Analysis
-
max time kernel
115s -
max time network
283s -
platform
windows11-21h2_x64 -
resource
win11-20241007-en -
resource tags
arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system -
submitted
13-11-2024 21:18
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://google.com
Resource
win11-20241007-en
Errors
General
-
Target
http://google.com
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
Processes:
Monoxide x64.exe堒鹧蘃幾枠畬鉝兮禤龓幷氖逜蝥噠贪.exepid Process 3424 Monoxide x64.exe 2832 堒鹧蘃幾枠畬鉝兮禤龓幷氖逜蝥噠贪.exe -
Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
Processes:
堒鹧蘃幾枠畬鉝兮禤龓幷氖逜蝥噠贪.exedescription ioc Process File opened (read-only) \??\F: 堒鹧蘃幾枠畬鉝兮禤龓幷氖逜蝥噠贪.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
Processes:
flow ioc 2 raw.githubusercontent.com 4 raw.githubusercontent.com 51 raw.githubusercontent.com -
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
Processes:
堒鹧蘃幾枠畬鉝兮禤龓幷氖逜蝥噠贪.exedescription ioc Process File opened for modification \??\PhysicalDrive0 堒鹧蘃幾枠畬鉝兮禤龓幷氖逜蝥噠贪.exe -
Command and Scripting Interpreter: JavaScript 1 TTPs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 6 IoCs
Processes:
msedge.exemsedge.exedescription ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Modifies registry class 1 IoCs
Processes:
OpenWith.exedescription ioc Process Key created \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings OpenWith.exe -
NTFS ADS 1 IoCs
Processes:
msedge.exedescription ioc Process File opened for modification C:\Users\Admin\Downloads\Monoxide.zip:Zone.Identifier msedge.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes:
msedge.exemsedge.exemsedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exepid Process 796 msedge.exe 796 msedge.exe 1028 msedge.exe 1028 msedge.exe 1540 msedge.exe 1540 msedge.exe 428 msedge.exe 428 msedge.exe 2428 msedge.exe 2428 msedge.exe 1896 identity_helper.exe 1896 identity_helper.exe 228 msedge.exe 228 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs
Processes:
msedge.exemsedge.exepid Process 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1540 msedge.exe 1540 msedge.exe 1540 msedge.exe 1540 msedge.exe 1540 msedge.exe 1540 msedge.exe 1540 msedge.exe 1540 msedge.exe 1540 msedge.exe 1540 msedge.exe 1540 msedge.exe 1540 msedge.exe 1540 msedge.exe -
Suspicious use of AdjustPrivilegeToken 7 IoCs
Processes:
7zG.exe堒鹧蘃幾枠畬鉝兮禤龓幷氖逜蝥噠贪.exeAUDIODG.EXEdescription pid Process Token: SeRestorePrivilege 2972 7zG.exe Token: 35 2972 7zG.exe Token: SeSecurityPrivilege 2972 7zG.exe Token: SeSecurityPrivilege 2972 7zG.exe Token: SeDebugPrivilege 2832 堒鹧蘃幾枠畬鉝兮禤龓幷氖逜蝥噠贪.exe Token: 33 2664 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 2664 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 61 IoCs
Processes:
msedge.exemsedge.exe7zG.exepid Process 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1540 msedge.exe 1540 msedge.exe 1540 msedge.exe 1540 msedge.exe 1540 msedge.exe 1540 msedge.exe 1540 msedge.exe 1540 msedge.exe 1540 msedge.exe 1540 msedge.exe 1540 msedge.exe 1540 msedge.exe 1540 msedge.exe 1540 msedge.exe 1540 msedge.exe 1540 msedge.exe 1540 msedge.exe 1540 msedge.exe 1540 msedge.exe 1540 msedge.exe 1540 msedge.exe 1540 msedge.exe 1540 msedge.exe 1540 msedge.exe 1540 msedge.exe 1540 msedge.exe 1540 msedge.exe 1540 msedge.exe 1540 msedge.exe 1540 msedge.exe 1540 msedge.exe 1540 msedge.exe 1540 msedge.exe 1540 msedge.exe 2972 7zG.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exemsedge.exepid Process 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1540 msedge.exe 1540 msedge.exe 1540 msedge.exe 1540 msedge.exe 1540 msedge.exe 1540 msedge.exe 1540 msedge.exe 1540 msedge.exe 1540 msedge.exe 1540 msedge.exe 1540 msedge.exe 1540 msedge.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
Processes:
Monoxide x64.exe堒鹧蘃幾枠畬鉝兮禤龓幷氖逜蝥噠贪.exeOpenWith.exepid Process 3424 Monoxide x64.exe 2832 堒鹧蘃幾枠畬鉝兮禤龓幷氖逜蝥噠贪.exe 2832 堒鹧蘃幾枠畬鉝兮禤龓幷氖逜蝥噠贪.exe 2212 OpenWith.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid Process procid_target PID 1028 wrote to memory of 3552 1028 msedge.exe 79 PID 1028 wrote to memory of 3552 1028 msedge.exe 79 PID 1028 wrote to memory of 2080 1028 msedge.exe 80 PID 1028 wrote to memory of 2080 1028 msedge.exe 80 PID 1028 wrote to memory of 2080 1028 msedge.exe 80 PID 1028 wrote to memory of 2080 1028 msedge.exe 80 PID 1028 wrote to memory of 2080 1028 msedge.exe 80 PID 1028 wrote to memory of 2080 1028 msedge.exe 80 PID 1028 wrote to memory of 2080 1028 msedge.exe 80 PID 1028 wrote to memory of 2080 1028 msedge.exe 80 PID 1028 wrote to memory of 2080 1028 msedge.exe 80 PID 1028 wrote to memory of 2080 1028 msedge.exe 80 PID 1028 wrote to memory of 2080 1028 msedge.exe 80 PID 1028 wrote to memory of 2080 1028 msedge.exe 80 PID 1028 wrote to memory of 2080 1028 msedge.exe 80 PID 1028 wrote to memory of 2080 1028 msedge.exe 80 PID 1028 wrote to memory of 2080 1028 msedge.exe 80 PID 1028 wrote to memory of 2080 1028 msedge.exe 80 PID 1028 wrote to memory of 2080 1028 msedge.exe 80 PID 1028 wrote to memory of 2080 1028 msedge.exe 80 PID 1028 wrote to memory of 2080 1028 msedge.exe 80 PID 1028 wrote to memory of 2080 1028 msedge.exe 80 PID 1028 wrote to memory of 2080 1028 msedge.exe 80 PID 1028 wrote to memory of 2080 1028 msedge.exe 80 PID 1028 wrote to memory of 2080 1028 msedge.exe 80 PID 1028 wrote to memory of 2080 1028 msedge.exe 80 PID 1028 wrote to memory of 2080 1028 msedge.exe 80 PID 1028 wrote to memory of 2080 1028 msedge.exe 80 PID 1028 wrote to memory of 2080 1028 msedge.exe 80 PID 1028 wrote to memory of 2080 1028 msedge.exe 80 PID 1028 wrote to memory of 2080 1028 msedge.exe 80 PID 1028 wrote to memory of 2080 1028 msedge.exe 80 PID 1028 wrote to memory of 2080 1028 msedge.exe 80 PID 1028 wrote to memory of 2080 1028 msedge.exe 80 PID 1028 wrote to memory of 2080 1028 msedge.exe 80 PID 1028 wrote to memory of 2080 1028 msedge.exe 80 PID 1028 wrote to memory of 2080 1028 msedge.exe 80 PID 1028 wrote to memory of 2080 1028 msedge.exe 80 PID 1028 wrote to memory of 2080 1028 msedge.exe 80 PID 1028 wrote to memory of 2080 1028 msedge.exe 80 PID 1028 wrote to memory of 2080 1028 msedge.exe 80 PID 1028 wrote to memory of 2080 1028 msedge.exe 80 PID 1028 wrote to memory of 796 1028 msedge.exe 81 PID 1028 wrote to memory of 796 1028 msedge.exe 81 PID 1028 wrote to memory of 1920 1028 msedge.exe 82 PID 1028 wrote to memory of 1920 1028 msedge.exe 82 PID 1028 wrote to memory of 1920 1028 msedge.exe 82 PID 1028 wrote to memory of 1920 1028 msedge.exe 82 PID 1028 wrote to memory of 1920 1028 msedge.exe 82 PID 1028 wrote to memory of 1920 1028 msedge.exe 82 PID 1028 wrote to memory of 1920 1028 msedge.exe 82 PID 1028 wrote to memory of 1920 1028 msedge.exe 82 PID 1028 wrote to memory of 1920 1028 msedge.exe 82 PID 1028 wrote to memory of 1920 1028 msedge.exe 82 PID 1028 wrote to memory of 1920 1028 msedge.exe 82 PID 1028 wrote to memory of 1920 1028 msedge.exe 82 PID 1028 wrote to memory of 1920 1028 msedge.exe 82 PID 1028 wrote to memory of 1920 1028 msedge.exe 82 PID 1028 wrote to memory of 1920 1028 msedge.exe 82 PID 1028 wrote to memory of 1920 1028 msedge.exe 82 PID 1028 wrote to memory of 1920 1028 msedge.exe 82 PID 1028 wrote to memory of 1920 1028 msedge.exe 82 PID 1028 wrote to memory of 1920 1028 msedge.exe 82 PID 1028 wrote to memory of 1920 1028 msedge.exe 82
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://google.com1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1028 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff801f33cb8,0x7ff801f33cc8,0x7ff801f33cd82⤵PID:3552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,10048183891806573782,1970598670671993575,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:22⤵PID:2080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,10048183891806573782,1970598670671993575,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,10048183891806573782,1970598670671993575,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:82⤵PID:1920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,10048183891806573782,1970598670671993575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3112 /prefetch:12⤵PID:3132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,10048183891806573782,1970598670671993575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3128 /prefetch:12⤵PID:4508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,10048183891806573782,1970598670671993575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:12⤵PID:1652
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4192
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1620
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1540 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff801f33cb8,0x7ff801f33cc8,0x7ff801f33cd82⤵PID:4672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,6945636876560104578,17344847867212786950,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1956 /prefetch:22⤵PID:4056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1944,6945636876560104578,17344847867212786950,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2004 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1944,6945636876560104578,17344847867212786950,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:82⤵PID:2400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6945636876560104578,17344847867212786950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵PID:2892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6945636876560104578,17344847867212786950,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:12⤵PID:2708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6945636876560104578,17344847867212786950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3936 /prefetch:12⤵PID:2716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6945636876560104578,17344847867212786950,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3908 /prefetch:12⤵PID:4540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1944,6945636876560104578,17344847867212786950,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3924 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1944,6945636876560104578,17344847867212786950,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6945636876560104578,17344847867212786950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:12⤵PID:4952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6945636876560104578,17344847867212786950,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:12⤵PID:4256
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6945636876560104578,17344847867212786950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3936 /prefetch:12⤵PID:2264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6945636876560104578,17344847867212786950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:12⤵PID:4548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6945636876560104578,17344847867212786950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2980 /prefetch:12⤵PID:2256
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6945636876560104578,17344847867212786950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:12⤵PID:460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6945636876560104578,17344847867212786950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:12⤵PID:952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6945636876560104578,17344847867212786950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2596 /prefetch:12⤵PID:1456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6945636876560104578,17344847867212786950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:12⤵PID:4784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1944,6945636876560104578,17344847867212786950,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6056 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1944,6945636876560104578,17344847867212786950,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5980 /prefetch:82⤵PID:1676
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4688
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1924
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:3620
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Monoxide\" -ad -an -ai#7zMap4082:78:7zEvent130581⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2972
-
C:\Users\Admin\Downloads\Monoxide\Monoxide\Monoxide x64.exe"C:\Users\Admin\Downloads\Monoxide\Monoxide\Monoxide x64.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3424 -
C:\Users\Admin\AppData\Local\Temp\堒鹧蘃幾枠畬鉝兮禤龓幷氖逜蝥噠贪.exe"C:\Users\Admin\AppData\Local\Temp\堒鹧蘃幾枠畬鉝兮禤龓幷氖逜蝥噠贪.exe"2⤵
- Executes dropped EXE
- Enumerates connected drives
- Writes to the Master Boot Record (MBR)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2832 -
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe"3⤵PID:4168
-
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\az.txt3⤵PID:5020
-
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\da.txt3⤵PID:3112
-
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\fur.txt3⤵PID:4532
-
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\io.txt3⤵PID:4720
-
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\nl.txt3⤵PID:804
-
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\ro.txt3⤵PID:1164
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Program Files\BlockWait.mhtml3⤵PID:1444
-
-
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe"C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe"3⤵PID:3820
-
-
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe"C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe"3⤵PID:4540
-
-
C:\Program Files\Java\jdk-1.8\bin\java.exe"C:\Program Files\Java\jdk-1.8\bin\java.exe"3⤵PID:2900
-
-
C:\Program Files\Java\jdk-1.8\bin\servertool.exe"C:\Program Files\Java\jdk-1.8\bin\servertool.exe"3⤵PID:3304
-
-
C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe"C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe"3⤵PID:2696
-
-
C:\Program Files\Java\jre-1.8\bin\orbd.exe"C:\Program Files\Java\jre-1.8\bin\orbd.exe"3⤵PID:1664
-
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Microsoft Office\root\Office16\1033\AccessRuntime_eula.txt3⤵PID:4224
-
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Microsoft Office\root\Office16\1033\ClientOSub_eula.txt3⤵PID:2400
-
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Microsoft Office\root\Office16\Configuration\card_security_terms_dict.txt3⤵PID:2364
-
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Microsoft Office\root\Office16\MSIPC\ThirdPartyNotices.txt3⤵PID:1172
-
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DWTRIG20.EXE"C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DWTRIG20.EXE"3⤵PID:5092
-
-
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe"C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe"3⤵PID:2056
-
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeOfficeClickToRun.exe platform=4⤵PID:1556
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.videolan.org//vlc/skins.php3⤵PID:4360
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff801f33cb8,0x7ff801f33cc8,0x7ff801f33cd84⤵PID:704
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,5018647311994877324,16767054147717044567,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2128 /prefetch:24⤵PID:3860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,5018647311994877324,16767054147717044567,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:34⤵PID:3608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,5018647311994877324,16767054147717044567,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2372 /prefetch:84⤵PID:2892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5018647311994877324,16767054147717044567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:14⤵PID:5156
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5018647311994877324,16767054147717044567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:14⤵PID:5164
-
-
-
C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_12008.1001.1.0_x64__8wekyb3d8bbwe\StoreExperienceHost.exe"C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_12008.1001.1.0_x64__8wekyb3d8bbwe\StoreExperienceHost.exe"3⤵PID:4532
-
-
C:\Program Files\WindowsApps\Microsoft.Xbox.TCUI_1.23.28002.0_x64__8wekyb3d8bbwe\TCUI-App.exe"C:\Program Files\WindowsApps\Microsoft.Xbox.TCUI_1.23.28002.0_x64__8wekyb3d8bbwe\TCUI-App.exe"3⤵PID:5316
-
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" cryptext.dll,CryptExtOpenCAT C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.21012.10511.0_x64__8wekyb3d8bbwe\AppxMetadata\CodeIntegrity.cat3⤵PID:4732
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib\components\Breadcrumb\Breadcrumb.base.js"3⤵PID:5156
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib\components\DetailsList\DetailsList.base.js"3⤵PID:5616
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib\components\DetailsList\DetailsList.styles.js"3⤵PID:2400
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib\components\DocumentCard\DocumentCardTitle.js"3⤵PID:4100
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib\components\DocumentCard\DocumentCardTitle.types.js"3⤵PID:5504
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib\components\Dropdown\Dropdown.js"3⤵PID:4932
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib\components\GroupedList\GroupHeader.base.js"3⤵PID:6096
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib\DetailsList.js"3⤵PID:5584
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib\Dialog.js"3⤵PID:5792
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib\GroupedList.js"3⤵PID:5736
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib\Nav.js"3⤵PID:5728
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib\Panel.js"3⤵PID:5640
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib\ShimmeredDetailsList.js"3⤵PID:5644
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib-amd\ChoiceGroupOption.js"3⤵PID:5608
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib-amd\components\DocumentCard\DocumentCardImage.js"3⤵PID:6040
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib-amd\components\DocumentCard\DocumentCardLogo.types.js"3⤵PID:3176
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib-amd\components\DocumentCard\DocumentCardStatus.js"3⤵PID:5800
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib-amd\components\GroupedList\GroupShowAll.styles.js"3⤵PID:5836
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib-amd\Keytips.js"3⤵PID:5912
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib-commonjs\Coachmark.js"3⤵PID:5752
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib-commonjs\components\DetailsList\DetailsRowFields.js"3⤵PID:4256
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib-commonjs\components\DocumentCard\DocumentCardImage.js"3⤵PID:6060
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib-commonjs\components\DocumentCard\DocumentCardLogo.styles.js"3⤵PID:5296
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib-commonjs\components\GroupedList\GroupSpacer.types.js"3⤵PID:5228
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib-commonjs\Fabric.js"3⤵PID:5300
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib-commonjs\Facepile.js"3⤵PID:4768
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib-commonjs\ProgressIndicator.js"3⤵PID:2468
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib-commonjs\ResizeGroup.js"3⤵PID:4428
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib-commonjs\Theme.js"3⤵PID:2892
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\theme\lib\types\IAnimationStyles.js"3⤵PID:5312
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\theme\lib\types\IScheme.js"3⤵PID:5376
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\theme\lib-amd\motion\index.js"3⤵PID:5444
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\theme\lib-commonjs\createTheme.js"3⤵PID:5448
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\theme\lib-commonjs\mergeThemes.js"3⤵PID:2344
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\theme\lib-commonjs\types\IPalette.js"3⤵PID:5668
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\theme\node_modules\@fluentui\dom-utilities\lib\getParent.js"3⤵PID:5468
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\theme\node_modules\@fluentui\dom-utilities\lib\IVirtualElement.js"3⤵PID:3416
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\theme\node_modules\@fluentui\dom-utilities\lib-commonjs\setPortalAttribute.js"3⤵PID:3560
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\theme\node_modules\@uifabric\merge-styles\lib\extractStyleParts.js"3⤵PID:5068
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\theme\node_modules\@uifabric\merge-styles\lib-amd\IKeyframes.js"3⤵PID:3252
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\theme\node_modules\@uifabric\merge-styles\lib-commonjs\concatStyleSetsWithProps.js"3⤵PID:1816
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\theme\node_modules\@uifabric\utilities\lib\index.js"3⤵PID:2728
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\theme\node_modules\@uifabric\utilities\lib-amd\customizations\mergeCustomizations.js"3⤵PID:5252
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\theme\node_modules\@uifabric\utilities\lib-commonjs\dom\elementContains.js"3⤵PID:5236
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\theme\node_modules\@uifabric\utilities\lib-commonjs\dom\IVirtualElement.js"3⤵PID:4572
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\theme\node_modules\@uifabric\utilities\lib-commonjs\object.js"3⤵PID:3068
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\theme\node_modules\@uifabric\utilities\lib-commonjs\warn\warn.js"3⤵PID:5232
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\theme\node_modules\@uifabric\utilities\lib-commonjs\warn\warnMutuallyExclusive.js"3⤵PID:1488
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe"3⤵PID:7104
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" --type=collab-renderer --proc=71044⤵PID:2704
-
-
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\main.css3⤵PID:6232
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\cs-cz\ui-strings.js"3⤵PID:6408
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\hr-hr\ui-strings.js"3⤵PID:6296
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\fr-ma\ui-strings.js"3⤵PID:6484
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\root\ui-strings.js"3⤵PID:6556
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\sv-se\ui-strings.js"3⤵PID:6656
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\da-dk\ui-strings.js"3⤵PID:6576
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\rhp\exportpdf-rna-tool-view.js"3⤵PID:1456
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\de-de\ui-strings.js"3⤵PID:3456
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\es-es\ui-strings.js"3⤵PID:6740
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\ja-jp\ui-strings.js"3⤵PID:1440
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\pl-pl\ui-strings.js"3⤵PID:6596
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\root\ui-strings.js"3⤵PID:4400
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\tr-tr\ui-strings.js"3⤵PID:6856
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\hu-hu\ui-strings.js"3⤵PID:6904
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\fi-fi\ui-strings.js"3⤵PID:6868
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\pt-br\ui-strings.js"3⤵PID:7028
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\sk-sk\ui-strings.js"3⤵PID:7124
-
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\css\main.css3⤵PID:7160
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\cs-cz\ui-strings.js"3⤵PID:6320
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\en-gb\ui-strings.js"3⤵PID:6172
-
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\css\main-selector.css3⤵PID:7076
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\cs-cz\ui-strings.js"3⤵PID:7116
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\selector.js"3⤵PID:6332
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\fr-fr\ui-strings.js"3⤵PID:6404
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\ro-ro\ui-strings.js"3⤵PID:6344
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\plugin.js"3⤵PID:6664
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\da-dk\ui-strings.js"3⤵PID:6860
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\pt-br\ui-strings.js"3⤵PID:6220
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\da-dk\ui-strings.js"3⤵PID:5040
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\fi-fi\ui-strings.js"3⤵PID:7156
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\ui-strings.js"3⤵PID:6648
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\en-il\ui-strings.js"3⤵PID:6356
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\fr-ma\ui-strings.js"3⤵PID:7180
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\en-il\ui-strings.js"3⤵PID:7252
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\ui-strings.js"3⤵PID:7292
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\selector.js"3⤵PID:7316
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\pl-pl\ui-strings.js"3⤵PID:7388
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\fr-fr\ui-strings.js"3⤵PID:7452
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\fr-ma\ui-strings.js"3⤵PID:7480
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\it-it\ui-strings.js"3⤵PID:7524
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\it-it\ui-strings.js"3⤵PID:7620
-
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_CA\List.txt3⤵PID:7748
-
-
C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe"C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe"3⤵PID:7784
-
-
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_150968\javaws.exe"C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_150968\javaws.exe"3⤵PID:8096
-
-
C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdate.exe"C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdate.exe"3⤵PID:7936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\BHO\ie_to_edge_stub.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\BHO\ie_to_edge_stub.exe"3⤵PID:8128
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\show_third_party_software_licenses.bat" "3⤵PID:7680
-
-
C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\BHO\ie_to_edge_stub.exe"C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\BHO\ie_to_edge_stub.exe"3⤵PID:6708
-
-
C:\Program Files (x86)\Windows Media Player\wmplayer.exe"C:\Program Files (x86)\Windows Media Player\wmplayer.exe"3⤵PID:7748
-
C:\Windows\SysWOW64\unregmp2.exe"C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon4⤵PID:8168
-
C:\Windows\system32\unregmp2.exe"C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT5⤵PID:5824
-
-
-
-
C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"3⤵PID:1664
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\bin\Pester.bat" "3⤵PID:2460
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NonInteractive -NoProfile -ExecutionPolicy Bypass -Command "& Import-Module 'C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\bin\..\Pester.psm1'; & { Invoke-Pester -EnableExit }"4⤵
- Command and Scripting Interpreter: PowerShell
PID:6004
-
-
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\en-US\about_Pester.help.txt3⤵PID:4284
-
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Snippets\ShouldNotBe.snippets.ps1xml3⤵PID:4572
-
-
C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\setup.exe"C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\setup.exe"3⤵PID:2900
-
-
C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe"C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe"3⤵PID:8024
-
C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe"C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.filehandle.attached=584 -burn.filehandle.self=5924⤵PID:8108
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default3⤵PID:5712
-
-
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004CC1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2664
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2212
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:384
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:1172
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:860
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:3460
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:1532
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:1988
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:564
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:1064
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:2816
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:3220
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:2212
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:1584
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:3996
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:2312
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:2828
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:1064
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:952
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:3300
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:2524
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:4548
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:4648
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:3464
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:2488
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:3360
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:4816
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:1740
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:200
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:4648
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:1816
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:3300
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:2864
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:932
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:4444
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:1064
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:3628
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:2864
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:3140
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:4548
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:1944
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:3560
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:1836
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:3824
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:4536
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:2864
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:2468
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:2512
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5240
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5420
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:5720
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:5800
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:5868
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:1960
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:5636
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:5836
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:3200
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:6060
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:1264
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:1944
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:5204
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:4416
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:752
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:5448
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:4932
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:5552
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:5980
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:4952
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:5844
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:2728
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:5196
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:4284
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:3300
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:2696
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:5400
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:2136
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:5392
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:5516
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:3904
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:6212
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:6280
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:6368
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:6436
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:6524
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:6584
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:6672
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:6744
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:6864
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:6908
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:6984
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:7044
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:7144
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:7672
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:7876
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:8152
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:7852
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:7736
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:7940
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:7788
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:8060
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:7716
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:1444
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:5496
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:7704
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:5908
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:7940
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:8148
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:1396
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:8020
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:3612
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:8052
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:356
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:7912
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:6420
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:2732
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:7828
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:5328
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:7900
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:7732
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:7424
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:7072
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:7824
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:4432
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:6780
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:5308
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:7712
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:7764
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:5176
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:5168
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:8172
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:668
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:1156
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:6068
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:7996
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:684
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:5756
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:7852
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:6004
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:5868
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:1000
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost1⤵PID:1692
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:6876
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:6620
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:2860
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:2136
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:4676
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:2896
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:1396
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:7504
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:5336
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:6092
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:2848
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:2732
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:6120
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:6848
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:3092
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:916
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:2792
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:1224
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:4760
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:5916
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:3904
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:3184
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:7680
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:5072
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:6608
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:1872
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:2508
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:7764
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:6924
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:6708
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:8176
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:5996
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:7468
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:4132
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:7012
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:7664
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:2860
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:4116
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:5692
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:6368
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD517a6e9095c22451e5216c94b1a61ba38
SHA1055f2f99e33fb803993dd343f850e693f239d20a
SHA25627739df6879b8afeb7b4774aaea0bcdfc3d3d2f292db0f1c25e4edc3ab9f58bb
SHA5126f5ea46ebcdb290f6a821c51edf4ed69be79402b53af5bb492259ca75631e79eb5cac5c5d8bf1ae6ce9b40b5791721378b1460fc60bd38cba4b87c98a3de9eaa
-
Filesize
152B
MD5554d6d27186fa7d6762d95dde7a17584
SHA193ea7b20b8fae384cf0be0d65e4295097112fdca
SHA2562fa6145571e1f1ece9850a1ac94661213d3e0d82f1cef7ac1286ff6b2c2017cb
SHA51257d9008ccabc315bd0e829b19fe91e24bab6ef20bcfab651b937b0f38eec840b58d0aed092a3bbedd2d6a95d5c150372a1e51087572de55672172adc1fc468a7
-
Filesize
152B
MD5b01be3ea3b6721e56c5435f4aa038cbb
SHA12c21a031cefa8996de1338ced671bf97cb35efe5
SHA25610a459d7b410fc54e547cdc7add584e3fb07f13c7885ab1dbb8b124fef015e9a
SHA5122b168c10314490869abfe114af170cb3469fdc1011f2d19abc508e42e3902d49f313d00afcc09cafabb5436830e7d5a32004a1152a48317a7b413f55482094c3
-
Filesize
152B
MD5a28bb0d36049e72d00393056dce10a26
SHA1c753387b64cc15c0efc80084da393acdb4fc01d0
SHA256684d797e28b7fd86af84bfb217d190e4f5e03d92092d988a6091b2c7bbbd67c1
SHA51220940fee33aa2194c36a3db92d4fd314ce7eacc2aa745abec62aa031c2a53ba4ff89f2568626e7bd2536090175f8d045c3bb52c5faa5ecc8da8410ab5fc519f7
-
Filesize
152B
MD53056695cca2fa5d6f4fc15f0fe9ddaea
SHA19b2630acb4fca8579d8c6e63219fa1572b310b0d
SHA25697f18e40b54e49559623a7e226aed3efe1d67f01c6a6bd8cf038e88f41db4ffc
SHA512183b352b16c8c37d7d57fbc842f942cfd01bfcacb3c36422b954f617faa13343a6953c42fad484a48b7ba081a7009d67112090e2292d40fb65ef55b0e9595b35
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\96c7bb75-3240-45c4-b984-12c1877fdac5.tmp
Filesize1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
Filesize
44KB
MD57f02d63eac12053f33740cf997f99197
SHA11455d0955a1aea9007b0251009955ebb3135b506
SHA256de1ee3580b73b9a692bb4424cd7635318c5fea0ba3062b144c45d147e14b3c16
SHA512c39614995df2bec02bce8f3ee708fe22311b30b91649c36a0f66f84042e2a38f8397c9db70440103864cc0e0a4a51bef6f2c2f15ae0aceb61f769f8f75f37424
-
Filesize
264KB
MD506726504f99efc38bdaa655302898c2b
SHA1083c1d9c410f6b6fac501d14c856470096b49d66
SHA2561be35f2cd500e6a52f4bcfc877fe0f3bf4b995a1bcea2028785f9328e6f4fb30
SHA5128f49d12647d7a1b4513e3941c10f9b6aa6067a527669faeaea677dffbe0b924d2e9a2776e78be2990bfbfb52e8695d8e3a0d11f8c627145a38e50f579384198c
-
Filesize
1.0MB
MD555c1dd8240457c56907255cd086a7bf3
SHA14cec7f24361ac554e8a521bb3b067973c68986f0
SHA256f290f03028d8897ed18c6bcf59699a8d682706ffdcb617c10697872e7282c617
SHA5129c2470a458b8ddd2e04a0ff0626e47dcd1baf3212538f5dcc4d7640d04707fc29f5e9ac91db5bb6622a5c50138930e3a80cfcb3cbd82a703232b603de61eedd1
-
Filesize
4.0MB
MD5e1f29d857388f6a35807a16cb6f89775
SHA166f73cbdb02b9279d6dfce06ed3de326007ba567
SHA256c773e1f785dec8b69acb068e058bf32371b4677595167bc163c5bb0cb03faf8a
SHA512fed08c8f01b22155c3e5cfa0f483aaae267ea5de0bca13a0f2cfa4696bc397c10a9456ac7ccb49a88bce98144fedc4d9cdfd79c02b856cca1a39955e5b519cf6
-
Filesize
215KB
MD5e579aca9a74ae76669750d8879e16bf3
SHA10b8f462b46ec2b2dbaa728bea79d611411bae752
SHA2566e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf
SHA512df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize120B
MD571267f93acd1a91e08ecbf2405705cd3
SHA1e78f4356d3a90c8c059a66f0da5cca79998348c7
SHA256a381a75fad6a5dc3e3e2bd7b5381123b0393ac1340bf03560c3614e8d9aedb70
SHA5124d481b197953e4c91d02dfd8aa27170ca7e4cce88afd5005ff41099bc90e7ed672def2815be968d5148c3c7ae64d4085742e3c9cd10ad8ee4d9b6b2ac772df5d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize3KB
MD551fdb1cd3318748a87b7a28d2292fc9b
SHA1b4d28e010e9c46aaa6db1a063abf91ef3f9a5ce8
SHA25631f37c7e027041c6191679f7d0e83c700a28880718df929847bd928d3e66d8af
SHA512c555338d2218df5cf3d9e96badc10efeb1643415219933f8546997d07749dafd849928aa59afaba50560135149610cfe8f52cdf425c06c0fc64a3cacb20186e2
-
Filesize
20KB
MD555a41cf4363a3e55a657816f0184a8d4
SHA1a77aaeabf250940527bf3d77c107a883efba997f
SHA2568fd46971916b368170f380f8bf4b847b22e7b8cd9e1b3a4e292198d7940a7544
SHA512a4953edb1fa46a29f0743cdb9da4a4366906b2b088521d8457a15ff41d13284eb6a6b7c464490673c4fab28c1b0049cdac1a16c7f14e9874643083882c98fd41
-
Filesize
16KB
MD54902c37e4ebc63f5ed130ba2a88daa06
SHA162b59633e3ce7873eeee4433016e12be65d0ef66
SHA2567cbf71427ae50c353a5792b36c08bc06451d295c4ca6ea09b22e29fceaaad51b
SHA51299c191b3528e5782ed244020502b1330170bd4810ceff6b36aa67359be175b85baff8b4ae4678d65b294ab93bf5e8ddf40366ec379a1f14b46428a5d5da51b5f
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
116KB
MD5eebbba4f0adecb7eed2ad79e37bc5904
SHA147679333036c83fa1693e5922008431d28d1a19a
SHA25683aa467798831edf43823d49cea846c3d1f6fbda0d84efcd2366cf404c3e0654
SHA512e24a20f58eead5cf978ddc5b812b19e1637b0e6ecdd3762e1ca9cd80d04f58a0a217694a01304022723a2cd48b24d746fa0583bc944c44446ed92f0b8af1f11e
-
Filesize
6B
MD5a9851aa4c3c8af2d1bd8834201b2ba51
SHA1fa95986f7ebfac4aab3b261d3ed0a21b142e91fc
SHA256e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191
SHA51241a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818
-
Filesize
44KB
MD509440799e9300de0bb9657561b08f00d
SHA1f75c5f7c460f4a6715186c8ae4814b28c0d4ad0c
SHA2564aae6b1216e921b384aa46b4176a9c18068fc8d26f1a0cda7fda393f61f3c722
SHA51273b79e97ed62593a233bfbacf6823ab93dc1cbf4c6820ba009ac127afddb1cc51922dd108449d5ae9c4cbb79738270a72734a83806f18f00d0ca586bada6e720
-
Filesize
125B
MD5d10ae080abac1f3512c9677c7fa2e891
SHA17f4b8ecbd84b544b941cc8ec0ff1ac0ea649e5c9
SHA256f709c048c140aa1a6386a0caccc2ea79ffd078cdb6ae28877b616be844c21828
SHA5126ce1baa7caa950da6c083cd4a42b8de72d86c598c6edcf442ed745ff03b279b0b94a50704b37c639895ba2d80e2b267ca60945d6f79cf7e79a3af41c7764d8fb
-
Filesize
331B
MD548098750e5c7b1541d200737a29d462e
SHA1a6fd3dd18b9b4d0c7218fbf26ce34a2a85a2d70e
SHA25612d7d3276217816c2d3eab90ebdbb5898bdbfbd529fc37090d2227acf8ea76e8
SHA512c80757b8123656b8540a5d16408d29d1615bf8a9a5b4baea88c152d54cdf6aa31df06d295988e7d38065dc137fcd64adfa6d39106746361c758f91b5598923a4
-
Filesize
134B
MD51af7f99bbacfa3641227b01e68a6ba16
SHA1d43f2825ece5b4fc3e757c1aa94801b18fd3339f
SHA2560cc8a6918142b10441a6b2f1db39e75976512b23478f74bb27fa48ac70ca8bc5
SHA512a5ee7d8044da5183de9d36e37ec9e60102cf200ca98c122e1e295ee8e7c0188db7aa8b51e30263534c4050ccba30c7c303c36dfbc2b72f31b6f536f3655c0a22
-
Filesize
814B
MD52fa43f58725a83332a75e1988efd5128
SHA18a6f5ad59b0f6f5caa5e4badbb8308d8e8b041bf
SHA256ea623519ab1b05d84e70c20d4cb797e284e45c97bb03ed4ee43d688b32ec80f4
SHA5122b06488b73b9c8b9c00948f32e27cb3948124c9745148a9dd8c6f94ef368c06d2c6c616e5a470d1112a796d164aa3951893a32c520dff7c03488ffd2b93c0da9
-
Filesize
1KB
MD594d2d0613bf58625e7ab6f021ef6c6f2
SHA1c59ff3a481471467120551a5c686a22fed67af90
SHA25650e9fbe254296b84c9b4afa4009ce15eea4becd4aa27ca7556b44568ab6850b4
SHA5122b4808fb11e17925171df3282f28f5b72775cd19ea54fe771f2f8a2f36b58b0e96665e046b95fe5d11cddeb0f4e429ecb202eb2caee1d00af059f4ffbe0bc47f
-
Filesize
7KB
MD5d1f5fc353e51e4edfb70ec397d4a655f
SHA1a451e1ab33c66150099fd198245e3a191133fefe
SHA2562d51c3a2cd1f0d998175c5615c0081453bb78d45cbaa5410550a66ecd2c8921a
SHA512f0159804c770221695d2b13952dc6b5c4ed7a2c863e555c87fb012903c4f53a24ff236aa5ce62934078ef8a4d7355bd255c5465df396cdbec15d69189d2824bd
-
Filesize
7KB
MD560e1c80e259e5b09bcbb687f1627f538
SHA13de0379ee805086f474b5735506b78cf5008ff42
SHA2563541ad0c0883c0bff1285f4b4ae167d65ad01f1c5e03cbd051bee46e9b6a0faa
SHA5122a69218d9779b1d07ef92d20789ed4117b586cc9208c672b7ec90fccc93e51e2d546d32786377b8141ac2ee1d4e2119dbdf384837371b041eebd868a2ca7a758
-
Filesize
5KB
MD50c658b3fb1e0170b28b1cc4f404a7d7d
SHA1f24233f3074a7a5fb3f2fb0dfad7496b2cb317fd
SHA2563392ed63bd7c5c0d5f90358e96a1dd75db1e3270254047360593f75c7ed3657c
SHA51256d4d36592eb69af127660a8838a667155ca941bad235cc044bb8ade5e21c07e44533fd2e0e3dfe3f78c4a8e7257dce549fb59ef1b09fc2fd77815f809cacf3d
-
Filesize
6KB
MD5c09e450eb4f88973783f583c5cc70bd7
SHA1d2e7baaf5c4f5872dd77f10977a49c38b7c6980e
SHA256284873f593c1268fca6f114813ff228f6433a3b645b91dd2bb41687b5f10fd7c
SHA512c18fc2354c6d53d8cca357141548000b5281725f954e79267a5753f7158e22f654ed89333915bafcab32cbdfbb1cb293a5bce51c66186b82350db125b31014ad
-
Filesize
6KB
MD5f420629585bdbe1e0f1adda1f4eef251
SHA19eaf02e16a45b39e1b364ea9dc5f257f1ccccbb2
SHA256ffc9a4de889075024c9ad2498ca8921f1148d7924f2770877e6e1252f84ecdf1
SHA512d448df1b192cf6794018c1655e9e33ef5a44bbe59072aa0e62ff149abc7f54dc4d230f50cf0e754bee1d5f8231ca81838c68f93c028381b42b780ece5323bb23
-
Filesize
6KB
MD54ba9064ea69355b4d4a98566e752fcb0
SHA1cd1285d53b3750aa2705cc26ac1c2d651599f4be
SHA256fd7138d1f29c6eb31b50dc1a9bcadc89c1aeae386127ae7af2b9ce9b38227663
SHA512faf5488fa4a5b09c8060ddaabffa0db4c848f681d22f41cbc25d00e9d858513ce739d8eeb459d694933ff1bc0b6aeb363786ff21bec758db8c1fd51e6c642e13
-
Filesize
7KB
MD5ae2d72e34689769fe87107d3d1a2ad16
SHA1b816665d42afce7b54453cb2941cceaea82c29aa
SHA256dc1dc73ab050d029ba18bedbb2999fbf68003d779d7b1231974bfca6673aaca2
SHA512660ad4374386baa8c398bd29a1314fb31548884f3c73325705a32091be0da458c54da04181df93f6be97e4a0277745afbd9802fb9ea2cda525dced36fdf8433e
-
Filesize
6KB
MD5bd0541917c14737df0422eb2892ee40a
SHA1dbf1ae30d32c833e7633b1fcddcdce39c6ef2845
SHA256aced00e46ace317158086e21abb413af341a7bbd521b074121e1b9f57a9f70b5
SHA512e8b9afb8761d7c8c8c4a60ccf5b09cf8c1ac1320c4686a3b31bae677a2bae6cdded9041fe9b91ed93fd7b9aaae54da19d853b186d44d1ba68988e3f87727d9a3
-
Filesize
36KB
MD5c2cfbc5506e60302a902b95208e8aebd
SHA1ef904615ab3d96aa6fde96834387dd5e21618819
SHA256ad5193d01ff86498671d6bb2cd0f5313a1e160acd196b614decdcf885fb7ed0c
SHA512baf10c16cea04849665700a2e5eceb2f72edfbfd7153f2c3780b00d07c2f206c0935a36fb8d839299d94dc60a3051ff589132bfa22bc5af7e0ddcfcfe4899bd7
-
Filesize
20KB
MD55e775fe5d6b70d0ad03894b7bfb4cee4
SHA1c00c0e03710b02d2320a748e59517c5e5d4d2053
SHA25648b3145a13852a46b122ffc69e661843842a6a3086707dd19fd43707942cbc7e
SHA512079b834568bd7cba2861165307d931939eac0091609a8c3a494b5e98ade2c4e821a90bbdbd5c19a8b4ffba9db18048ff105c4868d749122a6ce0b39f5833f18c
-
Filesize
538B
MD500faccfdf4d814beb810d090450cc7f1
SHA132fb380c67f5382cf4f544758682e0d02c48305d
SHA256c6b73845b250e497314753972cfac5453788c421193f2e4fe4d746d8cb08a182
SHA5122893061591aadba0c3d95ee3af1f087892c615e3a55e15e045f1f56b4bd7333f88e6447092895e43a3408caeaea19e98ec4cfda52ecfb97f7899c9a059c17b56
-
Filesize
319B
MD5c796c92cf9c44e35e2abd8cf08020faa
SHA1fa53d7c5ca5460376145c9099093919dc424fefe
SHA256653b3d5c19944d192310d6956d7de3a8d6dbf2c46e503e0db64a3d8a7f16540e
SHA512c521e0b52663a1237153be8eaea5b986ea724c9b6d2d689f5dc0f2a6e99cf1cc7268ac36a350a7e7e775b4945a965e52bd044c542df08a334a81eef94789aaec
-
Filesize
3KB
MD51185ffebbb749d9385da2df366be3184
SHA13e1f77910f0d6ec031fbd8fe8b2c1d58a4288908
SHA256da888cd258bfb02447e5e4f022f9f459ac6b0397d5d07fe2f2d5980226419a60
SHA51289be38ae732637a9116bd227f3a59cd2720234514823272961e67f1cd731565993e2188c88923a9f8b7167978cfd7ae334901ee007bf7c1dbc66e3647949a371
-
Filesize
1KB
MD52b419740ebe07480e79d40341d3d2bb8
SHA1f57c6eaed08c3985e857070b9860904ff03a1e5e
SHA2568c31cab16dda671be2fba7feded792dad11b56b973c643aeb1e50ddbbf34023f
SHA512254d79e81b69694eb3efc138353118370289190083d1525fea81c19c5149f93c2afcd8ee53d2733264a3f28208df5e35489f14fd8cbb1bcdbc059c0c1803b427
-
Filesize
350B
MD5b4c183ff5bc6597ae49698e622cd09ce
SHA19ee123b17ed43c6fac2d2128c22b8185c69df90a
SHA256de690648e49be3aa77a129ac391247df39e127198e6188093df430bebe9abe41
SHA51266854fcb539a8ff24b6fa71788e194bd91e2bf1bb648e09c6ee26d889dd7d6a6d7fd322706e676c799576522cac92b7765d4eaa0ca3472cc1d702a07158fdcbd
-
Filesize
323B
MD5080811056037c7cccbd5e890dc99c52e
SHA1f930308a7772ebb45adc169dde4f08305477263b
SHA2569d55f4d494547f9b4e056adb6313da939b7ed5d071663fbb7fa8836df60c791b
SHA5125216c244dbda0dfb387edc9f65fb9121eed811782875c1dd4e2c37e7f908dbc97538cfa5470c7a296cd70cfaee1e807fc4eee1c4c9a52f5971fe532e7ff5beda
-
Filesize
1KB
MD50089edc9b3f00842e59c9d82aa2496dd
SHA117c5b44d634a93dac8445a7d466894aebdbf8446
SHA2568b06955531cb9df09358431035b413e1dbd6e2cf3e8345e2ff7e51efa7f79049
SHA51290f19945760b575e57dd54065d150c5fa19ab23c6dc0a13934cd8abf94e078232d275ba56d7b9634bdfe3c7684d87cc9432005fedf3c229dd555a52a23fbd4a6
-
Filesize
1KB
MD51419061e00d6bd5441e8724742c3ac3a
SHA1495b9fe64468a3ffc867ab65e0359ed5b236194f
SHA256c9e0e19303a60da0e227827af5a1f42ce2095bf4e533fed4963fe403107fafaa
SHA5123b51ffd5fc0a7846a8c6b4076f20b9ce7850459b7442c4858932d98eec2e8a277e18717ab42655efd1b3a4dff3abc14b1e09aa3404f851244b3c28a5181a10ba
-
Filesize
128KB
MD5c7b9983ed7547642d80200ea2f03f0ae
SHA1a58aacd90cc8f827fb83633b3beaa38bec7dc10a
SHA2563533b15a35f3e9b9e90b836a05a3cc7238857c8d1a47bab84e4ca1d3fb30a875
SHA512610e7d5fe4360fb33b25ced960b470543140e1da44a2653901362de431ab19fa3e34a05df12c9b3cb8137c55d12b924b23063fee4ad65985368b55ee197bb9fd
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
44KB
MD5d63a173be6ef288e487ea836abbf9a8c
SHA1bf730cfea108fbe9c6943619bac766ec57fc9eb2
SHA256ebb9dcc16502b9d7da5ea3da0a1d578d0344f2891d3c57bf6ce09f09e01cafa4
SHA512595e9943ac4d3ad57cfc48883950aad93370d8afe9748395ed5416b316c4005ad4c02e12e6c4d611e3c67eb86887bd01ee7273aa2ae23e4cb4acb2f8e23201e7
-
Filesize
319B
MD524c800a894607af86f6951acb6d72839
SHA14b140fe545b2d96457249e4b7c569d0b38874c03
SHA256ed9bbed9db6f8134f7e9e14e8bb095c49a5082afe95e30fcf1d14ec4c6f40bb1
SHA51245d7b46adfd4adb0f04e4856afb362f987638055acd126d9e980f71362e09a64ea1508722e0c3957b36aad1e7d87fb90a290e637d98524012c11a3fd13d8dbd5
-
Filesize
337B
MD54d9d87c98075d5c64cb0f1f3ba6519c7
SHA127e7dbdb03d1f0e74c7d019ff26d25804b69faec
SHA256ce06328978f7650326abf2d995d4eee314962d235d25a700519494081d07520c
SHA512364eeba6cdf7da04144e565613dc28fc45c65a9d136da42be926320e29578aa11e1fa33f1fb397fdb91e585538150893fed9a8c0b52b49780b88975f3940062f
-
Filesize
44KB
MD52cc29a0bd0b5c34d629d7a9db1fc2ca4
SHA1cf6560b3dc57bd8916e379f0b64e372e2a81dc52
SHA25694a197259e219c09e23f88758d0326961fa17756d69fc94452d0e5640e05b579
SHA51205b22a8327b8d47443c09998a0550f4424a8b6e7d4579d39a32c1c68caf46e63f792a4655bd6c3cbf9659d8d1107a3a54fdea30eb0bedf38bda7816c85b02a77
-
Filesize
264KB
MD59e18851114e06acd1c66c6169eb80506
SHA180514c5a4154fddf99977ed598855c9fc293b3a9
SHA256ff5911712b2a86f349c465e390d6b95a7267ab789e1bf5ff527e88aefaa8924b
SHA5125414de7b86a3657e7af18b4cd66144d54b6b2f0a34e1dc51f2ac0f705a8bc7da6d262a5d7542d943e595243d56216a9bb7ab126bef5269acfcca0377802d9757
-
Filesize
4.0MB
MD520a29cc6abf1d8252aaced8b27850dd0
SHA1f9178ff5cf01b3ceb22be1ea9861e8c9cd96a2dd
SHA2567c0f2ef561aba8fc9b865c6cc621ff9a6ccf70b8e0054a4ed330a869ce3aee5d
SHA51268dd10a392732775138c5445a7c92eb5cee2bce378a40cc11c22fc59573675827097ad18a6040e91277a544664a17491d5f277f6b48726dcb36acad7d2036d14
-
Filesize
11B
MD5b29bcf9cd0e55f93000b4bb265a9810b
SHA1e662b8c98bd5eced29495dbe2a8f1930e3f714b8
SHA256f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4
SHA512e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011
-
Filesize
10KB
MD5f6c59be4a8c607df0ae7cbd497adaa0d
SHA140db995f975fd2f7725bbda1a01b0e0bd7c4beef
SHA25699c8a4fdafa214d19626f45b2d6130fd62b6baab4cfda2a4ebaf3c9c0e5e23d9
SHA512919089608f73132e3a6657dcd10b04a89c5222a0818a2933982873016188b1402e87a92011c6fc4f0ebb38783eadfcaa61463d0186966364b0be5b8600347d9d
-
Filesize
11KB
MD5a92e85f0b9fbf0ec14d18c02978cb44a
SHA1951751e1e1bac6cac8d230f67bfc9a3fae68b56d
SHA2566bc22ff24a2f02e55efb0003cbb435732702bb0e27a0b45270d11673943d3aef
SHA51236f4cbd69e0b915faf49b04b8e748f7a61a886ee3cc191f90b2b08ef05c2f5d42c5b85d9635ec60c59d2d3b57fcd517cae34ccaffca33447371e08cfdeb33da9
-
Filesize
11KB
MD5c7f1b11edbf36b22e1de251d2b713a2a
SHA1af40dd5f55842de023cfed5a0e0fb530d953a268
SHA256ea732b48f0562fba8210bb10df0a53935ce442e0fd15fb65df5ad15e9456e61e
SHA51279ce34db8ad161359f3df9509ea8ab0f9febc630ca4110559a19a39910ad66558e527adc595bb37e1e879d8d043dcd55f8e2e9ffb8dbd5aca75805c040db8ede
-
Filesize
264KB
MD51c2e3365356d2798358f0c10476f3a69
SHA1405e7f058a0d5b2194684dca219d5914ec39c83b
SHA256d579f6ff276d52316083f7ec981715bd996ff57c4f61624767e41389f6fce139
SHA512f7ffe20022d7074b87ccd9c826f7699a4375bb65427c0bb8ee94016dcfefec654fb64098bc9e8f9599bb3bc00eca51813c52093137b331fbc4ab478b13758188
-
Filesize
4B
MD57e77eaffca68cf0146c05b4372321a6b
SHA124e065b953560aa828bd7702b779f054c897cef3
SHA256c379ca6c7cd46970cb9b358961cbf0face34d07eb1eb910c16ed565cf9609bab
SHA5122ad8f974244860e8f5a49e6956911785b4b0115bc040fd463c9ad58e7b93334e74cd2a30cdb21566f760ffa47f87708df4f0fcc6389042534e7f8593e65451be
-
Filesize
640KB
MD565052e12fa7da6a5ee14a5ae04293726
SHA1c2c527c2cf24d6da8486c1311f2a7371d0215c5e
SHA2563a446e7329ab20e19f2f108c878a767e465d97fa8367d022a496a1f669e5936a
SHA512fac755c04060a9546b2c414431620be79fdfb31f91906906ac6278943da81d07e38779ec3777ecb5792b31c6e0bba29391d2ec98ce5f61d4a4b4839e1bf324c1
-
Filesize
9KB
MD57050d5ae8acfbe560fa11073fef8185d
SHA15bc38e77ff06785fe0aec5a345c4ccd15752560e
SHA256cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b
SHA512a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\74d7f43c1561fc1e.customDestinations-ms
Filesize1KB
MD52252de7e754d5fef22aa35d3549be200
SHA1128181af9b722a98bb9591922158395b50a96158
SHA256f89f0262cc9e03dee33deec1c232fdc68fc98e8242077749bdc8c6e027694294
SHA5124f3736d9ae1cadf7a4f2c8a7b3a2ddbcba84bdbb6803041f45b92cbd06f30a7d96a1cad1bacd1d2ae2692f38b9ef6441b9456ca918845c02bda17a3623d206d6
-
Filesize
200KB
MD5e77bca3013a7cdd34871d734a294d60b
SHA1697b1f62007b9b9fbe6f1e98aede0e5800a6a6f7
SHA2560d1c5ead44e729aa9b25547bad1f128759d144b8ecdec25bb28d67d694a5b3e0
SHA512d9ff6c0fdc7cc2378b3de99abce734b6248c8c91fe78cd6c68cd5e84c6400beb0c5192eb9aa28fd22f60744e8c26d29fa5b6dad79296a1c84f0d2275a30628e2
-
Filesize
192B
MD5fe43f4499151f4d262611349c7740231
SHA19a15d5c647e14a6d619c07646afca30489c5a1e7
SHA256528d39b4e7cf61242cd03d064b8945f4eae7aa6300fa3d974477a7c9bde47d37
SHA5129038cc554df231925b0d09f32e1ac12c544fab81e77c5bb332eb48e13d464f454f90bd7f1599ae9c217b40b379fd991f42aa2e4df00a1d359549c4f01c41c0f2
-
Filesize
330KB
MD5692361071bbbb3e9243d09dc190fedea
SHA104894c41500859ea3617b0780f1cc2ba82a40daf
SHA256ae9405b9556c24389ee359993f45926a895481c8d60d98b91a3065f5c026cffe
SHA512cfdd627d228c89a4cc2eac27dcdc45507f1e4265eff108958de0e26e0d1abe7598a5347be77d1a52256de70c77129f1cd0e9b31c023e1263f4cf04dbc689c87e
-
Filesize
1KB
MD5d6bd210f227442b3362493d046cea233
SHA1ff286ac8370fc655aea0ef35e9cf0bfcb6d698de
SHA256335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef
SHA512464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e