Analysis Overview
Threat Level: Shows suspicious behavior
The file http://google.com was found to be: Shows suspicious behavior.
Malicious Activity Summary
Executes dropped EXE
Legitimate hosting services abused for malware hosting/C2
Enumerates connected drives
Writes to the Master Boot Record (MBR)
Browser Information Discovery
Enumerates physical storage devices
Command and Scripting Interpreter: PowerShell
Command and Scripting Interpreter: JavaScript
NTFS ADS
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
Modifies registry class
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-13 21:18
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-13 21:18
Reported
2024-11-13 21:23
Platform
win11-20241007-en
Max time kernel
115s
Max time network
283s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Monoxide\Monoxide\Monoxide x64.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\堒鹧蘃幾枠畬鉝兮禤龓幷氖逜蝥噠贪.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\堒鹧蘃幾枠畬鉝兮禤龓幷氖逜蝥噠贪.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\堒鹧蘃幾枠畬鉝兮禤龓幷氖逜蝥噠贪.exe | N/A |
Browser Information Discovery
Command and Scripting Interpreter: JavaScript
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Monoxide.zip:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\堒鹧蘃幾枠畬鉝兮禤龓幷氖逜蝥噠贪.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Monoxide\Monoxide\Monoxide x64.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\堒鹧蘃幾枠畬鉝兮禤龓幷氖逜蝥噠贪.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\堒鹧蘃幾枠畬鉝兮禤龓幷氖逜蝥噠贪.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://google.com
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff801f33cb8,0x7ff801f33cc8,0x7ff801f33cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,10048183891806573782,1970598670671993575,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,10048183891806573782,1970598670671993575,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,10048183891806573782,1970598670671993575,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,10048183891806573782,1970598670671993575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3112 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,10048183891806573782,1970598670671993575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3128 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,10048183891806573782,1970598670671993575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff801f33cb8,0x7ff801f33cc8,0x7ff801f33cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,6945636876560104578,17344847867212786950,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1956 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1944,6945636876560104578,17344847867212786950,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2004 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1944,6945636876560104578,17344847867212786950,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6945636876560104578,17344847867212786950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6945636876560104578,17344847867212786950,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6945636876560104578,17344847867212786950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3936 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6945636876560104578,17344847867212786950,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3908 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1944,6945636876560104578,17344847867212786950,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3924 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1944,6945636876560104578,17344847867212786950,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6945636876560104578,17344847867212786950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6945636876560104578,17344847867212786950,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6945636876560104578,17344847867212786950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3936 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6945636876560104578,17344847867212786950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6945636876560104578,17344847867212786950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2980 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6945636876560104578,17344847867212786950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6945636876560104578,17344847867212786950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6945636876560104578,17344847867212786950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2596 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6945636876560104578,17344847867212786950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1944,6945636876560104578,17344847867212786950,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6056 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1944,6945636876560104578,17344847867212786950,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5980 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Monoxide\" -ad -an -ai#7zMap4082:78:7zEvent13058
C:\Users\Admin\Downloads\Monoxide\Monoxide\Monoxide x64.exe
"C:\Users\Admin\Downloads\Monoxide\Monoxide\Monoxide x64.exe"
C:\Users\Admin\AppData\Local\Temp\堒鹧蘃幾枠畬鉝兮禤龓幷氖逜蝥噠贪.exe
"C:\Users\Admin\AppData\Local\Temp\堒鹧蘃幾枠畬鉝兮禤龓幷氖逜蝥噠贪.exe"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004CC
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\az.txt
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\da.txt
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\fur.txt
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\io.txt
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\nl.txt
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\ro.txt
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Program Files\BlockWait.mhtml
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
"C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe
"C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Java\jdk-1.8\bin\java.exe
"C:\Program Files\Java\jdk-1.8\bin\java.exe"
C:\Program Files\Java\jdk-1.8\bin\servertool.exe
"C:\Program Files\Java\jdk-1.8\bin\servertool.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe
"C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Java\jre-1.8\bin\orbd.exe
"C:\Program Files\Java\jre-1.8\bin\orbd.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Microsoft Office\root\Office16\1033\AccessRuntime_eula.txt
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Microsoft Office\root\Office16\1033\ClientOSub_eula.txt
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Microsoft Office\root\Office16\Configuration\card_security_terms_dict.txt
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Microsoft Office\root\Office16\MSIPC\ThirdPartyNotices.txt
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DWTRIG20.EXE
"C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DWTRIG20.EXE"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
"C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe"
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
OfficeClickToRun.exe platform=
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.videolan.org//vlc/skins.php
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff801f33cb8,0x7ff801f33cc8,0x7ff801f33cd8
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,5018647311994877324,16767054147717044567,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2128 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,5018647311994877324,16767054147717044567,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,5018647311994877324,16767054147717044567,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2372 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5018647311994877324,16767054147717044567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5018647311994877324,16767054147717044567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_12008.1001.1.0_x64__8wekyb3d8bbwe\StoreExperienceHost.exe
"C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_12008.1001.1.0_x64__8wekyb3d8bbwe\StoreExperienceHost.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\WindowsApps\Microsoft.Xbox.TCUI_1.23.28002.0_x64__8wekyb3d8bbwe\TCUI-App.exe
"C:\Program Files\WindowsApps\Microsoft.Xbox.TCUI_1.23.28002.0_x64__8wekyb3d8bbwe\TCUI-App.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" cryptext.dll,CryptExtOpenCAT C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.21012.10511.0_x64__8wekyb3d8bbwe\AppxMetadata\CodeIntegrity.cat
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib\components\Breadcrumb\Breadcrumb.base.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib\components\DetailsList\DetailsList.base.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib\components\DetailsList\DetailsList.styles.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib\components\DocumentCard\DocumentCardTitle.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib\components\DocumentCard\DocumentCardTitle.types.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib\components\Dropdown\Dropdown.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib\components\GroupedList\GroupHeader.base.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib\DetailsList.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib\Dialog.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib\GroupedList.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib\Nav.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib\Panel.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib\ShimmeredDetailsList.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib-amd\ChoiceGroupOption.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib-amd\components\DocumentCard\DocumentCardImage.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib-amd\components\DocumentCard\DocumentCardLogo.types.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib-amd\components\DocumentCard\DocumentCardStatus.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib-amd\components\GroupedList\GroupShowAll.styles.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib-amd\Keytips.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib-commonjs\Coachmark.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib-commonjs\components\DetailsList\DetailsRowFields.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib-commonjs\components\DocumentCard\DocumentCardImage.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib-commonjs\components\DocumentCard\DocumentCardLogo.styles.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib-commonjs\components\GroupedList\GroupSpacer.types.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib-commonjs\Fabric.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib-commonjs\Facepile.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib-commonjs\ProgressIndicator.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib-commonjs\ResizeGroup.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib-commonjs\Theme.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\theme\lib\types\IAnimationStyles.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\theme\lib\types\IScheme.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\theme\lib-amd\motion\index.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\theme\lib-commonjs\createTheme.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\theme\lib-commonjs\mergeThemes.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\theme\lib-commonjs\types\IPalette.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\theme\node_modules\@fluentui\dom-utilities\lib\getParent.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\theme\node_modules\@fluentui\dom-utilities\lib\IVirtualElement.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\theme\node_modules\@fluentui\dom-utilities\lib-commonjs\setPortalAttribute.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\theme\node_modules\@uifabric\merge-styles\lib\extractStyleParts.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\theme\node_modules\@uifabric\merge-styles\lib-amd\IKeyframes.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\theme\node_modules\@uifabric\merge-styles\lib-commonjs\concatStyleSetsWithProps.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\theme\node_modules\@uifabric\utilities\lib\index.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\theme\node_modules\@uifabric\utilities\lib-amd\customizations\mergeCustomizations.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\theme\node_modules\@uifabric\utilities\lib-commonjs\dom\elementContains.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\theme\node_modules\@uifabric\utilities\lib-commonjs\dom\IVirtualElement.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\theme\node_modules\@uifabric\utilities\lib-commonjs\object.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\theme\node_modules\@uifabric\utilities\lib-commonjs\warn\warn.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\theme\node_modules\@uifabric\utilities\lib-commonjs\warn\warnMutuallyExclusive.js"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" --type=collab-renderer --proc=7104
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\main.css
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\cs-cz\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\hr-hr\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\fr-ma\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\root\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\sv-se\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\da-dk\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\rhp\exportpdf-rna-tool-view.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\de-de\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\es-es\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\ja-jp\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\pl-pl\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\root\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\tr-tr\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\hu-hu\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\fi-fi\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\pt-br\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\sk-sk\ui-strings.js"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\css\main.css
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\cs-cz\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\en-gb\ui-strings.js"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\css\main-selector.css
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\cs-cz\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\selector.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\fr-fr\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\ro-ro\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\plugin.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\da-dk\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\pt-br\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\da-dk\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\fi-fi\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\en-il\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\fr-ma\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\en-il\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\selector.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\pl-pl\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\fr-fr\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\fr-ma\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\it-it\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\it-it\ui-strings.js"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_CA\List.txt
C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe
"C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_150968\javaws.exe
"C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_150968\javaws.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdate.exe
"C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdate.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\BHO\ie_to_edge_stub.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\BHO\ie_to_edge_stub.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\show_third_party_software_licenses.bat" "
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\BHO\ie_to_edge_stub.exe
"C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\BHO\ie_to_edge_stub.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe"
C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\SysWOW64\unregmp2.exe
"C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
C:\Windows\system32\unregmp2.exe
"C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\bin\Pester.bat" "
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\en-US\about_Pester.help.txt
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Snippets\ShouldNotBe.snippets.ps1xml
C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\setup.exe
"C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\setup.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PowerShell -NonInteractive -NoProfile -ExecutionPolicy Bypass -Command "& Import-Module 'C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\bin\..\Pester.psm1'; & { Invoke-Pester -EnableExit }"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
"C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe"
C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
"C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.filehandle.attached=584 -burn.filehandle.self=592
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.178.14:80 | google.com | tcp |
| GB | 142.250.178.14:80 | google.com | tcp |
| GB | 216.58.201.100:80 | www.google.com | tcp |
| GB | 216.58.201.100:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 102.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| GB | 216.58.201.100:443 | www.google.com | udp |
| GB | 88.221.135.57:443 | www.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 95.101.143.195:443 | th.bing.com | tcp |
| GB | 95.101.143.35:443 | r.bing.com | tcp |
| GB | 95.101.143.35:443 | r.bing.com | tcp |
| GB | 95.101.143.195:443 | th.bing.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 185.199.110.133:443 | avatars.githubusercontent.com | tcp |
| FR | 213.36.253.2:443 | www.videolan.org | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a28bb0d36049e72d00393056dce10a26 |
| SHA1 | c753387b64cc15c0efc80084da393acdb4fc01d0 |
| SHA256 | 684d797e28b7fd86af84bfb217d190e4f5e03d92092d988a6091b2c7bbbd67c1 |
| SHA512 | 20940fee33aa2194c36a3db92d4fd314ce7eacc2aa745abec62aa031c2a53ba4ff89f2568626e7bd2536090175f8d045c3bb52c5faa5ecc8da8410ab5fc519f7 |
\??\pipe\LOCAL\crashpad_1028_MLTGZSHQNFKWPQEW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 554d6d27186fa7d6762d95dde7a17584 |
| SHA1 | 93ea7b20b8fae384cf0be0d65e4295097112fdca |
| SHA256 | 2fa6145571e1f1ece9850a1ac94661213d3e0d82f1cef7ac1286ff6b2c2017cb |
| SHA512 | 57d9008ccabc315bd0e829b19fe91e24bab6ef20bcfab651b937b0f38eec840b58d0aed092a3bbedd2d6a95d5c150372a1e51087572de55672172adc1fc468a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0c658b3fb1e0170b28b1cc4f404a7d7d |
| SHA1 | f24233f3074a7a5fb3f2fb0dfad7496b2cb317fd |
| SHA256 | 3392ed63bd7c5c0d5f90358e96a1dd75db1e3270254047360593f75c7ed3657c |
| SHA512 | 56d4d36592eb69af127660a8838a667155ca941bad235cc044bb8ade5e21c07e44533fd2e0e3dfe3f78c4a8e7257dce549fb59ef1b09fc2fd77815f809cacf3d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | e579aca9a74ae76669750d8879e16bf3 |
| SHA1 | 0b8f462b46ec2b2dbaa728bea79d611411bae752 |
| SHA256 | 6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf |
| SHA512 | df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f6c59be4a8c607df0ae7cbd497adaa0d |
| SHA1 | 40db995f975fd2f7725bbda1a01b0e0bd7c4beef |
| SHA256 | 99c8a4fdafa214d19626f45b2d6130fd62b6baab4cfda2a4ebaf3c9c0e5e23d9 |
| SHA512 | 919089608f73132e3a6657dcd10b04a89c5222a0818a2933982873016188b1402e87a92011c6fc4f0ebb38783eadfcaa61463d0186966364b0be5b8600347d9d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 71267f93acd1a91e08ecbf2405705cd3 |
| SHA1 | e78f4356d3a90c8c059a66f0da5cca79998348c7 |
| SHA256 | a381a75fad6a5dc3e3e2bd7b5381123b0393ac1340bf03560c3614e8d9aedb70 |
| SHA512 | 4d481b197953e4c91d02dfd8aa27170ca7e4cce88afd5005ff41099bc90e7ed672def2815be968d5148c3c7ae64d4085742e3c9cd10ad8ee4d9b6b2ac772df5d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c09e450eb4f88973783f583c5cc70bd7 |
| SHA1 | d2e7baaf5c4f5872dd77f10977a49c38b7c6980e |
| SHA256 | 284873f593c1268fca6f114813ff228f6433a3b645b91dd2bb41687b5f10fd7c |
| SHA512 | c18fc2354c6d53d8cca357141548000b5281725f954e79267a5753f7158e22f654ed89333915bafcab32cbdfbb1cb293a5bce51c66186b82350db125b31014ad |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 2fa43f58725a83332a75e1988efd5128 |
| SHA1 | 8a6f5ad59b0f6f5caa5e4badbb8308d8e8b041bf |
| SHA256 | ea623519ab1b05d84e70c20d4cb797e284e45c97bb03ed4ee43d688b32ec80f4 |
| SHA512 | 2b06488b73b9c8b9c00948f32e27cb3948124c9745148a9dd8c6f94ef368c06d2c6c616e5a470d1112a796d164aa3951893a32c520dff7c03488ffd2b93c0da9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 17a6e9095c22451e5216c94b1a61ba38 |
| SHA1 | 055f2f99e33fb803993dd343f850e693f239d20a |
| SHA256 | 27739df6879b8afeb7b4774aaea0bcdfc3d3d2f292db0f1c25e4edc3ab9f58bb |
| SHA512 | 6f5ea46ebcdb290f6a821c51edf4ed69be79402b53af5bb492259ca75631e79eb5cac5c5d8bf1ae6ce9b40b5791721378b1460fc60bd38cba4b87c98a3de9eaa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | b29bcf9cd0e55f93000b4bb265a9810b |
| SHA1 | e662b8c98bd5eced29495dbe2a8f1930e3f714b8 |
| SHA256 | f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4 |
| SHA512 | e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13376006315560491
| MD5 | 2b419740ebe07480e79d40341d3d2bb8 |
| SHA1 | f57c6eaed08c3985e857070b9860904ff03a1e5e |
| SHA256 | 8c31cab16dda671be2fba7feded792dad11b56b973c643aeb1e50ddbbf34023f |
| SHA512 | 254d79e81b69694eb3efc138353118370289190083d1525fea81c19c5149f93c2afcd8ee53d2733264a3f28208df5e35489f14fd8cbb1bcdbc059c0c1803b427 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
| MD5 | a9851aa4c3c8af2d1bd8834201b2ba51 |
| SHA1 | fa95986f7ebfac4aab3b261d3ed0a21b142e91fc |
| SHA256 | e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191 |
| SHA512 | 41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
| MD5 | 55a41cf4363a3e55a657816f0184a8d4 |
| SHA1 | a77aaeabf250940527bf3d77c107a883efba997f |
| SHA256 | 8fd46971916b368170f380f8bf4b847b22e7b8cd9e1b3a4e292198d7940a7544 |
| SHA512 | a4953edb1fa46a29f0743cdb9da4a4366906b2b088521d8457a15ff41d13284eb6a6b7c464490673c4fab28c1b0049cdac1a16c7f14e9874643083882c98fd41 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | b4c183ff5bc6597ae49698e622cd09ce |
| SHA1 | 9ee123b17ed43c6fac2d2128c22b8185c69df90a |
| SHA256 | de690648e49be3aa77a129ac391247df39e127198e6188093df430bebe9abe41 |
| SHA512 | 66854fcb539a8ff24b6fa71788e194bd91e2bf1bb648e09c6ee26d889dd7d6a6d7fd322706e676c799576522cac92b7765d4eaa0ca3472cc1d702a07158fdcbd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
| MD5 | c7b9983ed7547642d80200ea2f03f0ae |
| SHA1 | a58aacd90cc8f827fb83633b3beaa38bec7dc10a |
| SHA256 | 3533b15a35f3e9b9e90b836a05a3cc7238857c8d1a47bab84e4ca1d3fb30a875 |
| SHA512 | 610e7d5fe4360fb33b25ced960b470543140e1da44a2653901362de431ab19fa3e34a05df12c9b3cb8137c55d12b924b23063fee4ad65985368b55ee197bb9fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | 080811056037c7cccbd5e890dc99c52e |
| SHA1 | f930308a7772ebb45adc169dde4f08305477263b |
| SHA256 | 9d55f4d494547f9b4e056adb6313da939b7ed5d071663fbb7fa8836df60c791b |
| SHA512 | 5216c244dbda0dfb387edc9f65fb9121eed811782875c1dd4e2c37e7f908dbc97538cfa5470c7a296cd70cfaee1e807fc4eee1c4c9a52f5971fe532e7ff5beda |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | eebbba4f0adecb7eed2ad79e37bc5904 |
| SHA1 | 47679333036c83fa1693e5922008431d28d1a19a |
| SHA256 | 83aa467798831edf43823d49cea846c3d1f6fbda0d84efcd2366cf404c3e0654 |
| SHA512 | e24a20f58eead5cf978ddc5b812b19e1637b0e6ecdd3762e1ca9cd80d04f58a0a217694a01304022723a2cd48b24d746fa0583bc944c44446ed92f0b8af1f11e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b01be3ea3b6721e56c5435f4aa038cbb |
| SHA1 | 2c21a031cefa8996de1338ced671bf97cb35efe5 |
| SHA256 | 10a459d7b410fc54e547cdc7add584e3fb07f13c7885ab1dbb8b124fef015e9a |
| SHA512 | 2b168c10314490869abfe114af170cb3469fdc1011f2d19abc508e42e3902d49f313d00afcc09cafabb5436830e7d5a32004a1152a48317a7b413f55482094c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
| MD5 | 24c800a894607af86f6951acb6d72839 |
| SHA1 | 4b140fe545b2d96457249e4b7c569d0b38874c03 |
| SHA256 | ed9bbed9db6f8134f7e9e14e8bb095c49a5082afe95e30fcf1d14ec4c6f40bb1 |
| SHA512 | 45d7b46adfd4adb0f04e4856afb362f987638055acd126d9e980f71362e09a64ea1508722e0c3957b36aad1e7d87fb90a290e637d98524012c11a3fd13d8dbd5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
| MD5 | d63a173be6ef288e487ea836abbf9a8c |
| SHA1 | bf730cfea108fbe9c6943619bac766ec57fc9eb2 |
| SHA256 | ebb9dcc16502b9d7da5ea3da0a1d578d0344f2891d3c57bf6ce09f09e01cafa4 |
| SHA512 | 595e9943ac4d3ad57cfc48883950aad93370d8afe9748395ed5416b316c4005ad4c02e12e6c4d611e3c67eb86887bd01ee7273aa2ae23e4cb4acb2f8e23201e7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | 4d9d87c98075d5c64cb0f1f3ba6519c7 |
| SHA1 | 27e7dbdb03d1f0e74c7d019ff26d25804b69faec |
| SHA256 | ce06328978f7650326abf2d995d4eee314962d235d25a700519494081d07520c |
| SHA512 | 364eeba6cdf7da04144e565613dc28fc45c65a9d136da42be926320e29578aa11e1fa33f1fb397fdb91e585538150893fed9a8c0b52b49780b88975f3940062f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
| MD5 | d10ae080abac1f3512c9677c7fa2e891 |
| SHA1 | 7f4b8ecbd84b544b941cc8ec0ff1ac0ea649e5c9 |
| SHA256 | f709c048c140aa1a6386a0caccc2ea79ffd078cdb6ae28877b616be844c21828 |
| SHA512 | 6ce1baa7caa950da6c083cd4a42b8de72d86c598c6edcf442ed745ff03b279b0b94a50704b37c639895ba2d80e2b267ca60945d6f79cf7e79a3af41c7764d8fb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
| MD5 | 00faccfdf4d814beb810d090450cc7f1 |
| SHA1 | 32fb380c67f5382cf4f544758682e0d02c48305d |
| SHA256 | c6b73845b250e497314753972cfac5453788c421193f2e4fe4d746d8cb08a182 |
| SHA512 | 2893061591aadba0c3d95ee3af1f087892c615e3a55e15e045f1f56b4bd7333f88e6447092895e43a3408caeaea19e98ec4cfda52ecfb97f7899c9a059c17b56 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
| MD5 | c796c92cf9c44e35e2abd8cf08020faa |
| SHA1 | fa53d7c5ca5460376145c9099093919dc424fefe |
| SHA256 | 653b3d5c19944d192310d6956d7de3a8d6dbf2c46e503e0db64a3d8a7f16540e |
| SHA512 | c521e0b52663a1237153be8eaea5b986ea724c9b6d2d689f5dc0f2a6e99cf1cc7268ac36a350a7e7e775b4945a965e52bd044c542df08a334a81eef94789aaec |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
| MD5 | 48098750e5c7b1541d200737a29d462e |
| SHA1 | a6fd3dd18b9b4d0c7218fbf26ce34a2a85a2d70e |
| SHA256 | 12d7d3276217816c2d3eab90ebdbb5898bdbfbd529fc37090d2227acf8ea76e8 |
| SHA512 | c80757b8123656b8540a5d16408d29d1615bf8a9a5b4baea88c152d54cdf6aa31df06d295988e7d38065dc137fcd64adfa6d39106746361c758f91b5598923a4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bd0541917c14737df0422eb2892ee40a |
| SHA1 | dbf1ae30d32c833e7633b1fcddcdce39c6ef2845 |
| SHA256 | aced00e46ace317158086e21abb413af341a7bbd521b074121e1b9f57a9f70b5 |
| SHA512 | e8b9afb8761d7c8c8c4a60ccf5b09cf8c1ac1320c4686a3b31bae677a2bae6cdded9041fe9b91ed93fd7b9aaae54da19d853b186d44d1ba68988e3f87727d9a3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3
| MD5 | e1f29d857388f6a35807a16cb6f89775 |
| SHA1 | 66f73cbdb02b9279d6dfce06ed3de326007ba567 |
| SHA256 | c773e1f785dec8b69acb068e058bf32371b4677595167bc163c5bb0cb03faf8a |
| SHA512 | fed08c8f01b22155c3e5cfa0f483aaae267ea5de0bca13a0f2cfa4696bc397c10a9456ac7ccb49a88bce98144fedc4d9cdfd79c02b856cca1a39955e5b519cf6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2
| MD5 | 55c1dd8240457c56907255cd086a7bf3 |
| SHA1 | 4cec7f24361ac554e8a521bb3b067973c68986f0 |
| SHA256 | f290f03028d8897ed18c6bcf59699a8d682706ffdcb617c10697872e7282c617 |
| SHA512 | 9c2470a458b8ddd2e04a0ff0626e47dcd1baf3212538f5dcc4d7640d04707fc29f5e9ac91db5bb6622a5c50138930e3a80cfcb3cbd82a703232b603de61eedd1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
| MD5 | 06726504f99efc38bdaa655302898c2b |
| SHA1 | 083c1d9c410f6b6fac501d14c856470096b49d66 |
| SHA256 | 1be35f2cd500e6a52f4bcfc877fe0f3bf4b995a1bcea2028785f9328e6f4fb30 |
| SHA512 | 8f49d12647d7a1b4513e3941c10f9b6aa6067a527669faeaea677dffbe0b924d2e9a2776e78be2990bfbfb52e8695d8e3a0d11f8c627145a38e50f579384198c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
| MD5 | 7f02d63eac12053f33740cf997f99197 |
| SHA1 | 1455d0955a1aea9007b0251009955ebb3135b506 |
| SHA256 | de1ee3580b73b9a692bb4424cd7635318c5fea0ba3062b144c45d147e14b3c16 |
| SHA512 | c39614995df2bec02bce8f3ee708fe22311b30b91649c36a0f66f84042e2a38f8397c9db70440103864cc0e0a4a51bef6f2c2f15ae0aceb61f769f8f75f37424 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
| MD5 | 20a29cc6abf1d8252aaced8b27850dd0 |
| SHA1 | f9178ff5cf01b3ceb22be1ea9861e8c9cd96a2dd |
| SHA256 | 7c0f2ef561aba8fc9b865c6cc621ff9a6ccf70b8e0054a4ed330a869ce3aee5d |
| SHA512 | 68dd10a392732775138c5445a7c92eb5cee2bce378a40cc11c22fc59573675827097ad18a6040e91277a544664a17491d5f277f6b48726dcb36acad7d2036d14 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
| MD5 | 9e18851114e06acd1c66c6169eb80506 |
| SHA1 | 80514c5a4154fddf99977ed598855c9fc293b3a9 |
| SHA256 | ff5911712b2a86f349c465e390d6b95a7267ab789e1bf5ff527e88aefaa8924b |
| SHA512 | 5414de7b86a3657e7af18b4cd66144d54b6b2f0a34e1dc51f2ac0f705a8bc7da6d262a5d7542d943e595243d56216a9bb7ab126bef5269acfcca0377802d9757 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
| MD5 | 2cc29a0bd0b5c34d629d7a9db1fc2ca4 |
| SHA1 | cf6560b3dc57bd8916e379f0b64e372e2a81dc52 |
| SHA256 | 94a197259e219c09e23f88758d0326961fa17756d69fc94452d0e5640e05b579 |
| SHA512 | 05b22a8327b8d47443c09998a0550f4424a8b6e7d4579d39a32c1c68caf46e63f792a4655bd6c3cbf9659d8d1107a3a54fdea30eb0bedf38bda7816c85b02a77 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL
| MD5 | c2cfbc5506e60302a902b95208e8aebd |
| SHA1 | ef904615ab3d96aa6fde96834387dd5e21618819 |
| SHA256 | ad5193d01ff86498671d6bb2cd0f5313a1e160acd196b614decdcf885fb7ed0c |
| SHA512 | baf10c16cea04849665700a2e5eceb2f72edfbfd7153f2c3780b00d07c2f206c0935a36fb8d839299d94dc60a3051ff589132bfa22bc5af7e0ddcfcfe4899bd7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13376006315517491
| MD5 | 1185ffebbb749d9385da2df366be3184 |
| SHA1 | 3e1f77910f0d6ec031fbd8fe8b2c1d58a4288908 |
| SHA256 | da888cd258bfb02447e5e4f022f9f459ac6b0397d5d07fe2f2d5980226419a60 |
| SHA512 | 89be38ae732637a9116bd227f3a59cd2720234514823272961e67f1cd731565993e2188c88923a9f8b7167978cfd7ae334901ee007bf7c1dbc66e3647949a371 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt
| MD5 | 7e77eaffca68cf0146c05b4372321a6b |
| SHA1 | 24e065b953560aa828bd7702b779f054c897cef3 |
| SHA256 | c379ca6c7cd46970cb9b358961cbf0face34d07eb1eb910c16ed565cf9609bab |
| SHA512 | 2ad8f974244860e8f5a49e6956911785b4b0115bc040fd463c9ad58e7b93334e74cd2a30cdb21566f760ffa47f87708df4f0fcc6389042534e7f8593e65451be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c7f1b11edbf36b22e1de251d2b713a2a |
| SHA1 | af40dd5f55842de023cfed5a0e0fb530d953a268 |
| SHA256 | ea732b48f0562fba8210bb10df0a53935ce442e0fd15fb65df5ad15e9456e61e |
| SHA512 | 79ce34db8ad161359f3df9509ea8ab0f9febc630ca4110559a19a39910ad66558e527adc595bb37e1e879d8d043dcd55f8e2e9ffb8dbd5aca75805c040db8ede |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4ba9064ea69355b4d4a98566e752fcb0 |
| SHA1 | cd1285d53b3750aa2705cc26ac1c2d651599f4be |
| SHA256 | fd7138d1f29c6eb31b50dc1a9bcadc89c1aeae386127ae7af2b9ce9b38227663 |
| SHA512 | faf5488fa4a5b09c8060ddaabffa0db4c848f681d22f41cbc25d00e9d858513ce739d8eeb459d694933ff1bc0b6aeb363786ff21bec758db8c1fd51e6c642e13 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL-journal
| MD5 | 5e775fe5d6b70d0ad03894b7bfb4cee4 |
| SHA1 | c00c0e03710b02d2320a748e59517c5e5d4d2053 |
| SHA256 | 48b3145a13852a46b122ffc69e661843842a6a3086707dd19fd43707942cbc7e |
| SHA512 | 079b834568bd7cba2861165307d931939eac0091609a8c3a494b5e98ade2c4e821a90bbdbd5c19a8b4ffba9db18048ff105c4868d749122a6ce0b39f5833f18c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
| MD5 | 09440799e9300de0bb9657561b08f00d |
| SHA1 | f75c5f7c460f4a6715186c8ae4814b28c0d4ad0c |
| SHA256 | 4aae6b1216e921b384aa46b4176a9c18068fc8d26f1a0cda7fda393f61f3c722 |
| SHA512 | 73b79e97ed62593a233bfbacf6823ab93dc1cbf4c6820ba009ac127afddb1cc51922dd108449d5ae9c4cbb79738270a72734a83806f18f00d0ca586bada6e720 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons-journal
| MD5 | 4902c37e4ebc63f5ed130ba2a88daa06 |
| SHA1 | 62b59633e3ce7873eeee4433016e12be65d0ef66 |
| SHA256 | 7cbf71427ae50c353a5792b36c08bc06451d295c4ca6ea09b22e29fceaaad51b |
| SHA512 | 99c191b3528e5782ed244020502b1330170bd4810ceff6b36aa67359be175b85baff8b4ae4678d65b294ab93bf5e8ddf40366ec379a1f14b46428a5d5da51b5f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f420629585bdbe1e0f1adda1f4eef251 |
| SHA1 | 9eaf02e16a45b39e1b364ea9dc5f257f1ccccbb2 |
| SHA256 | ffc9a4de889075024c9ad2498ca8921f1148d7924f2770877e6e1252f84ecdf1 |
| SHA512 | d448df1b192cf6794018c1655e9e33ef5a44bbe59072aa0e62ff149abc7f54dc4d230f50cf0e754bee1d5f8231ca81838c68f93c028381b42b780ece5323bb23 |
C:\Users\Admin\Downloads\Monoxide.zip
| MD5 | e77bca3013a7cdd34871d734a294d60b |
| SHA1 | 697b1f62007b9b9fbe6f1e98aede0e5800a6a6f7 |
| SHA256 | 0d1c5ead44e729aa9b25547bad1f128759d144b8ecdec25bb28d67d694a5b3e0 |
| SHA512 | d9ff6c0fdc7cc2378b3de99abce734b6248c8c91fe78cd6c68cd5e84c6400beb0c5192eb9aa28fd22f60744e8c26d29fa5b6dad79296a1c84f0d2275a30628e2 |
C:\Users\Admin\Downloads\Monoxide.zip:Zone.Identifier
| MD5 | fe43f4499151f4d262611349c7740231 |
| SHA1 | 9a15d5c647e14a6d619c07646afca30489c5a1e7 |
| SHA256 | 528d39b4e7cf61242cd03d064b8945f4eae7aa6300fa3d974477a7c9bde47d37 |
| SHA512 | 9038cc554df231925b0d09f32e1ac12c544fab81e77c5bb332eb48e13d464f454f90bd7f1599ae9c217b40b379fd991f42aa2e4df00a1d359549c4f01c41c0f2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a92e85f0b9fbf0ec14d18c02978cb44a |
| SHA1 | 951751e1e1bac6cac8d230f67bfc9a3fae68b56d |
| SHA256 | 6bc22ff24a2f02e55efb0003cbb435732702bb0e27a0b45270d11673943d3aef |
| SHA512 | 36f4cbd69e0b915faf49b04b8e748f7a61a886ee3cc191f90b2b08ef05c2f5d42c5b85d9635ec60c59d2d3b57fcd517cae34ccaffca33447371e08cfdeb33da9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ae2d72e34689769fe87107d3d1a2ad16 |
| SHA1 | b816665d42afce7b54453cb2941cceaea82c29aa |
| SHA256 | dc1dc73ab050d029ba18bedbb2999fbf68003d779d7b1231974bfca6673aaca2 |
| SHA512 | 660ad4374386baa8c398bd29a1314fb31548884f3c73325705a32091be0da458c54da04181df93f6be97e4a0277745afbd9802fb9ea2cda525dced36fdf8433e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 51fdb1cd3318748a87b7a28d2292fc9b |
| SHA1 | b4d28e010e9c46aaa6db1a063abf91ef3f9a5ce8 |
| SHA256 | 31f37c7e027041c6191679f7d0e83c700a28880718df929847bd928d3e66d8af |
| SHA512 | c555338d2218df5cf3d9e96badc10efeb1643415219933f8546997d07749dafd849928aa59afaba50560135149610cfe8f52cdf425c06c0fc64a3cacb20186e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58ad52.TMP
| MD5 | 1419061e00d6bd5441e8724742c3ac3a |
| SHA1 | 495b9fe64468a3ffc867ab65e0359ed5b236194f |
| SHA256 | c9e0e19303a60da0e227827af5a1f42ce2095bf4e533fed4963fe403107fafaa |
| SHA512 | 3b51ffd5fc0a7846a8c6b4076f20b9ce7850459b7442c4858932d98eec2e8a277e18717ab42655efd1b3a4dff3abc14b1e09aa3404f851244b3c28a5181a10ba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 94d2d0613bf58625e7ab6f021ef6c6f2 |
| SHA1 | c59ff3a481471467120551a5c686a22fed67af90 |
| SHA256 | 50e9fbe254296b84c9b4afa4009ce15eea4becd4aa27ca7556b44568ab6850b4 |
| SHA512 | 2b4808fb11e17925171df3282f28f5b72775cd19ea54fe771f2f8a2f36b58b0e96665e046b95fe5d11cddeb0f4e429ecb202eb2caee1d00af059f4ffbe0bc47f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0089edc9b3f00842e59c9d82aa2496dd |
| SHA1 | 17c5b44d634a93dac8445a7d466894aebdbf8446 |
| SHA256 | 8b06955531cb9df09358431035b413e1dbd6e2cf3e8345e2ff7e51efa7f79049 |
| SHA512 | 90f19945760b575e57dd54065d150c5fa19ab23c6dc0a13934cd8abf94e078232d275ba56d7b9634bdfe3c7684d87cc9432005fedf3c229dd555a52a23fbd4a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | 1c2e3365356d2798358f0c10476f3a69 |
| SHA1 | 405e7f058a0d5b2194684dca219d5914ec39c83b |
| SHA256 | d579f6ff276d52316083f7ec981715bd996ff57c4f61624767e41389f6fce139 |
| SHA512 | f7ffe20022d7074b87ccd9c826f7699a4375bb65427c0bb8ee94016dcfefec654fb64098bc9e8f9599bb3bc00eca51813c52093137b331fbc4ab478b13758188 |
C:\Users\Admin\Downloads\Monoxide\Monoxide\Monoxide x64.exe
| MD5 | 692361071bbbb3e9243d09dc190fedea |
| SHA1 | 04894c41500859ea3617b0780f1cc2ba82a40daf |
| SHA256 | ae9405b9556c24389ee359993f45926a895481c8d60d98b91a3065f5c026cffe |
| SHA512 | cfdd627d228c89a4cc2eac27dcdc45507f1e4265eff108958de0e26e0d1abe7598a5347be77d1a52256de70c77129f1cd0e9b31c023e1263f4cf04dbc689c87e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\96c7bb75-3240-45c4-b984-12c1877fdac5.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3056695cca2fa5d6f4fc15f0fe9ddaea |
| SHA1 | 9b2630acb4fca8579d8c6e63219fa1572b310b0d |
| SHA256 | 97f18e40b54e49559623a7e226aed3efe1d67f01c6a6bd8cf038e88f41db4ffc |
| SHA512 | 183b352b16c8c37d7d57fbc842f942cfd01bfcacb3c36422b954f617faa13343a6953c42fad484a48b7ba081a7009d67112090e2292d40fb65ef55b0e9595b35 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d1f5fc353e51e4edfb70ec397d4a655f |
| SHA1 | a451e1ab33c66150099fd198245e3a191133fefe |
| SHA256 | 2d51c3a2cd1f0d998175c5615c0081453bb78d45cbaa5410550a66ecd2c8921a |
| SHA512 | f0159804c770221695d2b13952dc6b5c4ed7a2c863e555c87fb012903c4f53a24ff236aa5ce62934078ef8a4d7355bd255c5465df396cdbec15d69189d2824bd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 60e1c80e259e5b09bcbb687f1627f538 |
| SHA1 | 3de0379ee805086f474b5735506b78cf5008ff42 |
| SHA256 | 3541ad0c0883c0bff1285f4b4ae167d65ad01f1c5e03cbd051bee46e9b6a0faa |
| SHA512 | 2a69218d9779b1d07ef92d20789ed4117b586cc9208c672b7ec90fccc93e51e2d546d32786377b8141ac2ee1d4e2119dbdf384837371b041eebd868a2ca7a758 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 1af7f99bbacfa3641227b01e68a6ba16 |
| SHA1 | d43f2825ece5b4fc3e757c1aa94801b18fd3339f |
| SHA256 | 0cc8a6918142b10441a6b2f1db39e75976512b23478f74bb27fa48ac70ca8bc5 |
| SHA512 | a5ee7d8044da5183de9d36e37ec9e60102cf200ca98c122e1e295ee8e7c0188db7aa8b51e30263534c4050ccba30c7c303c36dfbc2b72f31b6f536f3655c0a22 |
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
| MD5 | 7050d5ae8acfbe560fa11073fef8185d |
| SHA1 | 5bc38e77ff06785fe0aec5a345c4ccd15752560e |
| SHA256 | cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b |
| SHA512 | a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b |
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
| MD5 | 65052e12fa7da6a5ee14a5ae04293726 |
| SHA1 | c2c527c2cf24d6da8486c1311f2a7371d0215c5e |
| SHA256 | 3a446e7329ab20e19f2f108c878a767e465d97fa8367d022a496a1f669e5936a |
| SHA512 | fac755c04060a9546b2c414431620be79fdfb31f91906906ac6278943da81d07e38779ec3777ecb5792b31c6e0bba29391d2ec98ce5f61d4a4b4839e1bf324c1 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\74d7f43c1561fc1e.customDestinations-ms
| MD5 | 2252de7e754d5fef22aa35d3549be200 |
| SHA1 | 128181af9b722a98bb9591922158395b50a96158 |
| SHA256 | f89f0262cc9e03dee33deec1c232fdc68fc98e8242077749bdc8c6e027694294 |
| SHA512 | 4f3736d9ae1cadf7a4f2c8a7b3a2ddbcba84bdbb6803041f45b92cbd06f30a7d96a1cad1bacd1d2ae2692f38b9ef6441b9456ca918845c02bda17a3623d206d6 |
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_znpxf5pm.huj.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/6004-803-0x000001A822320000-0x000001A822342000-memory.dmp
C:\Windows\Temp\{A0733442-10B2-4DDF-9388-8893F8B78F0C}\.ba\logo.png
| MD5 | d6bd210f227442b3362493d046cea233 |
| SHA1 | ff286ac8370fc655aea0ef35e9cf0bfcb6d698de |
| SHA256 | 335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef |
| SHA512 | 464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b |