Analysis
-
max time kernel
847s -
max time network
1460s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
-
submitted
25-04-2024 20:31
General
-
Target
Thorium_SSE3_123.0.6312.133.zip
-
Size
257.1MB
-
MD5
9ea8abfc92f30a3f75d6494f5798277e
-
SHA1
217830880c52b95cf0f8d36f4c0edc0ce4712513
-
SHA256
90498c885f4ec21badd948cb84f81a846bf853de58551248df94c9dd9b074fd8
-
SHA512
b929408e983044791caedc36177e4de4d49bae640f62f6c7e2d45e8b12b5ecbda8c437d51d26fb34c94af54a946e1302207ca0c2b8a02a3d657ba70f43c49e47
-
SSDEEP
6291456:zjySOrZxK4R3rNiEnTn2kLWgr5kN6k1104yDD80qE5pCEa1Ln3i7:zMjb5f2Wfr5kN6g10LE0qE+Ea1u7
Malware Config
Signatures
-
Suspicious use of NtCreateProcessExOtherParentProcess 2 IoCs
-
Modifies boot configuration data using bcdedit 1 TTPs 1 IoCs
-
Blocklisted process makes network request 11 IoCs
-
Downloads MZ/PE file
-
Modifies Installed Components in the registry 2 TTPs 46 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 4 IoCs
-
Modifies file permissions 1 TTPs 1 IoCs
-
Enumerates connected drives 3 TTPs 64 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
-
Checks SCSI registry key(s) 3 TTPs 64 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Disables Windows logging functionality 2 TTPs
Changes registry settings to disable Windows Event logging.
-
Enumerates system info in registry 2 TTPs 12 IoCs
-
Modifies Internet Explorer settings 1 TTPs 64 IoCs
-
Modifies data under HKEY_USERS 3 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious behavior: AddClipboardFormatListener 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 7 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 1 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\Explorer.exeC:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Thorium_SSE3_123.0.6312.133.zip1⤵
-
C:\Windows\helppane.exeC:\Windows\helppane.exe -Embedding1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:https://go.microsoft.com/fwlink/?LinkId=5288822⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd492f46f8,0x7ffd492f4708,0x7ffd492f47183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,11170311818732613938,15482592559475708265,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,11170311818732613938,15482592559475708265,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,11170311818732613938,15482592559475708265,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2960 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,11170311818732613938,15482592559475708265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,11170311818732613938,15482592559475708265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,11170311818732613938,15482592559475708265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3724 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,11170311818732613938,15482592559475708265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2188,11170311818732613938,15482592559475708265,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4780 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2188,11170311818732613938,15482592559475708265,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5008 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd346fab58,0x7ffd346fab68,0x7ffd346fab782⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 --field-trial-handle=1956,i,6690096903031790843,8633684698172570562,131072 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1996 --field-trial-handle=1956,i,6690096903031790843,8633684698172570562,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2276 --field-trial-handle=1956,i,6690096903031790843,8633684698172570562,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3104 --field-trial-handle=1956,i,6690096903031790843,8633684698172570562,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3112 --field-trial-handle=1956,i,6690096903031790843,8633684698172570562,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4380 --field-trial-handle=1956,i,6690096903031790843,8633684698172570562,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4492 --field-trial-handle=1956,i,6690096903031790843,8633684698172570562,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4664 --field-trial-handle=1956,i,6690096903031790843,8633684698172570562,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 --field-trial-handle=1956,i,6690096903031790843,8633684698172570562,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5040 --field-trial-handle=1956,i,6690096903031790843,8633684698172570562,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level2⤵
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff65515ae48,0x7ff65515ae58,0x7ff65515ae683⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3964 --field-trial-handle=1956,i,6690096903031790843,8633684698172570562,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4112 --field-trial-handle=1956,i,6690096903031790843,8633684698172570562,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5252 --field-trial-handle=1956,i,6690096903031790843,8633684698172570562,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5200 --field-trial-handle=1956,i,6690096903031790843,8633684698172570562,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5368 --field-trial-handle=1956,i,6690096903031790843,8633684698172570562,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5232 --field-trial-handle=1956,i,6690096903031790843,8633684698172570562,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe"1⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell2⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5152.0.1753800827\2129706152" -parentBuildID 20230214051806 -prefsHandle 1792 -prefMapHandle 1784 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc710305-dac0-4167-a3f9-1e2e369eb193} 5152 "\\.\pipe\gecko-crash-server-pipe.5152" 1884 175be224658 gpu3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5152.1.1451194832\100188541" -parentBuildID 20230214051806 -prefsHandle 2440 -prefMapHandle 2428 -prefsLen 22112 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b55096f8-2bd6-44e7-9900-242f02dedf75} 5152 "\\.\pipe\gecko-crash-server-pipe.5152" 2452 175b158a258 socket3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5152.2.1985434889\1491837088" -childID 1 -isForBrowser -prefsHandle 2976 -prefMapHandle 2972 -prefsLen 22215 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b7de0835-6954-4832-b9ce-f3e53895f331} 5152 "\\.\pipe\gecko-crash-server-pipe.5152" 2988 175c1005858 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5152.3.1219034149\328722332" -childID 2 -isForBrowser -prefsHandle 3952 -prefMapHandle 3960 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {33de5898-36e3-478f-8f94-209a09e06541} 5152 "\\.\pipe\gecko-crash-server-pipe.5152" 3968 175c2dcf058 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5152.4.55525741\2096902582" -childID 3 -isForBrowser -prefsHandle 4864 -prefMapHandle 3980 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {34f227e6-50b2-4962-b7f0-5e6eb995cd7a} 5152 "\\.\pipe\gecko-crash-server-pipe.5152" 4872 175c5158758 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5152.5.1161206624\1833416803" -childID 4 -isForBrowser -prefsHandle 5220 -prefMapHandle 5224 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f859211e-7015-40af-8899-af409d421752} 5152 "\\.\pipe\gecko-crash-server-pipe.5152" 5208 175c5158a58 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5152.6.413655440\2147019983" -childID 5 -isForBrowser -prefsHandle 5412 -prefMapHandle 5416 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {378ce532-792f-45c1-9b6e-63c13e2db151} 5152 "\\.\pipe\gecko-crash-server-pipe.5152" 5400 175c515a258 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5152.7.1636600338\219782576" -childID 6 -isForBrowser -prefsHandle 5896 -prefMapHandle 5888 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0dc3bc68-0069-45de-b4b5-c6f9c82c1e60} 5152 "\\.\pipe\gecko-crash-server-pipe.5152" 5864 175c6e7ad58 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5152.8.771147493\487951736" -childID 7 -isForBrowser -prefsHandle 5780 -prefMapHandle 5888 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f30f8c2-b448-4d77-88f0-c6648cc3f468} 5152 "\\.\pipe\gecko-crash-server-pipe.5152" 6060 175c3609758 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5152.9.533182389\896246766" -childID 8 -isForBrowser -prefsHandle 10168 -prefMapHandle 10172 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {97d734a3-8b8a-4738-bc11-e3613727356a} 5152 "\\.\pipe\gecko-crash-server-pipe.5152" 4312 175c2ebab58 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5152.10.549587624\1611157257" -childID 9 -isForBrowser -prefsHandle 10116 -prefMapHandle 10108 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e1cac39-4a3a-482b-b2c5-cfbf97f53d3e} 5152 "\\.\pipe\gecko-crash-server-pipe.5152" 10124 175c2ebb458 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5152.11.939637321\2095702578" -childID 10 -isForBrowser -prefsHandle 9944 -prefMapHandle 9940 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8832cb71-e194-4bf5-81d1-b845601df885} 5152 "\\.\pipe\gecko-crash-server-pipe.5152" 8152 175c2ebc058 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5152.12.5887142\2139158607" -childID 11 -isForBrowser -prefsHandle 5864 -prefMapHandle 6092 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {51d76e39-6fce-4529-a17a-4bca805ee556} 5152 "\\.\pipe\gecko-crash-server-pipe.5152" 10220 175c2ebab58 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5152.13.830030927\1877443080" -childID 12 -isForBrowser -prefsHandle 5880 -prefMapHandle 6216 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a154ea14-27fb-41d3-bf86-926c76f1293f} 5152 "\\.\pipe\gecko-crash-server-pipe.5152" 5876 175c2ebc958 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5152.14.1619625857\1914226610" -childID 13 -isForBrowser -prefsHandle 9748 -prefMapHandle 6236 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {21b0fef8-3438-4ee5-a198-8a1afbf4aa11} 5152 "\\.\pipe\gecko-crash-server-pipe.5152" 8316 175c3e8b458 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5152.15.558619723\2133130873" -childID 14 -isForBrowser -prefsHandle 8200 -prefMapHandle 8196 -prefsLen 28041 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {edd746ea-4d00-4bd4-8764-22c84413994b} 5152 "\\.\pipe\gecko-crash-server-pipe.5152" 8176 175b15e0e58 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5152.16.1678007344\1199024480" -parentBuildID 20230214051806 -prefsHandle 6036 -prefMapHandle 6192 -prefsLen 28041 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3730a2c4-0b28-401e-ab2a-a3f3601e0a0d} 5152 "\\.\pipe\gecko-crash-server-pipe.5152" 6168 175bff27858 rdd3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5152.17.1129645007\1680888687" -parentBuildID 20230214051806 -sandboxingKind 1 -prefsHandle 9668 -prefMapHandle 9672 -prefsLen 28041 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c07c5272-1f46-4fb6-bb45-53ebb8a42e41} 5152 "\\.\pipe\gecko-crash-server-pipe.5152" 6076 175c0abea58 utility3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5152.18.591720335\1619298923" -childID 15 -isForBrowser -prefsHandle 4912 -prefMapHandle 4884 -prefsLen 28041 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c7f93087-c4e4-4558-90e2-aefb14c09913} 5152 "\\.\pipe\gecko-crash-server-pipe.5152" 9820 175c5166658 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5152.19.675044865\1965960446" -childID 16 -isForBrowser -prefsHandle 9252 -prefMapHandle 9256 -prefsLen 28041 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b97f290a-73c9-482b-a2ad-a769225fbf19} 5152 "\\.\pipe\gecko-crash-server-pipe.5152" 9844 175c5166f58 tab3⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe"1⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell2⤵
- Blocklisted process makes network request
- Deletes itself
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\vtpyz4st\vtpyz4st.cmdline"3⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4BA3.tmp" "c:\Users\Admin\AppData\Local\Temp\vtpyz4st\CSC11F882EEA9EA4725863D88BF83D5278.TMP"4⤵
-
C:\Windows\System32\setx.exe"C:\Windows\System32\setx.exe" ChocolateyLastPathUpdate "133585522595101960"3⤵
-
C:\Windows\System32\setx.exe"C:\Windows\System32\setx.exe" ChocolateyLastPathUpdate "133585522598786709"3⤵
-
C:\ProgramData\chocolatey\choco.exe"C:\ProgramData\chocolatey\choco.exe" -v3⤵
- Executes dropped EXE
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" choco feature enable -n allowGlobalConfirmation3⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\ProgramData\chocolatey\bin\choco.exe"C:\ProgramData\chocolatey\bin\choco.exe" feature enable -n allowGlobalConfirmation4⤵
- Executes dropped EXE
-
C:\ProgramData\chocolatey\choco.exe"C:\ProgramData\chocolatey\choco.exe" feature enable -n allowGlobalConfirmation5⤵
- Executes dropped EXE
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\pt1jnaqr\pt1jnaqr.cmdline"3⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES5A2A.tmp" "c:\Users\Admin\AppData\Local\Temp\pt1jnaqr\CSCEF1022BF326A4BD7BEAACB4CD3B3994.TMP"4⤵
-
C:\Windows\system32\powercfg.exe"C:\Windows\system32\powercfg.exe" /hibernate off3⤵
-
C:\Windows\system32\bcdedit.exe"C:\Windows\system32\bcdedit.exe" /set {current} bootmenupolicy Legacy3⤵
- Modifies boot configuration data using bcdedit
-
C:\Windows\system32\Taskmgr.exe"C:\Windows\system32\Taskmgr.exe"3⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\icacls.exe"C:\Windows\system32\icacls.exe" C:\ProgramData\Microsoft\Diagnosis\ETLLogs\AutoLogger /deny SYSTEM:(OI)(CI)F3⤵
- Modifies file permissions
-
C:\Users\Admin\AppData\Local\Temp\OOSU10.exe"C:\Users\Admin\AppData\Local\Temp\OOSU10.exe" C:\Users\Admin\AppData\Local\Temp\ooshutup10_recommended.cfg /quiet3⤵
- Executes dropped EXE
- System policy modification
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd346fab58,0x7ffd346fab68,0x7ffd346fab782⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 --field-trial-handle=1940,i,7788949428158688703,5871150766188545477,131072 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1940,i,7788949428158688703,5871150766188545477,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2256 --field-trial-handle=1940,i,7788949428158688703,5871150766188545477,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3068 --field-trial-handle=1940,i,7788949428158688703,5871150766188545477,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3088 --field-trial-handle=1940,i,7788949428158688703,5871150766188545477,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3592 --field-trial-handle=1940,i,7788949428158688703,5871150766188545477,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4460 --field-trial-handle=1940,i,7788949428158688703,5871150766188545477,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4120 --field-trial-handle=1940,i,7788949428158688703,5871150766188545477,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=848 --field-trial-handle=1940,i,7788949428158688703,5871150766188545477,131072 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4840 --field-trial-handle=1940,i,7788949428158688703,5871150766188545477,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4788 --field-trial-handle=1940,i,7788949428158688703,5871150766188545477,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4536 --field-trial-handle=1940,i,7788949428158688703,5871150766188545477,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1668 --field-trial-handle=1940,i,7788949428158688703,5871150766188545477,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /01⤵
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Modifies registry class
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies registry class
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /02⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Suspicious behavior: GetForegroundWindowSpam
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies registry class
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /02⤵
- Modifies Internet Explorer settings
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe"3⤵
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"3⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"2⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd492f46f8,0x7ffd492f4708,0x7ffd492f47183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,7017870041879619300,9970828220386170727,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2020 /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2004,7017870041879619300,9970828220386170727,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:33⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2004,7017870041879619300,9970828220386170727,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,7017870041879619300,9970828220386170727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,7017870041879619300,9970828220386170727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3688 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,7017870041879619300,9970828220386170727,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3716 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,7017870041879619300,9970828220386170727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,7017870041879619300,9970828220386170727,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4388 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,7017870041879619300,9970828220386170727,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4320 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,7017870041879619300,9970828220386170727,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4320 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,7017870041879619300,9970828220386170727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,7017870041879619300,9970828220386170727,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3924 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,7017870041879619300,9970828220386170727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2004,7017870041879619300,9970828220386170727,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3192 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2004,7017870041879619300,9970828220386170727,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2452 /prefetch:33⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,7017870041879619300,9970828220386170727,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2444 /prefetch:23⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /02⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\werfault.exewerfault.exe /h /shared Global\41ff0962c29c43a2b10471acfb29049a /t 7008 /p 54041⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Checks SCSI registry key(s)
- Modifies registry class
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies registry class
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Modifies registry class
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies registry class
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Checks SCSI registry key(s)
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies registry class
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies registry class
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies registry class
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 6244 -s 35522⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies Internet Explorer settings
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies Internet Explorer settings
- Suspicious behavior: AddClipboardFormatListener
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Modifies registry class
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies registry class
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies registry class
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies registry class
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies registry class
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies registry class
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies registry class
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\system32\dwm.exe"dwm.exe"1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\system32\dwm.exe"dwm.exe"1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
File and Directory Permissions Modification
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
4Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\ProgramData\chocolatey\choco.exeFilesize
10.5MB
MD5e007586a7919ab631c6a0807c5980c29
SHA1aa678e654b7a0577952f0495ce24ce13a88a87d7
SHA256463637654593c3ae015f556ccd9427efc6feb6aa466a0d29993acc611adf19ad
SHA5121b2709ba142a88044c3c9be983a8ae6d0b51bdaa6a8940ae1fcc7ceecef28a09ddf1c0853c6f003bb7739e1e5cd91907ef837b2a2a672cecc35cd231553525d9
-
C:\ProgramData\chocolatey\config\chocolatey.config.1956.updateFilesize
8KB
MD5098b8cd4f64a71c394780021b468a26d
SHA1b8b9bd04891b5a9dae0a89d31f615f6b28ad8fec
SHA2564d1d5405b2460ece564c67d045cd05d9e2f6d23d2ab45cb0535a67273d99984a
SHA512eb6c962867525ea71df51fec50801ae557f7f54fe335a8b8b40eef3468864fafe268e3fda5940443ef09eff12cc8426dbd9d52f3db13f720be3f64ca921426a8
-
C:\ProgramData\chocolatey\config\chocolatey.config.5348.updateFilesize
8KB
MD5cbccded419ec9f3f25eba050724e209f
SHA1b0c5b8f3b8e0d6ebd0b5ce2b9d48207d85c251e5
SHA25684921656d654b9517a44c8763b3724b2397863098473f6acceebc8d5b685a76b
SHA5128d2dec0fd1f57e393812047852cc61c0de96639bea420ad5cd16953a0113c42c731f88f197376285ad26f16be62e5c1b48d8a841dc77bbc8db6e98d99b7458ff
-
C:\ProgramData\chocolatey\config\chocolatey.config.backupFilesize
809B
MD58b6737800745d3b99886d013b3392ac3
SHA1bb94da3f294922d9e8d31879f2d145586a182e19
SHA25686f10504ca147d13a157944f926141fe164a89fa8a71847458bda7102abb6594
SHA512654dda9b645b4900ac6e5bb226494921194dab7de71d75806f645d9b94ed820055914073ef9a5407e468089c0b2ee4d021f03c2ea61e73889b553895e79713df
-
C:\ProgramData\chocolatey\helpers\chocolateyInstaller.psm1Filesize
16KB
MD5c23bf768ded97cfdca68266838da57ac
SHA142452a5fd424ee2a57e3f128677243027050e6b3
SHA256f877b0301ee2553d7abdd4aa8484812b98f68a2ad35963fb7d667568f29ca5ab
SHA5120a2f41b0ebe685a07b4486739701b1614cb2def284becfb7a957535be825da8e509d0c92817d624494406c936efe4593d97e7afa29395656107f2a56518141e8
-
C:\ProgramData\chocolatey\helpers\functions\Format-FileSize.ps1Filesize
14KB
MD5cfed95528c3908c1c9e0af21d699534d
SHA16a77c5c095946300fb5076b0e6fda5dc024c26c2
SHA2562234bf5ba5138404d9e56be44a7bd61c48b6d68b10ccd1d4384eba1cd758df18
SHA51276547f51600aee8caa94634f65d034f06e7cba7da7520633e21653e8c83b55e414cab1ba96be6ed1e6bf6ac413859d9e889e00bee09c1138e6b6f7a52462af16
-
C:\ProgramData\chocolatey\helpers\functions\Get-CheckSumValid.ps1Filesize
24KB
MD5fe79cb90855649a84b6763e974fbe3bf
SHA16b4b8e16e8196538d171c48a010969f4341b4ef1
SHA256a5d4312c015385e87df4bf13f4a191da61e94fcdad896c0a5bc3b7d54f0e4327
SHA512e2b039d5c6512448b358a8a7281f13737b210761ec54eedee463fcd6edc760c50e11a723685ee8cf493ce771fffaffc32f66cf803990bd199a429969fb3cd1d6
-
C:\ProgramData\chocolatey\helpers\functions\Get-ChocolateyConfigValue.ps1Filesize
14KB
MD5467d283f50455e05c6a64c73b3507be6
SHA1aad8a58ed077c48fcf15f76e1579501dd24c12f6
SHA25658ab680942bef99b23ab662ed03f0369dbaf1f86e307f3cddd6698e1872b69e3
SHA5129a1760ce9626c3911d30d011f2f4014ea8a74158a054c81d6deee79ddb08d3ae104fa39db51b673dec6a124b9320062065b8a165fa46a6749704939b0e165229
-
C:\ProgramData\chocolatey\helpers\functions\Get-ChocolateyPath.ps1Filesize
15KB
MD5709d430efbfbfa682479998603080451
SHA1cdc524f5544add18857ae44a1f35b5bb768d6f65
SHA2566051d245726c48d67c7d9c679d384eccdfe3446c867013beb3df77c044d4727a
SHA512f201a42de7d0f7e923209367e6e0b13a5afdf4bfa3cc61e859436357a7a83e706b12d0b3f01810747d88c6c40c621e4ebabc39f195bd81a41ffe533205f53885
-
C:\ProgramData\chocolatey\helpers\functions\Get-ChocolateyUnzip.ps1Filesize
23KB
MD5cf3dd652d1eefc7c2e62e18bd9829f4c
SHA16bf82483f94bfd4d33a00b882b204cb3342924a7
SHA25668334b1fb4d6c061c7290eb9dcae736b7b31427ffa364a9a55761c58d2942a1e
SHA51285c08f8eab653377f4f249748f83c07b6a33f1c1a26700c5ff8d1542d5972715e4b4ddf0d0e7d60b93422dbfd8d1f1f0b77c8b34559b0738e99d2cdf54e466fb
-
C:\ProgramData\chocolatey\helpers\functions\Get-ChocolateyWebFile.ps1Filesize
29KB
MD50cc1fcd470b5286467b9e00eb9f56ee0
SHA1dc303d4be2bdbc54578676362c50900724132dfb
SHA2566530a016ae804f69b3d28b9c916634008c096680178f3c5f8bb0492a39997d71
SHA5125f200abd29ad934da309f2242c1091a120919c1a6164dd4dae569242035ba19bfe9df3e7dce1b084344a2b61ced1a2d80cf567c6723696904655b77c21b458fa
-
C:\ProgramData\chocolatey\helpers\functions\Get-EnvironmentVariable.ps1Filesize
16KB
MD52d1b1af3bde19a127e387089a701f8c8
SHA1fc1e1551c4ab005dc5f762ea07428231a5a3bcad
SHA256b4eec4e7aa77481830f2a19d6f5d6e1f95bef28b645e6144949ed52edf92e812
SHA512fd4817596c51a7936853433cc975353110f476d8356706dc45986ff4245077254584d17211947204cabe6762bcb5f2793c61e4aa330c0f1467663948f7847610
-
C:\ProgramData\chocolatey\helpers\functions\Get-EnvironmentVariableNames.ps1Filesize
14KB
MD534202f268d9a8cdf2581fe4090e4e199
SHA1dcbce47fca8b8da9ea9ff81fc303a907257eaa75
SHA25605dd8207338edfbcc11219bdeb5fa9dffd07818da45d0a553a3cebaf00b1b5ac
SHA5129d3ffbc9b05268a5129e3708a27efeb69cc1fcec66ce6d0f2b4f22dc832101c0084033a20abba2d3aeed701af8acd575e12f04e991bcf0bfc46d94e85dd84136
-
C:\ProgramData\chocolatey\helpers\functions\Get-FtpFile.ps1Filesize
21KB
MD56cb643511ff3b637cf8182f17b6a58c9
SHA1c2d00e2ca2a356e49bda17a9c48e2ceab1a59d32
SHA256d91228c4ea016d3c6ad4ca47bf37967185d633802fa078f961e2879e59c4b991
SHA512c96ce38dd0a39342b23ffc8270acff1df00258aaf8b3e06f9e2e51162a2510f3654fc8c98f578a0009ee41167293e67f5e8869ca628d99fa8789fa2e2a45b1c0
-
C:\ProgramData\chocolatey\helpers\functions\Get-OSArchitectureWidth.ps1Filesize
15KB
MD5eb7691855e80e96bddc78c20c79a30d4
SHA18b23335f244a1be347ccbee823be79d453775d8b
SHA2564fc0b54dead70628dfe4a435cc6c0028dd9f041084bb0cdf4dd8dd02c9f6f19b
SHA51265441300729b8e9be84d68777070cc89853cbdcc5c7b3a359ba6c7c7187133c9ff086442438797fe455d70f143f6e07789ba95c717a2d57e497f60300a6adeaa
-
C:\ProgramData\chocolatey\helpers\functions\Get-PackageParameters.ps1Filesize
19KB
MD5ce76900c3e42ba08219a0ca543bf9de7
SHA1e903409f4d814254179b8cfbff0c702d615ff183
SHA2566ab8f3514f4d8d8af265a62e3ebbf8f0cdb738d580d192e8df0adf5ff1c43b7c
SHA512f6041933545f8a7ce82cc35057db353bfc28abbc4fbdaedeae3aac3963d91f33d52743d877f89a8596137ee770f5dd063e9b8f4659e4ca49ec14a8e173975676
-
C:\ProgramData\chocolatey\helpers\functions\Get-ToolsLocation.ps1Filesize
15KB
MD56cd569f341acfbb21c1206e28845550f
SHA1ac27794a429bf573a2fbb5e3bdb85b40bf46aba3
SHA2565f117c564ea363b0cbf8d8225193355a189c7e7f35c7d46ab8210ec67bdec480
SHA512a8db4d3d36aae700305625bb86c0d86e41ff7d8ec5d76142c2ee74cb5b1877ab0e946b449ca5ab083df7da6573d145f39b40fca21f8e528d681d2e45cefea581
-
C:\ProgramData\chocolatey\helpers\functions\Get-UACEnabled.ps1Filesize
14KB
MD5522f2cdbceccbba3f723619d5a616ee2
SHA1303946dbd912076351f2051ab63c7d39f3c87a23
SHA256c4c02d8145781d891e9ad9ca4bb36067cd5d0133e1dd25f55c0c175b60cd5797
SHA512de7a368680230c24292858f687a291a95addb772409c4200a7ddd3c26de05adfd53f6a91aa11735dc603c7399d5dbb22bd1e6b13972c686f03f2cce8ec47e8b1
-
C:\ProgramData\chocolatey\helpers\functions\Get-UninstallRegistryKey.ps1Filesize
18KB
MD53e49f60a27a2d3ae746b4563ee525831
SHA16eaad2b3fe3a5f003cb2d606e84fa258f26296a9
SHA256ded65f2df2d3a0064d11b97d18d42eca3bbf0b20590c6c6c5084ffaae56f3aa9
SHA51245951b489875277c4d40b415c8daec61d3bd42ab670c277025ec2ef35d7247c963a8ff24aafa819860abff335ea42e0e18dc1b4615b2c5d06967a86bf18dda5e
-
C:\ProgramData\chocolatey\helpers\functions\Get-VirusCheckValid.ps1Filesize
14KB
MD5362cf6f94c4191d63ee4aa20aea79f96
SHA1586fe9c82fd2a2ba8574e4e6bf93ef8aaefe8ca2
SHA256e387e0608c2ca1275de8a13ac074d8931f546c712a29f7215f60635fea5cc0c1
SHA512676efbc4f9659fdadec814acfb41f2dabed5c4c85e035c9223f286cae2791a42703fac28eade534fd1b20d9a9ee1e6aa21f748705aafa8c2241569ade86e3040
-
C:\ProgramData\chocolatey\helpers\functions\Get-WebFile.ps1Filesize
26KB
MD50a17a529bd98cd11761f34b7714a2c8e
SHA1f7bacc30819d6390f1d8c86e6f7aa65c3400c705
SHA256950c6d6fe3242f55af189de52a12ada08cb1f3e2705f0985505eaf9cc01f4f59
SHA512b71a8c5feefa96131fa7998d721aa23f9833a05a801269c2c435d8a66c82a07ce18def89ef2d38156e24b1c0ec42cd21e86bb178947df5e24ec48e48d435e537
-
C:\ProgramData\chocolatey\helpers\functions\Get-WebFileName.ps1Filesize
22KB
MD5b8e964e1b59eeb8992513a1ac81264c3
SHA1f378092e1c67809686f05c9cb7fa5de81b59de5d
SHA256c3bd4e9b0ddf4f1cc43df0b019013cf186651576f5e37944d1082d831e5ffb81
SHA512e7a260f7399f7b6073d3eb3fe5fe854c10038a62eb910b9ec6031810305e8d0c085789f0a1e228cbb4e91b2e761c3b41df131a59fbe81fc530bf6573f9d40f69
-
C:\ProgramData\chocolatey\helpers\functions\Get-WebHeaders.ps1Filesize
18KB
MD5c593afae299be77bce5b752fe21767d9
SHA1a33023ef8bab93f6712d5a8940a2fe89984c3a08
SHA25696ecd0025b0b33401588345eb25ed9a58304d3e384696290ec2500573f2c56d4
SHA51228155d0b6d0480fea873417b2fbe9a28379923eb939e2c98924c4d5f085f27e8cc40f8ec43a7d85ba9271d93842bf2d9df8e5a45b761cc53c7bedd1a00358663
-
C:\ProgramData\chocolatey\helpers\functions\Install-BinFile.ps1Filesize
19KB
MD5e3a9bf29e0874795569bdd3c3a3a80fd
SHA1d24d82321d25d587e5a1672f6140128ac8af44be
SHA256c4ac48ff64f3f58ba03ffbe1481776c0290d4fe6cb0f5980e3015f774f306563
SHA5124d58c47e12c575950dc0094b88da1967ea87fa85871077122358d1cf46ef603fc78ef6fe0e917f47ad65d5185a30c5b16f6cb0a0201309c7e7dc629ed20cc4a0
-
C:\ProgramData\chocolatey\helpers\functions\Install-ChocolateyEnvironmentVariable.ps1Filesize
17KB
MD5df7a1fc007a10e85a437512ef06a34fa
SHA10fa5d98829212d727bb378142372da761b728a7b
SHA256da03724a6a5a261899dd6b25aceb9b2cf6aff2be4fe191b002b2cfa06c8ed0ea
SHA512cb21eef3a8d969878457cadac35e8039aae5b7caee94f1919bb157209dc228f85f02059f99f568ef160be437ab2edf924ecffdb911e2cdee6adee66b6248c4f6
-
C:\ProgramData\chocolatey\helpers\functions\Install-ChocolateyExplorerMenuItem.ps1Filesize
17KB
MD53542c045ce19c50a252344d1fb1f7f16
SHA101f6513904c131226f0473d7c45c44d8e2a98836
SHA256dd30696adeb8c7b25de87055cbcbda8de9c7d8d0a31e09d5bc614b6c9352dc87
SHA512b454432026f40100525fbd79377537521e8d0582ba350a5fbb4c2805b3a935d8a5112133c8695bba0cf0f9fd1a8ea4422c75d92b98200508e043725e0549b7fa
-
C:\ProgramData\chocolatey\helpers\functions\Install-ChocolateyFileAssociation.ps1Filesize
15KB
MD53a9c823dc275e58cdfcd475dae49b375
SHA1adc32e07886b7493012255d91ff7642f2cb00351
SHA25614f1eea364bb859cbb9c994b106ea70823f10a3b36829e653138d801d0838b8f
SHA5127c90d86d0dadcb07e98fe3def740ab7814159309de80c35b54dcaed72c8b9a8adaaee12a11f1fab6619c967701d7a7f633e6bdf07437f70c382e485bd704aa1a
-
C:\ProgramData\chocolatey\helpers\functions\Install-ChocolateyInstallPackage.ps1Filesize
27KB
MD5a67b77b7b35a2d287e1668da4f207a78
SHA1aa6513eb51118a1a7b9cabe9610660d665da0232
SHA2566ba23bf8adc2fd99e9f03120981c6f9f405ad3a63dd491bfe4818ab912049c38
SHA51215f8a7f6215d60e0aa91fede18c3a9e7969bd8b006328786efd16ebb0039aa5c6aa35b42789daab68e61a605ecab16bc979051a4ed403c6e44d4989f28509483
-
C:\ProgramData\chocolatey\helpers\functions\Install-ChocolateyPackage.ps1Filesize
29KB
MD5e51ddd7c4fa1c6e46032310d6339ef17
SHA1683fc2aa8f236e12d1ea165dd7d9e606b84bcc4f
SHA2560c4aea175566d8f80e84ae296f57f53b7dcb37d0856c5878c28ca5001a21a961
SHA51283d2ba7abb6b835738d4cfecd9b90d04b33347eaa550353688c7046ec86850484337da0d18cfae20c12592b866c16c2747752bf9d00489d916a681efa5f04086
-
C:\ProgramData\chocolatey\helpers\functions\Install-ChocolateyPath.ps1Filesize
17KB
MD57b7ea15a6f20bb1d5b3a9f48102686b8
SHA1a04e2ee23805fcde04aa86cf255c5deae21be06c
SHA2565ec041f0262af5c9792f9e8be00a82dc77f6850159feaf903c5bcb93518b7850
SHA5126b6dadb0bfcbc47189af989a86624a6409ff942fbcde9f098efb51747025826c4b4023e8d601b261d27f6f5411409399bb6767b46be92f21c9f84cd7a9fda6d7
-
C:\ProgramData\chocolatey\helpers\functions\Install-ChocolateyPinnedTaskBarItem.ps1Filesize
15KB
MD5072a47c1da6d363793535b963113044b
SHA17a545eade8bfcade33c60cddb61f1cad14cfe803
SHA2564d84d234c803dd49cba47c0aae825997fdb6096695ec4c033079b025f106be74
SHA512326bda8df0841c2d9e052dff0a3f0bf8af6b8eb57596d844e7ccd48c31cc842f1983ad64d7705e204ced14988eeff97df72ed78d042d08937ef07ee18c99153e
-
C:\ProgramData\chocolatey\helpers\functions\Install-ChocolateyPowershellCommand.ps1Filesize
21KB
MD53da0470e153fee3c90bf00d5ca634f35
SHA1061093b5c39b4a2a24de6a2a58f073e132ca8a64
SHA25667b4cb61c88c3bdeb91ab525dbf2f62c6e0c4a6ee32e75bb81e5e55a62292af7
SHA5128dc64cce104f5652856a08a9253c1290cf9f67f70ba8e84a0c806806f50c98eecbefb66227379748186c5c49440ebe54e0cb3f622f02b89f760d9b0f852d2afa
-
C:\ProgramData\chocolatey\helpers\functions\Install-ChocolateyShortcut.ps1Filesize
20KB
MD5fd89ca63a7e373b574b7713b3c35dfb9
SHA1649bfe8e85c291e9768da3ad2bccdf726e3ccb59
SHA25689d9ea528a53e4ce4807aab5b95fb841457b5b8de4a5297b57a96853c7947259
SHA5124adccdb5ccb7296a586b1a7a9504e53111b9b7efe05dbf1e38431367584115c8d31d8b3d3c02531755a4290ac6b5e798580d09c61b22acc5dabdf624cc00be71
-
C:\ProgramData\chocolatey\helpers\functions\Install-ChocolateyVsixPackage.ps1Filesize
21KB
MD53004b9102c2afd8b7ab79fcc2cdc0448
SHA18a4e8969c441ebb23b16412d0d1bf38b8b7c1ee6
SHA256b7691266bfed88461b4d52def459ba5a3f0b450b091c94c67e4c8904915d2ff4
SHA51275b5e74d8762f1eeb0d350624d148d2346d2ec952efb5854b1f66c6d473776c54ad32a5232d460f62d3a5555ba6fb5d2aeab6b98e068b9872d204a65794c8b65
-
C:\ProgramData\chocolatey\helpers\functions\Install-ChocolateyZipPackage.ps1Filesize
22KB
MD5e7e761356b067d147114466efef9f844
SHA1983ff75821297a14c86cd1b6048811df68082974
SHA2566105da40b3cdd0db2f05aaf1d14a743f49830ea02364cf796f0f3935c45614e0
SHA51210749cef3401cd639c582ece2f54bcd6e4be3fa31200b297ff61768ba68e2d1cb644de56b7e18bae5a58d046c052a630340a3ca5de30d03585c079061d5084b8
-
C:\ProgramData\chocolatey\helpers\functions\Install-Vsix.ps1Filesize
14KB
MD56b27cd71b512a1c2b4c1aa44f0901286
SHA1f87e19b4b6155d07f9cba9efc2a30b8e7772f507
SHA256307e5ff2c6a5fb2f9caee6eb96cb3cb37f54c89a2e27db25225fe6fbed80a9b7
SHA512b5a2ed79d4a75239b76eaaf85b6e65fa2d0ca3a1324e9bc903e43da7978a622c418a4a605fdeaa13d4aea6e094634fbc8d6916bbcd837fb69fccc0b2b9922643
-
C:\ProgramData\chocolatey\helpers\functions\Set-EnvironmentVariable.ps1Filesize
17KB
MD54bdb468bef10f29db2dcd47667bdd08e
SHA17244617c8e47446308cab8ebf4ae4b097c976ecb
SHA2564d251903327c2741dbf7517fcd76f18d09f6f613d771322027e54e274165d03e
SHA51228ce4391e62bcf2a2c835d030c30f34b255a5bc043eb37343aedce974046a3dad5a5debf11bad94d17c51a217ac0931e7bea99a3bbe04df31a0ed366b5e0bbea
-
C:\ProgramData\chocolatey\helpers\functions\Set-PowerShellExitCode.ps1Filesize
14KB
MD51df61e06f7bdb790069534c2eeb65a30
SHA14ccb201f6899699d9b3dd4788740d61a3208d39f
SHA256de966de4117a30b3065355ae72921fd11ff2e64b37778a985f439527a378cf08
SHA512e28b54d102e0449f0063f30f44ebdad01037a1778c5bd315175fe12a151402077ebdbef473dba85a3246597d92a4c11425903fbe662eebc4a335c3c2b3622c5d
-
C:\ProgramData\chocolatey\helpers\functions\Start-ChocolateyProcessAsAdmin.ps1Filesize
29KB
MD566eb324ed1b728a059f97ceb5047b1c6
SHA1645fa8b5dd6c822c5ecdda1d6fb6417c8f1c8f0c
SHA256816777b307ddfb371be419920bdb04000b83bebd69dcf32a637ec5fbd86762e2
SHA512a4558b8c6d2a6f8c111fd42162bbb858bedddd66eb36a5d76cd2e1ef3240ccd30adefd308a26c4bc8d83462839b64689d191c0c9b3bd073ec7a5c7aea4d1d8e9
-
C:\ProgramData\chocolatey\helpers\functions\Test-ProcessAdminRights.ps1Filesize
14KB
MD5f07f19dd150a5693e6b311e92e56da43
SHA1a82864e487bf8dceb5fb1c2092f9fd83f827d46e
SHA25653a7064ae6094b2e42c010264b32ec68b7f357fc0a6ad608d8e7fba280f60be4
SHA512c1ff84459cf0a3b80d9da77a5625c12f50bc50bff278786e12e97c18a2518bc44356dad2fe9ba33485f7aa263217dd9fce07114087bd8e71f077b814d15edfb0
-
C:\ProgramData\chocolatey\helpers\functions\UnInstall-ChocolateyZipPackage.ps1Filesize
15KB
MD581a4764aeffa94301233b2bb64a2a0b4
SHA1b82cc5deb47f401a068c7585d2be51f0539f09fe
SHA256a4c2f94e1e97142a289dbc3ad12a95c690944cd91b62031549d24ec4f53a84ed
SHA512a4742ff9cd66a2e251ce21320e1de01895f7bb8e735498081e735e4f5bc76aa06c91e4e1b019400315260f1ec257adc34c3e79175495cea8afebfa01d95f1bd3
-
C:\ProgramData\chocolatey\helpers\functions\Uninstall-BinFile.ps1Filesize
16KB
MD5c98e589b79d4d7dfe2e0819e8c1e9561
SHA1b07b2ff21b49b13eb4c9a5e6f1c30b0db7ee623d
SHA256dd365d4461670b3f741feee8adbe56caf578d2360858de40660cc660e903b9b6
SHA5121173f64932a771f573f134bea31b6c0b5d2879832cc591e37d7a579741151a820c7d758869c899e1f30ce58e72e1cc3b5d9cf2149baafb64c095bbb693eb15f9
-
C:\ProgramData\chocolatey\helpers\functions\Uninstall-ChocolateyEnvironmentVariable.ps1Filesize
15KB
MD5745c9f7ad93b2d0288a62fc2b3dee278
SHA128541f124f1d0cc65d73f052e067ea2219121b7b
SHA256caf065552293384cce7b165d1bd942de4a5c90cc4678a93e4e1398f1f7f19322
SHA5120ae1a96d12552071e5aad9f42d5ca97f41255fe939fc3511e8a53da1bd83135de6afce7455a7ea695284004eadf3ef9877fabe1ce5a2e89d7fd62189129e398f
-
C:\ProgramData\chocolatey\helpers\functions\Uninstall-ChocolateyPackage.ps1Filesize
18KB
MD534d8a1d68cb713a9c9d3a4583bbe2b1a
SHA14fbc437f25fb2412f83b2a5ec9c5eb27616e95d6
SHA256dd1d72b593bb4fa6e9b1787388f7db3411de1fe00948e1a9cf595ea04cf31e8a
SHA512af7eb5db77839416884e3dd4ba1c4ba35e56d66399b38eff8deabbfd3f4b2f9802b0f710eaab960eec130f8d2c77012dafeda667b674e92f56ab56e01cd1bf79
-
C:\ProgramData\chocolatey\helpers\functions\Update-SessionEnvironment.ps1Filesize
16KB
MD58812efa1be20f24f2dfb320f7cf1fc80
SHA13d117098203e4dc14c2e1eeed101c92f5ab25ee8
SHA256a0489aca98ca1f31481ee80504f7c277809d06f7513b2931ad15ef59657f6792
SHA5121a3c47e943e449660f21b9b8553165682613a229c678a464b63315beb86a7e1d4835c3bc7b29ab3a79723937a4c1097db4c3c5ea278b038f25856e30ca265690
-
C:\ProgramData\chocolatey\helpers\functions\Write-FunctionCallLogMessage.ps1Filesize
14KB
MD574e58419c577cc28b5c143cf44b3b411
SHA1e499e9d0db8826db46967ebdd0e790c19065a480
SHA256b35754fdae31826160c3e9883dd18ebf1c9efbeddda61ed731e1a4b7ed388c92
SHA51273b2d993284c58171b20a469a1e47cff1329f9bd51507cea42122815b77aa94498a1127d804db7b43dab63f71cb5abe47efdad76df5b78afd8e33fb3eeaba038
-
C:\ProgramData\chocolatey\logs\choco.summary.logFilesize
147B
MD52b8d176ced0efd450aa3e70ec52655de
SHA156428a0be5d32d1f1416ec07f2eb98ce1176d1bc
SHA256d934d3b2d2d901aec5e1f2df4160762bedf4c468d6e0054d6130bef21c548b3d
SHA5121ede100688a0f72ca10b6475c82ffefd7706bc6850a4c4a29e1e193f524510430aa99ea17e26b2b92f99b8fb3b8b6ab207bca3f0fa3f90dc9498a7d42b74722c
-
C:\ProgramData\chocolatey\logs\chocolatey.logFilesize
1KB
MD5dc6321e93685d627511246379ed100d3
SHA1d3d755b90b565feb6689355643af3b8c5350315c
SHA25690b1371fc4a715d7abed2afbf94869751d044ec48aed9ea845fd80d7215b3509
SHA5124191233fc9da15710b08607111cb5e70e291d3703bee04795001176c37ad9b15a7ed6e65f28c9d76b80eda85a0855471105128ce41e4cfd194bebb434170a403
-
C:\ProgramData\chocolatey\logs\chocolatey.logFilesize
4KB
MD5ab67ad02c453aa4cccb2a7fef5ac9cfb
SHA15afb517ac834c29b2b473addbe5a4fcd1e30403a
SHA25659370dab4434c7a453e25099e7060d9232efa179280df0fb3dcd165a8d54954a
SHA51209f7a02c2e0a4afe8d1c6e6b1ab24a6ca7785594b5bbd9b3214496ece6d7e6e0de4fd2d2d9361c1c02ff99c5060c16cb9e2143675497172408918ce4ff432c1b
-
C:\ProgramData\chocolatey\logs\chocolatey.logFilesize
6KB
MD57f798e11d47cd02a4eefc0191cbaee60
SHA1140907ee2d80c2e8cdd14acc5984d6098d47c24d
SHA256cca8104efa55bbed2ddf77be64491429d0bc5d20c889f6cbf467380d6f32c0b2
SHA5125e2ade80acfdd53458cdb9caa68f2e5bc3081d81539daf31ab8826bb8c78248e0ad86a3894f46b9df35937ffea85c7067093c2a4d7419521209775421949d3e6
-
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lockFilesize
4B
MD5f49655f856acb8884cc0ace29216f511
SHA1cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA2567852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.datFilesize
40B
MD5a251e7d8920ad0ae50087d3903f218d1
SHA189a40725b1fec22d61561b2286720638ac0f6625
SHA2566045f9f01ec3f769a595569f236cec5f057170f13aa5c7f8f01df1cd687725d5
SHA5120b3c16211e1da01608cab5853c907f5c061d22aad2f83aa990fd5e27b08cca8147c0b0f02af9c91e10b7dd8f9d658360a0d73900b0c101fd2a6758386007bc7c
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0Filesize
44KB
MD56df819dffbe6a3f783b7de4f35552cb5
SHA1e13d7596ce05a4c7aed6358974baf402cdecc677
SHA256e1529310da1715a34fa8b54434ce84932a18ed9ea409acf6b3ec7dab5a8d06e3
SHA5122c402ff29ec926a7353fc960f642f7d60453d63afd30fbaa03213a27a5e73400cdf9f39046904b63b2507bd7ca45b6d205229435e530924ff30eca66556a0990
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1Filesize
264KB
MD5dd10f3420747a07203f34575550fb51d
SHA185bbeddf7dbb5b823fe94a69e725bbb4a855aa59
SHA25689a7be97e1257e015e87398a2bcee99dff3de043f72a4aca3dfea0064049a262
SHA5129907537935fe90a1ffeacbf7fe7cb9bd1cc0f50e3cf3f1e932f4ad9e5b3be68bf18a2ba3b26289471fda1f0dadb41576057677ae931b1ae7f89d8f9f3a0020a8
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2Filesize
1.0MB
MD5c50a7c5ef489102349b709d77586bcd1
SHA14d1c8336ef0ca63380e01671f37b2847ea239bad
SHA25652daca139193726b72e4c627b25360f9d0d44ee0a55ff9961385b2e8cc0e76a5
SHA512ce2c7710650a646d1f2e907b24053bc1d8c3c57682d1cee50ad727bd6c8982c0ca49b188bf533617a8e75c7772c8e6f9b41d095850dcd62ca03d87d077bcac9d
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3Filesize
4.0MB
MD56f73f79e7cac34e40f286c4810fa6d80
SHA199a8b78daad693c6731767a4b33fe622c942d216
SHA256d94dd584f67c2690e01a5c0b648571e306db78e043249b0b2fb9e2dcaf5194bd
SHA512e66011d37e6f7aac5378dde7b26a122b46233dc19f4256df93579ab0f21be8c26fec80060ceea66044f9761fe2aa19ffbfeabd18707298534441ee9a484c1a4e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006Filesize
58KB
MD59b603992d96c764cbd57766940845236
SHA14f081f843a1ae0bbd5df265e00826af6c580cfe7
SHA256520408fec7c6d419184ec68ad3d3f35f452d83bd75546aa5d171ffc7fe72cb2b
SHA512abd88ee09909c116db1f424f2d1cbc0795dbc855fef81f0587d9a4e1a8d90de693fa72841259cf4a80e0e41d9f3e1f4bf3a78c4801264e3e9c7d9635bb79ccf5
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007Filesize
40KB
MD55ce7bdeeea547dc5e395554f1de0b179
SHA13dba53fa4da7c828a468d17abc09b265b664078a
SHA256675cd5fdfe3c14504b7af2d1012c921ab0b5af2ab93bf4dfbfe6505cae8b79a9
SHA5120bf3e39c11cfefbd4de7ec60f2adaacfba14eac0a4bf8e4d2bc80c4cf1e9d173035c068d8488436c4cf9840ae5c7cfccbefddf9d184e60cab78d1043dc3b9c4e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008Filesize
18KB
MD594b870978fd0e790d85e7bebda9561b2
SHA1423b9ac9bbbaa6018b9a9f4fe419a9a5ee775a51
SHA256c9140767da5fa49e8d052591e8d1fe2b297f384ffa75262afe9fac015ddb27be
SHA512d860eb016f02b3b1521aac533a2f84b10751f300cfa4ecbdd09c2943eb1c2ef6ad8b5afa8341122d4a142f5f07020cec23f9c872118b3e211c057107a60cd0e1
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\HistoryFilesize
152KB
MD5f916a72847721aa45f6f84802d31dbfa
SHA149fe4d437e0aa538880ba18a347ef00acab5ae26
SHA256968b0aa34ccddf7f87a3c3c64d2bc76167e458661026972d0e7fd4aad7245fa4
SHA512a649a9e51576e72b817faa644469a933c3a12f64b2e078d02de0ca5641b52efef7cdad113f857ffc9433ae357274ab8e3062b2a785e2e96e54995f4513f17967
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
1KB
MD5d55b5b1988d16c082f3ff940f0496d78
SHA1137b0b83a713f92f9cee09147382a0d9e376dcb5
SHA256421ac7a6e1a7831028bb28886a2dbf398d92f1cbce1837113e587a9923a7833c
SHA512f4f997fb9eaee4dea5a7cd74a2cace8ca11afb47dbaab5f2572c71954171857a48462254f6bc6f77257d30bfd25a6359a229e8293de6c4092835790a965b4f18
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
1KB
MD5b796c0f94ccb348ec1a01fb60460f35b
SHA162cfe34158b58e9259527f6125845193f0a069e4
SHA256cf5f2d3bf85653c6f3e76f314152ecc38fe8659624f206160246934947e8e300
SHA512d922ac757de266ccd5aa8ea5fec8e60866f771699cfdea806cecfcc25f72431e8a01117e5a42c0bb69e26be42bcfe232e0fd7152101ad7181d35dd9ae13c150b
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
1KB
MD57424debef387c90bc4d65bb21a753582
SHA11acad89fc741eb3efef6ecc430f621268518f35d
SHA256219600ed4c47aa2e9c26dfa4a289aedd04ee1b92b3ca3d0c9d9b10d457f1d058
SHA51223940bfc41afd5805cb5113e388cde6b1378db18accf7c6d877eeac2f1e5c1f012b461d059154ed554bca2b5d680574b34519c94879aa6fa33fc7cf0bf6a3698
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
2KB
MD5f41342d6b943eb2efe35fdd73c8a6f8a
SHA1a96d91a1af80196cc2d8078c61d4b01b6c9edae6
SHA256713fc3853957051f5d22c11dfe2714529ac333a1dd9460fbfb72515d365a2a04
SHA512efc4882c970b053ccf74adf4e206630e4f45b2f3964e65fc63c5d56ba52f53578c398dc649dda36f99d989542d51c40a63266d4465ed39bed30d23a8dce3a3af
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
2KB
MD55c2a2103b2cb7c2a3a7fefbcab016616
SHA174f8377dc6a14ac5bd2987b1aed0c0bfcd715b69
SHA256de8b24de1d4c4f4b1df5c81e3be60f7cb6c2817d3faf56c4871aa447a685a153
SHA512c5ec465180ef1e84bb591502669ca34f1b669115b8f0ccfb2aeb7b4b07bae34f4cb0c333884be8b8dd5b172dc4d9cfb78afab99a4a09da6640a06b2361882b88
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
1KB
MD53d3a13a463b0b866518485704554b9e8
SHA1867cd2e3746626ea5f226e9af0f7b831c51bbfa2
SHA2566e474177cd5b600dcfdc9cd9f48e884f58102c3617dcbdc9f598db3d206aea75
SHA512466070c809065d6b2026a532df8088a72e7561804711f40b2d4f20165557987064a28e3307415ca5879bad04cdd1d4d58aea95da8206caf8d94d6054046be605
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
2KB
MD53d48f946511e908f8b8b1c46e150ea11
SHA1a5f967de838c772474fddd6ee7af5a03fd28b58c
SHA25645efda6e943360873ecd0234955c1eccedbdbdf2d14948a281a3e031b7a76dec
SHA512090a8d1b1195004b641b2c163ac6cba2733256fb73864fffafa68838db105cbb69e8d3bf3dc2035b90e948fd2048563dda690140e771958426303c07486b053f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
2KB
MD5c44e064b1bfddbce9fa120f8994ccbd9
SHA173554758e83be60d07027b5a101bd375e703f16f
SHA25648242e180fe7ce41a9fad0664095906888d165ae308fe6777b7dafcee205e6f4
SHA512a8ac66a931ce54314a4dc7592c210f9b0ab1e3c4f603726a781eb79a922c33eaef927c27f1e88b159b3f5aa998d7c909f6899071cce261048931656696bf9f0b
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending ReportsFilesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
692B
MD52bcd6204e1bde8a1cb0f4e70aab60588
SHA1e2c586cffeee245fbd57bc16ea464cfbd2acae8a
SHA256597664c588825ea767d0de544d427f9469f09767371938a4b9b14452bb2b8c2b
SHA512cf61346a69f10fab4a79167c4e2f1a85684aa273f3ceb03bdebf0e27c56f316f59332835504f7de1572f46c76d43a8012885a42dbf0eb4fb0e87ea806b15555e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
692B
MD56dd279d839a69620366985e86944f0ad
SHA1f388a02dce848ef6d237257acdc8ea9fd49f83ab
SHA25643ae53650ccd32da265d49a46e674309b59ea20913258585e71e3d17c0a548b4
SHA512fd653328ad14201222193f4550666892626ca90a1536dbb36a07057332ad56860334c1470fa34867eaf379eb7ebeb36fac05f47c498cd11906d3608e8896c588
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
692B
MD5561fd3025dcdbff8b04c119bea8f3667
SHA1055899b8cdc6681e51c97d805cdaa94edec8e969
SHA256a79a94c599eec3cf98382e197adb6f37bca5276c72cfbdc7dbf61338ace9b021
SHA5128e07ef191b8fca36e68032affa2db2ae095c4a8cfb549a81d44178ec2bca7933b33a556c494a19d016406e3346955d57e4884cc1abf746d240d071da77d76cb8
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD58a74655430e16db84e33802675042b53
SHA17b16142f74f5e30e25b13619c6bbc414f8462fb3
SHA256e366d9840775f5800a0abd181b24cbda4a6de37ca9623efe99b31c6ac88e78db
SHA51212257060d7074ea67c6f3d326b459a9f91bff66954bc8f558fe9f1f9fae66ca5298329c6d814b41b068dd16f47f68c356243b8823913f37ddad3a4eb0f5aac15
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD55b512779794583af3be26a0192605fe6
SHA156ccb22f9cdc750f54cb9d7c297438893fd2fd34
SHA256a49a879a0f9c5a4df03b100c4fda3805644e9f048c08d207874ccd3d25604a9c
SHA51257bc580d10fe1fada39bed51a7d9ca74483468b12b11ba8f8b2d86de9097ff56ca6b30cb0b7b58288110a99a93e2499bc5d0bef1710aa6a81970dc5806f75863
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD587ac0bbb2c1567f3f5151d75b1786b54
SHA1ba65434a3fc94ba5dcdfbbc5f769ce97c94c65bc
SHA2563d6f3a33c79f2b3cb9288863a9d0cbca79bbd1bc8db33ad70fc21944aeb69d8a
SHA51222146bccda41f730a7497201780437d716d14c8a2ecb5679a9b52a99160bbc1370d1c6788d31d653420500cde993887135b3fab333640553ccfff6f7fd12269d
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD5566575de6cf975663a3fdd0737c96b48
SHA1a6d42db5003c3780207deee6872dfca375e51c2a
SHA256fb10f2317e7bc5c7c57e04197c9cba22181125b10a23a88d9910f49cd8e4df40
SHA5120ddb98706f239e576c5d539dd650e8bd57d21b8336ca641fde20a1f373756b40aa6898d2c535150f85be2adf8618a19e5dc2829d5f1d24868f4f5f59c384e92c
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD5131bea078f19ad1bb5f55b0bb6fbdb38
SHA1c79fc5dc2607bbf2073b5920bfd18b4c50f5f4aa
SHA256547d44a4db04264da27cd14e8b3e72e756e67da2166edc6c2a6c44789bd2c544
SHA5126a8a2e3091a0269d7ab86fab4d178241d06e5c4945fead124e6cea32d52bb764a79bc8c2791e9c64d3f4f12d7d61fc81dd75001735f12db81ac1279593d17734
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD56caaa64f495c243450467bbda06bed6b
SHA1c10093fb463dcfe053da408d7931e707fd3d5398
SHA256020e012845d3f8d62946cc83693bee80967f812426acb1f305787335ea18e4a6
SHA5122a2c18c9df3033c44a4516a2cd48a8f5ecfdbebf014b08c98e3e9836db3593e74be7766df5260cbacf84e57b9de644df203c1df4f70510247a71c717900922a6
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD50ac81295ccf1db7987a4ca24b2bcad7a
SHA10c638537fafa6f2d964e84b18632f585b4ac5f57
SHA256b8e79056502c25e60711428d4f9874e0b9a46f0f0091e7b3a1e04e55d7790192
SHA512a25c204a63d4107b2b98282c4592660822b3865ed6f3afcb6e852241e2591649920ab18ebf9b6177a53a463ea95033480e25961f9395e26b71e0bb6301403b90
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD51bfc24f34a4e1623c1eac4d65362eff8
SHA1f2f3aa280ddb2c7a9cbea7224dd0bf382a506a41
SHA25671270bd6eafc83543b04e402aeab964c5c82490346358ef7bfe322d1378d6066
SHA51201d1c23d1c914965bf2e6e50f25ed4ea1b20286feaf470ed138d1517fd911c327bc48867b3e32189dccbd76f67a66bc2d8b20e2708e2eae36bd318dcca3d14f6
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure PreferencesFilesize
16KB
MD59631948fac8eef8e7de5133ca1e9f9d9
SHA12a34769ac9144264321894834a517a48a14ae241
SHA2566c11c43e7c5f111eeaf8878cf761810061a2e9a9c899ff9e767c334ce4046886
SHA512d21e5aa13156707cdb6e88d281d434331cf80b7712c4135ec1d9657098f0ea7a1a27d4f5cbefb94a34832fe5cbd78a44b72d2c849ca122ef4535ece6a9e41cd4
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\f68970e4-935e-44c7-92b6-0fc5b71f85a7.tmpFilesize
1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last VersionFilesize
14B
MD5009b9a2ee7afbf6dd0b9617fc8f8ecba
SHA1c97ed0652e731fc412e3b7bdfca2994b7cc206a7
SHA256de607a2c68f52e15a104ead9ecbaa3e6862fdb11eac080e408ba4d69f1f7a915
SHA5126161dd952ae140a8fb8aa5e33f06bc65fdc15ce3fbfe4c576dc2668c86bce4a1d5c1112caee014e5efa3698547faad3bc80ec253eedb43148e36e1a02ce89910
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
253KB
MD5614e9a7b3bd63de90f41b2d85e6bae01
SHA183f4af05432a1f0e6f433d4efdb803f510152863
SHA25639cbc4437ad57c59c547d64dcb9be1418a410e207f2c27d932327a7636267d54
SHA51216e8f207e3dd8a619c1e1eb63a269a41e3b62cfff7239afd522f57b4a3386c07baebe226e4d818328268602e167dbaabb6f260d8af0fbff563ddc6dceb9b3000
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
130KB
MD5de5f8336ce2efc38c30f27bac4c80e5d
SHA104f68526d6d4337b44e7265da0f8f86ac9482b02
SHA256092ffe4aa7f5999837483c8b36cb20ccdf8573c79f14adfc05bc21fd7e26c14c
SHA512ed259901430bc6718eaa782d62d68f498b6a867c7009278ae0358cde35fdbda19e4de7991d0963efdbe48cf5968ae2036a1bb9ff7bfb5251e2783adc9508a341
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
253KB
MD53507607ee53b236cba3151d15a854ba0
SHA17902c1936910bce9fadbc1b6e1c2d3b35af094cc
SHA25607f9e159cd6fdeabe53e73f8a3a1913f1d2c4a4ea96b722ff7edd178841ebaf4
SHA51210faab0ae72db4a83445d852703100666fa2788439051020c58ad8a6e041a749f6fde8a10f9bc3aaf07cc4eec1d61e9d87912ae8090a89941101c101083974d7
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
253KB
MD55d06c0aeb4829c93305ccef1c3e416da
SHA1a35b251cc893c3b9eed64f175607a79519cfd1bb
SHA2564e2b0df3c14d2335c1d8cd93547dfeb7bd54daa20f1bf4eacbd1e3367c7ab2a5
SHA51257ac8896eda612611e20ab70f7288ea1e0e83330df6397f2a32e418e32901d17e99486205d436c32734a281fa56adb018c3d69bf7a08f3386199f42358aa9e3a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info CacheFilesize
88KB
MD51ade835e53f8c5d2851a9e64fdffdda3
SHA1340ce7da5d4d1170748be3b04944b228aad3a6a0
SHA2568b94ddd33d79a6dcdd8e14df737f275ecd28caed8d385e8f23d1086b11d26230
SHA5126dfe6bb6e187f77d0453702306721ef875b16c2ad8083624b15cbe959af480133ad09133f429e12c91a3d24dfffd2d1955c0e5b7d14076428653617015103f1f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe6bf9c0.TMPFilesize
88KB
MD529e1b5e5ab1f5bc3a4b4d55e62298456
SHA17f64f09ba04f278ef5b0558bf0cff5de9d934c78
SHA256c53c53e36dc2d570fcf253db872c2ab9d89701b5ca91f825c3c7965e554400a1
SHA51217c95edd3652e85f2a5add20f748b27deca5b3998ab02c96e823d24d499f630039dbfd7b28ba597320aca2a17437c0b9d6e61e140a63e44b648f546c0a0bbe3c
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1Filesize
264KB
MD53041184104d4c4cf7af004896e06ed3c
SHA1cc8424c96161ab8dc436ac9f7af3defaa8000203
SHA2563e88e05f1dbb6ca2a3fb60087f53df242637865310b4ce2d06c0c7f642494a31
SHA512729dc4b3d76fa9876661e0a8baa3d8c2b9863a535209d3572e390e5ba1b9fea771a1be8ea9d5c144691fa94b9ea9c80b1488a46db8487f3fd3306cfa1aa31d36
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\VariationsFilesize
86B
MD5961e3604f228b0d10541ebf921500c86
SHA16e00570d9f78d9cfebe67d4da5efe546543949a7
SHA256f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed
SHA512535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472
-
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\choco.exe.logFilesize
2KB
MD557a8f0a23d4c1fd00f23141197dc7279
SHA1e2e1da48f487721eb7d16384b9a12970c155ae00
SHA256ff49c99d1003a4a1fe10810a0252dea199b17c3c5699020e0680e9af591b28a3
SHA512218d06668a6b51064393cfa51c8c5a689543f532c2457bdc160e373610adfa1c850a55f98cb17a8c34aea5406c09d2d33eba14da113973eff36fc65fc9d62ea0
-
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.logFilesize
3KB
MD53f01549ee3e4c18244797530b588dad9
SHA13e87863fc06995fe4b741357c68931221d6cc0b9
SHA25636b51e575810b6af6fc5e778ce0f228bc7797cd3224839b00829ca166fa13f9a
SHA51273843215228865a4186ac3709bf2896f0f68da0ba3601cc20226203dd429a2ad9817b904a45f6b0456b8be68deebf3b011742a923ce4a77c0c6f3a155522ab50
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5120a75f233314ba1fe34e9d6c09f30b9
SHA1a9f92f2d3f111eaadd9bcf8fceb3c9553753539c
SHA256e04101215c3534dbc77c0b5df2e1d1ff74c277d2946f391f939c9a7948a22dd0
SHA5123c4eb93e425b50e8bcc1712f4cc2be11888a0273c3a619fc6bf72ccab876a427158f661bfc80d0c1e47ef4116febf76a3aaa31a60ec662eae0e51c7f1d3d89b3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5bc2edd0741d97ae237e9f00bf3244144
SHA17c1e5d324f5c7137a3c4ec85146659f026c11782
SHA256dbce3287c7ae69ccbd1d780c39f3ffa3c98bd4609a939fff8ee9c99f14265041
SHA51200f505a0b4ea0df626175bf9d39a205f18f9754b62e4dba6fbb5b4a716b3539e7809723e1596bcfe1ba3041e22342e3a9cbaad88e84ce9c8c6531331bbc25093
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD59b4b53c6bb8866bdcf82da489bab0b11
SHA12e5fac8f3cdfd3eaeacceb786bd73837213d74fd
SHA256b8beb57ef93ca226609795e984a5300cc39b5b23fea5082603a1807e9ae666e6
SHA512147507cb7e8d42223471dcd5bb5331b97df93c22bf7294de2e292e7a5b3e94aa195bce3035759232871a12eb94e79900d92d6c92fa133168c439dcd859c22892
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
1KB
MD55030f4d2858d7941381889572b27007c
SHA1e0774b32cf0b830a5ba718286e819762cc4af313
SHA2566c3efd1e14f95ee45c47b406acead79a04123edb29d7d89828501ec3c3be3efb
SHA5129bf4c0ccc2f5bd42ebb4a65556185a4cdafc512e4058386842b7f22aa938195dfac7ac6e5a91de5a53e6ae3ddd41595c3e6fa514b4be3ecc50751df4e104055c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
410B
MD504f34b20d8eddbaffccf987481c57c8c
SHA1440599fa167b59a91572125cf84c556ec5d38653
SHA256d162408a75bfc2182fc81e89bfd2dd5adef6ed59b2c3d2615e83b3d41c3355ea
SHA512626ca075247df3a8c09b8e571efa20a3fbe40ee899ec83e3cc6299352a824db28770257de223dbc0439780a175fba37afb4736be7684d33b7dd2f85553aa8add
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5633151c37441aee47fb26752dfc83463
SHA16c7bb5649c8c2ee85ca1b62c62cdbbd257cf1898
SHA2562d1e920c45dc51b6d5ffafe0a5d4ba904775164c9900163e6b6715e1574a5037
SHA51288eec498fcebdb4ab8b8a907cf27edc16a826e3364179cd19ac661961cf5c67b62803b6b7bf2d8c1e94eee70811f4a5a6b21f01c926959f64e225188a45d2372
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD54bce5eb8760dba9c97f1619630234fc5
SHA1db73238666d3a4e6ee4134e4708e513f6ed66826
SHA256f8de29a01623d49d743f649f5efd120797999f5e9719cc46896b1297f9fffddd
SHA512519a5a927c6a67f21257aee4416361a8fad554a97ae441ca7f35ffdb97aaf4b7b21a907e211e8d00e7d0f7d334027486f8033a220c853a64a783480293a55293
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD55606c635634015604004fa8c28c8acc1
SHA190d0bbd2dc63dc3ee6ebc692015f6441e7788c08
SHA2561bef7ec570a3eb3f305116ea44a3ff0f53586e4e6784dec950bbe3adbcf4c47a
SHA512606e8efe1ab2432b40af33c943836f290eaf54fe491dcf6075beff9423688f9cf6994a56910775c7ea5303bb57dffd07891995411c4b17f26ff78ccf2773b798
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD56155b310ce5f1748afa8eeb2c8e3c0ac
SHA14690a1051d7c432f1712d29f65ea945bf9ea911b
SHA2562abd7e018b99382f4ae704e4c7b88e0cc9d836d9063dedda17432173dc37b0b5
SHA512988dd975004a372c92081862286a8b3a66cf994d2e02cc315e7d0addae473e9323f5b598d04e5309502ddf15a793de1f977dde36c20b8f08810b405f941532e1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5f8e80f7f0d273ea5a0a99e49fa706c6a
SHA19a3f46063fa25d0ce07529aa49d81942fd75696a
SHA2567cec3d42fb9cb208d008b26a7ca75d3e46e80c03f2dd4d2ec5d7daee8119e722
SHA5127cd2d6ae66072dc7d6bc75e4a9dcd3094c83450f739143c9a7adc6ce61ba3810167aec8d8a9b9630f4e36eb6d5055f9b756d15df189747dc7301f527f9d223c6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
537B
MD51516daf391ae25daf7bed1b079dbb0cb
SHA1c5f116b081ff8e4ad59d29081dd655b9c5fb0512
SHA256d29300c18336a032c8c6b16311f1e55e019b6f4f878c74e0fec089f0cd366399
SHA512f67f4be32e0293a1cd2b3262f4218003f7d931cf113ceb454c46d73ed9df1677b92efac0267794d4111eb0a7eab904148d6d57d1d5dc6153f6676ed113b27c63
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
370B
MD5d3636d8f5f5053956c21b6c7a12759dd
SHA1cfbf3dd9207d7535abee41f8e3c1bb4192493383
SHA256dd7063aed0da7fca744963068e01f40a02e338052eafc63249988311a03ebd63
SHA5122d62fef4cfd91e07e40b15662da4a71ef14fc2b426af9fa898e326c71b74e2a898e22027be9900a543e06c36fdd93d6f53a3abb859b806702aa9b0bac846c420
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0Filesize
44KB
MD5db69a500e6a38e95aacd9e0ed7c86b13
SHA19dfa727e0c54c1ad58f0f8ac8ab968fc10bfbb05
SHA2562684890bba1113fd86abba8f5541b4f9ef2f542339ce3b0d598aeea456194ec8
SHA5124c7e195237d1b9ed0cb2c256ea5aaa2801ac8c2fdbf76a04886138c46c1716aeb31a035ae5935344e94788c340c56a264f39b2789661ba5da1d32c8a2098697e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1Filesize
264KB
MD51bed58c7ed33494578aa92186b100ddd
SHA1efe078e0253bbcb6a72d7c4d9f669c7c55bdd6c7
SHA2568cb0e0cb7559cbf9c4ca0f9c12077bca94699f6f99ba6b619b6980e527989eb5
SHA51247bdde4762690a859f22666222e65d70d93ddf604434d87b67559888eb6ef158839f4393d6aaef454dbad8387a265330b2d581a2ae35e82be261f31c066059d6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3Filesize
4.0MB
MD5e46a2f0f4bf03c87466a47392d7d2a7a
SHA1d057b067052d47ebb3a760f715d25d1eb4bd5019
SHA2569312b5a2120e167eed8e8fa0ee4e66fde6aa7f574d850df371804d034cedf0bb
SHA512fc9f5f2d1c10961d7a9e086be9fc752338ccdd5a6b3496aae9b33d1ba263a22f40580ff19cdd590c0c145c716083d4abc8bc3cea6978aae5cf1de5f5aef7a436
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_00000aFilesize
17KB
MD5fc97b88a7ce0b008366cd0260b0321dc
SHA14eae02aecb04fa15f0bb62036151fa016e64f7a9
SHA2566388415a307a208b0a43b817ccd9e5fcdda9b6939ecd20ef4c0eda1aa3a0e49e
SHA512889a0db0eb5ad4de4279b620783964bfda8edc6b137059d1ec1da9282716fe930f8c4ebfadea7cd5247a997f8d4d2990f7b972a17106de491365e3c2d2138175
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5aad3e8e3f7a48844aa3a14c1ccc7cf6c
SHA1fa9c8a86975a5427fe710da4f2808042bb1225db
SHA256b122c1ad9188ec992ae72897eaf6951c45af173ca8cf42f3c89b9f0db33b08bb
SHA51214e903a1032be17360ab32a2c91d9e412446842f4b153ee200ddf1487cbe0669dedb82ed8aea8e8282e54f060ea34d78ab6815857cc6b576adee5b4e7d04a5d9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD599580c2eae153ee09aa9001a06c54673
SHA1876de9bed25015e1bb1096605389402b3255e908
SHA256b97d5ff98ec718672b450b725b32ff5e2e8a0e2b84474ab53c69a0f7f032d521
SHA5123eadcb3267686d0c11275a72ba67dd655b59c810c53eff498ea23723b9a34a52cf6710f6774fca24409485159649391d1f902e5befb711e1f74c665d9b749b1f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5d9da05fc2ce78d2592768f9d1396f5b6
SHA1bf73a5f2b8f955f299251adae8eefb309c0eb33e
SHA2567f15dc7e304bac1b356c8b6082094f60ab0c74646616fd11827925f36a99a325
SHA512007ce7b5a96e896f2a1b787006bd4ffd8a722025926cb3259dd70b8c1ebb897a314c3547f87d535267bac9faed1aa79c9629ba66da37f1be4a7435c36a46afcf
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCacheFilesize
53KB
MD5a26df49623eff12a70a93f649776dab7
SHA1efb53bd0df3ac34bd119adf8788127ad57e53803
SHA2564ebde1c12625cb55034d47e5169f709b0bd02a8caa76b5b9854efad7f4710245
SHA512e5f9b8645fb2a50763fcbffe877ca03e9cadf099fe2d510b74bfa9ff18d0a6563d11160e00f495eeefebde63450d0ade8d6b6a824e68bd8a59e1971dc842709c
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-InteractiveFilesize
3KB
MD5a78f3abe65c7f310d569f9242025f8f6
SHA1028053c9dc2afb27010465ac885b942f5b9e5677
SHA256548011214aca1ed2acca65345856779b2bdf4ec293897e2a93fba17113b21e54
SHA51283638b5bdb9f87418dc8aa59a7f220aef97e6fd8104c432abf1f375d9cc5c25b17efdf49c0725e93619ded615f85caef3a0e9b3ed3d70282bcb4c9338f6ac69b
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-InteractiveFilesize
2KB
MD5732b140e51c3be39497fba7d3a82c97c
SHA172a20706e909b16859c0aa242ff2e608954c0cba
SHA25621de207830bd7bfa9eebea0b9bf6d4ddfdeb9a10d28d82ab9374882e8a05ae9d
SHA512fc932522af21bf8e25927d8ee764cb32317ac8c8598b6aed74cceacbc39fbe89c53c63ac30e426dd016c49a1d584b1c7a490c8a154d0e2ff76e4927316a097e7
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ebbvs5n9.default-release\activity-stream.discovery_stream.json.tmpFilesize
26KB
MD58e5fc394da4e98dd5f75a5feb0ceb62b
SHA1b12a299b12490834448125f5b9dc3eafbd704d84
SHA2566c0c2ad47251c72c93cd234d428435a455749b852b882c2e7345f975163897d6
SHA5126ee590f928511b0f4a733bbfd8acdaca889a3a657b2baec14b297bd603f07968a72e8229d1e2280e14c08c3640a2981e445482a7d6aae24bc9f3415a4fb7e57e
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ebbvs5n9.default-release\cache2\doomed\2832Filesize
21KB
MD57ac3c9b2a39284911b99bbd9602205a5
SHA1475da12af3132de2b497ef952556fff87d60e674
SHA25635be50090dfba3e2c254608d4c2fb5511d6c3e552dd7748b4631bc3ec41fcf77
SHA512256494a40fa7fc07eca1bce8bc6f5a45a4a6e97d0350b95500cf97c4ff44251e279b06794aceee66f85b700796358a42d16bc0c6d7bab95e8be4c32120c183b0
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ebbvs5n9.default-release\cache2\doomed\4467Filesize
21KB
MD519956a916380b0fdf2c031ff9ab201d4
SHA10f47cbfbed4ab0738b4606eac3e492ff54356ec6
SHA25613bfe71b8e4ba0cbdfcef22ec96cc40aa6a88a7109d2b290a7130eb24ed23e1e
SHA512ccc446e7127e1f77d012d0fc68d6eb46084f0151bb651dc83e4f31e91d89af23a86090e3c47c2651e9a472b8cbf9ee8b30999ebbcd2b78a87a3badf65a40d071
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ebbvs5n9.default-release\cache2\doomed\6492Filesize
11KB
MD5be4afcdc136cde1601e40312491ecdb6
SHA11bf56e3ca3198d9711a1a3b317756806adcf54df
SHA256a4bf0b8cbddbc15cea8a6c4e4a1a49f5d0ff4c79c170fbc830f223c1cfe5e31b
SHA5127fc897fce1704cbcf7046ba7b3b309d1b5e3aea115eadf3378cbcfda726386c044ae34ff02c159dac86faf9ada1c5e408f0caafb6886d07a48f09a8e892be2d3
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ebbvs5n9.default-release\cache2\entries\4C18F2016606B43D054C8200B2142B749FA7F8F7Filesize
31KB
MD5dfa13529f93998e440f4b3a5686a8c1c
SHA13ece4ce0aca289a65edf24bd82e4814ed87d0961
SHA2566a5f101c697f6cf2d1aa3d71fd509c853c3e9fd64e46cf852f7e05f5003b3c0d
SHA5123692fac6553ab303df6d99f1644f70e4b9cfbe733655f3de2dac4dd1a7867bde0614af85b79c9092e78452b7af615f1cceb282d19efd11eeeb5a584ece98f525
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ebbvs5n9.default-release\cache2\entries\C72D4296C2EBC6FD41A9F780CD0C8F30F0FF937CFilesize
13KB
MD5a92e32e637a0f816fef65c701027025e
SHA143febe090a7df0e3f0867dfd2c9a82710cb4c236
SHA2560c9694efb7cf34acf8636fb288cd8b1eaf9b1d12a6b3efc95cbe1200253f0e5e
SHA512c7a9f00ff41c50fb51ce0b75713ff3042b08e8090e3f6ccee1db0efee2f9761a098460bf2f34184a33c8fbfc4d89bd7caf22e1a5d0531cb342d45160f2b0f4e4
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ebbvs5n9.default-release\cache2\entries\CC9AFF3BE02AD27708D587AE49B3DC68644172BAFilesize
13KB
MD559fcdd3ffbe92972cbce63f63f98bc96
SHA150495f39acc77f1398cbd5d3f192bfe64714cc70
SHA2562170aa77b9656a2870fdc677cbb883ce2be6548b1b23fe9b7a0d8fcc9cba1885
SHA512ae28d26236f63e096ffd0aac01c991e87ded3ae0d5f8f880e419306b11c99e4be0b1bbaebba8501aa99984b77983f76913fe3b9f1bd32d7ce08d5e9f6ab603c8
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\4F70DE3A\microsoft.windows[1].xmlFilesize
97B
MD5aac7d5913b8448593e8566d95788ced6
SHA1e967e8d8ef9b46e250575b2e6e5590c6c6bab57e
SHA2563d1dfdee76cf0d9c09c1f82000c6871c1f44a5a8128a6bb3bac326cc50bfdeda
SHA512f4a13cf4fa6c4a78856097aa2a201b0a3d4b216dd2f8fe8a23175e9c2f5986f543dab59b99a915c5b741238bb4a21a2b39f842e0e324f50ffaefd87322fad1a8
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_SETLANG_EXE_15Filesize
36KB
MD50e2a09c8b94747fa78ec836b5711c0c0
SHA192495421ad887f27f53784c470884802797025ad
SHA2560c1cdbbf6d974764aad46477863059eaec7b1717a7d26b025f0f8fe24338bb36
SHA51261530a33a6109467962ba51371821ea55bb36cd2abc0e7a15f270abf62340e9166e66a1b10f4de9a306b368820802c4adb9653b9a5acd6f1e825e60128fd2409
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_ExplorerFilesize
36KB
MD5ab0262f72142aab53d5402e6d0cb5d24
SHA1eaf95bb31ae1d4c0010f50e789bdc8b8e3116116
SHA25620a108577209b2499cfdba77645477dd0d9771a77d42a53c6315156761efcfbb
SHA512bf9580f3e5d1102cf758503e18a2cf98c799c4a252eedf9344f7c5626da3a1cf141353f01601a3b549234cc3f2978ad31f928068395b56f9f0885c07dbe81da1
-
C:\Users\Admin\AppData\Local\Temp\OOSU10.exeFilesize
1.8MB
MD53fe356ff0e52f84abddf53238eec0fe6
SHA1874864626861a178f02116228e176f2a41620583
SHA2567335914d30d8ede5431c4ba32f56a79a397a6f38bfd44e90f62324f63afeda65
SHA5127dd811acc085c9dce88a3465b91c00057c4fc9f750c37fb37fb88f9a17fdbb2e3984b03938c7e7c6ab6fa8e9e39746aa5a542c23274b6724d056ea5c55d742be
-
C:\Users\Admin\AppData\Local\Temp\RES4BA3.tmpFilesize
1KB
MD52484f7635729b9bd84eaa2f5bb8e930c
SHA1bd491e930454fe7ea4a8f61935364a4ce38c9e6d
SHA256f9da33d84e4eb366b3f555eced30e45af63bcc1a6d8caec4e7ff31dfefaa92d5
SHA512aa7d131d847b74aff2db4bd4d08b80383c3a0b6cf2bff47a4e4848efc9e02f1c48fbca4c78bfa866876a60e4b6dbf71ab6823a3e435e46aeaf8218c7690936bc
-
C:\Users\Admin\AppData\Local\Temp\RES5A2A.tmpFilesize
1KB
MD5f2e26dcdbfab34fdf73bb47b1cb419a4
SHA18cf722063ad4cb15dcf86e23092a948bf3079062
SHA256f6d0908cc0634c679cd96bcf02d659ff22dc9bab32a00035b6627a2db6eb64cc
SHA512545e4b3feff9bcc5f810cff45e3cab4452df8211b3244eb1b27e3793f1a4fdfc6617736b11626a481839bd46d868f11084ebf0198cdeeeb98ce8d4413b4b63ee
-
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_oxsgl5uu.mfa.ps1Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
C:\Users\Admin\AppData\Local\Temp\chocolatey\chocoInstall\chocolatey.zipFilesize
5.0MB
MD55a50d7b35241de27298cb4cf8537b065
SHA1759ca835f52972c971c68db0fd1c53d76993cff9
SHA2564e1acbdac571719f90b2566566668c448a20074e7c2e3faa37251c62af4efd86
SHA5129c47ebb55f900211b5c7a42df8700e0dde6d8e3c8a7dbf4f16afc112231f86cbea5b8f73c3aba1f9a0e2f95e38cf6f22fa5e123671d9ad7ba7ca96aa9d77f441
-
C:\Users\Admin\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\CREDITS.txtFilesize
50KB
MD57677758586925baf4e9d7573bf12f273
SHA12f54bd889a52ccaca36df204a663b092ad8ab7b0
SHA2564387f7836591fd9b384d5a11c22685d5441ed8f56a15dd962c28174f60d1b35b
SHA512a425d55248b052810ee861fa75eb5c9c139f73aa70dfee406d59b7f1cf86fed5656d24b36db4f10a606be89a073305bc32bec822bf88ed53881323d6718fc001
-
C:\Users\Admin\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\LICENSE.txtFilesize
670B
MD5b4ecfc2ff4822ce40435ada0a02d4ec5
SHA18aaf3f290d08011ade263f8a3ab4fe08ecde2b64
SHA256a42ac97c0186e34bdc5f5a7d87d00a424754592f0ec80b522a872d630c1e870a
SHA512eafac709be29d5730cb4ecd16e1c9c281f399492c183d05cc5093d3853cda7570e6b9385fbc80a40ff960b5a53dae6ae1f01fc218e60234f7adced6dccbd6a43
-
C:\Users\Admin\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\choco.exe.manifestFilesize
2KB
MD51b3ed984f60915f976b02be949e212cb
SHA130bccfed65aef852a8f8563387eb14b740fd0aa3
SHA256d715d6071e5cdd6447d46ed8e903b9b3ad5952acc7394ee17593d87a546c17fc
SHA5123ec5b3b09ef73992eabc118b07c457eb2ca43ce733147fd2e14cccde138f220aee8cb3d525c832a20611edb332710b32a2fc151f3075e2020d8fd1606007c000
-
C:\Users\Admin\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\ChocolateyTabExpansion.ps1Filesize
27KB
MD5c6a2d08fa0c9291b024917995ed9260c
SHA1fc5c7f1dd3e969a58fa8f0f8bfcb9201cc08c111
SHA256446c847134e051e02bacad5440f5ea4d5abd93fb77516bc6fbcf69f513bdc93f
SHA512ebd4a037c326aff60f805ed87287a251a3b74b7dfce5c5b424807c276a677d1099b718f7ec2d17a231d67f03fa1e8dbfe8e5fe278d3bc0724733dc76f0ca0c25
-
C:\Users\Admin\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\chocolateyProfile.psm1Filesize
13KB
MD50f2a17396042d22183d78e9e442729a2
SHA1ffd86487d551c72e4c5b3005cb36a9deeaeee6c1
SHA256c28ac729836dec5384322cbe19a32479126bac5195b6c2760a853340dff440ce
SHA5124d506d0360b746edfa5ffecf97d47c1d0441e22387ad9336ec12f471aed6047fabb55ba6f2de3179bfad6ded5de308722993b1fd272d352de8fa6a1440dc14ae
-
C:\Users\Admin\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\chocolateyScriptRunner.ps1Filesize
16KB
MD5da6109561e78e82df57f2c69ed40d1a8
SHA1b481392947e52a028b5a28ee7f491e5c08e49f49
SHA256e075e523a693669b7b88a5c955e2823a98a88508b3016c5baa01e4afcb6b54cc
SHA512e5da2666edb1037b38ffac9334b456e590c97de1cb02d487ca218bbb1dd2a41cd5f068337a78b31ec5decc85d70cc046c25314f903fb07fa71cf375d8fa53c86
-
C:\Users\Admin\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\redirects\RefreshEnv.cmdFilesize
4KB
MD5cc04b34e013e08cc6f4e0c66969c5295
SHA1a33f1cb08b56828e3b742ee13cf789442dd5c12f
SHA2568b6b1d8f6bfab3dc9fbee30d6b2f3093ea3eccd5c66e57161dbe1b8f703fa74c
SHA512b485af21fcbb699d783e64e035595be7a117a1d6af62166c6d50ebd59ed8953141444f17f3bd07a865c9dd11aa7c75d5a4f2bdfb8b739a1668d055779f0d0c10
-
C:\Users\Admin\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\redirects\choco.exeFilesize
142KB
MD5e2ec62e46450d5e09e813929d97c00c7
SHA1e22ef68df395516a8e8e13a9739578d1a48ec843
SHA256924e37885d4b3b365225c773a6c4266ed7076494e3693ec487bec066ab5bc5f7
SHA5125cf8ba3bfcba84cddd0f58966707681ac9067952c85412b576b0ce85b53029fd902c17273cbaba1712c99f9036e495943896a7960d8c7a5028d6b48228632743
-
C:\Users\Admin\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\redirects\choco.exe.ignoreFilesize
2B
MD581051bcc2cf1bedf378224b0a93e2877
SHA1ba8ab5a0280b953aa97435ff8946cbcbb2755a27
SHA2567eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6
SHA5121b302a2f1e624a5fb5ad94ddc4e5f8bfd74d26fa37512d0e5face303d8c40eee0d0ffa3649f5da43f439914d128166cb6c4774a7caa3b174d7535451eb697b5d
-
C:\Users\Admin\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\tools\7z.dllFilesize
1.2MB
MD5cd479d111eee1dbd85870e1c7477ad4c
SHA101ff945138480705d5934c766906b2c7c1a32b72
SHA256367f8d1bfcf90ae86c0c33b0c8c9e6ec1c433c353d0663ebb44567607402c83d
SHA5128b801bfbb933e0dc77090555fa258d416cbe9ed780fb1821aed532a979617082b29e0b6f8fb85f73a9e93c98981426c92c498a41c49f823707da3e6b7bb30128
-
C:\Users\Admin\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\tools\7z.dll.manifestFilesize
513B
MD58f89387331c12b55eaa26e5188d9e2ff
SHA1537fdd4f1018ce8d08a3d151ad07b55d96e94dd2
SHA2566b7368ce5e38f6e0ee03ca0a9d1a2322cc0afc07e8de9dcc94e156853eae5033
SHA51204c10ae52f85d3a27d4b05b3d1427ddc2afaccfe94ed228f8f6ae4447fd2465d102f2dd95caf1b617f8c76cb4243716469d1da3dac3292854acd4a63ce0fd239
-
C:\Users\Admin\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\tools\7z.exeFilesize
335KB
MD576a0b06f3cc4a124682d24e129f5029b
SHA1404e21ebbaa29cae6a259c0f7cb80b8d03c9e4c0
SHA2563092f736f9f4fc0ecc00a4d27774f9e09b6f1d6eee8acc1b45667fe1808646a6
SHA512536fdb61cbcd66323051becf02772f6f47b41a4959a73fa27bf88fe85d17f44694e1f2d51c432382132549d54bd70da6ffe33ad3d041b66771302cc26673aec7
-
C:\Users\Admin\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\tools\7zip.license.txtFilesize
3KB
MD5f4995e1bc415b0d91044673cd10a0379
SHA1f2eec05948e9cf7d1b00515a69c6f63bf69e9cca
SHA256f037e7689f86a12a3f5f836dc73004547c089e4a2017687e5e0b803a19e3888b
SHA512e7bb1bacab6925978416e3da2acb32543b16b4f0f2289cc896194598ee9ade5c62aa746c51cf6bf4568e77e96c0a1014e4ddb968f18f95178ee8dfb1e5a72b96
-
C:\Users\Admin\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\tools\checksum.exeFilesize
37KB
MD5c950a5b4cdc8b23c3b3f5d0358c8664f
SHA1a4b49539c021ddd4457b353fb92bba68c4c25cdd
SHA256c960a0082f589a4c1fa7c9cf60faed58cb4dbead4a42ca093e6f0d403d75db79
SHA5120757fd2e8a31ee70dd0fa4c49a9f47783c1beff359cefcdc523461002571a2df59903f5beda78572fe079ad4af00d1749c6886f50db2db6c8da2971fa0323ddb
-
C:\Users\Admin\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\tools\checksum.exe.configFilesize
150B
MD5e9ad5dd7b32c44f8a241de0e883d7733
SHA1034c69b120c514ad9ed83c7bad32624560e4b464
SHA2569b250c32cbec90d2a61cb90055ac825d7a5f9a5923209cfd0625fca09a908d0a
SHA512bf5a6c477dc5dfeb85ca82d2aed72bd72ed990bedcaf477af0e8cad9cdf3cfbebddc19fa69a054a65bc1ae55aaf8819abcd9624a18a03310a20c80c116c99cc4
-
C:\Users\Admin\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\tools\checksum.license.txtFilesize
95B
MD5a10b78183254da1214dd51a5ace74bc0
SHA15c9206f667d319e54de8c9743a211d0e202f5311
SHA25629472b6be2f4e7134f09cc2fadf088cb87089853b383ca4af29c19cc8dfc1a62
SHA512cae9f800da290386de37bb779909561b4ea4cc5042809e85236d029d9125b3a30f6981bc6b3c80b998f727c48eb322a8ad7f3b5fb36ea3f8c8dd717d4e8be55e
-
C:\Users\Admin\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\tools\shimgen.exeFilesize
554KB
MD597f02d9fbe04b14c5b24ec0da1944212
SHA1a499a66fcc4c5a7ed15a28e5fa655b9ee2c0a453
SHA25653551b1ffb15cdcf40a77470ad7ff81c0ab7ed5a24acd5ad1be3379612b9de8d
SHA51206caa91b77d48d992e34c828af71f931445a05e90c18aa16c93be828a4811c2f0b60f6d835b26af9561b06bb9e514874b1c56fb3501b4128de7a1fa64de4db2c
-
C:\Users\Admin\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\tools\shimgen.license.txtFilesize
3KB
MD589ac7c94d1013f7b3e32215a3db41731
SHA11511376e8a74a28d15bb62a75713754e650c8a8d
SHA256d4d2ef2c520ec3e4ecff52c867ebd28e357900e0328bb4173cb46996ded353f4
SHA5129ba2b0029e84de81ffef19b4b17a6d29ee652049bb3152372f504a06121a944ac1a2b1b57c6b0447979d5de9a931186fef9bd0667d5358d3c9cb29b817533792
-
C:\Users\Admin\AppData\Local\Temp\ooshutup10_recommended.cfgFilesize
2KB
MD575476a70edf8dc03cc1a78b90159a0ce
SHA1cfe37744678277bd1126cdb44d889eae6ff35634
SHA256891182ae476b2838f5b0d7a72346fe8e61520f769125bcd19ea0b11b7f5b5c9b
SHA5127ac530eec237644ad92520831d6ba1d5a33031f66aafda3989f1ef84694ef87b2e5c2e64c0d1d0e1537b889de355c760266f1d5a4a43dd02f3bdff6deffa0f20
-
C:\Users\Admin\AppData\Local\Temp\pt1jnaqr\pt1jnaqr.dllFilesize
3KB
MD56a985e907b46aba734bbf8912cc1dc77
SHA1a0907c1bdf8b1aa1f849792e293c1cc63fe3e2b1
SHA256741e8809c597aaaf682bb1a6abd210bfdb532b8c3c42524e3268072242549e53
SHA512aeb80ece49dbc406dee36730cb62697a1d25c911b7c3965f48276ec54d9e67040b26a3ec4d7ddaecef050dd2d9b220f31cf141565d2e0e4c96c7d388e0301c7f
-
C:\Users\Admin\AppData\Local\Temp\tmpaddonFilesize
442KB
MD585430baed3398695717b0263807cf97c
SHA1fffbee923cea216f50fce5d54219a188a5100f41
SHA256a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA51206511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1
-
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1Filesize
8.0MB
MD5a01c5ecd6108350ae23d2cddf0e77c17
SHA1c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72
-
C:\Users\Admin\AppData\Local\Temp\vtpyz4st\vtpyz4st.dllFilesize
3KB
MD579f2c23eb97c4c2b224c1b956af3f484
SHA173c5739694c82a1ae11418e99694dcf25a2b7328
SHA256a5c74d8566ca0dea17be7a7cd3975681930d05a8926869de5f2cef5c9dd9ceab
SHA512219a728bea8a50b007c3caf5e3de787986cc5ec999b43bd4dc7fd4e13020a0c8ccf3dd5adf1e758d4886199857467309864ab6705429934e600f7ebfea77404e
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txtFilesize
76B
MD55c55fdc43ca03175e2c359fd8f03778a
SHA1988f8b80e17df1d1d99272be5501e3c591290cd6
SHA2563a311fd25c5126af0bd223f0cc219b146fd7bcdbb2527ea8e8a4e23ec66d3409
SHA5120a6290676d9705d087bad2c03cbfb13ecd0d0f9615b4e7dd01620fafd6d39040498ed787d61966743d20b596f40db9e5675b523f9c2f451e31862db28c652add
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-msFilesize
14KB
MD569ecc13561f4fa5db5f0c6062a173ac4
SHA1abcd4ea33f6b7e9e4c4fe897fb38c8cfb29521e6
SHA256ac6d96d88b1234d3960b6889635ff1b0a7dd5408f38d5093a7b2181100e43817
SHA512032ca0498b22704a98f449fae8f49eba2750bd789445f8d7f949f9494117f4ba178b87dd9a3e14e2fdff4648cee0fcf76a6c4cc5e61d363228daa4863b6fe373
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-msFilesize
15KB
MD554a0f28d1163ed66907464d012716881
SHA1f8f5d618c91c09957c88f8e7e4586bc5e40f4b79
SHA256eb169e3108e0819ee64951dbf74cf47329718217cace847d612a1214c6bef866
SHA512432ea218a8d7c2bc53a78cf83afe068b548166403ab25bcd2af1ce82201dcf1234a4d5965a98888bde8d9b2c152379b293b6a3352405c2d46dd0dbd99523956a
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-msFilesize
15KB
MD5705118ed0d9f384acbfb8ebc50f74187
SHA1beeda6a921e8c816425f2eb651b9062cbb05e032
SHA25642dfc7edb47044acf9d63e69a707479c6a39f714a90e9fe469ba6552e78a54f7
SHA5123200cdaecaf12237cc55cee79c103910f760930e94bc23d3e159ba76b2e65a83dda64ba8344c09c7abf670f36cf076ef91ae1cd86d0470e402caa77b6a47904b
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ebbvs5n9.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dllFilesize
997KB
MD5fe3355639648c417e8307c6d051e3e37
SHA1f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA2561ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA5128f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ebbvs5n9.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.infoFilesize
116B
MD53d33cdc0b3d281e67dd52e14435dd04f
SHA14db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ebbvs5n9.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txtFilesize
479B
MD549ddb419d96dceb9069018535fb2e2fc
SHA162aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA2562af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA51248386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ebbvs5n9.default-release\gmp-widevinecdm\4.10.2557.0\manifest.jsonFilesize
372B
MD58be33af717bb1b67fbd61c3f4b807e9e
SHA17cf17656d174d951957ff36810e874a134dd49e0
SHA256e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA5126125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ebbvs5n9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dllFilesize
11.8MB
MD533bf7b0439480effb9fb212efce87b13
SHA1cee50f2745edc6dc291887b6075ca64d716f495a
SHA2568ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ebbvs5n9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.libFilesize
1KB
MD5688bed3676d2104e7f17ae1cd2c59404
SHA1952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA25633899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA5127a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ebbvs5n9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sigFilesize
1KB
MD5937326fead5fd401f6cca9118bd9ade9
SHA14526a57d4ae14ed29b37632c72aef3c408189d91
SHA25668a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ebbvs5n9.default-release\prefs-1.jsFilesize
7KB
MD5cf564b05a5d8b5281c147a30ab17ceaa
SHA1bb11b3105f05e740a0a9f78ced2f84803ea453ba
SHA25610983268ecbe9640355da71dc34e29c57a29b7287abe9204e13d3952675ed11e
SHA512f5695ff49d773a21ce75ce5b9d2f19cc83c8fc3e928379a75b59a72071bde8c9d73887b1c599ae2a1ace78962044104cc2cc1c03e852dcb18aa927bfb9a8fce7
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ebbvs5n9.default-release\prefs-1.jsFilesize
6KB
MD5f4d24fa80f15bc7c96b5a65510deedf8
SHA1315a3d01f3a912479f39490ad2ef34eea25470b1
SHA25605acb64de0394a8c85e8f3876b39dbe59bf4199a85c3a82209fe636dd58ad5fa
SHA5129ad54587d050d14c4c150effdcd6a4a8398e6c8e5b60a1f2ea04fadf4de193228314cb2ae5107d166a90dcc5e029232af890fa9c3ac3eac0bf58fedc3d15b837
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ebbvs5n9.default-release\prefs-1.jsFilesize
7KB
MD5182ed8b9e0070be4f28458fab0f1a7be
SHA17332b9dfcb9fff3a751c9f94fa97b560e311fbaf
SHA256aabca6320e946b8e0255731b511d65b6e4421251ef4806d0d3be9228250ec83c
SHA5123301f443cf0d472598adc56e1cce8d3c8b8d034e178d008e7bb08d2037af77940a46a56541b2e8721f2cf8f493a1597004c059097b226298ae45b8884958de65
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ebbvs5n9.default-release\prefs-1.jsFilesize
10KB
MD5513a447ccac5ce95ef7900fab7e266db
SHA1622e46220741acd9ea57339037c0873c2cf884f0
SHA256bb0984f14a47b176890a77d312e020486400b1e7b7cb8113f1a7e654b2b08da4
SHA51224a824fa054e97b1703e5f7c9f7c4ab601621e4bcbc41c1013da0e63b973cd01aefb115ee480d8608c663a7a2f50cfa9e92f1bfc9b19d8fa029c2ccf332a2130
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ebbvs5n9.default-release\prefs-1.jsFilesize
10KB
MD5f4305a682a360ef6965b0665060d3966
SHA1a0d55ebefcde4cd3964b0925ee1c204c93bfd19b
SHA256c76f6373bd815dd9e9a4fe8160088fa921235a8011b983c3cc9b7c18e9772bed
SHA512aaf2406d4fafff6c7599aa2e1e8b0184d411f90436d218b00c280ba631a068b88c7b6f3b07084336358ae1d732334ff7e441f08a65f83c9c2f3fdf361c9fba97
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ebbvs5n9.default-release\prefs.jsFilesize
10KB
MD53c9398725d7e6e5bbb1b89d1fe777295
SHA1123df42203e4c233a6584607ae204ac53d5cef95
SHA256d72462bb27f7c2afec89687f75e583c6203efdf9f8debfb30cddf09def5ad9d9
SHA51281ef5124b030b268ba51442f5acf8b91541ca0cc7de0c6a73c4a027080369a4643852dc4751c66bf3001c36f3e269d7fd72d8f65a70d49527cbcf03696fec8e2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ebbvs5n9.default-release\prefs.jsFilesize
6KB
MD5cfe98f56db577dc5a1b3fa3924b3b68a
SHA16735bc143466015d3ab3b4b9afe4845e3d5b469e
SHA256719edd9d718fc7120167b0b1d5fc6ff32fdc4fd104427da5a062412950ed00b4
SHA512c8605ad0759d9cc1f3f4f146752199b1e07b8edbcf437509fe14934cbbc9915581b50db8fd6a3dcab8c052b1e0ce02ff3fea8a53aab9f41ae1a0af1b44622119
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ebbvs5n9.default-release\prefs.jsFilesize
6KB
MD5a49788923e36ad10a42906334b174c73
SHA1a4111c2155a10770050e7c588899b155d6cb3fe8
SHA2569e89ef2dab1b3c4d9458a3bcc5ca96d2596a1e2f668c2a3be2c13345f9d81611
SHA512f60b186812b88657437c6804ff3b69be4b0149c331bdec09eb5633e3df3af5d14fe9f3a948def1baba806df5e013863998ceb7d39d8e59c4a4b11adc835d5172
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ebbvs5n9.default-release\prefs.jsFilesize
10KB
MD532c96e4fca1b9b55b1de654636e23984
SHA18b2be9ed75ce7459816016bcbbddb1083e98729f
SHA25622b44854411ed643086cec4bc4b8be75c0a8afa54c3054554eec28f118d70d45
SHA512d1ecb9ac351effaaeab029c4f7974c912b73dd0ec6d28f39f5b1aa2237526f740095306f7367a3ec1919b10af303a41ced1e628718d39f9b9eaf285c384737bb
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ebbvs5n9.default-release\sessionstore-backups\recovery.jsonlz4Filesize
4KB
MD55bd4d5052ab22915ef4454e93cfa78bb
SHA13fce6da300ec5e8c2d6837553b6ab6045dda5373
SHA25640148406d420110515ee082cf6a0c34779a115a6e9d7178f31208a2feba3c231
SHA51229cf7e6cf931ac3e629d11f21491bd9519d4ca2ed09bf90cded451d08f45a6fadbc47566be8f9742e6829f975f9342d9ffe8859e8145fd452ce669e653760a86
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ebbvs5n9.default-release\sessionstore-backups\recovery.jsonlz4Filesize
10KB
MD50bd203a0ff711237d6c0ab7870e00527
SHA11037a8d542d960d7759a37a4ed83e6dfe7fb85ea
SHA25649a4ba6d3da774c7bae863195307e1de4ba6cfb5618251999b2be5aad860a3af
SHA512b5be99c70ec9cf6be5039116c5e8e1c11dcad1b0b6431ef7a1e31625fa8a01d239fdbd0dbf5331c55460a6614ae3f4b213fa49977eb00d6c12d86f9e50544fa5
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ebbvs5n9.default-release\sessionstore-backups\recovery.jsonlz4Filesize
1KB
MD5ea5f7ed96ecee032dc7fa64eb5aa0a51
SHA14f39112039fe7eee50cfb4217e4863069a600ab3
SHA2562cb9512379f7b3d4db4adf55ab4348bb02d5750b55d4960641a56539df25d94a
SHA51296ec471e49e47ceee3945a5b05abcbbff53b9abd81816f65f489350bf94910dc3b341fa44c40aa3d63c46555702597826d61017384c70e41c1efb4dcda3978a7
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ebbvs5n9.default-release\sessionstore-backups\recovery.jsonlz4Filesize
10KB
MD50e2b28cf1347e42c006b36486258cd0d
SHA1a3385fc88d50f3108b52488eaa4fbcf318886b5d
SHA256dc08d7a45fc2537a297059e8519700fef042959903466e442434fd430d917166
SHA51243f8c3a63cac5c2e5f3f2eb3a79fc10bd340446fcfbae9202fa7e1fec2c1525540fcc5549f5129821ff87a1027056e86846ef973d1666f72992464e623e19cb0
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ebbvs5n9.default-release\sessionstore-backups\recovery.jsonlz4Filesize
10KB
MD5eafb8a02c86bd7aa4d9fcf06a2e5ceb5
SHA1bc56ab40bc08e29a9722127587c7af4c8475a0eb
SHA25626d2eff3d754ff40b744cb146364e677a0a6b2a9a1053f30b141ae45ce35be0f
SHA512468e3dd3b2cb23650a4b97ad0db657f4d884392f2dc7137e9e5776196b4c467122108250c470199e01e6a7c3193d9a86e6d8d5883ce81cddc34ab998242b1cf8
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ebbvs5n9.default-release\sessionstore-backups\recovery.jsonlz4Filesize
9KB
MD56d6a67bfb708a5365e7cd8de7631ecb8
SHA1f2797f9f667a938f98b08293b6d61627d898ddbb
SHA2560db4f7f7d20f2cb04717c2b86a2e9ae25f76ac40cde351820b73ce462745b2fb
SHA51295b34556d4d8b59baa13fc12eed64178497785cd1cddd031c8441d4b19cb397be80091003839a68086b55a9490d93548ee77a88929846458314414308a87ba06
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ebbvs5n9.default-release\sessionstore-backups\recovery.jsonlz4Filesize
10KB
MD59eb2ce1e55ef93be365f389c9b50268d
SHA1f6db7e5793ff7a0ece53c68ebb6eb2a7e4b8efe0
SHA256cc651d3cb751145fb52e1e2a4934edb761ee7aca5b39d94cf573ab142a7442af
SHA512d01773c279ad57e4fb9d387a0f09109b6febf765c196802b386983ad0d90810b4e11d0ddadd2ef982042a0a0405d7b7917e06f5f5c6ad2bda9dd30a7acd642b4
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ebbvs5n9.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqliteFilesize
2.0MB
MD50eb3cb1e96fb67e2f26a5ed66abb1bef
SHA1604503449d3396ff1be7dfb8a01678129746513b
SHA256e04e3041fe411d3f99a2d6663af81075a421867a21e645e5b86df8b0326e06ba
SHA512f550959c8f4975f6bb675441192e7c9f135e453e5cfd39cc53a54436b9f0c8df75a0f34e6d4e89c171877a5ac72b922d6715435c62348b2891ba746f6bf90791
-
C:\Windows\Temp\Crashpad\settings.datFilesize
40B
MD5522df09671ae433429bbcaf7252be0b6
SHA161ca04f9f4e85e8568ad48873b678d1e513cf1e6
SHA256280a84c5c19d1271eeed9e7b9b3673a1981aaa57f14c4fd4b13ba86d8673869d
SHA512f62deed71d60fc03149e67987af7a52bf70ede79171316883d37f3f01ea2b6c4973a677798812609030400f9d4acc0e3f3a52284e3ccfe5212e90cc019107319
-
\??\c:\Users\Admin\AppData\Local\Temp\pt1jnaqr\CSCEF1022BF326A4BD7BEAACB4CD3B3994.TMPFilesize
652B
MD5e75880b5dc4d96102e640d2f156ba45e
SHA1d76b248621e6b243235df1b25c05409bc3bbb876
SHA2561569142cee4f94910c57a85187b8697e30d08d4895019854ce5a2a14c4b07171
SHA512871e0bf1c1bd2e6f394643a3ccb4585c4610c7261573a54b3903c0d5bcdfb028b2f65df14f90ae8b8f5ad3ab14c888d5dd24549cad8c713c52d6d24bac5a10f6
-
\??\c:\Users\Admin\AppData\Local\Temp\pt1jnaqr\pt1jnaqr.0.csFilesize
1KB
MD5c76a2a400f457850fb46460d2fec0692
SHA1f0c1015871d84d5fcbb0c114931b84c6caa23cc4
SHA2568e4711cad6f8cd74eae73b06c8250b79b6c3fec51e2af8189f356c30bb08dd27
SHA51201504f7c37bfa55c456c82ef3970cb3865eade2754efd93c895de230d1ca88f66ac3cb4446823f743a573664c5154d387c0ef55f70b472bcc3d12e8a87d7b106
-
\??\c:\Users\Admin\AppData\Local\Temp\pt1jnaqr\pt1jnaqr.cmdlineFilesize
369B
MD503afd485e35dc8ee6890ae13cd337562
SHA17a034719e561bd015e584e189261f351271de724
SHA2563c860081cac8b27e33f98aab90d62fbbc830297b9041ffeb3cf5c099ac1055c1
SHA512a4a4c9b7db91706c0806d0674ff0efa980f38016847d880334265f14290f060b242bb495f8ad4bb18146b23121cfbbbfe18325c81e04d1a33e6dd51dbf0fb39b
-
\??\c:\Users\Admin\AppData\Local\Temp\vtpyz4st\CSC11F882EEA9EA4725863D88BF83D5278.TMPFilesize
652B
MD5e6c1e145ce1ca7bd8d2503036b43b240
SHA1f581788cf03a56ba0b02b3de6550b65eee7a261c
SHA256a0667957b3f6f08a76223792d73c4216e2e22aee1073230420c4d11f4ac12b2c
SHA5128ad3cedaf7c237662fc0028a6f1d204ca884aa18b577b63df97d0b2844b16011e4962461ec5ef733e4757863cbf3fcbefc28b7d78927daa4eefa1b7d258e75d0
-
\??\c:\Users\Admin\AppData\Local\Temp\vtpyz4st\vtpyz4st.0.csFilesize
363B
MD5fe0a20ae8ae6560ff6da930c7a650c80
SHA1b17a90207c3fd39abfcd37a79428961d401c0de6
SHA2562887d6cced4527e90685dea484f31e882a7352ca66bdb5f5c7dd8924b6885dce
SHA512d2505e75392877bc4bff0b9b145da35fb2c4fea86c6c6ee3ec7af06fb774abb27dd651242f6797e0e81127619a64662874cc1623262607de65fb332848de4531
-
\??\c:\Users\Admin\AppData\Local\Temp\vtpyz4st\vtpyz4st.cmdlineFilesize
369B
MD5dd3cb02ab4989c9bb567c71233f9e4da
SHA1b57764cc723cadb130d1f4639ab6aa9f71240deb
SHA256b69950b0532a8417c6b63772922ff541537402f0d17d8242ef30eb2b880cc51c
SHA512357a2836e0f1e0180634ba8cbff312b0fa994317ffaa619ce683139ffd4b4905d71bf4be3c1f46ee7c821ba7725b4b138fa4c4502af8d8875aa003885dba1539
-
\??\pipe\LOCAL\crashpad_1812_SSOZEYZNHXDZHGWTMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/752-4500-0x000001965AE60000-0x000001965AE80000-memory.dmpFilesize
128KB
-
memory/752-4502-0x000001965AE20000-0x000001965AE40000-memory.dmpFilesize
128KB
-
memory/752-4504-0x000001965B220000-0x000001965B240000-memory.dmpFilesize
128KB
-
memory/1464-1367-0x000002287F2B0000-0x000002287F2C0000-memory.dmpFilesize
64KB
-
memory/1464-1301-0x000002287F2B0000-0x000002287F2C0000-memory.dmpFilesize
64KB
-
memory/1464-1300-0x00007FFD357F0000-0x00007FFD362B1000-memory.dmpFilesize
10.8MB
-
memory/1464-1353-0x00007FFD357F0000-0x00007FFD362B1000-memory.dmpFilesize
10.8MB
-
memory/1464-1358-0x000002287F2B0000-0x000002287F2C0000-memory.dmpFilesize
64KB
-
memory/1464-1359-0x000002287FAA0000-0x000002287FC62000-memory.dmpFilesize
1.8MB
-
memory/1464-1360-0x000002287F2B0000-0x000002287F2C0000-memory.dmpFilesize
64KB
-
memory/1464-1361-0x000002287F2B0000-0x000002287F2C0000-memory.dmpFilesize
64KB
-
memory/1464-4105-0x000002287F980000-0x000002287F9A4000-memory.dmpFilesize
144KB
-
memory/1464-4104-0x000002287F980000-0x000002287F9AA000-memory.dmpFilesize
168KB
-
memory/1464-3390-0x000002287F8F0000-0x000002287F902000-memory.dmpFilesize
72KB
-
memory/1464-3391-0x000002287F4A0000-0x000002287F4AA000-memory.dmpFilesize
40KB
-
memory/1464-1362-0x0000022800530000-0x0000022800A58000-memory.dmpFilesize
5.2MB
-
memory/1464-1363-0x000002287FC70000-0x000002287FDF6000-memory.dmpFilesize
1.5MB
-
memory/1464-1364-0x000002287F480000-0x000002287F488000-memory.dmpFilesize
32KB
-
memory/1464-1365-0x000002287F910000-0x000002287F948000-memory.dmpFilesize
224KB
-
memory/1464-1366-0x000002287F490000-0x000002287F49E000-memory.dmpFilesize
56KB
-
memory/1464-4046-0x0000022804150000-0x0000022804158000-memory.dmpFilesize
32KB
-
memory/1464-1380-0x000002287F2B0000-0x000002287F2C0000-memory.dmpFilesize
64KB
-
memory/1464-1381-0x000002287F2B0000-0x000002287F2C0000-memory.dmpFilesize
64KB
-
memory/1464-1389-0x000002287F2B0000-0x000002287F2C0000-memory.dmpFilesize
64KB
-
memory/1464-3589-0x0000022800200000-0x0000022800208000-memory.dmpFilesize
32KB
-
memory/1484-4471-0x0000000004E60000-0x0000000004E61000-memory.dmpFilesize
4KB
-
memory/1484-4426-0x0000000004820000-0x0000000004821000-memory.dmpFilesize
4KB
-
memory/1956-3852-0x00000204EAE60000-0x00000204EAEB0000-memory.dmpFilesize
320KB
-
memory/1956-3906-0x00007FFD357F0000-0x00007FFD362B1000-memory.dmpFilesize
10.8MB
-
memory/1956-3888-0x00000204EC390000-0x00000204EC3AE000-memory.dmpFilesize
120KB
-
memory/1956-3837-0x00000204E86B0000-0x00000204E9128000-memory.dmpFilesize
10.5MB
-
memory/1956-3839-0x00000204EB690000-0x00000204EB6A0000-memory.dmpFilesize
64KB
-
memory/1956-3838-0x00007FFD357F0000-0x00007FFD362B1000-memory.dmpFilesize
10.8MB
-
memory/1960-4610-0x000002449F9A0000-0x000002449F9C0000-memory.dmpFilesize
128KB
-
memory/2732-4461-0x000002BAF75C0000-0x000002BAF75E0000-memory.dmpFilesize
128KB
-
memory/2732-4458-0x000002BAF6FB0000-0x000002BAF6FD0000-memory.dmpFilesize
128KB
-
memory/2732-4456-0x000002BAF7200000-0x000002BAF7220000-memory.dmpFilesize
128KB
-
memory/3352-4555-0x0000018A789D0000-0x0000018A789F0000-memory.dmpFilesize
128KB
-
memory/3352-4552-0x0000018A785C0000-0x0000018A785E0000-memory.dmpFilesize
128KB
-
memory/3352-4550-0x0000018A78600000-0x0000018A78620000-memory.dmpFilesize
128KB
-
memory/3472-4449-0x0000000004D60000-0x0000000004D61000-memory.dmpFilesize
4KB
-
memory/3868-4102-0x00000162DE2B0000-0x00000162DE2B1000-memory.dmpFilesize
4KB
-
memory/3868-4103-0x00000162DE2B0000-0x00000162DE2B1000-memory.dmpFilesize
4KB
-
memory/3868-4092-0x00000162DE2B0000-0x00000162DE2B1000-memory.dmpFilesize
4KB
-
memory/3868-4093-0x00000162DE2B0000-0x00000162DE2B1000-memory.dmpFilesize
4KB
-
memory/3868-4100-0x00000162DE2B0000-0x00000162DE2B1000-memory.dmpFilesize
4KB
-
memory/3868-4097-0x00000162DE2B0000-0x00000162DE2B1000-memory.dmpFilesize
4KB
-
memory/3868-4098-0x00000162DE2B0000-0x00000162DE2B1000-memory.dmpFilesize
4KB
-
memory/3868-4099-0x00000162DE2B0000-0x00000162DE2B1000-memory.dmpFilesize
4KB
-
memory/3868-4101-0x00000162DE2B0000-0x00000162DE2B1000-memory.dmpFilesize
4KB
-
memory/3868-4091-0x00000162DE2B0000-0x00000162DE2B1000-memory.dmpFilesize
4KB
-
memory/3888-4478-0x000002EF0B8D0000-0x000002EF0B8F0000-memory.dmpFilesize
128KB
-
memory/3888-4480-0x000002EF0B890000-0x000002EF0B8B0000-memory.dmpFilesize
128KB
-
memory/3888-4482-0x000002EF0BEA0000-0x000002EF0BEC0000-memory.dmpFilesize
128KB
-
memory/4000-4494-0x0000000004EA0000-0x0000000004EA1000-memory.dmpFilesize
4KB
-
memory/4088-317-0x00000291F1BD0000-0x00000291F1BE0000-memory.dmpFilesize
64KB
-
memory/4088-320-0x00000291F2DF0000-0x00000291F2E66000-memory.dmpFilesize
472KB
-
memory/4088-318-0x00000291F1BD0000-0x00000291F1BE0000-memory.dmpFilesize
64KB
-
memory/4088-311-0x00000291F1B90000-0x00000291F1BB2000-memory.dmpFilesize
136KB
-
memory/4088-316-0x00007FFD357F0000-0x00007FFD362B1000-memory.dmpFilesize
10.8MB
-
memory/4088-391-0x00007FFD357F0000-0x00007FFD362B1000-memory.dmpFilesize
10.8MB
-
memory/4088-319-0x00000291F2D20000-0x00000291F2D64000-memory.dmpFilesize
272KB
-
memory/4416-4564-0x000001E5E1940000-0x000001E5E1960000-memory.dmpFilesize
128KB
-
memory/4416-4566-0x000001E5E1900000-0x000001E5E1920000-memory.dmpFilesize
128KB
-
memory/4416-4569-0x000001E5E1D10000-0x000001E5E1D30000-memory.dmpFilesize
128KB
-
memory/4908-4366-0x0000027D0F670000-0x0000027D0F671000-memory.dmpFilesize
4KB
-
memory/4908-4357-0x0000027D0F670000-0x0000027D0F671000-memory.dmpFilesize
4KB
-
memory/4908-4361-0x0000027D0F670000-0x0000027D0F671000-memory.dmpFilesize
4KB
-
memory/4908-4362-0x0000027D0F670000-0x0000027D0F671000-memory.dmpFilesize
4KB
-
memory/4908-4364-0x0000027D0F670000-0x0000027D0F671000-memory.dmpFilesize
4KB
-
memory/4908-4365-0x0000027D0F670000-0x0000027D0F671000-memory.dmpFilesize
4KB
-
memory/4908-4363-0x0000027D0F670000-0x0000027D0F671000-memory.dmpFilesize
4KB
-
memory/4908-4359-0x0000027D0F670000-0x0000027D0F671000-memory.dmpFilesize
4KB
-
memory/4908-4358-0x0000027D0F670000-0x0000027D0F671000-memory.dmpFilesize
4KB
-
memory/5084-4406-0x000001B5A8470000-0x000001B5A8490000-memory.dmpFilesize
128KB
-
memory/5084-4403-0x000001B5A8020000-0x000001B5A8040000-memory.dmpFilesize
128KB
-
memory/5084-4401-0x000001B5A8060000-0x000001B5A8080000-memory.dmpFilesize
128KB
-
memory/5348-4029-0x00007FFD357F0000-0x00007FFD362B1000-memory.dmpFilesize
10.8MB
-
memory/5348-3930-0x000001B6957D0000-0x000001B6957E0000-memory.dmpFilesize
64KB
-
memory/5348-3928-0x00007FFD357F0000-0x00007FFD362B1000-memory.dmpFilesize
10.8MB
-
memory/5444-3925-0x00000000006C0000-0x00000000006E8000-memory.dmpFilesize
160KB
-
memory/5444-4030-0x00007FFD357F0000-0x00007FFD362B1000-memory.dmpFilesize
10.8MB
-
memory/5444-3927-0x00007FFD357F0000-0x00007FFD362B1000-memory.dmpFilesize
10.8MB
-
memory/5444-3929-0x000000001B4D0000-0x000000001B4E0000-memory.dmpFilesize
64KB
-
memory/5572-4032-0x00007FFD357F0000-0x00007FFD362B1000-memory.dmpFilesize
10.8MB
-
memory/5572-3920-0x0000026A68580000-0x0000026A68590000-memory.dmpFilesize
64KB
-
memory/5572-3921-0x0000026A68580000-0x0000026A68590000-memory.dmpFilesize
64KB
-
memory/5572-3919-0x00007FFD357F0000-0x00007FFD362B1000-memory.dmpFilesize
10.8MB
-
memory/5596-4584-0x0000021DC19D0000-0x0000021DC19F0000-memory.dmpFilesize
128KB
-
memory/5596-4589-0x0000021DC1DA0000-0x0000021DC1DC0000-memory.dmpFilesize
128KB
-
memory/5596-4586-0x0000021DC1990000-0x0000021DC19B0000-memory.dmpFilesize
128KB
-
memory/5884-4435-0x0000020A7DFC0000-0x0000020A7DFE0000-memory.dmpFilesize
128KB
-
memory/5884-4433-0x0000020A7E000000-0x0000020A7E020000-memory.dmpFilesize
128KB
-
memory/5884-4437-0x0000020A7E3D0000-0x0000020A7E3F0000-memory.dmpFilesize
128KB
-
memory/5984-4394-0x00000000043C0000-0x00000000043C1000-memory.dmpFilesize
4KB
-
memory/6064-448-0x0000028663990000-0x00000286639A0000-memory.dmpFilesize
64KB
-
memory/6064-450-0x00007FFD357F0000-0x00007FFD362B1000-memory.dmpFilesize
10.8MB
-
memory/6064-411-0x00007FFD357F0000-0x00007FFD362B1000-memory.dmpFilesize
10.8MB
-
memory/6064-412-0x0000028663990000-0x00000286639A0000-memory.dmpFilesize
64KB
-
memory/6064-1278-0x00007FFD357F0000-0x00007FFD362B1000-memory.dmpFilesize
10.8MB
-
memory/6064-465-0x0000028663990000-0x00000286639A0000-memory.dmpFilesize
64KB
-
memory/6064-463-0x0000028663990000-0x00000286639A0000-memory.dmpFilesize
64KB
-
memory/6064-452-0x0000028663990000-0x00000286639A0000-memory.dmpFilesize
64KB
-
memory/6064-451-0x0000028663990000-0x00000286639A0000-memory.dmpFilesize
64KB
-
memory/6436-4519-0x000001F7852D0000-0x000001F7852F0000-memory.dmpFilesize
128KB
-
memory/6436-4521-0x000001F785290000-0x000001F7852B0000-memory.dmpFilesize
128KB
-
memory/6436-4524-0x000001F7858A0000-0x000001F7858C0000-memory.dmpFilesize
128KB
-
memory/6536-4535-0x0000018E75940000-0x0000018E75941000-memory.dmpFilesize
4KB
-
memory/6536-4537-0x0000018E75940000-0x0000018E75941000-memory.dmpFilesize
4KB
-
memory/6536-4540-0x0000018E75940000-0x0000018E75941000-memory.dmpFilesize
4KB
-
memory/6536-4533-0x0000018E75940000-0x0000018E75941000-memory.dmpFilesize
4KB
-
memory/6536-4534-0x0000018E75940000-0x0000018E75941000-memory.dmpFilesize
4KB
-
memory/6536-4539-0x0000018E75940000-0x0000018E75941000-memory.dmpFilesize
4KB
-
memory/6536-4541-0x0000018E75940000-0x0000018E75941000-memory.dmpFilesize
4KB
-
memory/6536-4542-0x0000018E75940000-0x0000018E75941000-memory.dmpFilesize
4KB
-
memory/6536-4538-0x0000018E75940000-0x0000018E75941000-memory.dmpFilesize
4KB
-
memory/6544-4158-0x000001F3D5540000-0x000001F3D55BE000-memory.dmpFilesize
504KB
-
memory/6544-4155-0x00007FFD357F0000-0x00007FFD362B1000-memory.dmpFilesize
10.8MB
-
memory/6544-4156-0x000001F3BCC90000-0x000001F3BCCB8000-memory.dmpFilesize
160KB
-
memory/6544-4154-0x000001F3BAF60000-0x000001F3BB138000-memory.dmpFilesize
1.8MB
-
memory/6544-4159-0x000001F3D55C0000-0x000001F3D55D8000-memory.dmpFilesize
96KB
-
memory/6544-4162-0x00007FFD357F0000-0x00007FFD362B1000-memory.dmpFilesize
10.8MB
-
memory/6544-4157-0x000001F3D56E0000-0x000001F3D56F0000-memory.dmpFilesize
64KB
-
memory/6968-4512-0x0000000003F20000-0x0000000003F21000-memory.dmpFilesize
4KB