Analysis
-
max time kernel
2634s -
max time network
2643s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
29-06-2024 10:06
General
-
Target
PROPER EDUCATION.docx
-
Size
11KB
-
MD5
6409cdd4687dc59b5e0fa3a8d94f625f
-
SHA1
77a3a65326dfe834cd026743fe3119131db6eabe
-
SHA256
0c720da75f3cdc5cbd84450075783822fb9e40e0558ade24398bfb92de372fda
-
SHA512
bcb3324bb654ff40c527baa07246a1f8b3df70b59a6ba3af0f3fd16c1d57801fbfb58256136d04903a8062f61f7224fbf4dd7c5ca6b5b8f32d03cc7c6b85e608
-
SSDEEP
192:CtiVC0zCCNxtpgoZ22NNxD/oKvFfghsKwVONL0WMGTlflHmACM0j7:aiA0zdNxt/ZtNNl3y7WGTldHmJM0j7
Score
6/10
Malware Config
Signatures
-
Process spawned suspicious child process 1 IoCs
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-
Detected potential entity reuse from brand microsoft.
-
Checks SCSI registry key(s) 3 TTPs 11 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Checks processor information in registry 2 TTPs 6 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 5 IoCs
-
Modifies Internet Explorer settings 1 TTPs 4 IoCs
-
Modifies data under HKEY_USERS 10 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious behavior: AddClipboardFormatListener 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious use of SetWindowsHookEx 18 IoCs
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\PROPER EDUCATION.docx" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?LinkID=618892&value=7M3KV-J9JYY-XQX2C-RTCC4-KXBG22⤵
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DW20.EXE"C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DW20.EXE" -x -s 54082⤵
- Process spawned suspicious child process
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\dwwin.exeC:\Windows\system32\dwwin.exe -x -s 54083⤵
- Checks processor information in registry
- Enumerates system info in registry
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1348 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5772 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --mojo-platform-channel-handle=3668 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4772 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=5816 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=5716 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=6028 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6000 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --mojo-platform-channel-handle=3848 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --mojo-platform-channel-handle=5548 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --mojo-platform-channel-handle=6496 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=3416 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4536 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --mojo-platform-channel-handle=4324 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --mojo-platform-channel-handle=6800 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --mojo-platform-channel-handle=6848 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --mojo-platform-channel-handle=6480 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --mojo-platform-channel-handle=6512 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --mojo-platform-channel-handle=6812 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:81⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x2fc 0x38c1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=37 --mojo-platform-channel-handle=5456 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6788 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:81⤵
- Modifies registry class
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4324 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=40 --mojo-platform-channel-handle=5392 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=41 --mojo-platform-channel-handle=5436 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=42 --mojo-platform-channel-handle=5596 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=43 --mojo-platform-channel-handle=5484 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=44 --mojo-platform-channel-handle=5592 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:11⤵
-
C:\Windows\system32\SystemSettingsAdminFlows.exe"C:\Windows\system32\SystemSettingsAdminFlows.exe" EnterProductKey1⤵
- Checks SCSI registry key(s)
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\Clipup.exeC:\Windows\system32\Clipup.exe -d -k 7M3KV-J9JYY-XQX2C-RTCC4-KXBG2 %PROGRAMDATA%\Microsoft\Windows\ClipSvc\Install2⤵
-
C:\Windows\system32\Clipup.exeC:\Windows\system32\Clipup.exe -d -k 7M3KV-J9JYY-XQX2C-RTCC4-KXBG2 %PROGRAMDATA%\Microsoft\Windows\ClipSvc\Install -ppl C:\Users\Admin\AppData\Local\Temp\tem1F5.tmp3⤵
- Checks SCSI registry key(s)
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultc4ff2fa5ha276h4f16h964fh5d49839fe18c1⤵
-
C:\Windows\system32\wwahost.exe"C:\Windows\system32\wwahost.exe" -ServerName:App.wwa1⤵
- Modifies Internet Explorer settings
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=1520 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=1520 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-databases --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=47 --mojo-platform-channel-handle=6024 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-databases --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=46 --mojo-platform-channel-handle=7080 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-databases --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=48 --mojo-platform-channel-handle=1520 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-databases --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=49 --mojo-platform-channel-handle=3764 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-databases --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=50 --mojo-platform-channel-handle=6104 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:11⤵
-
C:\Windows\system32\wwahost.exe"C:\Windows\system32\wwahost.exe" -ServerName:App.wwa1⤵
- Modifies Internet Explorer settings
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultb193d115hfa10h43dbh8941h28bb38b78eba1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault18915f15hcd56h4d06hbfccha1e07e8319e01⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultfad5bc39h0049h41d4h9e52h157739541c061⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetCache\45JCBKDK\Converged_v21033_mG-wAdV--_sq1kXms675SA2[1].cssFilesize
108KB
MD5986fb001d57efbfb2ad645e6b3aef948
SHA1a1590f0bc684d395a6179fb915deeca3a9321d89
SHA256de304cb4d64e769dd16a7b4500603205d2606fe0877dd046460c7b8df06a31b3
SHA5120c5599773904a45552e241e9e7723bd6cdc0a3b71a05145553942e27450e8e706c128c918fc6b5599f9bb55eea1fa6b9801d78fd4d95292e24709cd90fb9a7cc
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\1OI6MQ71\login.live[1].xmlFilesize
13B
MD5c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA135e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA5126be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\LocalState\_sessionState.jsonFilesize
136B
MD59c1e824ef8695a1abc67f5d0a95778c0
SHA1ec43ba5ce45d92453320bd6d14d96a866ed4c0e9
SHA2560e9674b55a602a97e8ed235ec72e98e5d816ac014684d179a1fc0b9959345d97
SHA51255e92e224e5d357e4c1dfcd34ee8b7e1d160f8edfce2f3bd156a240f4cc8c73b3329497d8199fabf2a81d8d04be5f49687224b498c57cb115231b47c81d65d15
-
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776Filesize
471B
MD5eda5e3a600f594e99c2ec43eef199003
SHA1fd0ab6372b227debea03d04406468712b027f440
SHA256c0979c9bc3beb96221ee8118627db2c5599cadb0826b111a12cb6c831527d90a
SHA5129a166a02ba821a5e2cbe4f4273bf9e0d943ba358b98ead07703666bbabe87f8bd33d85bf7d52c3bbd3d4cfada18e56a2081acb057631e54d6ccfcc2ccb6459a6
-
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64AFilesize
471B
MD5e4aab687777767aae1e948c7a567a284
SHA184104723a3188e50eca444c81a2199137f445364
SHA256ba655a0ae56281a0b45f2974557e2764cfddb8cf7c20f59729d5bf44c0c304e5
SHA5128458fda3de9dc783fc66f784b4d8fd97bbf828106a2209870c5ddd27281da9d2e8c0858deda00e6146a66fb6a5fd02fc87362d6a5cc4c5e2981c9c37f9af73e4
-
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776Filesize
404B
MD5068bcfa6b13106f649e100540667337f
SHA1c86cd200b4949c025c85e1604f6aac3925ae1573
SHA2563f6611fca52ad0f1a4934df506128a36a2a773ffbd8f290b31ae5cb7e3c40365
SHA512c812c2d5e36aff8d011082f0d8f8a2d5cfe6a5fb3414b375650ae9f364160f098c548916e1955b5ee70637574b7463aed431f1e13662f594857f8a6e75121450
-
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64AFilesize
412B
MD5b7b42987a451bd27d3481b60192464f4
SHA1b360bf395343c01284a26728a6ae835774e7163c
SHA25676141ad3765249a1759ca7b004f944367212f1566adbad0e7bc1f6cb17442c68
SHA512327e97f753ce07ff2335501a8df28759c014e3395fcffe19080a58b0b52a8e4253ec9c958bafee3997fce13cf7feaf078e6913f241649a5331e78670abd48792
-
C:\Users\Admin\AppData\Local\Temp\tem1F5.tmpFilesize
206B
MD5b13af738aa8be55154b2752979d76827
SHA164a5f927720af02a367c105c65c1f5da639b7a93
SHA256663ef05eb1c17b68e752a2d1e2dcd0eaa024e4c2ec88a7bc99a59e0aeabdf79b
SHA512cb774f2729ce6b5cda325417fbad93e952b447fa2e9285375c26eb0fbdb7f4f8b644b1007038caafd6d8ba4efb3cc8c5da307c14e12be3454103d52848a029a4
-
memory/568-81-0x00007FFE8B830000-0x00007FFE8B840000-memory.dmpFilesize
64KB
-
memory/568-78-0x00007FFE8B830000-0x00007FFE8B840000-memory.dmpFilesize
64KB
-
memory/568-79-0x00007FFE8B830000-0x00007FFE8B840000-memory.dmpFilesize
64KB
-
memory/568-80-0x00007FFE8B830000-0x00007FFE8B840000-memory.dmpFilesize
64KB
-
memory/712-99-0x0000023519E50000-0x0000023519E60000-memory.dmpFilesize
64KB
-
memory/712-122-0x0000023519E50000-0x0000023519E60000-memory.dmpFilesize
64KB
-
memory/712-87-0x0000023519E50000-0x0000023519E60000-memory.dmpFilesize
64KB
-
memory/712-88-0x0000023519E50000-0x0000023519E60000-memory.dmpFilesize
64KB
-
memory/712-89-0x0000023519E50000-0x0000023519E60000-memory.dmpFilesize
64KB
-
memory/712-90-0x0000023519E50000-0x0000023519E60000-memory.dmpFilesize
64KB
-
memory/712-91-0x0000023519E50000-0x0000023519E60000-memory.dmpFilesize
64KB
-
memory/712-92-0x0000023519E50000-0x0000023519E60000-memory.dmpFilesize
64KB
-
memory/712-93-0x0000023519E50000-0x0000023519E60000-memory.dmpFilesize
64KB
-
memory/712-94-0x0000023519E50000-0x0000023519E60000-memory.dmpFilesize
64KB
-
memory/712-95-0x0000023519E50000-0x0000023519E60000-memory.dmpFilesize
64KB
-
memory/712-96-0x0000023519E50000-0x0000023519E60000-memory.dmpFilesize
64KB
-
memory/712-97-0x0000023519E50000-0x0000023519E60000-memory.dmpFilesize
64KB
-
memory/712-98-0x0000023519E50000-0x0000023519E60000-memory.dmpFilesize
64KB
-
memory/712-100-0x0000023519E50000-0x0000023519E60000-memory.dmpFilesize
64KB
-
memory/712-101-0x0000023519E50000-0x0000023519E60000-memory.dmpFilesize
64KB
-
memory/712-103-0x0000023519E50000-0x0000023519E60000-memory.dmpFilesize
64KB
-
memory/712-104-0x0000023519E50000-0x0000023519E60000-memory.dmpFilesize
64KB
-
memory/712-83-0x0000023519E50000-0x0000023519E60000-memory.dmpFilesize
64KB
-
memory/712-82-0x0000023519E50000-0x0000023519E60000-memory.dmpFilesize
64KB
-
memory/712-84-0x0000023519E50000-0x0000023519E60000-memory.dmpFilesize
64KB
-
memory/712-85-0x0000023519E50000-0x0000023519E60000-memory.dmpFilesize
64KB
-
memory/712-86-0x0000023519E50000-0x0000023519E60000-memory.dmpFilesize
64KB
-
memory/712-102-0x0000023519E50000-0x0000023519E60000-memory.dmpFilesize
64KB
-
memory/712-117-0x0000023519E50000-0x0000023519E60000-memory.dmpFilesize
64KB
-
memory/712-116-0x0000023519E50000-0x0000023519E60000-memory.dmpFilesize
64KB
-
memory/712-115-0x0000023519E50000-0x0000023519E60000-memory.dmpFilesize
64KB
-
memory/712-114-0x0000023519E50000-0x0000023519E60000-memory.dmpFilesize
64KB
-
memory/712-113-0x0000023519E50000-0x0000023519E60000-memory.dmpFilesize
64KB
-
memory/712-112-0x0000023519E50000-0x0000023519E60000-memory.dmpFilesize
64KB
-
memory/712-127-0x0000023519E50000-0x0000023519E60000-memory.dmpFilesize
64KB
-
memory/712-126-0x0000023519E50000-0x0000023519E60000-memory.dmpFilesize
64KB
-
memory/712-125-0x0000023519E50000-0x0000023519E60000-memory.dmpFilesize
64KB
-
memory/712-124-0x0000023519E50000-0x0000023519E60000-memory.dmpFilesize
64KB
-
memory/712-123-0x0000023519E50000-0x0000023519E60000-memory.dmpFilesize
64KB
-
memory/712-105-0x0000023519E50000-0x0000023519E60000-memory.dmpFilesize
64KB
-
memory/712-121-0x0000023519E50000-0x0000023519E60000-memory.dmpFilesize
64KB
-
memory/712-120-0x0000023519E50000-0x0000023519E60000-memory.dmpFilesize
64KB
-
memory/712-119-0x0000023519E50000-0x0000023519E60000-memory.dmpFilesize
64KB
-
memory/712-118-0x0000023519E50000-0x0000023519E60000-memory.dmpFilesize
64KB
-
memory/712-111-0x0000023519E50000-0x0000023519E60000-memory.dmpFilesize
64KB
-
memory/712-110-0x0000023519E50000-0x0000023519E60000-memory.dmpFilesize
64KB
-
memory/712-109-0x0000023519E50000-0x0000023519E60000-memory.dmpFilesize
64KB
-
memory/712-108-0x0000023519E50000-0x0000023519E60000-memory.dmpFilesize
64KB
-
memory/712-107-0x0000023519E50000-0x0000023519E60000-memory.dmpFilesize
64KB
-
memory/712-106-0x0000023519E50000-0x0000023519E60000-memory.dmpFilesize
64KB
-
memory/2960-19-0x00007FFE89080000-0x00007FFE89090000-memory.dmpFilesize
64KB
-
memory/2960-10-0x00007FFECB7B0000-0x00007FFECB9A5000-memory.dmpFilesize
2.0MB
-
memory/2960-18-0x00007FFE89080000-0x00007FFE89090000-memory.dmpFilesize
64KB
-
memory/2960-13-0x00007FFECB7B0000-0x00007FFECB9A5000-memory.dmpFilesize
2.0MB
-
memory/2960-12-0x00007FFECB7B0000-0x00007FFECB9A5000-memory.dmpFilesize
2.0MB
-
memory/2960-0-0x00007FFE8B830000-0x00007FFE8B840000-memory.dmpFilesize
64KB
-
memory/2960-75-0x00007FFECB7B0000-0x00007FFECB9A5000-memory.dmpFilesize
2.0MB
-
memory/2960-41-0x00007FFECB7B0000-0x00007FFECB9A5000-memory.dmpFilesize
2.0MB
-
memory/2960-40-0x00007FFECB7B0000-0x00007FFECB9A5000-memory.dmpFilesize
2.0MB
-
memory/2960-39-0x000001DF84D60000-0x000001DF84D70000-memory.dmpFilesize
64KB
-
memory/2960-38-0x000001DF84D60000-0x000001DF84D70000-memory.dmpFilesize
64KB
-
memory/2960-33-0x00007FFECB7B0000-0x00007FFECB9A5000-memory.dmpFilesize
2.0MB
-
memory/2960-1-0x00007FFE8B830000-0x00007FFE8B840000-memory.dmpFilesize
64KB
-
memory/2960-9-0x00007FFECB7B0000-0x00007FFECB9A5000-memory.dmpFilesize
2.0MB
-
memory/2960-11-0x00007FFECB7B0000-0x00007FFECB9A5000-memory.dmpFilesize
2.0MB
-
memory/2960-15-0x00007FFECB7B0000-0x00007FFECB9A5000-memory.dmpFilesize
2.0MB
-
memory/2960-17-0x00007FFECB7B0000-0x00007FFECB9A5000-memory.dmpFilesize
2.0MB
-
memory/2960-16-0x00007FFECB7B0000-0x00007FFECB9A5000-memory.dmpFilesize
2.0MB
-
memory/2960-8-0x00007FFECB7B0000-0x00007FFECB9A5000-memory.dmpFilesize
2.0MB
-
memory/2960-7-0x00007FFECB7B0000-0x00007FFECB9A5000-memory.dmpFilesize
2.0MB
-
memory/2960-6-0x00007FFE8B830000-0x00007FFE8B840000-memory.dmpFilesize
64KB
-
memory/2960-5-0x00007FFECB7B0000-0x00007FFECB9A5000-memory.dmpFilesize
2.0MB
-
memory/2960-3-0x00007FFECB84D000-0x00007FFECB84E000-memory.dmpFilesize
4KB
-
memory/2960-4-0x00007FFE8B830000-0x00007FFE8B840000-memory.dmpFilesize
64KB
-
memory/2960-2-0x00007FFE8B830000-0x00007FFE8B840000-memory.dmpFilesize
64KB
-
memory/2960-14-0x00007FFECB7B0000-0x00007FFECB9A5000-memory.dmpFilesize
2.0MB