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:12812
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447862⤵PID:14092
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:12668
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵PID:6956
-
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵PID:9124
-
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"2⤵PID:2556
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵PID:14224
-
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵PID:1760
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵PID:3272
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447862⤵PID:11352
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:652
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵
- Checks processor information in registry
- Enumerates system info in registry
PID:8320
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
- Executes dropped EXE
- Checks system information in the registry
PID:2004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20449042⤵PID:13900
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:7604
-
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
- Executes dropped EXE
- Checks system information in the registry
PID:13700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447862⤵PID:6640
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:8188
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447782⤵PID:15396
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:15460
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447782⤵PID:15448
-
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵PID:3844
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 3844 -s 8043⤵
- Process spawned unexpected child process
- Program crash
PID:15404
-
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵PID:15364
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
- Executes dropped EXE
- Checks system information in the registry
PID:15592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447782⤵PID:15620
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:15808
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20449042⤵
- Executes dropped EXE
- Modifies system executable filetype association
- Registers COM server for autorun
- Modifies Internet Explorer settings
- Modifies registry class
PID:3272 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:14292
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"2⤵PID:16172
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵PID:9904
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵PID:15580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447822⤵PID:14968
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xbc,0xe4,0xd8,0x100,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:15976
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447862⤵PID:15164
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:14084
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵PID:15680
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 15680 -s 18883⤵
- Process spawned unexpected child process
- Program crash
PID:15960
-
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DW20.EXE"C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DW20.EXE" -x -s 20883⤵
- Process spawned suspicious child process
PID:16000
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE"C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE" /recycle2⤵PID:16056
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 16056 -s 20963⤵
- Process spawned unexpected child process
- Program crash
PID:9192
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE"C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE" /recycle2⤵PID:15452
-
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"2⤵
- Checks processor information in registry
PID:9736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20449042⤵PID:15788
-
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵PID:4428
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵PID:7548
-
C:\Windows\system32\wwahost.exe"C:\Windows\system32\wwahost.exe" -ServerName:Microsoft.MicrosoftOfficeHub.wwa1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:6740
-
C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding1⤵PID:6588
-
C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\LocalBridge.exe"C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\LocalBridge.exe" /InvokerPRAID: Microsoft.MicrosoftOfficeHub prelaunch2⤵
- Suspicious behavior: EnumeratesProcesses
PID:6044
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s SSDPSRV1⤵
- Suspicious behavior: EnumeratesProcesses
PID:5520
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:6288
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047181⤵PID:9212
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047181⤵PID:8308
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xd8,0x110,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047181⤵PID:9204
-
C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe"C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe" -ServerName:microsoft.onenoteim.AppXxqb9ypsz6cs1w07e1pmjy4ww4dy9tpqr.mca1⤵
- Enumerates system info in registry
PID:9092 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 9092 -s 26362⤵
- Program crash
PID:6476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047181⤵PID:10016
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵PID:8792
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047181⤵PID:10828
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 452 -p 9092 -ip 90921⤵PID:3176
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047181⤵PID:10808
-
C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe"C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe" -ServerName:microsoft.onenoteim.AppXxqb9ypsz6cs1w07e1pmjy4ww4dy9tpqr.mca1⤵PID:7956
-
C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe"C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe" -ServerName:microsoft.onenoteim.AppXxqb9ypsz6cs1w07e1pmjy4ww4dy9tpqr.mca1⤵PID:9676
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 9676 -s 27162⤵
- Program crash
PID:10524
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 496 -p 9676 -ip 96761⤵PID:3876
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047181⤵PID:10720
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047181⤵PID:13052
-
C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe"C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe" -ServerName:microsoft.onenoteim.AppXxqb9ypsz6cs1w07e1pmjy4ww4dy9tpqr.mca1⤵PID:7948
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 7948 -s 31242⤵
- Program crash
PID:5880
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 996 -p 7948 -ip 79481⤵PID:6692
-
C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe"C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe" -ServerName:microsoft.onenoteim.AppXxqb9ypsz6cs1w07e1pmjy4ww4dy9tpqr.mca1⤵PID:10116
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 10116 -s 33642⤵
- Program crash
PID:12812
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 512 -p 10116 -ip 101161⤵PID:12064
-
C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe"C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe" -ServerName:microsoft.onenoteim.AppXxqb9ypsz6cs1w07e1pmjy4ww4dy9tpqr.mca1⤵
- Enumerates system info in registry
PID:7648 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 7648 -s 34202⤵
- Program crash
PID:10420
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 1004 -p 7648 -ip 76481⤵PID:10336
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k UnistackSvcGroup1⤵PID:5128
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 480 -p 7316 -ip 73161⤵PID:12080
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 7316 -s 20401⤵
- Program crash
PID:11700
-
C:\Windows\system32\wwahost.exe"C:\Windows\system32\wwahost.exe" -ServerName:Microsoft.MicrosoftOfficeHub.wwa1⤵PID:10236
-
C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe"C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe" -ServerName:microsoft.onenoteim.AppXxqb9ypsz6cs1w07e1pmjy4ww4dy9tpqr.mca1⤵PID:9416
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 9416 -s 32122⤵
- Program crash
PID:10492
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:13096
-
C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding1⤵PID:10400
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 576 -p 9416 -ip 94161⤵PID:9892
-
C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe"C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe" -ServerName:microsoft.onenoteim.AppXxqb9ypsz6cs1w07e1pmjy4ww4dy9tpqr.mca1⤵PID:1728
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1728 -s 34322⤵
- Program crash
PID:5320
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4784
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 572 -p 1728 -ip 17281⤵PID:8480
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047181⤵PID:1916
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:6092
-
C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe"C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe" -ServerName:microsoft.onenoteim.AppXxqb9ypsz6cs1w07e1pmjy4ww4dy9tpqr.mca1⤵
- Enumerates system info in registry
PID:6900 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 6900 -s 33762⤵
- Program crash
PID:11956
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:10088
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 584 -p 6900 -ip 69001⤵PID:13232
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:8084
-
C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe"C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe" -ServerName:microsoft.onenoteim.AppXxqb9ypsz6cs1w07e1pmjy4ww4dy9tpqr.mca1⤵PID:7384
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 540 -p 1596 -ip 15961⤵PID:13336
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047181⤵PID:13484
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 13484 -s 5802⤵
- Program crash
PID:13644
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 540 -p 13532 -ip 135321⤵PID:13576
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 572 -p 13464 -ip 134641⤵PID:13588
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 488 -p 13484 -ip 134841⤵PID:13632
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 996 -p 12536 -ip 125361⤵PID:13668
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 468 -p 336 -ip 3361⤵PID:13908
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 336 -s 54281⤵
- Program crash
PID:13992
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:14096
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:13148
-
C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe"C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe" -ServerName:microsoft.onenoteim.AppXxqb9ypsz6cs1w07e1pmjy4ww4dy9tpqr.mca1⤵PID:13416
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 13416 -s 11402⤵
- Program crash
PID:7872 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 7872 -s 3003⤵
- Program crash
PID:13348
-
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 968 -p 13380 -ip 133801⤵PID:13568
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 960 -p 13416 -ip 134161⤵PID:8436
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 8464 -s 20801⤵
- Program crash
PID:13672
-
C:\Windows\system32\wwahost.exe"C:\Windows\system32\wwahost.exe" -ServerName:Microsoft.MicrosoftOfficeHub.wwa1⤵PID:13780
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 912 -p 11452 -ip 114521⤵PID:13908
-
C:\Windows\system32\wwahost.exe"C:\Windows\system32\wwahost.exe" -ServerName:Microsoft.MicrosoftOfficeHub.wwa1⤵PID:8436
-
C:\Windows\system32\wwahost.exe"C:\Windows\system32\wwahost.exe" -ServerName:Microsoft.MicrosoftOfficeHub.wwa1⤵PID:8760
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 8760 -s 17042⤵
- Program crash
PID:220
-
-
C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\LocalBridge.exe"C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\LocalBridge.exe" /InvokerPRAID: Microsoft.MicrosoftOfficeHub prelaunch1⤵PID:12220
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 972 -p 8760 -ip 87601⤵PID:3352
-
C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe"C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe" -ServerName:microsoft.onenoteim.AppXxqb9ypsz6cs1w07e1pmjy4ww4dy9tpqr.mca1⤵
- Enumerates system info in registry
PID:12876 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 12876 -s 33362⤵
- Program crash
PID:2368
-
-
C:\Windows\system32\wwahost.exe"C:\Windows\system32\wwahost.exe" -ServerName:Microsoft.MicrosoftOfficeHub.wwa1⤵PID:10588
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 956 -p 12876 -ip 128761⤵PID:1508
-
C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe"C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe" -ServerName:microsoft.onenoteim.AppXxqb9ypsz6cs1w07e1pmjy4ww4dy9tpqr.mca1⤵PID:14016
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 14016 -s 33322⤵
- Program crash
PID:9660
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 884 -p 14016 -ip 140161⤵PID:8240
-
C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe"C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe" -ServerName:microsoft.onenoteim.AppXxqb9ypsz6cs1w07e1pmjy4ww4dy9tpqr.mca1⤵PID:3228
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 3228 -s 32922⤵
- Program crash
PID:2184
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 896 -p 3228 -ip 32281⤵PID:12492
-
C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe"C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe" -ServerName:microsoft.onenoteim.AppXxqb9ypsz6cs1w07e1pmjy4ww4dy9tpqr.mca1⤵PID:12384
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 12384 -s 35242⤵
- Program crash
PID:5704
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 884 -p 12384 -ip 123841⤵PID:12784
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047181⤵PID:8692
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 8692 -s 2242⤵
- Program crash
PID:12764
-
-
C:\Windows\system32\wwahost.exe"C:\Windows\system32\wwahost.exe" -ServerName:Microsoft.MicrosoftOfficeHub.wwa1⤵PID:8756
-
C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe"C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe" -ServerName:microsoft.onenoteim.AppXxqb9ypsz6cs1w07e1pmjy4ww4dy9tpqr.mca1⤵PID:13756
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 13756 -s 35362⤵
- Program crash
PID:9752
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 908 -p 13756 -ip 137561⤵PID:10600
-
C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe"C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe" -ServerName:microsoft.onenoteim.AppXxqb9ypsz6cs1w07e1pmjy4ww4dy9tpqr.mca1⤵PID:9364
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 944 -p 712 -ip 7121⤵PID:8664
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 10704 -ip 107041⤵PID:11496
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 10704 -ip 107041⤵PID:9520
-
C:\Windows\system32\wwahost.exe"C:\Windows\system32\wwahost.exe" -ServerName:Microsoft.MicrosoftOfficeHub.wwa1⤵PID:12572
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 496 -p 3788 -ip 37881⤵PID:4040
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 1004 -p 8564 -ip 85641⤵PID:7864
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 488 -p 12572 -ip 125721⤵PID:8068
-
C:\Windows\system32\wwahost.exe"C:\Windows\system32\wwahost.exe" -ServerName:Microsoft.MicrosoftOfficeHub.wwa1⤵PID:9656
-
C:\Windows\system32\wwahost.exe"C:\Windows\system32\wwahost.exe" -ServerName:Microsoft.MicrosoftOfficeHub.wwa1⤵PID:3676
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:14036
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 544 -p 3676 -ip 36761⤵PID:11540
-
C:\Windows\system32\wwahost.exe"C:\Windows\system32\wwahost.exe" -ServerName:Microsoft.MicrosoftOfficeHub.wwa1⤵PID:14436
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 14436 -s 12242⤵
- Program crash
PID:14540
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 14436 -s 11562⤵
- Program crash
PID:14552
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 972 -p 14436 -ip 144361⤵PID:14500
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 952 -p 13216 -ip 132161⤵PID:14528
-
C:\Windows\system32\wwahost.exe"C:\Windows\system32\wwahost.exe" -ServerName:Microsoft.MicrosoftOfficeHub.wwa1⤵PID:14644
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager1⤵PID:3492
-
C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe"C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe" -ServerName:microsoft.onenoteim.AppXxqb9ypsz6cs1w07e1pmjy4ww4dy9tpqr.mca1⤵
- Enumerates system info in registry
PID:2328 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2328 -s 20602⤵
- Program crash
PID:5812
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 932 -p 2328 -ip 23281⤵PID:3240
-
C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe"C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe" -ServerName:microsoft.onenoteim.AppXxqb9ypsz6cs1w07e1pmjy4ww4dy9tpqr.mca1⤵
- Enumerates system info in registry
PID:8156 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 8156 -s 27682⤵
- Program crash
PID:12788
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 548 -p 8156 -ip 81561⤵PID:12908
-
C:\Windows\system32\wwahost.exe"C:\Windows\system32\wwahost.exe" -ServerName:Microsoft.MicrosoftOfficeHub.wwa1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
- Registers COM server for autorun
- Modifies Internet Explorer settings
- Modifies registry class
PID:10704
-
C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe"C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe" -ServerName:microsoft.onenoteim.AppXxqb9ypsz6cs1w07e1pmjy4ww4dy9tpqr.mca1⤵PID:1164
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1164 -s 26842⤵
- Program crash
PID:11500
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 936 -p 1164 -ip 11641⤵PID:8864
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xb0,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047181⤵PID:15484
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047181⤵PID:15600
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 904 -p 16192 -ip 161921⤵PID:16236
-
C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe"C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe" -ServerName:microsoft.onenoteim.AppXxqb9ypsz6cs1w07e1pmjy4ww4dy9tpqr.mca1⤵
- Enumerates system info in registry
PID:12376
-
C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe"C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe" -ServerName:microsoft.onenoteim.AppXxqb9ypsz6cs1w07e1pmjy4ww4dy9tpqr.mca1⤵PID:7312
-
C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe"C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe" -ServerName:microsoft.onenoteim.AppXxqb9ypsz6cs1w07e1pmjy4ww4dy9tpqr.mca1⤵PID:8072
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 8072 -s 16322⤵
- Program crash
PID:15984
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 492 -p 16056 -ip 160561⤵PID:6020
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 528 -p 15680 -ip 156801⤵PID:14264
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 984 -p 8072 -ip 80721⤵PID:14480
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 584 -p 7556 -ip 75561⤵PID:16100
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
PID:5528 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447782⤵PID:10452
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xd4,0xfc,0x100,0xe0,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:8960
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵PID:6580
-
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"2⤵PID:384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447822⤵PID:7704
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:4116
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447862⤵PID:14064
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:2508
-
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
- Executes dropped EXE
- Modifies system executable filetype association
- Registers COM server for autorun
- Checks system information in the registry
- Modifies Internet Explorer settings
PID:3696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447782⤵PID:15312
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:8288
-
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
- Executes dropped EXE
- Modifies system executable filetype association
- Registers COM server for autorun
- Checks system information in the registry
- Modifies registry class
PID:8748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447782⤵PID:5040
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xd4,0xd8,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:10444
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"2⤵PID:15092
-
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"2⤵PID:7496
-
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵PID:4732
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
- Executes dropped EXE
- Modifies system executable filetype association
- Registers COM server for autorun
- Checks system information in the registry
- Modifies Internet Explorer settings
- Modifies registry class
PID:16020
-
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵PID:11804
-
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵PID:14592
-
-
C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE"C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE" /recycle2⤵
- Enumerates system info in registry
PID:5324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447782⤵PID:2428
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xd8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:7324
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"2⤵PID:9752
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447822⤵PID:12068
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xf8,0x108,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:12588
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"2⤵PID:2016
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵PID:3996
-
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"2⤵PID:8496
-
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵PID:15084
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵PID:9432
-
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"2⤵PID:7872
-
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"2⤵PID:8036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447862⤵PID:5256
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:8200
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵
- Enumerates system info in registry
PID:9416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20449042⤵PID:9224
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:14152
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447782⤵PID:11320
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:3172
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447862⤵PID:6256
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:10164
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵PID:14800
-
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"2⤵PID:11108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447822⤵PID:11972
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xd4,0xd8,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:10736
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20449042⤵PID:14952
-
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵PID:14484
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 14484 -s 8083⤵
- Process spawned unexpected child process
- Program crash
PID:3976
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20449042⤵
- Executes dropped EXE
- Modifies system executable filetype association
- Registers COM server for autorun
- Modifies Internet Explorer settings
PID:15580 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xd4,0xd8,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:13484
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵
- Executes dropped EXE
- Modifies system executable filetype association
- Registers COM server for autorun
- Modifies Internet Explorer settings
- Modifies registry class
PID:3996 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 3996 -s 6163⤵
- Process spawned unexpected child process
- Program crash
PID:6568
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20449042⤵PID:16380
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 16380 -s 1723⤵
- Program crash
PID:8612
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵PID:8112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447822⤵PID:7100
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:8992
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447782⤵PID:7844
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xf8,0x108,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:9436
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447862⤵PID:13768
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
PID:9140
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447862⤵PID:788
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:15276
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 15276 -s 2924⤵
- Program crash
PID:15156
-
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"2⤵
- Executes dropped EXE
- Modifies system executable filetype association
- Registers COM server for autorun
- Modifies Internet Explorer settings
- Modifies registry class
PID:9432
-
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵
- Executes dropped EXE
- Registers COM server for autorun
- Modifies Internet Explorer settings
- Modifies registry class
PID:9904 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 9904 -s 5483⤵
- Process spawned unexpected child process
- Program crash
PID:8168
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵PID:15092
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 15092 -s 123⤵
- Process spawned unexpected child process
- Program crash
PID:15152
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE"C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE" /recycle2⤵PID:4512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447782⤵PID:10688
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xf8,0x108,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:4572
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 4572 -s 3124⤵
- Program crash
PID:14484
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447862⤵PID:11628
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 11628 -s 1243⤵
- Program crash
PID:13544
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20444812⤵PID:4844
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0x104,0x114,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵
- Executes dropped EXE
- Modifies system executable filetype association
- Modifies Internet Explorer settings
PID:14224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,15193500689087549753,3448328106135072412,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:33⤵PID:14872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,15193500689087549753,3448328106135072412,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:23⤵PID:6040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,15193500689087549753,3448328106135072412,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:23⤵PID:6880
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"2⤵PID:12852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20444812⤵PID:15224
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:7688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,15168839830598662492,4572116703497181437,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:33⤵PID:7060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,15168839830598662492,4572116703497181437,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:23⤵PID:12616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,15168839830598662492,4572116703497181437,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2728 /prefetch:23⤵PID:4472
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447862⤵PID:6488
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵
- Executes dropped EXE
PID:15364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,18387930002204516183,7079850172329131532,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:33⤵PID:10004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,18387930002204516183,7079850172329131532,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:23⤵PID:5456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,18387930002204516183,7079850172329131532,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2676 /prefetch:23⤵PID:2376
-
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵PID:11168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447822⤵PID:16236
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd8,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:1560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,11324872086674389879,6193482739304976942,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:33⤵PID:7280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,11324872086674389879,6193482739304976942,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:23⤵PID:3312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,11324872086674389879,6193482739304976942,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1808 /prefetch:23⤵PID:11856
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE"C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE" /recycle2⤵
- Checks processor information in registry
- Enumerates system info in registry
PID:10848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20449042⤵PID:12976
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:11752
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,10448449116022736875,15401454361431668725,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:23⤵PID:10432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,10448449116022736875,15401454361431668725,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2456 /prefetch:33⤵PID:14940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,10448449116022736875,15401454361431668725,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2516 /prefetch:23⤵PID:9128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,10448449116022736875,15401454361431668725,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2312 /prefetch:23⤵PID:9520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,10448449116022736875,15401454361431668725,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2996 /prefetch:23⤵PID:6516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,10448449116022736875,15401454361431668725,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2880 /prefetch:23⤵PID:15792
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,10448449116022736875,15401454361431668725,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2396 /prefetch:23⤵PID:1204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,10448449116022736875,15401454361431668725,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2000 /prefetch:23⤵PID:3252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,10448449116022736875,15401454361431668725,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=2424 /prefetch:23⤵PID:6716
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE"C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE" /recycle2⤵
- Checks processor information in registry
- Enumerates system info in registry
PID:1792
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20444812⤵PID:15480
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:4980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,18369067736026516007,5128573794948749406,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:33⤵PID:16440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,18369067736026516007,5128573794948749406,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:23⤵PID:16428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,18369067736026516007,5128573794948749406,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2276 /prefetch:23⤵PID:1408
-
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
- Executes dropped EXE
- Modifies system executable filetype association
- Registers COM server for autorun
- Checks system information in the registry
- Modifies Internet Explorer settings
- Modifies registry class
PID:13696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447782⤵
- Checks processor information in registry
- Enumerates system info in registry
PID:10524 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:2572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,7513348223213812393,16754918737854394850,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:33⤵PID:16568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,7513348223213812393,16754918737854394850,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:23⤵PID:16560
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵PID:16944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20444812⤵PID:16936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20444812⤵PID:668
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:4620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,3467315088394830105,9383396373310283876,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:23⤵PID:17028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,3467315088394830105,9383396373310283876,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2496 /prefetch:33⤵PID:17044
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵
- Enumerates system info in registry
PID:14264
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
- Executes dropped EXE
- Modifies system executable filetype association
- Registers COM server for autorun
- Checks system information in the registry
- Modifies registry class
PID:2628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20444812⤵PID:16488
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,11963033104176041695,15785385523080051031,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2432 /prefetch:33⤵PID:17120
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,11963033104176041695,15785385523080051031,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:23⤵PID:16668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,11963033104176041695,15785385523080051031,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:23⤵PID:16928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,11963033104176041695,15785385523080051031,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2728 /prefetch:23⤵PID:16712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,11963033104176041695,15785385523080051031,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2668 /prefetch:23⤵PID:11816
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447822⤵PID:6712
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047183⤵PID:15168
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=fallback-handler --database="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --exception-pointers=124854702358528 --process=176 /prefetch:7 --thread=166844⤵PID:11812
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,658132896442079975,15208057777973364224,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2460 /prefetch:33⤵PID:16852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,658132896442079975,15208057777973364224,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:23⤵PID:16896
-
-
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵PID:16176
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:896
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵PID:10280
-
C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe"C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe" -ServerName:microsoft.onenoteim.AppXxqb9ypsz6cs1w07e1pmjy4ww4dy9tpqr.mca1⤵PID:4892
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 4892 -s 27522⤵
- Program crash
PID:7860
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 600 -p 4892 -ip 48921⤵PID:2276
-
C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe"C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe" -ServerName:microsoft.onenoteim.AppXxqb9ypsz6cs1w07e1pmjy4ww4dy9tpqr.mca1⤵
- Enumerates system info in registry
PID:1344 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1344 -s 27442⤵
- Program crash
PID:14012
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 832 -p 1344 -ip 13441⤵PID:6472
-
C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe"C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe" -ServerName:microsoft.onenoteim.AppXxqb9ypsz6cs1w07e1pmjy4ww4dy9tpqr.mca1⤵
- Enumerates system info in registry
PID:8136 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 8136 -s 27762⤵
- Program crash
PID:8800
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 848 -p 8136 -ip 81361⤵PID:15368
-
C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe"C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe" -ServerName:microsoft.onenoteim.AppXxqb9ypsz6cs1w07e1pmjy4ww4dy9tpqr.mca1⤵PID:8900
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 744 -p 3996 -ip 39961⤵PID:7956
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 728 -p 14484 -ip 144841⤵
- Enumerates system info in registry
PID:4892
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 840 -p 16380 -ip 163801⤵PID:15276
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 696 -p 15276 -ip 152761⤵PID:13384
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 656 -p 9904 -ip 99041⤵PID:16160
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 700 -p 8168 -ip 81681⤵PID:11108
-
C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe"C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe" -ServerName:microsoft.onenoteim.AppXxqb9ypsz6cs1w07e1pmjy4ww4dy9tpqr.mca1⤵PID:12128
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 784 -p 15092 -ip 150921⤵PID:4256
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 652 -p 11628 -ip 116281⤵PID:12852
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 456 -p 4512 -ip 45121⤵PID:3888
-
C:\Windows\system32\werfault.exewerfault.exe /hc /shared Global\95ae495fe91a42d7a865ace0c59d94f6 /t 12736 /p 102801⤵PID:8168
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 668 -p 9744 -ip 97441⤵PID:6756
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:13096
-
C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe"C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe" -ServerName:microsoft.onenoteim.AppXxqb9ypsz6cs1w07e1pmjy4ww4dy9tpqr.mca1⤵PID:14108
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:15784
-
C:\Windows\system32\werfault.exewerfault.exe /hc /shared Global\c3d3f5b6ea7542678cb57061f2a1463d /t 0 /p 141081⤵PID:1836
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 728 -p 9520 -ip 95201⤵PID:2716
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047181⤵
- Checks processor information in registry
PID:16956
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 688 -p 16944 -ip 169441⤵PID:17156
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xd8,0xfc,0x100,0x9c,0x104,0x7ff9b52046f8,0x7ff9b5204708,0x7ff9b52047181⤵PID:2900
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 728 -p 16668 -ip 166681⤵PID:16688
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 760 -p 16668 -ip 166681⤵PID:17360
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 728 -p 15168 -ip 151681⤵PID:16740
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53
Filesize471B
MD50f1128f3a9fa4d71983c087784ac31b4
SHA198255a1aeaf526234b8483938171ac6b940d0b8c
SHA256320502a40b3f9cbfb59bea65836b7624adcfa96b2e3fa57311ea1c2f2dbfe3e8
SHA512bccabec72ca40bfd23c96cd3fbe835e78173dc9e0e64cd63ed0b36fbb00c24c195c19526d55bfc3cd0af86d7521f7eea32b0dbe1b52dd8e4838c731a792c0b25
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53
Filesize412B
MD549beb7656041c66d1ae559c43e9c49be
SHA1deaae86bc1fd2daecd64e87215d7be0fd6a945b1
SHA256c49310d8eb7249e99b29034c2fa660de49e303f34350e5aa6b504fc6ffeec83f
SHA512332869e68e228c332768bba54695db841aa4368de2fee402f07ff941fb6e1b05cf5e2b9faf90fca266b8a6a2c3e2add735cd7d1ed56dfebcb174945f5d3fd7da
-
Filesize
3KB
MD54146101c9289e8e7b0667542ae1989f3
SHA1af37da8a6c7c946088c976f72a274b446cd8aaf9
SHA25682b72bfaa06f726242aeb1d068003cb1076415722969b50cc6f4caebc5b44ecf
SHA512853c064c990d1f25c5c17663177e4780440f3dcfb5821627790a178ccf0ecdd251971c923efd2a2a2b078ff680dec9e0918af776da9de3be8c5537405a0ac0fa
-
Filesize
248B
MD5666de660f1b7a9810f6ac3255c68bc03
SHA18549b785603e2d733f165979a9a4f81b85ba9627
SHA2562c90c40c835d2bea6211d495ebb68685cc5229202df3fa7d12fe3ac6f28e7d94
SHA512d00719fd8c3bc49323e7d107517fd3b145fd8177b8c1867d315a0b44ba843a7ac8eacdf28a45b4589318135a00b13c4e56ef7b12ae2e570c132927bc3a27d588
-
Filesize
382B
MD5519e426a8dd7375309e6bfd28c088623
SHA14bdecd866d70618b4054965adf27a2ec3a3c0826
SHA25663f127e5303e7726b815fb7bad279fb66fe45b2e1a39205c6712ca0735bbf99b
SHA512d6e8d53b44204bea2c20ee0a15001a7caf4f3d91a8897ab69f4a99e974ade172b9f820b5c2a698f5697e6d7fcdd90e2a4c05f3cc134fa5714ac5a4296ef6a2ab
-
Filesize
516B
MD5e98382979b51c4e0685821a7dfb85cd8
SHA1ddcf81cd9f631d09e912982e3fd249213b6357a9
SHA2566ed7258dcd5bfce5da11d3b4f27502b03a48394c21c090b1512789a29ecde9e3
SHA5122d40395ddb677b48cdff902de58ab5696bcc01ba33818e9eb74407b84ec5c48d7a2e7a020a9b7d7b10b178f1c0933a4d81b54b2e0150b05e60c8cf412965057d
-
Filesize
650B
MD507dc8df42e90f334696bcdba4c0c0130
SHA19e4a12ca492d7243f710aca66ada4cc96bcc5d49
SHA256a5b812baae15b36a4be20727874ead99ede4d22ea76e78cb40bac2c19e371ead
SHA51204c92b6e967a959c237b6bd09ea7b26345c234d98b14577265e7fc46575d97b818bc7699667c4b5bac8fc6b37179a0be9b9513bc1cbb82db894d24d80da6fe7d
-
Filesize
784B
MD5ca6cc8580e29c7b056d87c7633f63ec4
SHA1d012921833b36235494e0d70d64a12a33cbb1963
SHA256817fcef3cc4fb1421548ce194a55b3055c1f91ec969296d2669f67b67789d543
SHA512adc40d261e3f92daba4446daa71e3bacf783595ecf6b5a0ab0ac1ca4a2f61356f9e8eabd7103477bd2502d4d5286c84ebdcf8c4e31682faf1d9d00b56cc6451c
-
Filesize
1016B
MD5d0cc42a0c87e8d30d743590cf58573f7
SHA15e1ad25e1ca10b500520d8300e5cdcfdcdaedcbc
SHA2562719b89a395867bebf755a47f9bd2af19659d63d6f56067db28f3ab415e1cef4
SHA5120c972dc387ccb04772375e3a92d72f99569271ffb111ca2c19a3031122bbeab999e4184dfc3e7612821ca30d175be737dc1180bc1f459699f1ee2528cfd68032
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\0b235f7d-7477-41d6-baeb-520132676b1e.dmp
Filesize107KB
MD576fb5c4cb5fd18715d00831f129e1c2d
SHA1539d9002d28f252595871488938b736d6704982b
SHA2564d8eaeab6adab03e11f64f3a9f66ec64e9e1734065e01e2238c22a355b2627c7
SHA512a1bd56f16f0c71ea9495fdc50b97f5b0b7189ac19d649692869782dc9a1ff70b996cab4c28c390daf52be6840315f5721f74dfb4b9eb7fdac2875ef330e04f30
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\3b203027-4627-4df1-8292-feeaf7432069.dmp
Filesize3.5MB
MD56cad0205e0a988ea27c356ee643a550d
SHA112a7a62e79f3d5b3cc293912703c18eb2d34f230
SHA256d6048241e34a9963b8df6a3480bba4fb286f93fa6ce6e74ad4af2f1525f7df1c
SHA5124011e3afa0f3e26847c6c495b4b268be5ad57e57b84cf54abfd1d0625b4441972ec443a8e79198753afa53780d2fecccdc7e6fae99fe02de675992ce535f6e2d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\69bcc8c6-082d-434f-ba75-59f68998e85a.dmp
Filesize4.1MB
MD57ab507dc05cb89908c42cd7c3bc1e955
SHA14b343e65a4a6f1ce0e65e0706c925d6825cf6a99
SHA2563296397ae470ccb30043646041386a867a29e33a2f374ffbac59496625487d97
SHA512cdc6b36c49120a5134bd9902aea32e28a0f39c1c74bc84a381e9c2786615a8a20ca21665716922707fa129501252bd6c7066cb6f1ac08de539d4a36d3524bf41
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\91f6c75f-55b1-429a-9a76-fdf2b854ca3a.dmp
Filesize138KB
MD5e9394e9659e92bf28b0081770bed7ebd
SHA1959696d94b509a6f18eab8ad477e4d74f5d73442
SHA256c3214b9d5f0a2565aa10b734fa9488191ad9de750067b2d9bd1dcf4fabd83f68
SHA512296300f7f2c2807ddae95e9fdfaae5bc5bd3dba9a4a1399688d414bf66a1e3bf198670dbb1a38b7f1bf7fa14d7103df83cbb9456ab47dde6ad2c02eba78e4e42
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\c98f8d5d-6f43-4f12-bce6-d41add74ac40.dmp
Filesize3.9MB
MD56d2a3957510f3acf3b2b27949234a598
SHA1bf2b19f43479245e7bf83417714dc52c22a7e3eb
SHA2569fcf51e591608613683acc32e6a277410cc29e9966f0a47132a978605f8ed141
SHA51248cecba02066fb8e07ce5bb3637dfa01cb5a052fe431de4dad4eb1b71b286e1eed0cf86b6e11f137fecf08cea29f099a558bed68ca708dc6222b4f7db900a841
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\e2850304-1dea-4b05-82c3-939422e8d10e.dmp
Filesize960KB
MD5b0864ee2b87642aefa27781fb4b20250
SHA1150f6f800c4b0610abfc44baff50a861daff684d
SHA256424893ae84281e717c9b1d217af6541f62e2d12ce2032978a98e2a91ee7dfb2b
SHA512b80f2dab20462040a679d87d03e8ef96a967ebd559fa059a7d668a36aa8d2ff43bef28cf4cf5edb586c06a3060818a9356d24d9bbff6c6cb2a3cb35aa0980c1f
-
Filesize
152B
MD5aaeb1f5e097ab38083674077b84b8ed6
SHA17d9191cb2277c30f1147c9d29d75fc8e6aa0a4f2
SHA2561654b27bfaeee49bfe56e0c4c0303418f4887f3ea1933f03cafce10352321aef
SHA512130f1b62134626959f69b13e33c42c3182e343d7f0a5b6291f7bb0c2f64b60885f5e6331e1866a4944e9b7b2e49fe798e073316fde23927ede2c348ba0e56eda
-
Filesize
152B
MD5aaeb1f5e097ab38083674077b84b8ed6
SHA17d9191cb2277c30f1147c9d29d75fc8e6aa0a4f2
SHA2561654b27bfaeee49bfe56e0c4c0303418f4887f3ea1933f03cafce10352321aef
SHA512130f1b62134626959f69b13e33c42c3182e343d7f0a5b6291f7bb0c2f64b60885f5e6331e1866a4944e9b7b2e49fe798e073316fde23927ede2c348ba0e56eda
-
Filesize
152B
MD5aaeb1f5e097ab38083674077b84b8ed6
SHA17d9191cb2277c30f1147c9d29d75fc8e6aa0a4f2
SHA2561654b27bfaeee49bfe56e0c4c0303418f4887f3ea1933f03cafce10352321aef
SHA512130f1b62134626959f69b13e33c42c3182e343d7f0a5b6291f7bb0c2f64b60885f5e6331e1866a4944e9b7b2e49fe798e073316fde23927ede2c348ba0e56eda
-
Filesize
152B
MD5aaeb1f5e097ab38083674077b84b8ed6
SHA17d9191cb2277c30f1147c9d29d75fc8e6aa0a4f2
SHA2561654b27bfaeee49bfe56e0c4c0303418f4887f3ea1933f03cafce10352321aef
SHA512130f1b62134626959f69b13e33c42c3182e343d7f0a5b6291f7bb0c2f64b60885f5e6331e1866a4944e9b7b2e49fe798e073316fde23927ede2c348ba0e56eda
-
Filesize
152B
MD5aaeb1f5e097ab38083674077b84b8ed6
SHA17d9191cb2277c30f1147c9d29d75fc8e6aa0a4f2
SHA2561654b27bfaeee49bfe56e0c4c0303418f4887f3ea1933f03cafce10352321aef
SHA512130f1b62134626959f69b13e33c42c3182e343d7f0a5b6291f7bb0c2f64b60885f5e6331e1866a4944e9b7b2e49fe798e073316fde23927ede2c348ba0e56eda
-
Filesize
152B
MD5aaeb1f5e097ab38083674077b84b8ed6
SHA17d9191cb2277c30f1147c9d29d75fc8e6aa0a4f2
SHA2561654b27bfaeee49bfe56e0c4c0303418f4887f3ea1933f03cafce10352321aef
SHA512130f1b62134626959f69b13e33c42c3182e343d7f0a5b6291f7bb0c2f64b60885f5e6331e1866a4944e9b7b2e49fe798e073316fde23927ede2c348ba0e56eda
-
Filesize
152B
MD5aaeb1f5e097ab38083674077b84b8ed6
SHA17d9191cb2277c30f1147c9d29d75fc8e6aa0a4f2
SHA2561654b27bfaeee49bfe56e0c4c0303418f4887f3ea1933f03cafce10352321aef
SHA512130f1b62134626959f69b13e33c42c3182e343d7f0a5b6291f7bb0c2f64b60885f5e6331e1866a4944e9b7b2e49fe798e073316fde23927ede2c348ba0e56eda
-
Filesize
152B
MD5aaeb1f5e097ab38083674077b84b8ed6
SHA17d9191cb2277c30f1147c9d29d75fc8e6aa0a4f2
SHA2561654b27bfaeee49bfe56e0c4c0303418f4887f3ea1933f03cafce10352321aef
SHA512130f1b62134626959f69b13e33c42c3182e343d7f0a5b6291f7bb0c2f64b60885f5e6331e1866a4944e9b7b2e49fe798e073316fde23927ede2c348ba0e56eda
-
Filesize
152B
MD51db53baf44edd6b1bc2b7576e2f01e12
SHA1e35739fa87978775dcb3d8df5c8d2063631fa8df
SHA2560d73ba3eea4c552ce3ffa767e4cd5fff4e459e543756987ab5d55f1e6d963f48
SHA51284f544858803ac14bac962d2df1dbc7ed6e1134ecf16d242d7ee7316648b56b5bc095241363837bf0bf0afd16ca7deebe7afb7d40057604acbf09821fd5a9912
-
Filesize
152B
MD51db53baf44edd6b1bc2b7576e2f01e12
SHA1e35739fa87978775dcb3d8df5c8d2063631fa8df
SHA2560d73ba3eea4c552ce3ffa767e4cd5fff4e459e543756987ab5d55f1e6d963f48
SHA51284f544858803ac14bac962d2df1dbc7ed6e1134ecf16d242d7ee7316648b56b5bc095241363837bf0bf0afd16ca7deebe7afb7d40057604acbf09821fd5a9912
-
Filesize
152B
MD51db53baf44edd6b1bc2b7576e2f01e12
SHA1e35739fa87978775dcb3d8df5c8d2063631fa8df
SHA2560d73ba3eea4c552ce3ffa767e4cd5fff4e459e543756987ab5d55f1e6d963f48
SHA51284f544858803ac14bac962d2df1dbc7ed6e1134ecf16d242d7ee7316648b56b5bc095241363837bf0bf0afd16ca7deebe7afb7d40057604acbf09821fd5a9912
-
Filesize
152B
MD51db53baf44edd6b1bc2b7576e2f01e12
SHA1e35739fa87978775dcb3d8df5c8d2063631fa8df
SHA2560d73ba3eea4c552ce3ffa767e4cd5fff4e459e543756987ab5d55f1e6d963f48
SHA51284f544858803ac14bac962d2df1dbc7ed6e1134ecf16d242d7ee7316648b56b5bc095241363837bf0bf0afd16ca7deebe7afb7d40057604acbf09821fd5a9912
-
Filesize
152B
MD51db53baf44edd6b1bc2b7576e2f01e12
SHA1e35739fa87978775dcb3d8df5c8d2063631fa8df
SHA2560d73ba3eea4c552ce3ffa767e4cd5fff4e459e543756987ab5d55f1e6d963f48
SHA51284f544858803ac14bac962d2df1dbc7ed6e1134ecf16d242d7ee7316648b56b5bc095241363837bf0bf0afd16ca7deebe7afb7d40057604acbf09821fd5a9912
-
Filesize
152B
MD51db53baf44edd6b1bc2b7576e2f01e12
SHA1e35739fa87978775dcb3d8df5c8d2063631fa8df
SHA2560d73ba3eea4c552ce3ffa767e4cd5fff4e459e543756987ab5d55f1e6d963f48
SHA51284f544858803ac14bac962d2df1dbc7ed6e1134ecf16d242d7ee7316648b56b5bc095241363837bf0bf0afd16ca7deebe7afb7d40057604acbf09821fd5a9912
-
Filesize
152B
MD51db53baf44edd6b1bc2b7576e2f01e12
SHA1e35739fa87978775dcb3d8df5c8d2063631fa8df
SHA2560d73ba3eea4c552ce3ffa767e4cd5fff4e459e543756987ab5d55f1e6d963f48
SHA51284f544858803ac14bac962d2df1dbc7ed6e1134ecf16d242d7ee7316648b56b5bc095241363837bf0bf0afd16ca7deebe7afb7d40057604acbf09821fd5a9912
-
Filesize
152B
MD5191a35eb009c9e8acbaff9af108b8bb8
SHA13a20a97f472b0ee0092751237d169abdabb281e3
SHA2567c045d520b2caa3c1579f38cf745268b0bf51e85427fe74c4e5b69c416473b7b
SHA512a063e15a4f6cb954396df95a43fc7971e0249307c5b160e10c140fd94b68a84cd2b64f46e943d6e9238484c2b963a7b2d3259cff3421f736d46eefdb431e96b1
-
Filesize
152B
MD507a1250a1d69ac6ac9eb03475fa75e8a
SHA1e3de3e573a2a73e87cd6372e5d1915f74848e6d9
SHA256d95a79dd6d1b41eb7a00af865cbcc8672cb8ddf959c9dafddd436566faa3822e
SHA512e27e1737d3ffa3d6140d91585de0c8041169239fa63c1822f4c8085a43481c01932344e93991a511bce0972fa5681a71fb67129bac6ea7c273736f05858b7ac5
-
Filesize
152B
MD51db53baf44edd6b1bc2b7576e2f01e12
SHA1e35739fa87978775dcb3d8df5c8d2063631fa8df
SHA2560d73ba3eea4c552ce3ffa767e4cd5fff4e459e543756987ab5d55f1e6d963f48
SHA51284f544858803ac14bac962d2df1dbc7ed6e1134ecf16d242d7ee7316648b56b5bc095241363837bf0bf0afd16ca7deebe7afb7d40057604acbf09821fd5a9912
-
Filesize
152B
MD51db53baf44edd6b1bc2b7576e2f01e12
SHA1e35739fa87978775dcb3d8df5c8d2063631fa8df
SHA2560d73ba3eea4c552ce3ffa767e4cd5fff4e459e543756987ab5d55f1e6d963f48
SHA51284f544858803ac14bac962d2df1dbc7ed6e1134ecf16d242d7ee7316648b56b5bc095241363837bf0bf0afd16ca7deebe7afb7d40057604acbf09821fd5a9912
-
Filesize
152B
MD51db53baf44edd6b1bc2b7576e2f01e12
SHA1e35739fa87978775dcb3d8df5c8d2063631fa8df
SHA2560d73ba3eea4c552ce3ffa767e4cd5fff4e459e543756987ab5d55f1e6d963f48
SHA51284f544858803ac14bac962d2df1dbc7ed6e1134ecf16d242d7ee7316648b56b5bc095241363837bf0bf0afd16ca7deebe7afb7d40057604acbf09821fd5a9912
-
Filesize
152B
MD59f961d0ae3fbf352340687666c4f9caa
SHA1efd4eb21a2bed899c9cc8640fd89621b6d8bdcfd
SHA25605e5ad7fa3b3d4e557ead3bfb13328d0613abc034597bd98a5422041acb0236f
SHA512236266306781fba9098f642ab94e3f47605eaaf2a534ae314a26a6c1d490a578dbdf7ad184469689231358ed417c6edf43e5bba490d6b7aef65203bc19ff2b11
-
Filesize
152B
MD539aba4310d57ae91ee21382aeab3b6d7
SHA133af28842fd9810e5f34e7582a87a4f461fe5d87
SHA25624c8a5b69ea8104bba774ce2edc79566decacd513aee293a981e2cba4b4a517a
SHA512f257a0d995659d2e6a764277e810a10351ffabf1bce4bdcf1d4ff249a4ace697da9f977f5441e72a297c14c222e9eb5e2a6505876f62ab6342486ffe9f1a2768
-
Filesize
152B
MD51db53baf44edd6b1bc2b7576e2f01e12
SHA1e35739fa87978775dcb3d8df5c8d2063631fa8df
SHA2560d73ba3eea4c552ce3ffa767e4cd5fff4e459e543756987ab5d55f1e6d963f48
SHA51284f544858803ac14bac962d2df1dbc7ed6e1134ecf16d242d7ee7316648b56b5bc095241363837bf0bf0afd16ca7deebe7afb7d40057604acbf09821fd5a9912
-
Filesize
152B
MD5f0d6ade314a9608bb7d654c5c39ff364
SHA19d4804c0099a248b0de93d9259a82569c269890e
SHA25668d4d36b9eeaf6ae27554cd7477ceda63b31300f5aa480153c881d096ea547b0
SHA512d71594778efca52be817138ad3df7c432fab9f97e2ad5041c7120a29919fea9e73932da3e5b94f13906fd9ec4509077d76e8a9e071fe46aeb6cab15cd1f9dcca
-
Filesize
152B
MD56137c2c472f24cc8c4192697350642a4
SHA12f16311487e67559548e5a44f21b4c20affebacb
SHA256469b03395742b09c20c943838ce17c2eef91132fe7af2f3f7f232523b5519a5b
SHA512bc774c5dd7ebc1d3c6d84b840d19f06155e1350dd6cd5f2aaa844acc8aef9ed4f16509be7a36024f3bf36b65d95c07d452653ce052894d738f4b868648bb2d39
-
Filesize
152B
MD57fbe993f1a5ad6df4b2b83ea40171b84
SHA1c76778d0756affa0073eb8a6cbb56ab042d4c336
SHA256669da50fac8ca77f023d9db38c46dfd5c61ad7cbc0ed36ac870b6d872b411a44
SHA51231d37f0e016af0b6e7402d5657034e21ff8a15cd4d447a78bef42e28957222eed069060ddc1cd541ad9e107e70a3eb983727eca9be5a1ff296c362224e72b35d
-
Filesize
152B
MD5299b62aca8081c2e241aa4190b12f4eb
SHA19627f96d8420615cf2098a49d33d69788f2f10f3
SHA2560ccc8ebd45b43677593ccbe359d3d19ae7b33e77f0d53f0cf37aeefe60b55892
SHA512d144d4eda8689e077f7bad4bcfb41f1dc46e2807c794cfee8ce8b9ab2e34e125da0be2f021df31bc730f2690b4cb3a4c78db91b13c2bc46b44a71f47e81ef16d
-
Filesize
152B
MD5a3ffd83d3a804aa5a2330640bc6dbe93
SHA1353acd3d2888ef43af9f012405d3d2dca6ed8904
SHA2569989daf4e0f468422f83ea44fc00f0f94502e6a1b9a4e1a9f771c739c774416e
SHA512fd9ed8c3ee7c9b0125b727a953d3156c10d5d07a97fcc385c414c19d0562b62c88b6fbb2271e25ecba1af125d181274977440f77caa8fee769dfbc9f7a46b94b
-
Filesize
152B
MD56137c2c472f24cc8c4192697350642a4
SHA12f16311487e67559548e5a44f21b4c20affebacb
SHA256469b03395742b09c20c943838ce17c2eef91132fe7af2f3f7f232523b5519a5b
SHA512bc774c5dd7ebc1d3c6d84b840d19f06155e1350dd6cd5f2aaa844acc8aef9ed4f16509be7a36024f3bf36b65d95c07d452653ce052894d738f4b868648bb2d39
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3a96d494-9fe7-4aac-bd56-7c34b1a53904.tmp
Filesize1KB
MD53f505645e47224a7ec1914a0277847b9
SHA1e3d905e2a4965d218d530a2148136f7c3eafb96f
SHA256ae3860e3217bb98ffe5eafa36117eed508369961f8ea1f46742d67f37a9ed75f
SHA512b26128aec2ef52ed28809e6b30540647864a37a46fcaf5ec88134efa3621b75dfa5e2597d9fdef09f4b9494afd031c651d72f71ab6a7a4e4b5600cc2cad99c3f
-
Filesize
46KB
MD51bd3426c6d01c62864d56b3c74a528b1
SHA17b02283cc8d50a6d297ea927af2acd47c4ea2d37
SHA2565a25f440a329083618cef4cd62abcf96d0c02a7aaf5ce9bae12dcf0e7ac62452
SHA5125a0c10956b28379972240a1b6ba4156a8d516fe02d57eba7e9c0a04231755e66aeb73c103de70640b4e37f871f7246a012bb2c495ef1b15bd7be236a97fcdd59
-
Filesize
113KB
MD55424dc7f909c394054a2769d048e9616
SHA182767b08fb381891773fcd2e8a5d574862eb2dc2
SHA2567730aa9bcd418a015f4fc804fac94b7d2adac0b9967c805ba46bf0f7da0a2de7
SHA512f128b2519fcd34c772cf5203ed9783d428c819b3cafaa8c54b5d00842db7f6f2e1793ff9c9498650ea9606bab6ca365c8cc8f458d735b6e45b700b3eb880f28e
-
Filesize
55KB
MD565f86137eb294bda6f37f024f58a66af
SHA184655a2b2f24f265597a058329c32b5d214ac00a
SHA256ca93e93b088b3580f385a647084c19d55f8fcaffed04677ee2838f5bee0b8def
SHA5127a13feec90a0a5a54e9e5a91766db4dc07c24daf0b926189069896e765494e818b0d0531481b5006776a7b6e1883ff8d525f2260f8848dc08216a28d9814c372
-
Filesize
89KB
MD52b4509d8a869917bbc5ce10982956619
SHA1dc21bd40ed9b873779f855026f253bdd3322723d
SHA256397eddf44e1bf7e557b0b4f5173da95d8fd832b6f2f10d6e41c17dc539d5a822
SHA5122d0a54e85c7bbdd653b1557a3741d44b621876503d6e8b8cfd5fc6bd3047e28b9702dfb132474dd3981174d96f994b46083008a327646c8d16467e80da164bab
-
Filesize
292KB
MD5fe5a2893e794fde825f1f81ce58069d3
SHA1b6504426426485d7f101cc977821b90f887e81c9
SHA2566d34efaa549497cfaab006127b3a2972de32107f90bb546e5ab58f366263d66f
SHA512b82e91c199cff3fbf32f74ca6e308270a88df6b5c1ebea685fcda9e3b96a6f665fb40b1526f3af0f4585c0020a2ebb3f65e5483f664c50ed232a250f2e60b506
-
Filesize
208KB
MD5071bb289e3df2fbbc0934b4938205d4c
SHA180327009ae5a103558db5478590fc29b79b90aac
SHA256ade8067055df4334df200b438f8d96aac86c5b2a38f10787426fcf0d9c0bb764
SHA51254509a380e10cea0293133e7201e79c5bfdb749a14bf5a2013906f21e366a9fb33172539dd161f843958212d589140ac025c3574be5128d750619f7777196b99
-
Filesize
111KB
MD5806286a0f78d08247365c9cf31baa7fd
SHA15cec548406790001b9943cbec3ddfea5f9e4c9c6
SHA256828e6272304ef87e4c83ff8e0d3f116049b9c054933087311a684247c53ca424
SHA512e422fe3d1e9d34ad68d6437d72935b19a51dc219b6f444b074a02801d2dea79e0b6cf0c9fd478da4e618fc820770abbdf2a08a89aa052a3e89e29e0ee0e0d43b
-
Filesize
51KB
MD56ac2dfe90eb92f3e73f455336fb398d0
SHA128c6222c9adf5611aa0a9711aadce61b121f1e01
SHA2563c39fdff9ff023b20fcd57492ce73477638f794f92de4af613e3acd11489fc4e
SHA512b89edf1774589c8b01776e7e25cd462698b96bd8747f8dc4857c45ce4c218ed4ca6ac8aadba205a64fff2db66b5b2f596df6c9362974515df16134c329089c54
-
Filesize
31KB
MD5390a7cc327b3095071c65434a0d1245e
SHA1c50a7763572a3ac723034ba89a57ffbca95bcc95
SHA256498007bad4b6cb8564015a3b9013e251bdd75da590a1d500bcdbd9e745cee855
SHA512bbd49579099440ea4d8910b0a43bf31cdc85c02995f515478f45c90beeeea1017bd21daa3d7bec3a732ba71350a0f948cfe4359b44638b6c601e3db4ee91a25e
-
Filesize
17KB
MD56cfe2e4ba7043fb91b758708b56defb9
SHA1332c1ca81fcb7d9a03fbe7c0f6a01e3b27e01398
SHA256fa395c600360d559ee60c8e07b9567576379483cf9014c232f8ee38f4b00e2c0
SHA5127babf9882ae312053529e4bb26f9fd480145533ecee0b9bfef3b731ac97b4a22305efdf7170c207697894a67fbca9755a0356ee140b22a156ce93eee32dcb071
-
Filesize
36KB
MD53836e58f62aefa40e5e71ef0fa5c3381
SHA1537e2402e3feff628628a1c20d19af00e38eba3f
SHA25689c885fdbc8dde226dcac68c2592c5d017b01c9ee1d05c5b2d03d8bb67985b13
SHA5123df7b22c4869b0b5a21f6595a705a17a985b98901237d5c384a15565b7a2cd584d868f33b4105864970e6ce98efad7b52b731ccdb10306651ad1b1993d22a5cf
-
Filesize
19KB
MD5e7ca24dc3a47160c9af0d45e48f1f911
SHA1c689e79b895a18c9f1334d6eff56744ae22739b6
SHA256abb85c399c274734c689156024267ece39c2b96d82c752065c9a649a8abb4c42
SHA5121b6c6e386b8ae1202e7699b2a56c7573ef44661c7c4977b0a9e261c576066ec3c536ea94c7a4cbb5d70ebef2405ad71aa1e3a10c2a9340c69831db53e2fccabd
-
Filesize
41KB
MD5f5071447b2a40eb141c36b788c3a1922
SHA1f8794bbc451a868a0f9addf1599bc161cac52804
SHA2563282aea4cd07ab93cf17407cfe9c92315c86904cbd37e40d8922601c1167da06
SHA512b9c24dfe72477f935b85ed7f07902b15480cf6bcb4b978513421b1da414fbe0155dfecd6f2e5ecba1ad8f4ce3278db524ffdf5e609ac66d48572208b631dbaaf
-
Filesize
22KB
MD509800dff9a5770bdc368ae73ec89b229
SHA152864194fec1b7fa70ba6e8bda68f0d8f27b21d1
SHA256d981d06eaec00bf7feef2b5dc799c3b50332ee867b8048109d45cb6a97e52557
SHA5121b13a260a4e39b6f828784f0e8be9c2d0e22c6c1fc5b4bb53aeb4a1311f54dc1427b5a5a38656e7652bafd652aef59a70b0c4e81cad54c83f7547f0454c6d84a
-
Filesize
35KB
MD5d95e11ceb03f2345a320093cab78025e
SHA161a86a14316100b63da779f7e173849643e687f5
SHA256e51a46060665f507a73982f7aa0a4088fc5b371023c237fefa0a1d806b56f6b0
SHA51280bc373efe00d567e441ac8a4af23fffd4b682277b54c784a0b43908cd246b70e3afb975e716ff2fda0bc052eca45260cd2915fec5840f158350defe6f5270c2
-
Filesize
25KB
MD5d0263dc03be4c393a90bda733c57d6db
SHA18a032b6deab53a33234c735133b48518f8643b92
SHA25622b4df5c33045b645cafa45b04685f4752e471a2e933bff5bf14324d87deee12
SHA5129511bef269ae0797addf4cd6f2fec4ad0c4a4e06b3e5bf6138c7678a203022ac4818c7d446d154594504c947da3061030e82472d2708149c0709b1a070fdd0e3
-
Filesize
34KB
MD550674b9cd8d0d8036a019b5cca800e0a
SHA1a8e5ce6fd5adf000d1b79b5c457120dae503c93b
SHA256b30336589d1bed274c654dd538474d6e1717250752079ef3992549eea2cee844
SHA5126c68b543f5e57bfe6c9da9aeef56448542aeafb03c2551da344fc056b1f27861e6db70189e48b5d29890e342246e58ac92c123200bf3ba2b16abf8b3b6b8fbff
-
Filesize
59KB
MD545a8e1f0928d9b3c781473490e3952e0
SHA18075d1c01d7a5811dbc8db6e5a66ace72580c362
SHA256fc8f6b5a4fe93401e52955c1968e843a5cc60c47e304852a291e9f31b022f3e8
SHA5129cf27c1ecca4e8a5fad7e9c17a644b19b46ea46a3af7dfb92605c6fed7c9589b2542d4add1dbc455d77ae204b1e2817b62129267214865f367270aa4e37c0ecc
-
Filesize
175KB
MD57107c752f3901d95bdc4e9d46ac2b6d8
SHA1747a0d933dc2ef38a98fa11a44ba661ec6a5eae3
SHA256c4a5ecaf090da5f8115afcf0d4b723810054ecf3de31acc5ea6d48f9eb2d4111
SHA51271d4ff3fa6c9a902b299302109d034d4610ac8a31ace170f09a3f66bd0d1259c41361fc29f2205fec6eb49995ffc73563399a6ccc536b8412bf1064485caabd2
-
Filesize
17KB
MD57916a894ebde7d29c2cc29b267f1299f
SHA178345ca08f9e2c3c2cc9b318950791b349211296
SHA256d8f5ab3e00202fd3b45be1acd95d677b137064001e171bc79b06826d98f1e1d3
SHA5122180abe47fbf76e2e0608ab3a4659c1b7ab027004298d81960dc575cc2e912ecca8c131c6413ebbf46d2aaa90e392eb00e37aed7a79cdc0ac71ba78d828a84c7
-
Filesize
159KB
MD578450fe21afa3391dc4dc62d5f1e09f2
SHA18aed39e81b26f10dd32c5b131eb7493d6d41b06a
SHA2564903f015531ad7a745aa8c5155780c51adba6e0f671607c3fa1447795f33b794
SHA51246db3beebdbfc0ae2b4e6d8f015e0f122851cf57662d5f445e2c4cd4f7ca2097690a610247e08f789685411d75b018cc35bc0a679b4dcf9e68c9fa164f347256
-
Filesize
165KB
MD534049e45a502035c1ee78f0b0967588e
SHA1dd604c54963f4ae0cb4cc1c6890b66822a6d7b82
SHA256a84c114bbb185448de945b27fca0b6ee207f4801505e3046f35db050f4720eaf
SHA51207b046af74583dc5ccb2dd1a636042b36dd4ee50aa6e7a3871cc26bec7aee823dcb2ef8bae3f465a374b04ae92b8cfb90f41ad3a76a0d2db1b6ca764d8eb204c
-
Filesize
142KB
MD5d6af9aa9348fe1ca41ffd089360113dd
SHA1a28df62210b5b6ee33a878cd83599a192e79a21f
SHA2565f9867bf603cfb0cc88416567bac162b4d8bf1eb9553291521161ed959bd84c5
SHA51247e02059184e145720f571d2a8ffe2567eb51ed9a29d0c6a4f309381ef61741922b023df8b4277f0a4a50a00feb75fe66795539d96a83d1883b10e36468e75ed
-
Filesize
79KB
MD5e51f388b62281af5b4a9193cce419941
SHA1364f3d737462b7fd063107fe2c580fdb9781a45a
SHA256348404a68791474349e35bd7d1980abcbf06db85132286e45ad4f204d10b5f2c
SHA5121755816c26d013d7b610bab515200b0f1f2bd2be0c4a8a099c3f8aff2d898882fd3bcf1163d0378916f4c5c24222df5dd7b18df0c8e5bf2a0ebef891215f148e
-
Filesize
43KB
MD5820f40594a0e8d5f9d58546208aa9060
SHA1e17ed5116a34c432013a244c979ac9da53829d74
SHA256f8f708049e1e1609af3959cd21eaf313c8192d3e962887a7a2e1f9b353d3fc80
SHA51295879b255a90ccdc41c8696bf7aa05796db56528fc4be78f2d13eb2233740ac8cf0f92bdeaa169ebc5c745f3e76ee9fc67d2626160b9e01c5f5a19b8cbea605f
-
Filesize
293B
MD57e684dbc882cb8bb50e708ee9844958a
SHA1edb05f8d4074dc1ae1528514336d4cb777959da5
SHA2566438d9adc650c007de5bf50d522f3cc4ae019e8e174b72b8d4684d58c3cd799d
SHA5120be5e7bfff051863243481a5933322fc65902b7ca9940a8127cafc547d428748c0e2537130fac3509e421a66409277fb8d1d4c29ae691608b8af55b46053a344
-
Filesize
194KB
MD5c478863db197bd4c2b55ff49afdef896
SHA152b5a61339ba0df182a9c936585132b53d0b78cb
SHA256e634c3b7899b6a44210b38233f31a2c3c3a4621fd9ef29dfb31ef02dfb9ae695
SHA512ce0cf814a100a0a6970037b44bcfa61ee32efb212cc2cf5a22cdba3cbdcb106b03459152230ab895802f54569b3ac0ba3fccade7cc1bbbd537cc406073d17280
-
Filesize
248B
MD5411280007b5c4f811d8e59de7762e890
SHA1213030f93df78083a90157b8e1cf59bb4baf4fcf
SHA2560ce139ceee3946973c5a2831aa77e6e0750468162a03e9e1dbb313d197eb1d97
SHA5120e83bc8c2dd66f7757f4d1de89c88f84df38508b2a3af94df80167e9cb08c8498d2b8715ee4edb11fe2ac306779513556a8b70108ed49889bf75bbcceae2f5d8
-
Filesize
17KB
MD58ac05cd7937b42862dd19e5657363d7b
SHA15fefc0fbabe213fa6789f5c01dfa28b3cc47e403
SHA256d921fe012a35d6eb8a769a004a542cc44ffae2a8d9e94e9c93d8bfd18199eb18
SHA51282deecb80a1fc418bcc1861f9c9094211667ad6cb9ad375a8cff03afd56c3f919f16a6735ca6a7e91979f8fa4f4e19e483d2286c3f911ec90c9fc96a92d76c27
-
Filesize
137KB
MD52a1704774e644d7df1d0e1e1f018e222
SHA175aa8118bd35588acf828c7a25874a31380c541d
SHA25676e512625cac62934b8ddab45cf4e45753b30116ef11d8716fcc4362a8b17b30
SHA5120e7f34e2a9a539efcd12ed78c382aa02564ab30ea478448999bc2bb1973d3a8a85a544c8e22bacd94e4e11e8415c7288e43751ce81644f302d23f90aa956c2b6
-
Filesize
29KB
MD5ae5dbf5f44d10ffbcf495270b83117e3
SHA15cd6e86b1e3fe970ffd45f3400495be75137e388
SHA25606dc9f22a9b0c2be49e643c733ac5016867717ff81910c8394f904405da37479
SHA512e7210b2e1c0cbd9a4976a52c9c9923399d037f80b31a913f077bd730a00b6117f6d066a608e5f680c60a2bfc5d29fa35df535289e54f752ca4f56bd639d7460d
-
Filesize
29KB
MD5b3f5786a00b7f94ef7f91b2e901e8af1
SHA1ba3c035f547356f531c4a152f3b8740e3e3dff0c
SHA256a5c1078ba3c5668d69e9ffedfaa44e30afeb16a69529221cdfa05468bb10ea4d
SHA5126216ef3f90f7dc6ff5569d286c6e8aa6593ca5885d7ae15c91d06ee6b4a52d5cc06a7a2e591211dbea2c7c644db1abb0ecf1aa3f75fc0813cea0247c8d406d31
-
Filesize
67KB
MD5c622706590c243c48ec22e5bbe9e951e
SHA17b0c3c261be5e0842c968871a18deae22617f1ca
SHA25678eec40efc93099bca0bfbb6d327c495b221ac63e7bf70bc98c10fa781ff1664
SHA5127158278ac175e181820c70a14aedff491c4110a519e75d21aac669f6376b7d9245b353218284808545591390b4e5a63fb978a5c1c833cf555ffecfca0066f265
-
Filesize
7KB
MD5845ae1d8d734332e4299f4ae586a9078
SHA130f8a3f163d923c54fc0f01c7a66c66cbbba3dfd
SHA25603ca817e181cba4e4ce0d906ab789717511a8d9e1f52bf822e8fd97c840fcba9
SHA5128cfbefa85e45b9d996e737e5257c38d21011adc8f0fde7310a4cd2679a6b51b9eb806cde70082e76635ed6abcb263ecc93ba24b774613c5511aecef6d4652931
-
Filesize
334B
MD510404c02334c53fdc802c35bd7889f9c
SHA1107967394e20621e313839ba327853f726dd96cf
SHA256c1305d1aa537494cbbf87423cd2c42885f7862b0acd70f8ab2d941e2a992a87a
SHA5123d5dd345a0bad41b549386f68131a18711df51c591070bb3f407cefda786914c56a1c6b9717e218b08e573c0c94906d0069622e141416193d862d7cf97b48353
-
Filesize
334B
MD54a9c21c4b336e1e2537ea665f0e17c98
SHA1f0620a09d94d6c7a627894d95ba0092b4af18192
SHA25666087e659e87fd3f0e6ba78b89f219f5f7c84b632538daef08312b40fbf98c7f
SHA512efc4c1b94dc9b680910c29ae2c4cf0df08bfa01ad7183d98efad7cbb4c005ecb478acf6d82427ba0e762ad0daa4449f67a27773c1c54e50191800688b32e346a
-
Filesize
311B
MD534181a60b61029ef5a5152158a959e25
SHA1bdcb6ceae69248cf3b3ac570364a3d1f308e5334
SHA2568568362f42686b7b3ef0d49f89fe8883fac822103fa6b76665548a7bc72d04c9
SHA512be2276bcb8bb727aec405ae62ca9c5a56a629b2a64d5292b94a2aedc929bc28b764df452428bcfa518cb36f2121fdbfff71027adda689eea12a378af804e28dd
-
Filesize
358KB
MD5098d3f0b64435abe193fdbc99ae7a03c
SHA1ad261c95b4ce2043592bb0db89eb14ed498f4e67
SHA2561cf7f38dc59f79b2f39dc85b202974ffb0221759ce27aae424878603fa1287e1
SHA512c386ed3c338368e7e3ca4575c35e036d26e216fdea466b5b7ce0ce1d7769bc90739b8945b43b382b7b44e0c48d2824d3c0a2c15da94b8fa1d31784cb21aa4871
-
Filesize
270B
MD5955b01e8812298535b8b8b3e05a7339c
SHA16ceb51094605fc3122a9154114e0148ee0e5d968
SHA2566eff5933bcec4e7a67298d8f20813ebea3ee911daa5ee752ba349191f9952ac7
SHA51270fa38fc9418174e0e4d36daa70d146c6f6dee1ffa5e3b170309a81eb2bd0e006c3a8c3658a1e21f9be5ff2bf9d3948d8336619910877d6e22eab914ff6ffa8e
-
Filesize
181KB
MD5458f0ea55d1ae7425badd1475b73ca12
SHA1243aa1fe9ce5b660de220cb4573e50c33ec0b57d
SHA25696b12618f90bbf260182d5849265846665634813bcc1ff69ec70a056e2f12dc5
SHA5122d73455f9d3a9a67fa81c96f9ef037a75ee6c5cbc3c6d9f693356334395ea430f49554bf1b0a4df1ec2066f4c8780d985f8a44f8730601fc2147eb9dd14f1bf9
-
Filesize
31KB
MD5940c3592ff1279fd49187d918517664c
SHA19108876cfa0a66d307a210f7ef630725d47343ef
SHA2565cb2b3067b35c45a9f79eedacaf1eb4b2d958b4570d7f54dce058b2208685759
SHA512c9cb2a87c249a91be0c25f7bc9615018fc3abd5f3de2e28d57f62f2cf306f63926437f18a3cdcf63c66fb599f1e6f40aba279d72966f672ec345d5ef75bd621a
-
Filesize
11KB
MD587670ccfe2d6d336a0f9edbe752f8eb4
SHA1db389087e5c9e459a2bf123a6d8576d1c418af0f
SHA256646fda368a96862fd9ffacca2db477e57b263dc441f089579f36c2892e90cd43
SHA512ca361901f451f89bedb34adb9e4826b52b90434239bac1bc8f604801244329dcf32e27465980bec6e4a23e612c15f6b67620560ce4c757ac830182ad10093d52
-
Filesize
228KB
MD5c4a4f076de9a0a1a4e098577ce795271
SHA1eb2e3e09e99a4c97675e1401ffbb78dcacbadef7
SHA256f76251167f39c726dbb6516e863004561c5d3e77eb70cafed68b1072224eb7f8
SHA512209d3de2e0f372792035c295259f9e4c17dcae5f58fe330643b05ff5b506198c1c274f44f692be5e78ac655287fafff71329a73eab68bf840a4896405092b82e
-
Filesize
383KB
MD5cb88a460d52b260fea351cd74fde9005
SHA1d416e03988e15cbfce59cef435176c193a210221
SHA256c2d498ba629c2a392ec88c68e81fa1e1123a4733569de105c5839da1322fe21f
SHA51211e138008413aad38d9ae7df43eb7e8c97c992650e5bd774810ad88a7b9be3c1180959a4df090af01a58b1b87e8759a5211287a040040ac4630a57079565bf6d
-
Filesize
181KB
MD543b60ecb5ca05243ddc88d5ae53db68e
SHA156a5bc97100730dc2eeb6ab6c3d5d1c0c8d43e16
SHA256b0af5cc325fdf585d872809a8f96d803457f4790272533d65826506e5ba6e30c
SHA5121332dea3a3681aa84256ecb16a4ad0502e0951e96a92d60b6412f8ee986033f732f9893150274f872aef7724029522e17a2b660368165b01bf52bf09a48f980f
-
Filesize
67KB
MD548bd9a9491654de466f69cd256d4f897
SHA1878eea0668707f07e28b66fc009acd5cd44742cb
SHA256546ceed364bfd883fda5610c6a2875c89abb379bf8128118fd3397ccbab7cbc4
SHA512a26232ac9f0679cd3a0034975e4cb4c09e296e03e9c5693c1057875e8e2fce3af5cb7231e5348be0d9380d925f8a3c0d7139131b4c324cbbf06c15ddb795cc6a
-
Filesize
231KB
MD596429664fe8d9fd0281d87732a386e9c
SHA19ab299bcecc7b674ec5204450034a5385213f1dc
SHA2563e6e834efdd99bdc68beba47f3513e284b0c04d224ef7a1acaf0fdebd429a3a5
SHA5123180a1930c4513dddfc3a6fd535b68b9bf029d0a3d32f4d15ec2f7de70a23bbdc485dd97b7e81c4179cd89a17c818910b997e345e8bf79aaf164588453cfd2ed
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD5e149253b908d9128cc20e9e9b7a77a96
SHA1ea114350c819ca63e29e2cb226e1aad165297992
SHA256a4182f491dc441c1d1cc754470911b04c840b731d27d80b4fea2cc5639f388cb
SHA51274e5cc4c1720a5def1cb198b62b52f0361c7c4b6103c586769b35a7e97eab5234e3556db74afd71bcbfa2c68af584d600fa5e1436eeb0b2bc7554a485c20c5f9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD59b0ed59a49bb63ec65f4b4c29da6a5cc
SHA1f064d9d515e0a5af67cbcf968aa94a2329991383
SHA2568744bffb8fa918b717b183a25dbda7eecbc5037716446709854004cf99fdd60c
SHA512aae05108aa055405372dcd5fc15462584fb751b69094d1e17893bd099d74478cd9337e567a6955a33b7b52ea3f4b85102cbb02f51c7e1e34c691fd884b889d5e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD5f3e0ffcdb9b444d3de828e9db8e285f5
SHA1967b8086aa4ad46e66db633f1ae80c1581c2a5b6
SHA256a84915cfd657ae72a44e6a8c52b06af00d26f285178a56b9d33a3c6b4b31ed02
SHA5121545e6656fc02e4c7ee771d5a2596689c1e38889355448e0f35338c7456b3c2867b436fa5b23a38e10dbff4ccffa405b107d39b952b7184c1f1d5463f3ec0a4d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5b0ed1.TMP
Filesize2KB
MD5af5015617ebdd2bba9f152ddd7aa38ef
SHA1f78f044bb4ae9262712f9e0db09318ad341703bb
SHA256952a6b9731cf12aef929d52f6a298075bbf87dc4ffb72310dcb3545d76bab03d
SHA512aa41ab9dc9725167844f11869c5066b129ff0680da9870306eada6ee5439e63076209afc3e81c1dedb85eb2b5b93467bc05c40a2b56d70c20636bccf33bf9dab
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5d6777.TMP
Filesize2KB
MD5b2838a64827bf488eaeb2d1cca2ed948
SHA1234930a79bc21eed76e53f1749c9944579ed145b
SHA25629789a6fa68d3459df0cd7d23e41d3a5a8ba344b9804714793ecd9f153dce37f
SHA51241366cc4f67289a34b51995df50ea083c6ad9fc94964bf24c6c2a02f520d4b6143f59d382e6452a01454a84f60b3454cb1b4c3daaa6f16fbddad90e60a118584
-
Filesize
70KB
MD5e5e3377341056643b0494b6842c0b544
SHA1d53fd8e256ec9d5cef8ef5387872e544a2df9108
SHA256e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25
SHA51283f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef
-
Filesize
2KB
MD51ad7b38fb845bd65bdbdd90cc055e594
SHA1cf21a49e8cd089004612fc199ad612fd61f06f07
SHA25612e3b8ea7f99fa99895ce1c0a78403bea6c7f5db7234935f1c82583d6cd42f3d
SHA512568480259db28f0ef32d18e82584abaec11258fd3708f6ae44ecd4628c0fa8929694120a0d496c3c2bcc69dcba15eeaf7a5c5f76933176c7e5e5cec050564fb0
-
Filesize
3KB
MD57f3e484caf558fbefa45428205ce4152
SHA13d52c220287660b98726e8adaef8a5915f635cbd
SHA2564077433ca225664da160d1224e0846c8dde451624713f0927fc79404477a8644
SHA51260eb1db689b2a3e1cb0ddc4d4cdf719bdadb42e41c1fdc674e08cf76db72a5f52b021a447fafe4a6526c8bf10e51386dc4f3e655cafc9ba61b2912753763c631
-
Filesize
1KB
MD51480bc973439edde53996d4441c4a35d
SHA1e3d9d7badd2747e98590db1b7e91184fb53dffec
SHA256006370f150d09ead432c2601e8fb4eeb8b5fca76e1745a6964012513c3045855
SHA512de4f8c5250d6c17c114b75ce7547f2b691e2ece7013d81ba46686f067ef6ce9f281d3b6dd09d4e9fedba2132d97f149d9e6c6723af4d9acf7dbf17ce2dc33195
-
Filesize
3KB
MD5b08794290caf6eade968b9eae14cd0e3
SHA12205905a62b9752b0863ca466d0fad1252e4ab96
SHA2562fc879100aae19a2ad69a136ccece94b579bd175f214a8855a92635e620dc600
SHA512abe757f6651b4cefb0b96b647c9ac5b4c7b939df9a22c09d8380d1a8f6138f8b1310f7a5fad0cdc503747379562a646de509e9ac8b0ada58aade48d186968e57
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
2KB
MD58b2470519fa00838e2f4c0592f4f9e54
SHA1240fc66519946133aab4a4543b7867029fc589c1
SHA256872acc3c519a808a551c618c6458e10ec8a704e96f72370e2b63fb0216f8c9fa
SHA51220f9efe74c6bc2943b7071d0fdea3f7b0d9df10f5626b368f1d565b6d42d287b301bd7eb9f97e880694818b69cc8888351a7dee6722871908cfe6c099541f349
-
Filesize
9KB
MD53519b9ddfa4c5736b2049c5b472d6b49
SHA16b0cf6f6c2cacd87d1d67a95c1b6bc66f74dd829
SHA256c5e9a00bceb5888ef3aded3031f54630a0f1766f20805cb6166633eb5f536e70
SHA5126af07c24ed8fb72f59c872ad65f262e0b90842f7b5ffcb45c9b8aa3f8b747b482473e8a994537944267e5e03125bbeb6018aeccd113e715901fab2e0b451dd9c
-
Filesize
9KB
MD5cc6536eeee616b0b6c992b9b42fc11a6
SHA19099ef71303522b128727f1e51dba3ad1e919c43
SHA25681e944a3a2d7797c385852448fd4b3e6b236a39bf46a24bb2463b01991ccc418
SHA512980a6536fad2e9efba286a6e8f04e928754b67801375c153d304bd94f5e7848382ba42eea0fee461453e8d73112e6cf520a9e176a0472666cb30612d75f61aca
-
Filesize
9KB
MD5deb5d42bacc919d0ffce67de5b21908f
SHA18b26ee588b58682e3475abfc60f2f50c2a41f94e
SHA25674fa85d0be56a10c2d94711b9230f8a3c92ddabcc18b9416a78efdafcceb46b4
SHA51281b45405cb93a9e2645a2aad4a59022b3338edea8ae9fcea52d056b0e9a9ed53ff3b9b86d3e985c9f8316d6bff05023d907a149dcd0f2d681b86e964ac316b69
-
Filesize
9KB
MD51508a44c3862d47586797cae15a1244c
SHA19164c68ea565c4019b478092f388d34e7c350880
SHA2562bc9f8efe2ccdd104fb2cd1bc96b9fa6dbd74eb56762d491da2976f0752a3a30
SHA5125f5a1500b09c3fbdff1275e79d1db186f4c918201abdcbd16086c5d28061a439331b432722e0a1e7ba9cc0d6155567a26f3716bc722142ff3eb400e916e0fe1d
-
Filesize
9KB
MD54137888f107bf68876842c7761edf0d3
SHA18ca2d9d8c1d701d5fd80c7f2fba925e38e1d4421
SHA256397b43b324e647538f42c22a08cc6f3be011f179d38312ecb8e924939f145ab1
SHA51266671b4ecd7c59d0ff98dccaaed208254bc9df8e7b130f2a0451e6c760886d04505bc50a3eb4d1d759d9623a844614a30fe327d4aec2c9e371815b4e842b3501
-
Filesize
7KB
MD59e929b262641b0c493e16a8703cf7dc5
SHA110570bceced3b23ff9e24c6f6d5372115f7124ae
SHA2566d29db682d636ce37c1a6a74feb423090e186787930b1e11229da1ccc0ee0c60
SHA5120bb4366ad2c69e75f28dd558cde30c7066553e622d2c8c6afcff6e276e0af1c8641f027928fe8f9f52a5449cf620c8383c3b626caf50fd7ccc7e93fb96feac4e
-
Filesize
7KB
MD5f84c7192d8f96154eaa75f1c7af4cc4e
SHA1acea9f401dd32d143751d1295707e9f04cd57d9c
SHA25653973ba560978d83b2326b0630cdd7e6b31a8726f598b8b8f36a6a33401e4249
SHA5121b1845a80ad799d59766932f2e9472d5f3b936c4adb906297c164610dffbd39579c0206a5834ca83c78d55ed6250ad12f66b4e2ad40a0a41420b776b1902936e
-
Filesize
8KB
MD5ad4f96f9a050b8e9c3aa70533c5b745f
SHA1ad8a5766224201e5a0198d7232e90126cbcdeccf
SHA2568020e82eb40cf1acc5f67206b570d72cd10a1ff8051cd93a874bf3f0cbdbc2d7
SHA5124011ca1114cda76c4c507d2ed18da0428b55b38249ea727b2a5557317a41f584e9bcd1232acf979e4345435ee95370e3b52b8a2fed37696d48aa958c4051822e
-
Filesize
8KB
MD5a800e259cec7bb088c030a2b9ddd7865
SHA14e199947a0a505a2836a20f91f5d6b39faba9e4f
SHA2566d14e4375b3b4d86679f124c8547c13523d4cebfaa8d4edf9eb4ed25da9828b0
SHA5124ab1dd87b8e59abb57fd3e6294f7aa11b2d2c8199819dbbc3bad4ce48b79fbadcd162c6172b44870ea68221c959d3a1f0e982290cc02650a9462d39604ca915b
-
Filesize
8KB
MD51ff00264f9a6c63d11f77f6178fa179f
SHA10c5ea35667fb5417154d0c0435e93e9ff968ed31
SHA256f2a368187e9f5282e4a1a2d138c5e8e55f0b7a0608f7df3fd2e4b487ff332e42
SHA5125cbcebd22b7b2e8d4242b2efffd922a3b29551345236749f00b617b508462ad65043cf37775357e49dc5fe904d3f0ae40740f7855f1c8f2d552c5b708c1a257c
-
Filesize
8KB
MD5ae4bd8fc6975f81df580b9cbcbaab1b7
SHA1f8b0db4c4673b1c06e40f3770d9e50e364d1c3cb
SHA2563d593d6e86a0ce093ff3550beb7b08bd2c3984d12c90ef8b1ff2cd2eb8efd889
SHA512f1dcd30587665c6d8314de9e16748203acdfa6dfe5d95f3cffddfbf745e5b505283adf480b9ee8862fc6a287dd33c3b7160c8b240a82d1f477c6a79b2e6a4a2d
-
Filesize
8KB
MD55f05ef8d0469338a81eba227dbcd3a71
SHA1ee9d8a1d28f76ca2d2ec9eeabebf6d06aefcd274
SHA25606402b48a18bfb3056778160d8eaa88eb3ec4bc28c449dc842853ea7bdb6162f
SHA512eb1e786ba63b60b60de68fb0356dfae45445fe9a8a6824297736b1468100dbe3271d61a68a28f0330ccefddcb69b7a7147e254ff2ba58f379de4c5472ecc73e8
-
Filesize
5KB
MD57670e228f5fbb34e3b23d0344a691476
SHA1e77aa21c8506123ff1320d303ae1514853b3bc07
SHA256d6625013df8a99cd2d0083f9035c806cf856f8cfb4df2d51986892c00dd39022
SHA51233a906ce5cba4783c967c816073b7a879d8681682efeb0541a327db29e125cd62992eb921c9583bb1d0a8ae5cac6c4d81343a8cb2b6b07f4760987bf4f4050a7
-
Filesize
7KB
MD56608b39ae4f51dd7e840210669578a4a
SHA1b5743ff0d9bda86781003f72d1454ea161790994
SHA256b44d5aa78cb35563e23b52a01f54f0fb306b1b1bb321f3076e75e8eb7866446e
SHA512eb4225cdedf7d4808bb074c4086a41f2a0ed04fbc5427a1a0ee1d07f8cb062386bfb09569361b0ea56f23881083900a322709619ec70753ab7632a294d5d74b4
-
Filesize
8KB
MD50035a873bcffd1837731f362c07d7fc4
SHA1008fbef808596d203ecbd8a4a952426ae335d615
SHA256f3bd7846276483a2e17f03234a0f0d6e47203fcc8aa42801d9eaa693cda079e9
SHA512635e724496b6311d880c229b95cb240f671c776b05a3e4cfe9ed35e9e51e1b54afd53bca6ef54d4a8cd140ee2c8cf2c2b2f47fb8408841d8d1171e5dad27da5e
-
Filesize
8KB
MD5249adefb6f820ea0f7949cf4cd1632f4
SHA1ec96e5dfb39a1f69d595e8dd36d8a95f3e5184fa
SHA2564f55da2bbfa97aafc87efffa0db04aff5b704c8e64602c732e505e7409dcfab3
SHA512635b80c49b4fc618309f21c9822e4f6d9921a1bb9cd39d5a29a81d390058b681410f0448ee262db1fc9fe2bc74dcf21ca9897b0cfa56314ec05e2746b5b81fc4
-
Filesize
8KB
MD5b0166141123f33999275ae8d75b7d8ab
SHA16a100a231ca22b4ffd194f39f4cd09a343c2a416
SHA256fc82de5bede33735bbe899ebe1cc74a62e30e72c08a22d15f3dc7d788cf19082
SHA5129597f445c4b587550cbddc5621be5fca01588edf3762dcd96a90268f0cc0c66866151f1efac28f772f54ae35e61a23713012fc678c95fc667e47c6ad2dbcc411
-
Filesize
8KB
MD56cd74b78bc22705a787f379efbf3d6e0
SHA1c6712a90f06d421148f3a11945fb1d3453d32e1c
SHA256a62f611c5033835811677d072f9b88c590ad33d72a7e33b1e99b3db263a2ce74
SHA512f8a868d60bd3df82d2e7e54b0a4c1d930a5d79995b1487180d461c5faabd4f294588d3faa36f4dd4cff32e9aab6cecf9343249157b52492d4fea6fa45f164bf1
-
Filesize
8KB
MD5e72e8d3db05a971838f95d7f033317a9
SHA1f3ceaa5e3daf503c8112dae3e44dfa80f0ea6013
SHA256903caa0ba4e298ca2f1fb2c0a16b7f6aea708c410435c960316527b52d20cae9
SHA5128d8e75228b840196ea70c1bc1ed17e66d68522e75a908c6826d3e8d247886fc964f392ee81ac478f3f598620a645f0a74806ded99fece0d3cd91440920cd8022
-
Filesize
8KB
MD5e254af0cae351b829cf84efce684f023
SHA19b856a0a1540d191516f516ed01f48bb0e85e481
SHA2567416934b9990082ec34ae1bab1386e04f4714ec064f4af6b2fcd015a36f0e60d
SHA512fcfd41b5144e98262205c7c0f08dc15c0ffcb8010bd50e9ad05a2f67e51c4320e080e0247ed88da56f23654882edcfa0159d5e52422472aa12c7d8a7322ea037
-
Filesize
8KB
MD5850ef27ca47124209de4615fb2d53f01
SHA11a08cc64996aedc619f0d4f9fc583e20f8ddfb69
SHA256a732749ff21c69df22797207a24166f3f25d85724fbc868890f54d44fedc2c84
SHA512677c0d798010fb60e632ed9aa3989659584fc38d40244ff0c150a6b313ec669ba88dea3fff347962dcdbfb95a80bfbc35eb62a93047e40dbb21b3e0863f8fcf1
-
Filesize
8KB
MD5acaaa2d7b0519e3804cd7525074d8f53
SHA17239e404df7d45b852daae91d1fe99cbf1045922
SHA2566c95e52e8dde7496a14342b02b4c22cfdfe697782bb90e87531c1a37171d6162
SHA51263f7675544b23ef9808349cdd92379f025314b5da1d5378dbcb576937c3ceb118d02e5646ea5b04066cc21e48a4fe3cc432a9f6fde36c24395e4e4097e10d037
-
Filesize
9KB
MD54f351e29f1b9ed31482fd65b0cdf8687
SHA1778c31eec26b6d763a8fd8912d72f676141e674b
SHA2563f892b4278101f4d784f2067ad32bff9422b60ab7afdab43de257cb378955887
SHA5120207542e8b0104a9f85908b5fb24758927320485cd393cd44ac29cf7ed59faef911481c9e896962200b9258e7c68f2c48a9f40f7816595f8e472ff1984211b5f
-
Filesize
24KB
MD547e94a96372e6f095b8a3fd7edc48ec0
SHA1377b68f34e5964ca8be1b1b0c1507dd7f0e5f005
SHA25615c77bafd922bd085317fd544d0fa129e3b8c814e3ba0d48936366004427732e
SHA5125bd63de2e831805b723d7ddf1343c3b721ef5b757d9ab01bf8554ef8e29ac2cc09fa104fc85d530f27d66b67280774b3ebbef6729ea3ab61ce8028ab4ba5bdad
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize72B
MD563ccf38fbca937589d1bf0de0db88fd1
SHA1ad8cfa3d7ab919a8ab92e77eb1337ae471a8a0e1
SHA256e1107ad04e27c1a06964e2716b8a4286ad0276811d7f0dbfcd8d908f14b150cb
SHA5121bf869c05f45ebd537b550fbaf4d08c84beec40dcb99e4886d91fc68388d929bfb02aea335240e6be528f3d8d7cccbeac3c208d255080e421f3d73ef30c2558a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5d422c.TMP
Filesize48B
MD50f4464cbf9e97c95e2f198f362868305
SHA1d0d16a5069f5d42b0e7f082dced179ad95c0b49f
SHA256b9984be49a66a15cc4f976c89252468ec2be577bf55246fe7cd936c2cc55a8e1
SHA51293163bd15c33d682e200e62fcc3c9c695fb883251a4a3a76b6d61f7d60f982262e815decc34b45503142be610760b5210acccc55ba127e1ea8639934b2915242
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
622B
MD5d2bcd88d6f3e76dd030d3a2b24ef8c96
SHA1d566fcf431b5c43ca556740a459dbacb602c12d7
SHA2563e8ba712d9fde793698589ea1f5aa460c4c3e28dc2f1357e65f00fe5749a3569
SHA512624e9567dc153dadd6a8517ed061c5c5183b7970eeb3bb1c6d6e59a345ad66f57feb83959c536f2acd8de2c47d9115b9737445b26bab9751008b4a73f811d756
-
Filesize
3KB
MD59920977c41ba53ec2819d44808621d83
SHA1809370475dc37c9463b8cc1269ca1108d80ed1d4
SHA256a603630aba801e3cf80c3f12a8473869a2d32b62ac068e4a7dd686d67864eaec
SHA5124570fcecac80daf2ff0a747b7067f41983470a43abd8f1f759e1af97900aa0264a491a33ab030099799a893f96d76eabe3ecd6d05b07e18362a4e5863736bd9c
-
Filesize
3KB
MD592c0029ce670aaa86ca565f13c9f2f21
SHA199bc008c653ca57f51a0f5236123a365f7b96fe5
SHA256d87b76f9a30760276aff9c463d2373b1dc0246bd820cef81d95c9d91f1ca67ec
SHA512edc2a80fa48609664bdecad85fa93cf4e2f687107c44f1de4c5594e3ffc0f9a8b6786c5244b50101c658aebee60a2817824aa17495c6f368ea6c53a2225ad02a
-
Filesize
3KB
MD533f2cd36a9cb64c3420d4d08c5a1b223
SHA1338acf0eb1e10141d7b94c7c6badb4b2b081770b
SHA256c008e2fdb715db3cddab905a5bdc04ef5e2cc726e0e643eb5c9c1caedf0f01f1
SHA5125af4684658ea3f96a22e64589be9c07ec611c3c820974b906c6715954189513d7bf95eb688ba0d432dff33aa8ed6061ce747c62ee1b9d7fdd020e3a0af6c0d41
-
Filesize
3KB
MD5b04b683329711f550ac37bc3bd74ced0
SHA19628258aaabeef4c177b7479b3d6dbabdb2d98a5
SHA256bc72a763c3788caa2a022ccc26b0940879fbb827479782e1644b681be56c9879
SHA51290a1460aca90e6011512f37bf24b3b053a714cd51be6ab18304aae0ba720cf7b641230966a5f44cbc8afb1473879f8a29bf4ec41f642d9af31d8a1055511a765
-
Filesize
3KB
MD5708263888f150f1458aaaa5ce25e8425
SHA112c00d71d95c1bd2de4ef2aaded54d764fe62f18
SHA25675d3df144c57d8afe3680db80e1466948f86aa11d9808d0f0c16f184da5e3f89
SHA512940f8cf7c88662e97722bdacbdafc0c7448771f0fbe579fa3f5f55c0df79518a522a0c31324eb602c5ce8a0b11a4c7e78b265e3c08c6dd7a0e98c239390926bf
-
Filesize
3KB
MD5ba37e600a2b0eed4e3c075b2c70fd9f1
SHA1e3ed9642e53562a1cf529f922b74937818c99e3f
SHA2563796740a4f9fb1d6b1e8bde2c9e46b02149a73f2c8002d6428854c622e988f1a
SHA5126917de672f9af2b6cb4d6fb06d1c59544d2b9f91cd7477cdeed82b42e2e0b9eb9e46c36006f917761632eea005cf68cdc235784e3b2a38a0f5b8ca7a63584cc1
-
Filesize
3KB
MD54a1c445b1f18c792d754cced69a7e1e3
SHA14cd0b636e1e26ba994ec64c027a3c85d6bfd50ca
SHA25668fb220e969e9ad2cbbf8f17dbc115b2a791a4cda88809656aeb421d18bacd87
SHA51270e3fc680079ad653d77370e546f9db339fcfc75dd1f7f509282ce5d76c7e7548357e9eab642857c58e538a8e14422d45c80ff70e74128e2be131e2aac7dfb29
-
Filesize
3KB
MD5fa324fbce61e99706d0e610916874947
SHA1cc1a5ed10d0a7cc09d56465a73f8a4a34a0f0451
SHA2560b4e0cc29595325516cecf14f0d2b1a884e300c9ca1eade9e4e03f23d57cc3f5
SHA512be059b61cae39ebaea9b2874b405faf531d392fd1daecbdf4f133eca7f8c64cc6ae6b76ed248eb7964a3b8ddc575806df93712a4b5d7096881f6f437582349fd
-
Filesize
3KB
MD5cabba63caefd918609cb45cc471ed538
SHA12bc03a611f40ce8e2190540a9370f20ddf8523a9
SHA256dd3fa1dab9f347320892d8875e9a33f172b405d8755c6cefc7ba409f02251e48
SHA51214738e3e7bb48cf8f8468b29d4ac6dc09747e1cd4f4f5074e0543a8c4f6b0e5f0e12ee98d7b1407b33d6d8b7ed1fa71b32a4ff450841e4260c33d6ce1f771591
-
Filesize
1KB
MD5ac8e2db182bb65f0566ddfed731da224
SHA1b94f449c5eb2149fab29b7acaa03509ec9dbb60a
SHA25645cce3bfe0996f375c1e3eff8fd41318f672a62d5fddc4a37942b2123cfcdcdc
SHA5129b4c219c99ec1cc1bc993d0b9459241efc591ef34dd786807fd0403f9d25e40c3123373440abfdce4b64b1990baa2a0ff9baf2f6bb2fcf541e272b66d087b666
-
Filesize
1KB
MD5cc7726c09d042c615f64c50c474be8f6
SHA1b4cf1e6a5bbee0bd9e788e4ac17afb3c8df85da9
SHA256e939f5dc156f7a5d306def3f8d36a7356d282387edcefc8abf8e7f61d38cbe61
SHA5122725bce93089d649414e1956cb6d1e8b0dcae51142a7e4867bd12209bf70797b6df2126aee3a8a0aa9620ad3f0d9e9c0e0fa98cf255f8e6d6b5384db098b12b6
-
Filesize
2KB
MD50448305d5a0f383d9aef6273a8cc571c
SHA145b0e40a68fd7d4541c7a48160a8c4d5599227e9
SHA25616cf9f1fb55ed0bd977aa45fe70588bf23b092dde63d3ffd5ea9325478ab5946
SHA5126da4509e507d6357cf108c5393518d501c68871c71859916469d17536fb47b9c07661248cf109c897a6422b159e2d0d6a2c905e9899d3503bd50ce7ef21113c4
-
Filesize
2KB
MD5dfd8bfbc94578d019f6fa6ea90ebc3bf
SHA117834258cbeb05748ba37f0e7741ad8426395b34
SHA256a9395566badd0bb2360ce24b29b6e7ec35bcd7eebb8273d67fc95ad9b40e3f6c
SHA512eff859e5f2bce11f453b5e2f7f681e7e3c180a1db0f59b756e2ecd281da6a3057c4893e6597f953d6a11993b5b72d1d50742abb3a4f9fe7bfdf00bda1101686e
-
Filesize
2KB
MD5d6b8d6ef3db8b4679325697c1a97122f
SHA174b03de91781216539921d32ffe2174ac63ad517
SHA256e9963fa83f60e3cf461b004af2321a5174195a593459a28b57d2e3e03457e308
SHA5127c649168befbb72c58490fcd682255f8f8159fd32917afb6efd17f8999c848e57a0c035fd62e3484957f544d2593b58fe627bf237e75255bf897df9fb3e80e34
-
Filesize
3KB
MD5d6582be21c9ffc24ed8f249427fb4898
SHA1da2e0e3372bb6e6b13fe3d34a4504623ec6d03d4
SHA2563ddf9a3e6b0dca8949642a4af6dca56fdab88b64065fc6ebcd74f6a9554ac829
SHA512b2d2238b6fa44cf62d0e3b978f79e8c7dfcb627b77277bbf08e9a98edad29f3e513b7508feef5ee761d028d8564489820a08eccb644ae08b7bba06ffa662d4b3
-
Filesize
3KB
MD5d2b3b526a1dccfc97601faa511deed1a
SHA1ef20ac566508086861489cfe4b134ae963212fc3
SHA256d006ea8425b75b65dcc6927e64434a2afcce87d0c46e7c741564fe45a723798b
SHA512e9d4f138f9394aa3aeddeb703ba93be0bd8c046a7b03348bd5488b8e990bddb3c9b56cb84f3d7feae1328c8dfa3b0dd3e1be918494dc6247e2139c26e5520526
-
Filesize
3KB
MD5903b8b7b061b097c5e312a6f70a7f730
SHA1cfc0b05e4c3e5e6252c53cd10456312398d31d04
SHA25675fb063b01154afce7fc0e7f12e10bebbcbb087b48ca066c832c1fb6904cd8d9
SHA5120fca1a0de6e6764fe954f250cabfa3b70852eba9fcaf5215eef6a5ba1874e8af75a7d169a8d2d3e87fcf8cf1163689e413a775baf4f5da7609965df815690cfb
-
Filesize
3KB
MD5d09620231b9aec484544286e06ebb489
SHA113175e815d001cc6ca7f4c8b956231903bc7c59c
SHA25683fb9cb9f7e3ec47158f96fd9c4fc1138639de55e545795d97a8ed1b23a3ff24
SHA512fcc18d28cfbd803424d12f67251d2e08e9a90a5b3fc666f4385abfd4bb2a90ca776e076fa5e0cd4242ddc4d995a1e246367e9ddfebdc938a766c4c8632e3d957
-
Filesize
3KB
MD54816c47635cd7a9a025a768a9f957016
SHA13efaf8919091bfc863f3d9ab477bdd1faa399455
SHA2561e0c19e8a78bfd583770d420912112dea27a26aba094365a025232a5a250e350
SHA512477cfb1f2ea16a2911b9aca154050cea727b12150607693f4dfed97e6d45219852161989b3634e57d9b6820bb6215abe113ccc766fb5cc40c1ba487f90f6b4bc
-
Filesize
3KB
MD510323a93e4b48580db11f1106602c004
SHA169e1fe26af5dccceae20aa480b3c5299b495ffc6
SHA25697abc4ffcc41895b7d9f72cf10520dc7225af86f50f59b2bdf0b5d20caca80bc
SHA512466025b469a75628ee2e100b60e8fc683c5eb879785013ee44a1292c53ab10c81aa0e0a0c4fead8ab057ff893695734fa293db46b6b40708c69c545aad859cfd
-
Filesize
3KB
MD56d41055b80b33a70c6802e91856a0372
SHA1fe3aab20002bd941efe3ee4063f6ff899591db76
SHA256bfb049a18e2ed081bf857ef3c7c0d824562fae6b57b8ca7187ade3ce09863c4d
SHA512df5515c430ccdbdc0b8e92fb6ad55ad2dde6e34672d253c0726fc04742d886e0558787b0e9cf20d7b888909fcd6746cd5f1a671d7f071afc7e1128df1f4ed0a0
-
Filesize
2KB
MD5de3cf8fecd178aa8f55c350513046075
SHA129fb7ebe376649468810c6b4c4b576e5f5121a03
SHA256853ed7d269caab15d027fd1bc236f0f7fd39a433aa6ad47cf27bbc5a56e0c0ca
SHA5126e6254e6218d7ff398a6161293858e3b5406c86024a67541cd16b9485eaadd8e55bb4d7ba155c4260ae864d3bf9b713ff7dc28a70a2396b28895546abb5bd6ae
-
Filesize
3KB
MD579472acc72cb1d382ab1daa072186e2e
SHA1b015315de0c032483ca6d60a5ea76ffb92379a82
SHA256eeb56e292f696b0107c7bbef3682847125c364877ffc397491f29d5379fac9d9
SHA51282c6ac1410df4bae84cd15878614c825e7d290b0a0802f5ddb1d7a799eff458de896e279444cff13427b1dd5012ea7519954e250292bc5c38e625e793fa7a895
-
Filesize
3KB
MD534c93d049c30376a2bb8feae23617e99
SHA187c71848dc950b7bd9dd8e3379c0199b9d74d974
SHA2560164ec8da63f863eec0044f3c40f7c0dfd010004d1498c7e7453f81237a3237f
SHA5125cf6a5ad370dfd2ce897c29aca4dc4527df02b630f3c5969de318a9e5f6a51e0ee5185abb53bd513e0091e4c331ae11c3c498edd17d9a33f2435c46b1ff27a01
-
Filesize
3KB
MD5ce93c69228dee7be5dfd8da418091db1
SHA1d46100ed076b72c0d9ae4a1d4b9da625049c8934
SHA2561a17124313de04173d41c9572538cf81c1e15accafefee8b4a3f5d520040ea4b
SHA512604904e39c5e108959b4f7de9b040aba2baef7e66735a212340f70a75875d0bc301294706cdb4449455158f6288453cb9ff28e9e004ae779bdf47a746a1e597c
-
Filesize
3KB
MD5d97c30e9012bda129c7e498f77e15869
SHA151a7200d9ce09085830b545da538f9c0986039b2
SHA2564ae004f21e77c45ed6087647bcea561e0444d5dc076704a25b0e698d1e184992
SHA512b80a37ddcf44dcc75e382c47ec32e66ae744c3a53f6febf6cbd7727e970b674033691b79e0f4fb6a1bd8898d2b14e073d7550bd638beb41cc19508e80f72034f
-
Filesize
3KB
MD5d02dc0cfac2aaa32a3cfb1f03bf25e18
SHA130a235be23edfc27804bf8c242c62cf3c0ea9758
SHA25604a992abb5bb352fce57a1b8294a4281349046ca101621e853fe27b96c2eb95b
SHA512145eacddf983645d30b5fa6a9eb5cdf5f4a41beb65e36e5fb7011c381cc1ffb6b873f933be41fe4852f1db4ca269d61fd71ee1dec179359dd2106ed413b56e64
-
Filesize
3KB
MD578742a485a05c888b12b317ff0ed030b
SHA13a70d36fd17fce478c33242542127f288fa37eb8
SHA256b26dcd893476d58acc553962753224f41bf3fe5b755ab9f2e5239e4bcef01415
SHA5128d8cec5a83539146b2201e374d05412ff037453b96889f625d62547be70d98e0531e0396f485f9c84bdc7829055d9891e511bacb8de75657256f6a5327d53da1
-
Filesize
1KB
MD5d854b52403f84bf72960e580617289ff
SHA17a809072182dd22ec1439d564c57e79177037944
SHA25632f7f761d522fef4b57df2a5b0c1fb42263ade5786589855d9799726f05fd61e
SHA5122c37e0ca04f1499f1e119d00dfedeef9011e3042363951a2f4849e54f4da2e64fb38460a46cbf6622335dba445109cacf8eefbc7b5684d1139275f1a2bfce4aa
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a26d497b-281f-4654-862d-80a3f5fe4f68.tmp
Filesize1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b4d7518d-1e7f-4f3c-92e8-1e4e83a660bc.tmp
Filesize3KB
MD5b77e8b2f429eaa1107a6d146b509adf0
SHA1af6798c406a8faaf2cdbb1ae932da2af95163cda
SHA2562d83f0d7ac8637f1d79dc2544c5e21e951d58b0476238629f03312c3427d51dc
SHA5125f3b89f92d77794cb0e8f407fb94b0deafc5b8c88ef291c89fe234ea613b7a939cb7017ca8e3dc2e7bcdd5c4520a9d92661cad1510091bae2699ddca907278ed
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d88fe951-44a6-4974-8657-a85c072bfea9.tmp
Filesize9KB
MD5e2721f2c10d0163d20a83ff5a2bb5f32
SHA131d1f333042a4ef2379b6e1bd9ab9189b973b4fb
SHA2560ee8244dcafba4b41a421ec2c61413f790c0b38f1b3804023c7231343fd7f531
SHA5129200f5ff8c48bc2608b7996ef0d078d013d5cebe7d317a11a7deab5d4141ce42390b34e16a0e1f49ab0e4240e957b3a05789fc1b1352b85dfa743e7eafef17b2
-
Filesize
16B
MD5589c49f8a8e18ec6998a7a30b4958ebc
SHA1cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e
SHA25626d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8
SHA512e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2
-
Filesize
16B
MD5aefd77f47fb84fae5ea194496b44c67a
SHA1dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA2564166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\fcf541e2-4e2d-497e-9c9e-ce4e51128ce5.tmp
Filesize9KB
MD5eab162139326ce6379db53ecbcbb6093
SHA1f46d767eb88d31f2f240cdd90674826cbe519eb5
SHA2562cfdebc0c830ae2d84ef82c09e29d6678ddbcaa23cebda5499c52428c78a9259
SHA51249b77d2415c347b06ce05ffbadf1202df96e1eb93860fdcf40a2fc62dc0f7f1c157836799b6ea10cdef858836277dfbe076c0d1cfb7c9f454246ed828edb9ce8
-
Filesize
2KB
MD5805090895a023d900040cef23c5583d4
SHA16e6d89e3ef6674683aa0794ae896f3397a3306ca
SHA2566706c2c752608c37b1a6de18b507520d57e1027f7b1a9394b7015414670ebcb5
SHA512490ee5ee2bd2db4388177a1df62cd95e2a8fd7bb8cb74161066f73ff4602ef0b752618c754bf55877be16938ca3ac0535df1504366f0abd447da460b2240a5c1
-
Filesize
2KB
MD5805090895a023d900040cef23c5583d4
SHA16e6d89e3ef6674683aa0794ae896f3397a3306ca
SHA2566706c2c752608c37b1a6de18b507520d57e1027f7b1a9394b7015414670ebcb5
SHA512490ee5ee2bd2db4388177a1df62cd95e2a8fd7bb8cb74161066f73ff4602ef0b752618c754bf55877be16938ca3ac0535df1504366f0abd447da460b2240a5c1
-
Filesize
2KB
MD5805090895a023d900040cef23c5583d4
SHA16e6d89e3ef6674683aa0794ae896f3397a3306ca
SHA2566706c2c752608c37b1a6de18b507520d57e1027f7b1a9394b7015414670ebcb5
SHA512490ee5ee2bd2db4388177a1df62cd95e2a8fd7bb8cb74161066f73ff4602ef0b752618c754bf55877be16938ca3ac0535df1504366f0abd447da460b2240a5c1
-
Filesize
2KB
MD5a44df065a6358f4e77fcba5e3c62a110
SHA163f8e6e855edf34637557f43b18cfdd89022c185
SHA2564f99e96fb2dde9e944f4a66c9572e913ebcd0599b59f3ccbeed6392c911b7cba
SHA512a9c2712c80a9df26a41b250b1d0e61f06bd1698ce616250b93ef3185e4cf42066a0128f9bef388b60d31de361950dca807d7287b6e5c58d3cff5dd06a4b26010
-
Filesize
2KB
MD5a44df065a6358f4e77fcba5e3c62a110
SHA163f8e6e855edf34637557f43b18cfdd89022c185
SHA2564f99e96fb2dde9e944f4a66c9572e913ebcd0599b59f3ccbeed6392c911b7cba
SHA512a9c2712c80a9df26a41b250b1d0e61f06bd1698ce616250b93ef3185e4cf42066a0128f9bef388b60d31de361950dca807d7287b6e5c58d3cff5dd06a4b26010
-
Filesize
2KB
MD59ed36a01c37a03ab103e31b305323ce7
SHA1c59a9f978efafe409161ce2e68b848da898ca61e
SHA2569b02d168a86c8ca89901e0bb0e88ba1587eec71cbfb5da263fcb43f97bd65136
SHA512778ac37cf15d64e4ab962cbe2d44ca7a3c2424f2c449d852354fdf202242dda4baaad938d259dc06256ff9a01ddcbf289366c2f1c350d250aa3c3724e4201985
-
Filesize
2KB
MD59ed36a01c37a03ab103e31b305323ce7
SHA1c59a9f978efafe409161ce2e68b848da898ca61e
SHA2569b02d168a86c8ca89901e0bb0e88ba1587eec71cbfb5da263fcb43f97bd65136
SHA512778ac37cf15d64e4ab962cbe2d44ca7a3c2424f2c449d852354fdf202242dda4baaad938d259dc06256ff9a01ddcbf289366c2f1c350d250aa3c3724e4201985
-
Filesize
2KB
MD5a44df065a6358f4e77fcba5e3c62a110
SHA163f8e6e855edf34637557f43b18cfdd89022c185
SHA2564f99e96fb2dde9e944f4a66c9572e913ebcd0599b59f3ccbeed6392c911b7cba
SHA512a9c2712c80a9df26a41b250b1d0e61f06bd1698ce616250b93ef3185e4cf42066a0128f9bef388b60d31de361950dca807d7287b6e5c58d3cff5dd06a4b26010
-
Filesize
9KB
MD572947e07bb6a1ce37069436a1554044a
SHA16221819fe8f62ba1c5d090201d52c9294c7d4db5
SHA2568f89bddef154de0a81c0a30f42a54ddffd55db52a0e55b521cd8eeb0bbda41a6
SHA512a3d02a97877dce001f1514cdce5dca09271f57b36653d7901b24433d09d53f47ce0258e370a76b6bb1a798420a958ee08090e7a11723c31acd8da19b85f65d00
-
Filesize
12KB
MD553b69a6096de1ccddae92b32d332792a
SHA199b43e54b6a4e241f31a468693af717ee200299b
SHA2568e07dd9865c123541b01a6249030a2985d6f060158123ebce265d35bf4109a38
SHA51283316ccd51d19787a58bfb69fc1b8251c75f47ae1ec52c96bcd682350b914849460c8b17e8d1dc52054f49a7a560aaedc0398aecc3e577b21ebbfe07de6759d1
-
Filesize
12KB
MD504e09a7ad0a46d381f269238911e4f81
SHA1b6771019534c28fb68c6e37f766ca5a5e908b8aa
SHA256e4f39461c91d2683a95ab0c8cc93ad462c0a248ba0a6fdb371e074c0df83d463
SHA5129c9e43e616ab308e321c7f2aa089b201af611d1066404efa1032d2df18e741632985ddbd22f7585aab9ecc84fc3a8659cdd61a0f903d70680f80979337337836
-
Filesize
2KB
MD59ed36a01c37a03ab103e31b305323ce7
SHA1c59a9f978efafe409161ce2e68b848da898ca61e
SHA2569b02d168a86c8ca89901e0bb0e88ba1587eec71cbfb5da263fcb43f97bd65136
SHA512778ac37cf15d64e4ab962cbe2d44ca7a3c2424f2c449d852354fdf202242dda4baaad938d259dc06256ff9a01ddcbf289366c2f1c350d250aa3c3724e4201985
-
Filesize
12KB
MD5c555f2c2372957e8822de98e737844d5
SHA1ee98995419daaf8819e1ae01361664ce2ad1b3eb
SHA256e2c519f09cd159248c7e5386306b315207015339c9cf7c966804d240bb0c3bd2
SHA5123c130f38671a2fc2c7a2137eacc225dc94f8a0a5d7889e8dcbd32fb87ffda5dadf0d44a359e6e068c76459e20ef148f5949f41af9ef2a8b49572ae3d89802967
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\23BFF646-64E8-4A96-8E10-6F9FBEF38AA5
Filesize152KB
MD53d215ec132967a8b5f9047380eb5becd
SHA13f64a4e497cf81c11e79ad7d0863e968a1e3e739
SHA256f84e160d575b68de18ab12ec948a4b5cd49735f4071a1e4281d94efd0652b039
SHA5123b7fac22186503d8cdfe827d219da92d2dcc9c792d7599dfb6f1da03b9136469b2b5984b3648691ae640f16566ff6aa13b3a989748f499644a19064a39c6dec0
-
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\29F06308-060F-4828-ACB5-0A61C2ECDF9F
Filesize152KB
MD53d215ec132967a8b5f9047380eb5becd
SHA13f64a4e497cf81c11e79ad7d0863e968a1e3e739
SHA256f84e160d575b68de18ab12ec948a4b5cd49735f4071a1e4281d94efd0652b039
SHA5123b7fac22186503d8cdfe827d219da92d2dcc9c792d7599dfb6f1da03b9136469b2b5984b3648691ae640f16566ff6aa13b3a989748f499644a19064a39c6dec0
-
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\53D44F94-9A5F-41B1-A8D8-E0E493C303FF
Filesize152KB
MD53d215ec132967a8b5f9047380eb5becd
SHA13f64a4e497cf81c11e79ad7d0863e968a1e3e739
SHA256f84e160d575b68de18ab12ec948a4b5cd49735f4071a1e4281d94efd0652b039
SHA5123b7fac22186503d8cdfe827d219da92d2dcc9c792d7599dfb6f1da03b9136469b2b5984b3648691ae640f16566ff6aa13b3a989748f499644a19064a39c6dec0
-
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\56017434-D4C6-46A9-8F7C-8C5676B06224
Filesize152KB
MD5902a8fb6be053d28e01f493834942003
SHA1754bbbb56a28d1b2d42dccab145b0e97e30b2c3c
SHA2560f5064a8cebf5dadf5e9ce536473a8886f9b2cf2f3d4b2fab0455ebf774a1428
SHA51222f3fece6f5169f4e448216606e9806445bd120bcd1b84362921fe3311f64b3400c2b5633cac2181afd23bdeb9a1d99458dc0e8a34007bb0b7b417ecc6a3047b
-
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\9FA59822-E80D-4833-AE2D-ABBE79BF4A86
Filesize152KB
MD53d215ec132967a8b5f9047380eb5becd
SHA13f64a4e497cf81c11e79ad7d0863e968a1e3e739
SHA256f84e160d575b68de18ab12ec948a4b5cd49735f4071a1e4281d94efd0652b039
SHA5123b7fac22186503d8cdfe827d219da92d2dcc9c792d7599dfb6f1da03b9136469b2b5984b3648691ae640f16566ff6aa13b3a989748f499644a19064a39c6dec0
-
Filesize
323KB
MD59727b1893f4a4adc3107a50a77813c8e
SHA193f76aa52461deeeb49672f7dd497cef15470186
SHA256a5faca4539374a78a69ef31163e96a358c49014fb3e1fa413f4463b008499d51
SHA512acf7309e548ba621e94c32b9062149670012bea2eaf280b97359f2ece6d61e7d60eabeb295c7690b42ed3c52982b317d96aa6205cb58fa44dcd553d8468751d5
-
Filesize
325KB
MD50e3e0fa602a0e208dce34c50704e2b56
SHA1e1ed5eab2d06872bb50a607b7966c01b81ecd2f5
SHA25628d53bd99ec106eef21de121509cdee6e575cde44613aa59aa3a70e6449678f5
SHA5121ca09a46e162064b05ce301df35ffad39afa13ae22c404248593bd6ce700e94019b4ac66fb129af1d6ba89d0c9c5369e32d498e80bdfccde860a9b94ec96112f
-
Filesize
76B
MD50f8eb2423d2bf6cb5b8bdb44cb170ca3
SHA1242755226012b4449a49b45491c0b1538ebf6410
SHA256385347c0cbacdd3c61d2635fbd390e0095a008fd75eeb23af2f14f975c083944
SHA512a9f23a42340b83a2f59df930d7563e8abd669b9f0955562cd3c2872e2e081f26d6d8b26357972b6d0423af05b2392bddbb46da769788e77fd169b3264ff53886
-
Filesize
4KB
MD5f138a66469c10d5761c6cbb36f2163c3
SHA1eea136206474280549586923b7a4a3c6d5db1e25
SHA256c712d6c7a60f170a0c6c5ec768d962c58b1f59a2d417e98c7c528a037c427ab6
SHA5129d25f943b6137dd2981ee75d57baf3a9e0ee27eea2df19591d580f02ec8520d837b8e419a8b1eb7197614a3c6d8793c56ebc848c38295ada23c31273daa302d9
-
Filesize
48KB
MD58042df4d44b51bd3b5d049591e4f9bfc
SHA1b9c12fd4fb2bc8c54117812874f21aa0457e555c
SHA256890da329c45d18ed387882806ef66cc06769ace929fe43432f23d2ba3d654be9
SHA512fe880579e74c9cc9f97e4b12373d2bf85ab1d9f96b8ea49e9a46a9e22bca998286b069ef091f445743e5858eed31f06035d69165647ce886f519b06adf97052a
-
Filesize
1.5MB
MD5dcba8f620a55367feb63f2baf5693632
SHA1ca6db96d01f6963acd6c639b68f3f86674850664
SHA256d84d0f490182a9fc75762aceafe3dcf48a17c2ad34113f5190ccff14a7c1288f
SHA512d8f95bf572efff5a4d021a4da8930948814671b114473aa9c729bd0d17da18073527031753b663d96c0c91e64d0dfaa16fbfd74555564b447240e65d0963f971
-
Filesize
3.9MB
MD5b00486db3525c586807729a683a9b048
SHA1d7d97d51a3b3836f3711b645f3a9c140328ec619
SHA2563c4a8b27bedba0b306f7dd815146c39a99da96b029aba30790b7e73394458a4a
SHA512c1c159235e40d5902650f5cd6a3596688d92f93bbe75c1b019721e290284e76b31650481b3c19353b21da168ff7934563d7311418752e678e20ac9d13d96206f
-
Filesize
52KB
MD525ceec0d9fed5370383f3a030ea88e98
SHA190d050e9ebe0ddf07d56880182fc7c9e75a1b193
SHA256a992b5bdd3b9fca73b2fec1ab8ea48e768fb44eac95937e12f48856940132d3d
SHA5121155431ca0d1db2c60e4af44ac251dbda22a039b5bee064e727504070ee433108776d4b0e10f90933a8437310dc8be1b7e165910f282adcb91d42486fad1f409
-
Filesize
8KB
MD5ec5a9d5d9541ebcadda2a6e869db0ff7
SHA143958896ac3af70cdc46ed62ed5abb357b95d23b
SHA2563d15fa422efaf61820a82755dd9c4e08eb88e15a41c65a0c9d65906976a168ea
SHA512dfcc78b9d4d3791c175198cb7187cf7e41b85947023579ff4a171ef0b02629023abd18ecac7b3167fee7ebf08bc4ddb4a21b6b0af6ae8fcd312445a43401683f
-
Filesize
8KB
MD5ec5a9d5d9541ebcadda2a6e869db0ff7
SHA143958896ac3af70cdc46ed62ed5abb357b95d23b
SHA2563d15fa422efaf61820a82755dd9c4e08eb88e15a41c65a0c9d65906976a168ea
SHA512dfcc78b9d4d3791c175198cb7187cf7e41b85947023579ff4a171ef0b02629023abd18ecac7b3167fee7ebf08bc4ddb4a21b6b0af6ae8fcd312445a43401683f
-
Filesize
553KB
MD557bd9bd545af2b0f2ce14a33ca57ece9
SHA115b4b5afff9abba2de64cbd4f0989f1b2fbc4bf1
SHA256a3a4b648e4dcf3a4e5f7d13cc3d21b0353e496da75f83246cc8a15fada463bdf
SHA512d134f9881312ddbd0d61f39fd62af5443a4947d3de010fef3b0f6ebf17829bd4c2f13f6299d2a7aad35c868bb451ef6991c5093c2809e6be791f05f137324b39
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-black_scale-100.png
Filesize1KB
MD572747c27b2f2a08700ece584c576af89
SHA15301ca4813cd5ff2f8457635bc3c8944c1fb9f33
SHA2566f028542f6faeaaf1f564eab2605bedb20a2ee72cdd9930bde1a3539344d721b
SHA5123e7f84d3483a25a52a036bf7fd87aac74ac5af327bb8e4695e39dada60c4d6607d1c04e7769a808be260db2af6e91b789008d276ccc6b7e13c80eb97e2818aba
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-black_scale-125.png
Filesize1KB
MD5b83ac69831fd735d5f3811cc214c7c43
SHA15b549067fdd64dcb425b88fabe1b1ca46a9a8124
SHA256cbdcf248f8a0fcd583b475562a7cdcb58f8d01236c7d06e4cdbfe28e08b2a185
SHA5124b2ee6b3987c048ab7cc827879b38fb3c216dab8e794239d189d1ba71122a74fdaa90336e2ea33abd06ba04f37ded967eb98fd742a02463b6eb68ab917155600
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-black_scale-150.png
Filesize2KB
MD5771bc7583fe704745a763cd3f46d75d2
SHA1e38f9d7466eefc6d3d2aaa327f1bd42c5a5c7752
SHA25636a6aad9a9947ab3f6ac6af900192f5a55870d798bca70c46770ccf2108fd62d
SHA512959ea603abec708895b7f4ef0639c3f2d270cfdd38d77ac9bab8289918cbd4dbac3c36c11bb52c6f01b0adae597b647bb784bba513d77875979270f4962b7884
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-black_scale-200.png
Filesize2KB
MD509773d7bb374aeec469367708fcfe442
SHA12bfb6905321c0c1fd35e1b1161d2a7663e5203d6
SHA25667d1bb54fcb19c174de1936d08b5dbdb31b98cfdd280bcc5122fb0693675e4f2
SHA512f500ea4a87a24437b60b0dc3ec69fcc5edbc39c2967743ddb41093b824d0845ffddd2df420a12e17e4594df39f63adad5abb69a29f8456fed03045a6b42388bc
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-black_scale-400.png
Filesize6KB
MD5e01cdbbd97eebc41c63a280f65db28e9
SHA11c2657880dd1ea10caf86bd08312cd832a967be1
SHA2565cb8fd670585de8a7fc0ceede164847522d287ef17cd48806831ea18a0ceac1f
SHA512ffd928e289dc0e36fa406f0416fb07c2eb0f3725a9cdbb27225439d75b8582d68705ec508e3c4af1fc4982d06d70ef868cafbfc73a637724dee7f34828d14850
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-white_scale-100.png
Filesize2KB
MD519876b66df75a2c358c37be528f76991
SHA1181cab3db89f416f343bae9699bf868920240c8b
SHA256a024fc5dbe0973fd9267229da4ebfd8fc41d73ca27a2055715aafe0efb4f3425
SHA51278610a040bbbb026a165a5a50dfbaf4208ebef7407660eea1a20e95c30d0d42ef1d13f647802a2f0638443ae2253c49945ebe018c3499ddbf00cfdb1db42ced1
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-white_scale-125.png
Filesize3KB
MD58347d6f79f819fcf91e0c9d3791d6861
SHA15591cf408f0adaa3b86a5a30b0112863ec3d6d28
SHA256e8b30bfcee8041f1a70e61ca46764416fd1df2e6086ba4c280bfa2220c226750
SHA5129f658bc77131f4ac4f730ed56a44a406e09a3ceec215b7a0b2ed42d019d8b13d89ab117affb547a5107b5a84feb330329dc15e14644f2b52122acb063f2ba550
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-white_scale-150.png
Filesize3KB
MD5de5ba8348a73164c66750f70f4b59663
SHA11d7a04b74bd36ecac2f5dae6921465fc27812fec
SHA256a0bbe33b798c3adac36396e877908874cffaadb240244095c68dff840dcbbf73
SHA51285197e0b13a1ae48f51660525557cceaeed7d893dd081939f62e6e8921bb036c6501d3bb41250649048a286ff6bac6c9c1a426d2f58f3e3b41521db26ef6a17c
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-white_scale-200.png
Filesize4KB
MD5f1c75409c9a1b823e846cc746903e12c
SHA1f0e1f0cf35369544d88d8a2785570f55f6024779
SHA256fba9104432cbb8ebbd45c18ef1ba46a45dd374773e5aa37d411bb023ded8efd6
SHA512ed72eb547e0c03776f32e07191ce7022d08d4bcc66e7abca4772cdd8c22d8e7a423577805a4925c5e804ed6c15395f3df8aac7af62f1129e4982685d7e46bd85
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-white_scale-400.png
Filesize8KB
MD5adbbeb01272c8d8b14977481108400d6
SHA11cc6868eec36764b249de193f0ce44787ba9dd45
SHA2569250ef25efc2a9765cf1126524256fdfc963c8687edfdc4a2ecde50d748ada85
SHA512c15951cf2dc076ed508665cd7dac2251c8966c1550b78549b926e98c01899ad825535001bd65eeb2f8680cd6753cd47e95606ecf453919f5827ed12bca062887
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.scale-100.png
Filesize2KB
MD557a6876000151c4303f99e9a05ab4265
SHA11a63d3dd2b8bdc0061660d4add5a5b9af0ff0794
SHA2568acbdd41252595b7410ca2ed438d6d8ede10bd17fe3a18705eedc65f46e4c1c4
SHA512c6a2a9124bc6bcf70d2977aaca7e3060380a4d9428a624cc6e5624c75ebb6d6993c6186651d4e54edf32f3491d413714ef97a4cdc42bae94045cd804f0ad7cba
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.scale-125.png
Filesize4KB
MD5d03b7edafe4cb7889418f28af439c9c1
SHA116822a2ab6a15dda520f28472f6eeddb27f81178
SHA256a5294e3c7cd855815f8d916849d87bd2357f5165eb4372f248fdf8b988601665
SHA51259d99f0b9a7813b28bae3ea1ae5bdbbf0d87d32ff621ff20cbe1b900c52bb480c722dd428578dea5d5351cc36f1fa56b2c1712f2724344f026fe534232812962
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.scale-150.png
Filesize5KB
MD5a23c55ae34e1b8d81aa34514ea792540
SHA13b539dfb299d00b93525144fd2afd7dd9ba4ccbf
SHA2563df4590386671e0d6fee7108e457eb805370a189f5fdfeaf2f2c32d5adc76abd
SHA5121423a2534ae71174f34ee527fe3a0db38480a869cac50b08b60a2140b5587b3944967a95016f0b00e3ca9ced1f1452c613bb76c34d7ebd386290667084bce77d
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.scale-200.png
Filesize6KB
MD513e6baac125114e87f50c21017b9e010
SHA1561c84f767537d71c901a23a061213cf03b27a58
SHA2563384357b6110f418b175e2f0910cffe588c847c8e55f2fe3572d82999a62c18e
SHA512673c3bec7c2cd99c07ebfca0f4ab14cd6341086c8702fe9e8b5028aed0174398d7c8a94583da40c32cd0934d784062ad6db71f49391f64122459f8bb00222e08
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.scale-400.png
Filesize15KB
MD5e593676ee86a6183082112df974a4706
SHA1c4e91440312dea1f89777c2856cb11e45d95fe55
SHA256deb0ec0ee8f1c4f7ea4de2c28ff85087ee5ff8c7e3036c3b0a66d84bae32b6bb
SHA51211d7ed45f461f44fa566449bb50bcfce35f73fc775744c2d45ea80aeb364fe40a68a731a2152f10edc059dea16b8bab9c9a47da0c9ffe3d954f57da0ff714681
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.contrast-black_scale-100.png
Filesize783B
MD5f4e9f958ed6436aef6d16ee6868fa657
SHA1b14bc7aaca388f29570825010ebc17ca577b292f
SHA256292cac291af7b45f12404f968759afc7145b2189e778b14d681449132b14f06b
SHA512cd5d78317e82127e9a62366fd33d5420a6f25d0a6e55552335e64dc39932238abd707fe75d4f62472bc28a388d32b70ff08b6aa366c092a7ace3367896a2bd98
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.contrast-black_scale-125.png
Filesize1018B
MD52c7a9e323a69409f4b13b1c3244074c4
SHA13c77c1b013691fa3bdff5677c3a31b355d3e2205
SHA2568efeacefb92d64dfb1c4df2568165df6436777f176accfd24f4f7970605d16c2
SHA512087c12e225c1d791d7ad0bf7d3544b4bed8c4fb0daaa02aee0e379badae8954fe6120d61fdf1a11007cbcdb238b5a02c54f429b6cc692a145aa8fbd220c0cb2d
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.contrast-black_scale-150.png
Filesize1KB
MD5552b0304f2e25a1283709ad56c4b1a85
SHA192a9d0d795852ec45beae1d08f8327d02de8994e
SHA256262b9a30bb8db4fc59b5bc348aa3813c75e113066a087135d0946ad916f72535
SHA5129559895b66ef533486f43274f7346ad3059c15f735c9ce5351adf1403c95c2b787372153d4827b03b6eb530f75efcf9ae89db1e9c69189e86d6383138ab9c839
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.contrast-black_scale-200.png
Filesize1KB
MD522e17842b11cd1cb17b24aa743a74e67
SHA1f230cb9e5a6cb027e6561fabf11a909aa3ba0207
SHA2569833b80def72b73fca150af17d4b98c8cd484401f0e2d44320ecd75b5bb57c42
SHA5128332fc72cd411f9d9fd65950d58bf6440563dc4bd5ce3622775306575802e20c967f0ee6bab2092769a11e2a4ea228dab91a02534beeb8afde8239dd2b90f23a
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.contrast-black_scale-400.png
Filesize3KB
MD53c29933ab3beda6803c4b704fba48c53
SHA1056fe7770a2ba171a54bd60b3c29c4fbb6d42f0c
SHA2563a7ef7c0bda402fdaff19a479d6c18577c436a5f4e188da4c058a42ef09a7633
SHA51209408a000a6fa8046649c61ccef36afa1046869506f019f739f67f5c1c05d2e313b95a60bd43d9be882688df1610ad7979dd9d1f16a2170959b526ebd89b8ef7
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.scale-100.png
Filesize1KB
MD51f156044d43913efd88cad6aa6474d73
SHA11f6bd3e15a4bdb052746cf9840bdc13e7e8eda26
SHA2564e11167708801727891e8dd9257152b7391fc483d46688d61f44b96360f76816
SHA512df791d7c1e7a580e589613b5a56ba529005162d3564fffd4c8514e6afaa5eccea9cea9e1ac43bd9d74ee3971b2e94d985b103176db592e3c775d5feec7aac6d1
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.scale-125.png
Filesize2KB
MD509f3f8485e79f57f0a34abd5a67898ca
SHA1e68ae5685d5442c1b7acc567dc0b1939cad5f41a
SHA25669e432d1eec44bed4aad35f72a912e1f0036a4b501a50aec401c9fa260a523e3
SHA5120eafeaf735cedc322719049db6325ccbf5e92de229cace927b78a08317e842261b7adbda03ec192f71ee36e35eb9bf9624589de01beaec2c5597a605fc224130
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.scale-150.png
Filesize3KB
MD5ed306d8b1c42995188866a80d6b761de
SHA1eadc119bec9fad65019909e8229584cd6b7e0a2b
SHA2567e3f35d5eb05435be8d104a2eacf5bace8301853104a4ea4768601c607ddf301
SHA512972a42f7677d57fcb8c8cb0720b21a6ffe9303ea58dde276cfe2f26ee68fe4cc8ae6d29f3a21a400253de7c0a212edf29981e9e2bca49750b79dd439461c8335
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.scale-200.png
Filesize4KB
MD5d9d00ecb4bb933cdbb0cd1b5d511dcf5
SHA14e41b1eda56c4ebe5534eb49e826289ebff99dd9
SHA25685823f7a5a4ebf8274f790a88b981e92ede57bde0ba804f00b03416ee4feda89
SHA5128b53dec59bba8b4033e5c6b2ff77f9ba6b929c412000184928978f13b475cd691a854fee7d55026e48eab8ac84cf34fc7cb38e3766bbf743cf07c4d59afb98f4
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.scale-400.png
Filesize11KB
MD5096d0e769212718b8de5237b3427aacc
SHA14b912a0f2192f44824057832d9bb08c1a2c76e72
SHA2569a0b901e97abe02036c782eb6a2471e18160b89fd5141a5a9909f0baab67b1ef
SHA51299eb3d67e1a05ffa440e70b7e053b7d32e84326671b0b9d2fcfcea2633b8566155477b2a226521bf860b471c5926f8e1f8e3a52676cacb41b40e2b97cb3c1173
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\OneDrive.VisualElementsManifest.xml
Filesize344B
MD55ae2d05d894d1a55d9a1e4f593c68969
SHA1a983584f58d68552e639601538af960a34fa1da7
SHA256d21077ad0c29a4c939b8c25f1186e2b542d054bb787b1d3210e9cab48ec3080c
SHA512152949f5b661980f33608a0804dd8c43d70e056ae0336e409006e764664496fef6e60daa09fecb8d74523d3e7928c0dbd5d8272d8be1cf276852d88370954adc
-
Filesize
2.3MB
MD5c2938eb5ff932c2540a1514cc82c197c
SHA12d7da1c3bfa4755ba0efec5317260d239cbb51c3
SHA2565d8273bf98397e4c5053f8f154e5f838c7e8a798b125fcad33cab16e2515b665
SHA5125deb54462615e39cf7871418871856094031a383e9ad82d5a5993f1e67b7ade7c2217055b657c0d127189792c3bcf6c1fcfbd3c5606f6134adfafcccfa176441
-
Filesize
2.9MB
MD59cdabfbf75fd35e615c9f85fedafce8a
SHA157b7fc9bf59cf09a9c19ad0ce0a159746554d682
SHA256969fbb03015dd9f33baf45f2750e36b77003a7e18c3954fab890cddc94046673
SHA512348923f497e615a5cd0ed428eb1e30a792dea310585645b721235d48f3f890398ad51d8955c1e483df0a712ba2c0a18ad99b977be64f5ee6768f955b12a4a236
-
Filesize
4KB
MD57473be9c7899f2a2da99d09c596b2d6d
SHA10f76063651fe45bbc0b5c0532ad87d7dc7dc53ac
SHA256e1252527bc066da6838344d49660e4c6ff2d1ddfda036c5ec19b07fdfb90c8c3
SHA512a4a5c97856e314eedbad38411f250d139a668c2256d917788697c8a009d5408d559772e0836713853704e6a3755601ae7ee433e07a34bd0e7f130a3e28729c45
-
Filesize
40.2MB
MD5fb4aa59c92c9b3263eb07e07b91568b5
SHA16071a3e3c4338b90d892a8416b6a92fbfe25bb67
SHA256e70e80dbbc9baba7ddcee70eda1bb8d0e6612dfb1d93827fe7b594a59f3b48b9
SHA51260aabbe2fd24c04c33e7892eab64f24f8c335a0dd9822eb01adc5459e850769fc200078c5ccee96c1f2013173bc41f5a2023def3f5fe36e380963db034924ace
-
Filesize
77B
MD533127fe91a8570cd879ff244e09f9d81
SHA15e879ade2dda3b4f78b39e1a0511c5dd4e19846e
SHA2569e3969c3fe4295bbf1479d497fd639d4561324778026387a96ad81ff5d842c38
SHA51235a7f0ea60d5c86aa06582ddaf7e78cd9fe9d87ac39bc22a219ff626e7ac3610dba2704266b86f1dad63b82492d0590780e2db9baa6995c775e1b27a7fe08fd7
-
Filesize
256B
MD5754e2832b69085da2e05578b46f7398f
SHA14f317385e8178385bf6c488e5c1cbc1a09c6903e
SHA256c27ff9ccdae9b57f8539617e879a7b2293e4c07a770ec2048c84de1cd2e29c2e
SHA5126f9058ba42991805f3c1ef8f03b5b242d9014acd4b647d54483ceddd249aabe010726ac818661b6fa8360a2a1705fc25adf9dad8e071971739981209dc199649
-
Filesize
20KB
MD56cd03c83ac1517e8f9a7a3d2d4c0304f
SHA13032de9e6cee5fed4df48126535278719b8ee168
SHA25651f3e55e64f4984d794202969dc596f3bd35f2387e04bd1a29f24ae197cc0220
SHA512d081b7f3d93a2968cbfa48b54553ba3276973cfd995240b48a36031be75f3ddb0f33038166e5684ee6a732da91c52e4c575b43eba754e6022954b048ea3b07a6
-
Filesize
38B
MD5cc04d6015cd4395c9b980b280254156e
SHA187b176f1330dc08d4ffabe3f7e77da4121c8e749
SHA256884d272d16605590e511ae50c88842a8ce203a864f56061a3c554f8f8265866e
SHA512d3cb7853b69649c673814d5738247b5fbaaae5bb7b84e4c7b3ff5c4f1b1a85fc7261a35f0282d79076a9c862e5e1021d31a318d8b2e5a74b80500cb222642940
-
Filesize
108B
MD56d28793de999ef82df965547c6e001f7
SHA123becb5ddf962bda913fb82297a7e6a3a8c253cd
SHA256085d138a4802a8ecc3320ee47cbff03db2b57467c2008923ab085d50ca4e0352
SHA5127001c2b00e6b3ec75081f820fa3ba67e0c2de982735802f4e20c9ba637cf896f5b57c4c5cdc490fdb2bfbbb6f973ee9298bb00efed25670f516d6981ce13277e
-
Filesize
63KB
MD5e516a60bc980095e8d156b1a99ab5eee
SHA1238e243ffc12d4e012fd020c9822703109b987f6
SHA256543796a1b343b4ebc0285d89cb8eb70667ac7b513da37495e38003704e9d88d7
SHA5129b51e99ba20e9da56d1acc24a1cf9f9c9dbdeb742bec034e0ff2bc179a60f4aff249f40344f9ddd43229dcdefa1041940f65afb336d46c175ffeff725c638d58
-
Filesize
77B
MD5b9b2e16b607b22075c7e16719defc5d8
SHA1196a26f9e127c5b3f28aa5ce956e1cc40819e836
SHA256126a2f81f728a5ecb470283b8cbf22d40d5dbab3c3dad65fa980aa7bbc309b8d
SHA5128d63f18b34547967039ab2169480f14612fb2e92c26f3860ad7debb929ec81baa8ffd3b6219bca67943142196679fcaf57ed976117fe4f686d9614a825f8307d
-
Filesize
73B
MD55b567365837e2aa497aed394436d2321
SHA1d6c0e7754b88d3e675e1e0f0a4c7bfa771e3e081
SHA256b37ffee92b0f02804240b5c8d13962f81f02be5085796d2c2663dfb40fc0b9b6
SHA51250a7242502fee0b37c39dd2abf4cf951c1967d8a7453773394243fa7b658adfb8dde91e1426fc3b1631505a61820807d4aa14170b11100cdb280686681980561
-
Filesize
18KB
MD56796d70013311c73b5442d84f945feea
SHA1fb484926c228674a905e06322d27a68e3d1c6761
SHA256373cc56ba738b9642ea0e80eabfc50a8245192e48aa3004481f6fba395f6b591
SHA512746b86ac9bb19633f3c0a07bd6f79cc883a0195fe1b28afd8d31410b4de3bf72e354ca40856a445777d47eadc7e31820045a02394092210b7c1972b67ac642b9
-
Filesize
726B
MD553244e542ddf6d280a2b03e28f0646b7
SHA1d9925f810a95880c92974549deead18d56f19c37
SHA25636a6bd38a8a6f5a75b73caffae5ae66dfabcaefd83da65b493fa881ea8a64e7d
SHA5124aa71d92ea2c46df86565d97aac75395371d3e17877ab252a297b84dca2ab251d50aaffc62eab9961f0df48de6f12be04a1f4a2cbde75b9ae7bcce6eb5450c62
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalState\ThirdPartyNotice.html.~tmp
Filesize104KB
MD5effecce1b6868c8bd7950ef7b772038b
SHA1695d5a07f59b4b72c5eca7be77d5b15ae7ae59b0
SHA256003e619884dbc527e20f0aa8487daf5d7eed91d53ef6366a58c5493aaf1ce046
SHA5122f129689181ffe6fff751a22d4130bb643c5868fa0e1a852c434fe6f7514e3f1e5e4048179679dec742ec505139439d98e6dcc74793c18008db36c800d728be2
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\GYDSWQHO\microsoft.windows[1].xml
Filesize97B
MD53c60bb3ee1ded942869d33197bba132f
SHA1c545ed40c1b4fe3afeb5cf3b60926422167f42ed
SHA2565a7a3d257d2009a9f8616ad0df9a68a8cc26252228ed2be43e8cb37ba5cc2c61
SHA5120430af635f5e2755c0483cbff14d6726b93f76a568ccd626b5c2287d8e523c88ff5938bc3a738874116f436699d84012aeacbb53298dc9f0a763dd9f32e67341
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{0A6AC72E-ED8C-C16F-38B6-05831557CF24}
Filesize36KB
MD58aaad0f4eb7d3c65f81c6e6b496ba889
SHA1231237a501b9433c292991e4ec200b25c1589050
SHA256813c66ce7dec4cff9c55fb6f809eab909421e37f69ff30e4acaa502365a32bd1
SHA5121a83ce732dc47853bf6e8f4249054f41b0dea8505cda73433b37dfa16114f27bfed3b4b3ba580aa9d53c3dcc8d48bf571a45f7c0468e6a0f2a227a7e59e17d62
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_ControlPanel
Filesize36KB
MD5fb5f8866e1f4c9c1c7f4d377934ff4b2
SHA1d0a329e387fb7bcba205364938417a67dbb4118a
SHA2561649ec9493be27f76ae7304927d383f8a53dd3e41ea1678bacaff33120ea4170
SHA5120fbe2843dfeab7373cde0643b20c073fdc2fcbefc5ae581fd1656c253dfa94e8bba4d348e95cc40d1e872456ecca894b462860aeac8b92cedb11a7cad634798c
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{a21ee835-fc90-4fa5-b96c-80ba142e7c3c}\0.0.filtertrie.intermediate.txt
Filesize28KB
MD54e4beb281c8cbb4fda382f616c53588b
SHA15468241febe6902ebd1d56e0cf55b6dc4ec55a63
SHA256c07c3c6ced38946ce39257397b42567958d463956c06eea96b4f49c823503df4
SHA51298b57a046fbf86f032e076c5f514ca026c843e730e1e2aca28b6143c8af5363c8835968ffe5f29f18cc977fa89841bc6c26aa24a336405c6c2bc15bb8889df51
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{a21ee835-fc90-4fa5-b96c-80ba142e7c3c}\0.1.filtertrie.intermediate.txt
Filesize5B
MD534bd1dfb9f72cf4f86e6df6da0a9e49a
SHA15f96d66f33c81c0b10df2128d3860e3cb7e89563
SHA2568e1e6a3d56796a245d0c7b0849548932fee803bbdb03f6e289495830e017f14c
SHA512e3787de7c4bc70ca62234d9a4cdc6bd665bffa66debe3851ee3e8e49e7498b9f1cbc01294bf5e9f75de13fb78d05879e82fa4b89ee45623fe5bf7ac7e48eda96
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{a21ee835-fc90-4fa5-b96c-80ba142e7c3c}\0.2.filtertrie.intermediate.txt
Filesize5B
MD5c204e9faaf8565ad333828beff2d786e
SHA17d23864f5e2a12c1a5f93b555d2d3e7c8f78eec1
SHA256d65b6a3bf11a27a1ced1f7e98082246e40cf01289fd47fe4a5ed46c221f2f73f
SHA512e72f4f79a4ae2e5e40a41b322bc0408a6dec282f90e01e0a8aaedf9fb9d6f04a60f45a844595727539c1643328e9c1b989b90785271cc30a6550bbda6b1909f8
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{a21ee835-fc90-4fa5-b96c-80ba142e7c3c}\Apps.ft
Filesize38KB
MD5c64fa632672780dd34d216cb3af4902c
SHA191b26e1e2948431cba8b1f8312d3579ff3ed9321
SHA256068698fbea63e9fcd58349dde4934d583980c84a0b230769811f8aa800091659
SHA51296a4eed6538060ffaef17f73319866e2972814996a2589cd3df00c6d9725cd15d19dd152e6b74731c3585fba6b8f7380f3cfcd4e347370f0e1a796055482f1d2
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{a21ee835-fc90-4fa5-b96c-80ba142e7c3c}\Apps.index
Filesize1.0MB
MD5c7a56a9090f598b248c170132e9ff4e8
SHA10abbdc6763459e8b6264768c7aa30cbd2f79aa8e
SHA2563af2775e325917e7023e1305d55e9ad352fda5cf08400b5a50d7244367ae9fd4
SHA512eb7ad7b1264fbef481253acfe035c25c63f6512c954506cf3459a57c61275309a425ba289b87bb091c28948f1d6c861cdb64288a1527ba6d85e5d430712a9a84
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133243956555005862.txt
Filesize76KB
MD5ea5ba9c6978ab35cc79bcf2e70b7e1ce
SHA170869f2253124694079e64424a471c9db0161272
SHA256fee5bbcd3204757ff0146ebe19a0eb45347b4d50b9be4d6341063ce0e9b7f86d
SHA51259ba8f0fcd9b1d6742222c67ed5ea798d7528ecfec81fb189dd6920c6bad0a4c8c6caead2d73f086bfb5e4780071f1af2f988d6903e4efb0bdba8fd37e72f81b
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\CortanaUnifiedTileModelCache.dat
Filesize16KB
MD568107f0c2c646ff5a8a59e1f537b9875
SHA15fc8ca656f57f3aaabb4c1a3600619d90d64269f
SHA256d5deaa157407d074cdba136a4a7a884ef97bdb00739e084421b0af6b2632be69
SHA51205b0ce26c596c0360066b5c5e0a0dc0ba332fddb824413c329e6261deb57bf7a8360be19029c101995a2137aac4986d3a449395b732a1832f1f101b02c40d66e
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\CortanaUnifiedTileModelCache.dat
Filesize17KB
MD5fbba55de970f4fdfd64b5059b5d983ff
SHA101ca5a37d03473d104507c283442aaf32f7f4a19
SHA256b80121d0c49037adf117622a0acc1f96885b4e8d01096bf74b586924c6ac877c
SHA5127e19eccb43cd02466289c80aa40b9c292c6ab3ef60975e793b6300fe5e69f50c787981b3e938e64251a2cdced87cc78cc0ef590652522ba85f83ad43ebd09fda
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\CortanaUnifiedTileModelCache.dat
Filesize17KB
MD5975ac0b6e6a81af93c331d80a5b760ac
SHA11969046d60c30b28eb336209b4f3eb4f916b926a
SHA256c3e112aec657fe5259fc0d106a7d6bc7a868064993312db40cd7f60fbe54f264
SHA5123e6f928bf305798785fd564b5b9f4cebffa1f0e8419c61e0201edeb5caacbf6fbf136d93b9250ba76293bb4bbf108d18eebbf2345a84b8b6c21e006cb1dfc957
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat
Filesize22KB
MD589e5c46a6e297e72f38b9dbf18bf8c5e
SHA13c840ec741d3bc4044b9583f0c974b2a16a0f579
SHA256af29dcca30c6b40422c76a6724a41c1c370b387cd6c2737e928465f58093e4fd
SHA5120e07b75307a48b4047e0fd54d71acf8133188fbc16f1870f5bea8cbfc7fcb71f2bbc66ff50003094eeda8d8e5de46933db6e021cd5bc5e49934c6b8b05c453c0
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat
Filesize22KB
MD54f8f26960cc459f1f4ef0cc63b082ce1
SHA108b7cb406fc4946bd0c5726c9beec59ff13a48c1
SHA2562089850e60d04525d4cbb8b7db64d07063302a5af4b564c60316be1cf9698073
SHA5129f82a019f1a4449107fd259d57b74b678ff0450eef5fe4106d5c6e1785bda95112f0d46300956554eb7c086501bb0ec85286779c0822aaae4948dcf508975664
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat
Filesize22KB
MD52d4499b490ec1091817a9b2777be45ca
SHA119ca2336bd561e943b2abf02e901f555a7206ec3
SHA256483afd526a3e87206585896ca540e2222db1b356449b9ceefd93a662719d84d0
SHA512e41f8f30f89fa9d9050737bfd7865c8506065a392eb984e9a1d3b08373be260ca4c51ca439145800cb1c8b86882606b6a3802dfbb98ae45520998bd8370e3e47
-
Filesize
26B
MD5e0a0ed720424ba7cabbcaf3c3b88385a
SHA1a7d9472f31a0886f1069ba87e2f752adaf2ebd67
SHA256eb569fcefe72a453ea7216a1ca3a9d756371cfa73b0a984b25e5e5d86b7f2f31
SHA512e5a025ddf5cb4302af6d6593757c29aaaad4afb84ee29dc0d03a1b1d3041f253b6de022dd59c02cd67d9d9e977631152a2da6bcff219adef3459a99a529d9dd5
-
Filesize
26B
MD5e0a0ed720424ba7cabbcaf3c3b88385a
SHA1a7d9472f31a0886f1069ba87e2f752adaf2ebd67
SHA256eb569fcefe72a453ea7216a1ca3a9d756371cfa73b0a984b25e5e5d86b7f2f31
SHA512e5a025ddf5cb4302af6d6593757c29aaaad4afb84ee29dc0d03a1b1d3041f253b6de022dd59c02cd67d9d9e977631152a2da6bcff219adef3459a99a529d9dd5
-
Filesize
26B
MD5e0a0ed720424ba7cabbcaf3c3b88385a
SHA1a7d9472f31a0886f1069ba87e2f752adaf2ebd67
SHA256eb569fcefe72a453ea7216a1ca3a9d756371cfa73b0a984b25e5e5d86b7f2f31
SHA512e5a025ddf5cb4302af6d6593757c29aaaad4afb84ee29dc0d03a1b1d3041f253b6de022dd59c02cd67d9d9e977631152a2da6bcff219adef3459a99a529d9dd5
-
Filesize
35.9MB
MD55b16ef80abd2b4ace517c4e98f4ff551
SHA1438806a0256e075239aa8bbec9ba3d3fb634af55
SHA256bbc70091b3834af5413b9658b07269badd4cae8d96724bf1f7919f6aab595009
SHA51269a22b063ab92ca7e941b826400c62be41ae0317143387c8aa8c727b5c9ee3528ddd4014de22a2a2e2cbae801cb041fe477d68d2684353cdf6c83d7ee97c43d4
-
C:\Users\Admin\AppData\Roaming\Microsoft\Document Building Blocks\1033\16\Built-In Building Blocks.dotx
Filesize3.5MB
MD545b3206b0a14eb850f21a52116f021ea
SHA1f287403bed53875136f30a99350e90b93772b9c3
SHA256c6407f48bae9ff72044f64b06622076a84d9e8f36a9e0f4f0632a5e644adb6aa
SHA51213cd2891e896257271d6a1263295716855847cfd55cbe05c9420b1c4ea677f6535596888695e79ad5918ea1d01984a9482a717b86f6de4e064bb8bc154a6f80c
-
Filesize
202B
MD5dd0c1d22223d8d0e4e271a25a6576eb5
SHA124db1209d718bd8eb443da6eec2ee28d39aaecd8
SHA256c5b636a315f8af0aac9068a2517dbb1fe136a77b9baefd12af102e65b28a13e2
SHA512fe7568b22218c10b268c115f2209ffa8282777e354a9ce0980857879c0364f005fb6af69627e95286a8229191d34e97479498986c657c6d4a394e54731653195
-
Filesize
202B
MD58238a7945e0a8d6325db3b8a05de0242
SHA1b82b397c044fd0612d13e089886ab6d78f5d735d
SHA256ffeff0071bdcf4412fc1921b117e180b1004ad81a51639b4d826da9c8779d0fd
SHA51231a952605dcdee0c80fb67b593111a17a12a3e977f3f045ca781edc061aeefdd559ae500c5c87a8b9efdb0ade46381f934cfe3dd785ca799f2f179f7cc87c167
-
Filesize
202B
MD58238a7945e0a8d6325db3b8a05de0242
SHA1b82b397c044fd0612d13e089886ab6d78f5d735d
SHA256ffeff0071bdcf4412fc1921b117e180b1004ad81a51639b4d826da9c8779d0fd
SHA51231a952605dcdee0c80fb67b593111a17a12a3e977f3f045ca781edc061aeefdd559ae500c5c87a8b9efdb0ade46381f934cfe3dd785ca799f2f179f7cc87c167
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\8E1C62RJR1I6D5RIZ5AJ.temp
Filesize24B
MD54fcb2a3ee025e4a10d21e1b154873fe2
SHA157658e2fa594b7d0b99d02e041d0f3418e58856b
SHA25690bf6baa6f968a285f88620fbf91e1f5aa3e66e2bad50fd16f37913280ad8228
SHA5124e85d48db8c0ee5c4dd4149ab01d33e4224456c3f3e3b0101544a5ca87a0d74b3ccd8c0509650008e2abed65efd1e140b1e65ae5215ab32de6f6a49c9d3ec3ff
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize3KB
MD5be275cf1ae7dd7852196b03b98908e57
SHA1b90f11871baf62e0ed5ddda45b5516a4103d88be
SHA256ac4b50f71fd690b00f4efc031a6dd668f5fe8130081b4fb66eebab31d3d5e665
SHA5126865bb85930a2a4550002648035ce192c3e12e600344a7d89ca05a022708e5f00effc290d195f29469b5f1b3775558f99f4cf17a6c0c6159955bce1dbfb05d79
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize3KB
MD50757f0083faad4c8d47f31aed954aef5
SHA131e3f32dc8f970a54989e071b04fc83544c9a74f
SHA256a67f9f6607c9ad67492006b07db5a7e1ce9b64b9ce95f0741d722ae73d9690e2
SHA512c06749fdaa7cdf13805269a64f30665b7fec6bf0662a206dc05efd472ecf276227985ec3edf2973b1290b9423630885cf71efdc0a6f64829dc08849336799c46
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
Filesize3KB
MD53b3768e3ce2426d2f48ad4bc9d931782
SHA1359d6e34671b3fcbd5decd323fe9c544e185cbc3
SHA2562333891739bec38e19365d83cd42cc35b4894a9910d06095f86bcde8fa682159
SHA512a851c4e5eb33ce233e6da502142b7ecb88f77be08323f5936f77c16a1fdbf679fb159b1c4a72a9436ccef70d4c5852b32cc68a7dfdb7479703ce44de634e31f9
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
Filesize3KB
MD5b51826570d04981f3ec78c58db677dc1
SHA14ac54cc9d12ff78553f112f0f9f8f0df1163f702
SHA2566f00bd39e7e54678f55f8453296d7cad8ff0f795a7b7a82fbb016481acdd9aac
SHA51274b0d8523ada849f675cd8a4abf16f4529d36649b0cec2a51a7f29a61cfe324a019df28c44bd1db34ff1d5d0bf353900787699e634a8cd30a68d4a33fc7b47f0
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
Filesize3KB
MD52daac76c4be750c61b44b539e24362bc
SHA12847c5e3a4414d8f0c8c32b3f55b25d821df9304
SHA2562fb29fdf1b508a314e0a6d05572a46bcbaf224580f9b3fc0cc44b78285aa4c71
SHA51217baac07a858141fa6d28875cb02726c7a5206e43fcb3aa8617a0609b6be3dff6e19feb47990a4075ed8fa2b023fe5e6cdbfd3d66534f8cf4d34acb76e4581d5
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
Filesize3KB
MD53b3975f60677d142eb93b4015681677d
SHA163c3e91a3cc74be8672bf36d9a7bbf5dd31ae435
SHA256d1345ae4a7c147e47473e7c3d8dd3f5a03c4092cb96c5d12693ec67cbabfbb7c
SHA51277cdce70faac1f38286d3ba0d8b67619b4a6f53eb2beb32d3576f87564a3da1a4a1385e4c90eca9a73d6a97395781c7211022c98c2ca6006e28a1b80c9e06ea1
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
Filesize3KB
MD5289dbb1934d79a79183a0e6c810c57ca
SHA1256e1b40cbe9176e261944c2929925e870fde466
SHA256d79030aeea85a1dbf80d2ed09d73e05692c1ac976b272a6c75b97a1dbaf4f4eb
SHA512e681891211638b1f23ed33ff53ce7d59303395597fe9f3d8ba616be2e0684223892a90fa0f2083825dcded8b23edeb2433f6519c95bd596e7e73f96e92a12786
-
Filesize
385KB
MD5882806ad00be2c109221486deb74bad0
SHA1683dafc14c3818407c3e7b9dd1c34017b0b25d23
SHA256a4088dc667f7223954b09da5b8a870e28ca81d4a31e1f955bc8dac153f0c0f03
SHA512a900668dc476629c9452034682eb920708decfa1929711353c572e82df39810aeede18923ae068e44a2690ab439362cba427a32e55ccb8463bb5a3291f965809