Resubmissions
07-07-2023 19:28
230707-x6vx7aah77 1009-05-2023 07:16
230509-h34zcsgf4w 827-03-2023 11:00
230327-m3yjssdb46 1025-03-2023 07:43
230325-jkn1vsdh4z 825-02-2023 11:28
230225-nldnqsda92 1025-02-2023 11:28
230225-nk69nada89 125-02-2023 11:24
230225-nh4qrada83 1015-01-2023 04:46
230115-fd3c5aab55 1006-12-2022 18:59
221206-xm59taea79 10Analysis
-
max time kernel
1800s -
max time network
1165s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-de -
resource tags
-
submitted
07-07-2023 19:28
General
-
Target
fucker script.exe
-
Size
104KB
-
MD5
db0655efbe0dbdef1df06207f5cb5b5b
-
SHA1
a8d48d5c0042ce359178d018c0873e8a7c2f27e8
-
SHA256
52972a23ab12b95cd51d71741db2cf276749e56030c092e2e4f0907dcb1fbd56
-
SHA512
5adc8463c3e148a66f8afdeefc31f2b3ffeb12b7641584d1d24306b0898da60a8b9b948bb4f9b7d693185f2daa9bd9437b3b84cebc0eabfa84dfcef6938e1704
-
SSDEEP
1536:m5iT3FccnYWkyjWpOku3yUyJCbyVAvy7+fRo:3LOcxkyjW3wvHq
Score
10/10
Malware Config
Signatures
-
Process spawned unexpected child process 3 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
Modifies Installed Components in the registry 2 TTPs 2 IoCs
-
Executes dropped EXE 2 IoCs
-
Modifies system executable filetype association 2 TTPs 38 IoCs
-
Registers COM server for autorun 1 TTPs 64 IoCs
-
Enumerates connected drives 3 TTPs 6 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory 19 IoCs
-
Drops file in Windows directory 26 IoCs
-
Program crash 13 IoCs
-
Checks SCSI registry key(s) 3 TTPs 64 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Checks processor information in registry 2 TTPs 64 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 64 IoCs
-
Modifies Internet Explorer settings 1 TTPs 46 IoCs
-
Modifies data under HKEY_USERS 64 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious behavior: AddClipboardFormatListener 7 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 4 IoCs
-
Suspicious behavior: LoadsDriver 64 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\fucker script.exe"C:\Users\Admin\AppData\Local\Temp\fucker script.exe"1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20449041⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd4,0x108,0x7ff8669946f8,0x7ff866994708,0x7ff8669947182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,11497686300288188522,9309101556378842008,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:32⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,11497686300288188522,9309101556378842008,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447781⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8669946f8,0x7ff866994708,0x7ff8669947182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,16068302115456996305,6876174536183046034,131072 --lang=de --service-sandbox-type=utility --mojo-platform-channel-handle=2616 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,16068302115456996305,6876174536183046034,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=2468 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,16068302115456996305,6876174536183046034,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16068302115456996305,6876174536183046034,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16068302115456996305,6876174536183046034,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16068302115456996305,6876174536183046034,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16068302115456996305,6876174536183046034,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4500 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16068302115456996305,6876174536183046034,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16068302115456996305,6876174536183046034,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16068302115456996305,6876174536183046034,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16068302115456996305,6876174536183046034,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2108,16068302115456996305,6876174536183046034,131072 --lang=de --service-sandbox-type=collections --mojo-platform-channel-handle=5664 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16068302115456996305,6876174536183046034,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16068302115456996305,6876174536183046034,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16068302115456996305,6876174536183046034,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16068302115456996305,6876174536183046034,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16068302115456996305,6876174536183046034,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16068302115456996305,6876174536183046034,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4328 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16068302115456996305,6876174536183046034,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6640 /prefetch:12⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16068302115456996305,6876174536183046034,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,16068302115456996305,6876174536183046034,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=7152 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,16068302115456996305,6876174536183046034,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=7152 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16068302115456996305,6876174536183046034,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6968 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16068302115456996305,6876174536183046034,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7000 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16068302115456996305,6876174536183046034,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7144 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16068302115456996305,6876174536183046034,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7068 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16068302115456996305,6876174536183046034,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16068302115456996305,6876174536183046034,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6584 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16068302115456996305,6876174536183046034,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16068302115456996305,6876174536183046034,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16068302115456996305,6876174536183046034,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4268 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16068302115456996305,6876174536183046034,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4376 /prefetch:12⤵
-
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
-
C:\Windows\splwow64.exeC:\Windows\splwow64.exe 122882⤵
-
-
C:\Windows\splwow64.exeC:\Windows\splwow64.exe 122882⤵
-
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"1⤵
- Modifies system executable filetype association
- Registers COM server for autorun
- Checks processor information in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" /update /restart2⤵
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exeC:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe /update /restart /peruser /childprocess /extractFilesWithLessThreadCount /renameReplaceOneDriveExe /renameReplaceODSUExe /removeNonCurrentVersions /enableODSUReportingMode3⤵
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"1⤵
- Enumerates connected drives
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20449041⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8669946f8,0x7ff866994708,0x7ff8669947182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,9534866760593773219,16868209386949534270,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,9534866760593773219,16868209386949534270,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447861⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8669946f8,0x7ff866994708,0x7ff8669947182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1464,4713104783554037604,17259920971359819799,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1464,4713104783554037604,17259920971359819799,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
-
C:\Windows\splwow64.exeC:\Windows\splwow64.exe 122882⤵
-
-
C:\Windows\system32\werfault.exewerfault.exe /h /shared Global\f2d2b5c90b7846e48593bcaacff2e196 /t 3188 /p 31841⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"2⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\system32\werfault.exewerfault.exe /h /shared Global\a179f0d8eba244409fea65846f1fa020 /t 5100 /p 52041⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447782⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8669946f8,0x7ff866994708,0x7ff8669947183⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447822⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8669946f8,0x7ff866994708,0x7ff8669947183⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447782⤵
-
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵
- Checks processor information in registry
- Enumerates system info in registry
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
-
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵
-
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20449042⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8669946f8,0x7ff866994708,0x7ff8669947183⤵
-
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
-
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447782⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0x74,0x104,0x7ff8669946f8,0x7ff866994708,0x7ff8669947183⤵
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"2⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447782⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8669946f8,0x7ff866994708,0x7ff8669947183⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,5659585244693040158,10517612779755155398,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:33⤵
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20449042⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,16337462141407665889,18406608961752817340,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:33⤵
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20449042⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xd8,0x114,0x7ff8669946f8,0x7ff866994708,0x7ff8669947183⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,13246685638700825920,17530699702564566907,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:33⤵
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"2⤵
-
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵
-
-
C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE"C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE" /recycle2⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20837343⤵
- Process spawned unexpected child process
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8669946f8,0x7ff866994708,0x7ff8669947184⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20837343⤵
- Process spawned unexpected child process
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8669946f8,0x7ff866994708,0x7ff8669947184⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
- Modifies system executable filetype association
- Registers COM server for autorun
- Checks processor information in registry
- Modifies Internet Explorer settings
- Modifies registry class
-
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"2⤵
-
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵
-
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447822⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xd8,0x10c,0x7ff8669946f8,0x7ff866994708,0x7ff8669947183⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1444,14930995913028563263,8350019718414802151,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=2072 /prefetch:33⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447862⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8669946f8,0x7ff866994708,0x7ff8669947183⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,12110888147418023377,13124819488584633025,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:33⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,12110888147418023377,13124819488584633025,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:23⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447862⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8669946f8,0x7ff866994708,0x7ff8669947183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=fallback-handler --database="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --exception-pointers=137396006862848 --process=176 /prefetch:7 --thread=99364⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:23⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --lang=de --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4200 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4280 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3912 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3976 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6340 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --lang=de --service-sandbox-type=audio --mojo-platform-channel-handle=5492 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --lang=de --service-sandbox-type=video_capture --mojo-platform-channel-handle=6436 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4520 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=8164 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4552 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=8164 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4436 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8408 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8484 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4596 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8552 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8304 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3612 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8312 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8464 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --lang=de --service-sandbox-type=collections --mojo-platform-channel-handle=8592 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8540 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2628 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8524 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8444 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4300 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3584 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9112 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10468 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11712 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11908 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7316 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11120 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9428 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9488 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9524 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3968 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10428 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9516 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13268 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13308 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11072 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8588 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --lang=de --service-sandbox-type=collections --mojo-platform-channel-handle=4388 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7700 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7132 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7716 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13176 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=212 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13520 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13828 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13500 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14028 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12122542197226636069,5775697205277267650,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11896 /prefetch:13⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 3300 -s 8364⤵
- Program crash
-
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"2⤵
-
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20449042⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20449042⤵
-
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"2⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447862⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8669946f8,0x7ff866994708,0x7ff8669947183⤵
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20449042⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8669946f8,0x7ff866994708,0x7ff8669947183⤵
-
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447782⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8669946f8,0x7ff866994708,0x7ff8669947183⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20449042⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8669946f8,0x7ff866994708,0x7ff8669947183⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20449042⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8669946f8,0x7ff866994708,0x7ff8669947183⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447822⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8669946f8,0x7ff866994708,0x7ff8669947183⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447782⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8669946f8,0x7ff866994708,0x7ff8669947183⤵
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"2⤵
-
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20449042⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd4,0x108,0x7ff8669946f8,0x7ff866994708,0x7ff8669947183⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447822⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8669946f8,0x7ff866994708,0x7ff8669947183⤵
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"2⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447822⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8669946f8,0x7ff866994708,0x7ff8669947183⤵
-
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
-
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20449042⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8669946f8,0x7ff866994708,0x7ff8669947183⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 7380 -s 2564⤵
- Program crash
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447862⤵
- Modifies system executable filetype association
- Registers COM server for autorun
- Checks processor information in registry
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8669946f8,0x7ff866994708,0x7ff8669947183⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447782⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8669946f8,0x7ff866994708,0x7ff8669947183⤵
-
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
-
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447782⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xe8,0x104,0x7ff8669946f8,0x7ff866994708,0x7ff8669947183⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447862⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8669946f8,0x7ff866994708,0x7ff8669947183⤵
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE"C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE" /recycle2⤵
-
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447862⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8669946f8,0x7ff866994708,0x7ff8669947183⤵
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20449042⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8669946f8,0x7ff866994708,0x7ff8669947183⤵
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447822⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8669946f8,0x7ff866994708,0x7ff8669947183⤵
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447782⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8669946f8,0x7ff866994708,0x7ff8669947183⤵
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447782⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8669946f8,0x7ff866994708,0x7ff8669947183⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20449042⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xb0,0x104,0x7ff8669946f8,0x7ff866994708,0x7ff8669947183⤵
-
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447822⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8669946f8,0x7ff866994708,0x7ff8669947183⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447782⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xd8,0xfc,0x100,0x9c,0x104,0x7ff8669946f8,0x7ff866994708,0x7ff8669947183⤵
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447822⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0x40,0x104,0x7ff8669946f8,0x7ff866994708,0x7ff8669947183⤵
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"2⤵
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20449042⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8669946f8,0x7ff866994708,0x7ff8669947183⤵
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447822⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8669946f8,0x7ff866994708,0x7ff8669947183⤵
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵
-
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447782⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xd4,0x110,0x7ff8669946f8,0x7ff866994708,0x7ff8669947183⤵
-
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447862⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8669946f8,0x7ff866994708,0x7ff8669947183⤵
-
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
-
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"2⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447862⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd8,0x104,0x7ff8669946f8,0x7ff866994708,0x7ff8669947183⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447862⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8669946f8,0x7ff866994708,0x7ff8669947183⤵
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447782⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8669946f8,0x7ff866994708,0x7ff8669947183⤵
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447862⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8669946f8,0x7ff866994708,0x7ff8669947183⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447782⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447782⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xf8,0x108,0x7ff8669946f8,0x7ff866994708,0x7ff8669947183⤵
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵
-
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447862⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 9544 -s 1763⤵
- Program crash
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"2⤵
-
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exeOfficeC2RClient.exe /error PID=1972 ProcessName="Microsoft Word" UIType=3 ErrorSource=0x8b10082a ErrorCode=0x80004005 ShowUI=13⤵
- Process spawned unexpected child process
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447822⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xf8,0x108,0x7ff8669946f8,0x7ff866994708,0x7ff8669947183⤵
-
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
- Modifies system executable filetype association
- Registers COM server for autorun
- Checks processor information in registry
- Modifies Internet Explorer settings
- Modifies registry class
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=20447862⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8669946f8,0x7ff866994708,0x7ff8669947183⤵
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵
-
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵
-
-
C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE"C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE" /recycle2⤵
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
-
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵
-
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵
-
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"2⤵
-
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵
-
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
-
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"2⤵
-
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
-
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵
-
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵
-
-
C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE"C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE" /recycle2⤵
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
-
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵
-
-
C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE"C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE" /recycle2⤵
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
-
-
C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE"C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE" /recycle2⤵
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
-
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"2⤵
-
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"2⤵
-
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
-
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"2⤵
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
-
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"2⤵
-
-
C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE"C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE" /recycle2⤵
-
-
C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE"C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE" /recycle2⤵
-
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"2⤵
-
-
C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE"C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE" /recycle2⤵
-
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"2⤵
-
-
C:\Windows\system32\wwahost.exe"C:\Windows\system32\wwahost.exe" -ServerName:Microsoft.MicrosoftOfficeHub.wwa1⤵
-
C:\Windows\system32\wwahost.exe"C:\Windows\system32\wwahost.exe" -ServerName:Microsoft.MicrosoftOfficeHub.wwa1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\LocalBridge.exe"C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\LocalBridge.exe" /InvokerPRAID: Microsoft.MicrosoftOfficeHub prelaunch1⤵
-
C:\Windows\system32\werfault.exewerfault.exe /h /shared Global\ce7501544dda4acb99145624fe529c1c /t 4392 /p 48121⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8669946f8,0x7ff866994708,0x7ff8669947181⤵
-
C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe"C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe" -ServerName:microsoft.onenoteim.AppXxqb9ypsz6cs1w07e1pmjy4ww4dy9tpqr.mca1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 4600 -s 37282⤵
- Program crash
-
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8669946f8,0x7ff866994708,0x7ff8669947181⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 628 -p 4600 -ip 46001⤵
-
C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe"C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe" -ServerName:microsoft.onenoteim.AppXxqb9ypsz6cs1w07e1pmjy4ww4dy9tpqr.mca1⤵
-
C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe"C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe" -ServerName:microsoft.onenoteim.AppXxqb9ypsz6cs1w07e1pmjy4ww4dy9tpqr.mca1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 552 -s 33562⤵
- Program crash
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 676 -p 552 -ip 5521⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8669946f8,0x7ff866994708,0x7ff8669947181⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8669946f8,0x7ff866994708,0x7ff8669947181⤵
-
C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe"C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe" -ServerName:microsoft.onenoteim.AppXxqb9ypsz6cs1w07e1pmjy4ww4dy9tpqr.mca1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 6732 -s 28082⤵
- Program crash
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 752 -p 6732 -ip 67321⤵
-
C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe"C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe" -ServerName:microsoft.onenoteim.AppXxqb9ypsz6cs1w07e1pmjy4ww4dy9tpqr.mca1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 7648 -s 33802⤵
- Program crash
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 752 -p 7648 -ip 76481⤵
-
C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe"C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe" -ServerName:microsoft.onenoteim.AppXxqb9ypsz6cs1w07e1pmjy4ww4dy9tpqr.mca1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 10220 -s 32202⤵
- Program crash
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 604 -p 10220 -ip 102201⤵
-
C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe"C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe" -ServerName:microsoft.onenoteim.AppXxqb9ypsz6cs1w07e1pmjy4ww4dy9tpqr.mca1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 9788 -s 29802⤵
- Program crash
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 748 -p 9788 -ip 97881⤵
-
C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe"C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe" -ServerName:microsoft.onenoteim.AppXxqb9ypsz6cs1w07e1pmjy4ww4dy9tpqr.mca1⤵
-
C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe"C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe" -ServerName:microsoft.onenoteim.AppXxqb9ypsz6cs1w07e1pmjy4ww4dy9tpqr.mca1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 12156 -s 33122⤵
- Program crash
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 572 -p 12156 -ip 121561⤵
-
C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe"C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe" -ServerName:microsoft.onenoteim.AppXxqb9ypsz6cs1w07e1pmjy4ww4dy9tpqr.mca1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 4708 -s 31962⤵
- Program crash
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 492 -p 4708 -ip 47081⤵
-
C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe"C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe" -ServerName:microsoft.onenoteim.AppXxqb9ypsz6cs1w07e1pmjy4ww4dy9tpqr.mca1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 7972 -s 31162⤵
- Program crash
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 900 -p 7972 -ip 79721⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 740 -p 6124 -ip 61241⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1020 -s 58041⤵
- Program crash
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 384 -p 9544 -ip 95441⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 604 -p 3300 -ip 33001⤵
-
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service1⤵
- Drops file in System32 directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
-
C:\Windows\system32\dwm.exe"dwm.exe"1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 676 -p 10304 -ip 103041⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 736 -p 10304 -ip 103041⤵
-
C:\Windows\system32\dwm.exe"dwm.exe"1⤵
-
C:\Windows\system32\dwm.exe"dwm.exe"1⤵
-
C:\Windows\system32\dwm.exe"dwm.exe"1⤵
-
C:\Windows\system32\dwm.exe"dwm.exe"1⤵
- Modifies data under HKEY_USERS
-
C:\Windows\system32\dwm.exe"dwm.exe"1⤵
-
C:\Windows\system32\dwm.exe"dwm.exe"1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x45c 0x4281⤵
-
C:\Windows\system32\dwm.exe"dwm.exe"1⤵
-
C:\Windows\system32\sihost.exesihost.exe1⤵
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
-
C:\Windows\system32\sihost.exesihost.exe1⤵
-
C:\Windows\system32\sihost.exesihost.exe1⤵
-
C:\Windows\system32\sihost.exesihost.exe1⤵
-
C:\Windows\system32\sihost.exesihost.exe1⤵
-
C:\Windows\system32\sihost.exesihost.exe1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 780 -p 6668 -ip 66681⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc1⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000e4 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000e0 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000c8 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000114 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000184 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000012c 000000841⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000108 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000124 000000841⤵
-
C:\Windows\system32\wbem\WMIADAP.EXEwmiadap.exe /R /T1⤵
- Drops file in System32 directory
- Drops file in Windows directory
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000f8 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000134 000000841⤵
- Modifies system executable filetype association
- Registers COM server for autorun
- Checks processor information in registry
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000012c 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000b4 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000012c 000000841⤵
- Modifies system executable filetype association
- Registers COM server for autorun
- Checks processor information in registry
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000011c 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000134 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000f0 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000f0 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000124 000000841⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000154 000000841⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000e4 000000841⤵
- Modifies system executable filetype association
- Registers COM server for autorun
- Checks processor information in registry
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000b4 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000170 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000b8 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000120 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000e8 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000010c 000000841⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000019c 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000014c 000000841⤵
- Modifies system executable filetype association
- Registers COM server for autorun
- Checks processor information in registry
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000114 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000fc 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000134 000000841⤵
- Modifies system executable filetype association
- Registers COM server for autorun
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000014c 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000e8 000000841⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000e8 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000114 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000019c 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000194 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000cc 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000f8 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000108 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000f8 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000e8 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000014c 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000154 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000b4 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000b8 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000170 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000011c 000000841⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000fc 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000b4 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000f0 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000011c 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000019c 000000841⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000114 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000128 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000114 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000130 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000144 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000f8 000000841⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000128 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000140 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000148 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000f8 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000148 000000841⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000f8 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000124 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000014c 000000841⤵
- Modifies system executable filetype association
- Registers COM server for autorun
- Checks processor information in registry
- Modifies Internet Explorer settings
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000170 000000841⤵
- Modifies system executable filetype association
- Registers COM server for autorun
- Checks processor information in registry
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000016c 000000841⤵
- Modifies system executable filetype association
- Registers COM server for autorun
- Checks processor information in registry
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000128 000000841⤵
- Modifies system executable filetype association
- Registers COM server for autorun
- Checks processor information in registry
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000e4 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000160 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000015c 000000841⤵
- Modifies system executable filetype association
- Registers COM server for autorun
- Checks processor information in registry
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000170 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000130 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000140 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000015c 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000174 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000124 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000fc 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000148 000000841⤵
- Modifies system executable filetype association
- Registers COM server for autorun
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000e4 000000841⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000e4 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000014c 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000b4 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000f8 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000144 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000014c 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000124 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000b4 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000f8 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000114 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000014c 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000f8 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000174 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000014c 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000b4 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000014c 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000b4 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000114 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000144 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000174 000000841⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000114 000000841⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000124 000000841⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000114 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000fc 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000184 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000e8 000000841⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000015c 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000b4 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000e0 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000015c 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000140 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000144 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000080 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000cc 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000fc 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000124 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000e8 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000164 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000184 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000114 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000cc 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000118 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000144 000000841⤵
- Modifies system executable filetype association
- Registers COM server for autorun
- Checks processor information in registry
- Modifies registry class
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000011c 000000841⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000144 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000015c 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000f8 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000130 000000841⤵
- Modifies system executable filetype association
- Registers COM server for autorun
- Checks processor information in registry
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000108 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000118 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000019c 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000019c 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000014c 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000164 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000f0 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000144 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000184 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000184 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000140 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000b4 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000c8 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000b4 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000164 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000c8 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000134 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000128 000000841⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000f4 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000011c 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000014c 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000140 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000010c 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000124 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000f4 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000140 000000841⤵
- Executes dropped EXE
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000114 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000160 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000108 000000841⤵
- Suspicious behavior: LoadsDriver
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000130 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000011c 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000c8 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000b8 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000c8 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000164 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000184 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000b4 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000124 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000124 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000170 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000014c 000000841⤵
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000148 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000001a8 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000001fc 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000001ec 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000001f8 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000001d8 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000204 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000022c 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000220 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000264 000000841⤵
- Modifies system executable filetype association
- Registers COM server for autorun
- Checks processor information in registry
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000027c 000000841⤵
- Suspicious behavior: LoadsDriver
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000002b4 000000841⤵
- Suspicious behavior: LoadsDriver
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000002cc 000000841⤵
- Suspicious behavior: LoadsDriver
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000002e0 000000841⤵
- Suspicious behavior: LoadsDriver
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000031c 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000360 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000003a0 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000378 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000390 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000039c 000000841⤵
- Suspicious behavior: LoadsDriver
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000003ac 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000003bc 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000390 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000003b4 000000841⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000003d0 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000002bc 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000274 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000160 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000011c 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000f4 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000019c 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000080 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000021c 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000001d0 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000001b0 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000001a8 000000841⤵
- Suspicious behavior: LoadsDriver
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000188 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000120 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000114 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000124 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000124 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000010c 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000168 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000025c 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000260 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000001f8 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000260 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000204 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000288 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000001c4 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000214 000000841⤵
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000288 000000841⤵
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD58420b6a2e6a3d1f269f955a7eac98e74
SHA1930eeef3023d5f4022b4112f59eaa00fda9ac790
SHA25691ad552eb354a0472fdb088d166f214a513d13b74a6d753ec03b6ff3f647bf76
SHA5120a8d279950979f5ef255edefaeb12a1c67e42d10dc68fcfb6fbe17a84b39b5a817635aafeacd901d1ba068883a92627f5f4933674540a685eb78c5d1ed7ee838
-
Filesize
152B
MD5cfcd61d6cf499b452044fa6958d1aa3a
SHA128c5617ac09d18de8c1eace4800645a44fd57466
SHA256c4f21d73a5140a1a175bc56e174bce3c444e33f7c2c0084e51b7afd041afe985
SHA512baa3f5f06a0f9a74e752c19b8ca4c1a57c5003632c2c4a7f4021cc5a9e73c799ce4d3603ac45f02b22b3b3f8d823eb589830e55d03de9cacf96752245a4459af
-
Filesize
152B
MD5aa71cf6cece0bbb257db444f05d2985f
SHA18ede856c836070591fd07824bf61e34423514eaa
SHA25691944f19c94b721a05f1a7c74fc3b6541ad65ddc32cd2c6d13f988fd13184ec4
SHA512ed435285275ce9b1c4773610d5d4cae60b06dad42da479feff9a380281139514bdbecd2a1351d6bdc529536d1b59f6babd5016b5561591410f2b27e1d41ab1b7
-
Filesize
152B
MD5c7746d48f7157e463bd83a7463dda9a1
SHA1f23ed962093ffa006abafe9b173e7db0100d56e0
SHA256cbcdc323a1c5513de13270a339b258e82442af4a259f94b9fcbcbb19252f13a5
SHA5127a8bbb0aa5d56fd8b9c85c37fa2373590e87b9e3ed7d14719243de13be5d3cbcf8aff12f7fecc9302e4acce41eb8f93cafbe18087fff519b8b75aebd27e61749
-
Filesize
152B
MD5e093b213e4628dc67f05f474d0d81a5e
SHA117a27d9e41b19797146af08438ef1c3fc9b38af3
SHA256d0cdcf784693d1c8f649f861c43b74ced7c3901b55b3b84ef9b3bda7125f8307
SHA5126d7164e8411dcddea063e92df889325958232da2ea7ffe5c29caecefff854a2f092502be990f352eae3effc7c512498ee885dce5bbdffbba95f805855b495631
-
Filesize
152B
MD52f42c79a9ebf9f4c2395f8d301836c01
SHA1871d0faa626d8dfbdf14297859b1f8c59796f2eb
SHA256f75179ea13349e8e8c47e1881a61c5edb5fe30dc8ae4ec10bd4d0c7cf3ec863f
SHA512c631234fa47f1ba091d32b93999c91868037d9dcb7298feb9e06d208ddbf81939d029779946b1141cebd517066b84baf53f8a759e5f414bac1e94cd8026a9624
-
Filesize
152B
MD53423d7e71b832850019e032730997f69
SHA1bbc91ba3960fb8f7f2d5a190e6585010675d9061
SHA25653770e40359b9738d8898520d7e4a57c28498edddbadf76ec4a599837aa0c649
SHA51203d5fee4152300d6c5e9f72c059955c944c7e6d207e433e9fdd693639e63ea699a01696d7bbf56d2033fd52ad260c9ae36a2c5c888112d81bf7e04a3f273e65d
-
Filesize
152B
MD53423d7e71b832850019e032730997f69
SHA1bbc91ba3960fb8f7f2d5a190e6585010675d9061
SHA25653770e40359b9738d8898520d7e4a57c28498edddbadf76ec4a599837aa0c649
SHA51203d5fee4152300d6c5e9f72c059955c944c7e6d207e433e9fdd693639e63ea699a01696d7bbf56d2033fd52ad260c9ae36a2c5c888112d81bf7e04a3f273e65d
-
Filesize
152B
MD53423d7e71b832850019e032730997f69
SHA1bbc91ba3960fb8f7f2d5a190e6585010675d9061
SHA25653770e40359b9738d8898520d7e4a57c28498edddbadf76ec4a599837aa0c649
SHA51203d5fee4152300d6c5e9f72c059955c944c7e6d207e433e9fdd693639e63ea699a01696d7bbf56d2033fd52ad260c9ae36a2c5c888112d81bf7e04a3f273e65d
-
Filesize
152B
MD53423d7e71b832850019e032730997f69
SHA1bbc91ba3960fb8f7f2d5a190e6585010675d9061
SHA25653770e40359b9738d8898520d7e4a57c28498edddbadf76ec4a599837aa0c649
SHA51203d5fee4152300d6c5e9f72c059955c944c7e6d207e433e9fdd693639e63ea699a01696d7bbf56d2033fd52ad260c9ae36a2c5c888112d81bf7e04a3f273e65d
-
Filesize
152B
MD53423d7e71b832850019e032730997f69
SHA1bbc91ba3960fb8f7f2d5a190e6585010675d9061
SHA25653770e40359b9738d8898520d7e4a57c28498edddbadf76ec4a599837aa0c649
SHA51203d5fee4152300d6c5e9f72c059955c944c7e6d207e433e9fdd693639e63ea699a01696d7bbf56d2033fd52ad260c9ae36a2c5c888112d81bf7e04a3f273e65d
-
Filesize
152B
MD53423d7e71b832850019e032730997f69
SHA1bbc91ba3960fb8f7f2d5a190e6585010675d9061
SHA25653770e40359b9738d8898520d7e4a57c28498edddbadf76ec4a599837aa0c649
SHA51203d5fee4152300d6c5e9f72c059955c944c7e6d207e433e9fdd693639e63ea699a01696d7bbf56d2033fd52ad260c9ae36a2c5c888112d81bf7e04a3f273e65d
-
Filesize
152B
MD53423d7e71b832850019e032730997f69
SHA1bbc91ba3960fb8f7f2d5a190e6585010675d9061
SHA25653770e40359b9738d8898520d7e4a57c28498edddbadf76ec4a599837aa0c649
SHA51203d5fee4152300d6c5e9f72c059955c944c7e6d207e433e9fdd693639e63ea699a01696d7bbf56d2033fd52ad260c9ae36a2c5c888112d81bf7e04a3f273e65d
-
Filesize
152B
MD53423d7e71b832850019e032730997f69
SHA1bbc91ba3960fb8f7f2d5a190e6585010675d9061
SHA25653770e40359b9738d8898520d7e4a57c28498edddbadf76ec4a599837aa0c649
SHA51203d5fee4152300d6c5e9f72c059955c944c7e6d207e433e9fdd693639e63ea699a01696d7bbf56d2033fd52ad260c9ae36a2c5c888112d81bf7e04a3f273e65d
-
Filesize
152B
MD53423d7e71b832850019e032730997f69
SHA1bbc91ba3960fb8f7f2d5a190e6585010675d9061
SHA25653770e40359b9738d8898520d7e4a57c28498edddbadf76ec4a599837aa0c649
SHA51203d5fee4152300d6c5e9f72c059955c944c7e6d207e433e9fdd693639e63ea699a01696d7bbf56d2033fd52ad260c9ae36a2c5c888112d81bf7e04a3f273e65d
-
Filesize
152B
MD53423d7e71b832850019e032730997f69
SHA1bbc91ba3960fb8f7f2d5a190e6585010675d9061
SHA25653770e40359b9738d8898520d7e4a57c28498edddbadf76ec4a599837aa0c649
SHA51203d5fee4152300d6c5e9f72c059955c944c7e6d207e433e9fdd693639e63ea699a01696d7bbf56d2033fd52ad260c9ae36a2c5c888112d81bf7e04a3f273e65d
-
Filesize
152B
MD53423d7e71b832850019e032730997f69
SHA1bbc91ba3960fb8f7f2d5a190e6585010675d9061
SHA25653770e40359b9738d8898520d7e4a57c28498edddbadf76ec4a599837aa0c649
SHA51203d5fee4152300d6c5e9f72c059955c944c7e6d207e433e9fdd693639e63ea699a01696d7bbf56d2033fd52ad260c9ae36a2c5c888112d81bf7e04a3f273e65d
-
Filesize
152B
MD53423d7e71b832850019e032730997f69
SHA1bbc91ba3960fb8f7f2d5a190e6585010675d9061
SHA25653770e40359b9738d8898520d7e4a57c28498edddbadf76ec4a599837aa0c649
SHA51203d5fee4152300d6c5e9f72c059955c944c7e6d207e433e9fdd693639e63ea699a01696d7bbf56d2033fd52ad260c9ae36a2c5c888112d81bf7e04a3f273e65d
-
Filesize
257B
MD517611b02f82311fcd804039b89a3ff83
SHA1b423d05253bcdad05d21508a03ab8499cd231223
SHA2567d12596879e8fb462856e3ff80236ecf0c83f281afd4ff417ce0cb17304f09f5
SHA51293696d3ce717b6a888843c1ef45ab283d99a3e9a569afe7a62a2e19dcc406cedb79d91d1935fc1406d8203f28f28807972802e2478e5b5e415bc70303c3023e5
-
Filesize
268B
MD5d8f27653760d27cbbea7ef6a38221436
SHA1fe1584d6936254c58a9030a26816229b6aa1f143
SHA256facdc58bc9e203b65ea602e843e8c406473034fb71d337c8b9e91a7c225e2758
SHA5125f24b37d56075df183e8ff1655df4bcd4b40e379a9e64f201efe4dc84252e8e87a2504859d8775d4a6de4670f145ca53ae891da3f0ea85e5854c06ca96047cfa
-
Filesize
292B
MD5d684581a06419f2bd0cf2199113f5fab
SHA10fc0194f04e6e1272ca24f7ab44e673400ddd6fe
SHA256e60e1537d81ac0d98a0d4c76472e0389d75bb47d11937f23adb1b55c3b969505
SHA5123f069bde50a194c7d8b332c72bf37eaaf8423ab500b45b71729217ad26a1e7c3af8af59f2d4ab373d4939a5d4f0bd3851dddc5801541af77895eba13c39bf932
-
Filesize
249B
MD5fb10d13a210ebe647590696cbb912d6b
SHA10183e6ab2704ed49fd26550bd81726e83f894d6d
SHA256431af618c0c3df33632089e810b63e5078a0de76749404233b9bff06dfff5aef
SHA512aa7e523382591c74f64f02a637a9e24f2f4bf32ca09dae3237114bbca82eb5f7da3ed71c4ccf433e5560229d8c43ec459a75e33019623a6776636bf29361dbf1
-
Filesize
111B
MD578ef85bc0686dc4ee6313bd7b43e9c11
SHA10986f6b281a43d715a08c757b46333f0119f98ec
SHA2565930ae6358d4329029ecf1c01ac4152c83289cc410a324c5967d8793bcbd8b2c
SHA512dd103e629aaa3e1a7a38e2661161ef80006a3b80f040b0e27bf0cbb173c6c01e3fd042d6d37c0621038ebff4144939a9a86de2593eca6adf16a638f3ca2f8fba
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
3KB
MD5fc0401b4690effef7726dd3e9022710d
SHA137ca3180557adf5e26db7180ecb4404f95d34a40
SHA2566f7875162ce38cc12cc6b3167a1d63b84cfe7a45e6b1e83a6b49abb45e314d19
SHA512328e0277e94db016ee46684ef4589d3fae55bf041fc7f61deb27f624848744047146029b758814c7353450ab2050409485324203e13daa8e98a177d806135b22
-
Filesize
5KB
MD583d8307159b5a9dd70a18300cd113a1f
SHA15977f53cd567dd4dc3cd5305a57c7a0ff63995f7
SHA2565c5035039c762c2f86517930f6a19cb56d967fa87027329bc70e48aaced77957
SHA5124b2ba1d698c9d2d77fc3ddea28b7655c794d5cac75453ce626254a1b5673f3b1ce1e61e1ad14f20f073854e6e851c59445973f0620d53372efd8faa80191bbde
-
Filesize
9KB
MD5ee2caf19030ea06b41e5e78076a7357b
SHA16efde87909d1c6fda46b89d682749cd40a9eca93
SHA2568fbef7b68bae81f8b4736b7d2e4ec4e8a9c8830080a55a07b562036f126e38e4
SHA5120fca3b8f682a3c017897523820c6bee98cd65033b502f60e56ef2cfbc7358f211c09077ceed63438fef47fce032d3d502245a570fd26d138d4b109bb98480441
-
Filesize
9KB
MD58a3a32c346f829f7b10ec2029fe54cbb
SHA1d64febe6962840f8db1f7d5b7edb2312fe53f111
SHA2560cce707f333e15b9db42ceee19494484a8c62f001251fc7d1e700186ffbc4b12
SHA512c8539b21f6cce1e7cc9d12c7f669ca9709ea7aabcf3f583e099cad3339414447e0451a47ebb7bba054f229519d074a1a002b17d2f21b0db19c21d03e601ecbb2
-
Filesize
6KB
MD533c1e73e196f7edf5ef4b2f15130a1b0
SHA190a08d62aa74a12f8d92456b1a9d3c14f84d7004
SHA2561b9ea7e02075ee58ea6d9dff79d83e57856e1ca9e09ce73eea3cf9db9a548acc
SHA5122514bf57d54c0428fbb00c221664918bcd1f9c452f197683dc5faff999b0f0c75ac44e2118a308e09052a6e4e459c4824c8ae4d803ed89226a0c64b9a3bd9af6
-
Filesize
7KB
MD593fe35234598c23cfd4dfd88c7f56012
SHA191626f7e053d6cc68d5acec5dcdfa1f6400903f5
SHA256e58275157dda457f618fafbbadb343a78e26444e7bf634283f804c19cd898811
SHA512046d1778728ccfee1570d1c40b852f483e8ff24a6e77ff8fea1e9c2f8dda2fc35c1f6ac40bcc692dbe56ec9928dee1b9228add665dc4637f1c65052da389ec19
-
Filesize
7KB
MD50ec15579702a7f9204fcc78208868b7c
SHA159543436747b31fa20eaa68be3d1d43e16a42055
SHA256cd4c01a54ef5756d412bce6c446b047559efd3f51652101aca433ef19668b7f6
SHA5121b41011ae287974dcd156f895d9916f37f00b9d90ecbba31a5e089f0c5ddd9934e8e711b0f82bba90ac5a174d5ddd6e09a0089819e1ede8e6e9e65e399a59fb4
-
Filesize
9KB
MD5c2730066f520966c823f82f4ef858336
SHA1b51171af1b189aefb7334097e9e5cd0437d4eada
SHA256f17fa662c9cea6e84abb81c5d6ac4816c147957a81d2203d62f6a790f6e38238
SHA512a7690430ff46e537b06a0408a10ee3650282fac33aee0ef3720307b6b06dc51bbc1786bc52dac86be50ec2a6fa007bd3cc81884695e046437844ef061580c9e7
-
Filesize
9KB
MD5cdbbbb4eec94b74669036e136f78e661
SHA12e2b39fc4be1a346ef49a58f502b94df3318b58f
SHA256c366928b374221baf48cd936e511109035ea6ca615b6935826381b13c141704d
SHA51299dbdc47574ebfc3910c316f8ab8a983bb169fe07d163f0a85c9f7048fb5bdb2aa034583fd8f028fcfd21160b7a8ae03fe91bfcad7a188be45818443980c3cef
-
Filesize
9KB
MD51dd8c95c9ae4fcb10d26c3969d9e4e93
SHA13fedb075d3e0173e9c9344d5f28ffdddc634a6cf
SHA2563172e17b795482834ac8871e76713d51026f50b99ba8b8f56331116e956bfa36
SHA51246a56c97f9d9f2ae36b3d750b8f3826354984c218c51785fa39f002b0cd0639bd13d0ea5f4e48d84b511a19f98aef1503dc208fcc754201f242767a923623591
-
Filesize
7KB
MD5c175b5f054c37755bdb39be6593c5f27
SHA13e7b7774e141962f70466d1eb3c11a4c48279fab
SHA256ae98fc206c24ad9c5ec668cdc278b99947542fba3de2141f3f45b4f862a22860
SHA51227141b3cc8b53139528a2d577b02d4b1b7a6c6b963c902f6f0cbd540bd3b9dbbbe3f019689d2e633f59ed00e34e5a6d662f9a5ecf2593119c88407ce5004f086
-
Filesize
7KB
MD5649fa04f29505e6150389a05aeb42ca9
SHA1f05289c97b35a739e80fd574ef973917a44b00aa
SHA256ea2a1a6dff5014772f2da78bc8685ade68ea34706cbb80d93da7d2840bb449f7
SHA512c6118b0219918e40d541c1a1f48427d3ce778605d3ea80bb0c1bea340c9cf733961478f5d312d8bdcaeaad62c96d521a74cf5b2c8058d9e09e7f1de48a17f932
-
Filesize
8KB
MD5412e78e26f9a3614bc35dd10696df4c2
SHA1498363179a5c81a1526f7b33c1da628a55a31bba
SHA2568ec192fc3d4b2ccd0e6edc0d8c5f6242ddcaa8a2ace7b57c73cc459f326aba1c
SHA51225a09276f84483f0ce9ebe84d535752a0a9e1d1df06125ef41ec1b5ffd471bf18310dcc44be41d54f0aaa567f41c1b56006a956e4f249743b8bf881788e85079
-
Filesize
9KB
MD5700c6203d0a1f604a431d5b1a83a6b96
SHA179223805880f328084ca4faf04208867720f16ed
SHA25647c672627f9d420b5d97064df86eefb6a85064aad418467fd7735759ef405444
SHA51238b2299f77deba3b095d8c2aed2a3823a4275b348ae8f97dd8647888fee996b28ca3b0d7382e7d23a0b87c056ad1a596e5181a82df364498c4b2bd4a644a3235
-
Filesize
24KB
MD50e78f9a3ece93ae9434c64ea2bff51dc
SHA1a0e4c75fe32417fe2df705987df5817326e1b3b9
SHA2565c8ce4455f2a3e5f36f30e7100f85bdd5e44336a8312278769f89f68b8d60e68
SHA5129d1686f0b38e3326ad036c8b218b61428204910f586dccf8b62ecbed09190f7664a719a89a6fbc0ecb429aecf5dd0ec06de44be3a1510369e427bde0626fd51d
-
Filesize
1KB
MD51688eee814c57488b6754bb88f878721
SHA18809acc1c99984a6e9fdc2585d9374ae233612e2
SHA2562a7277001c7b80e5b6ace9ee6e989dd78e4050886289922b6c2ed9f3bacb130e
SHA5129ed84d42ed4bd29b8e1154a04ed3a473635940ec040fa85eb0413361edf452fa9e6fe9635035056e9af04c6a81bbc865ee2694e3acb6c7c72b9b6a0ee9d8dd15
-
Filesize
2KB
MD5ac2a87bc64d865d80c171cc7b93749b6
SHA19422492cf664ab100042ebfbd270aaff72cd8361
SHA256874f2dd7e7d12047005e9379a31e448ef0094655751fb9117a7d9a9fef0a0bbc
SHA51275c233b872b9fd439a37062591da7b988a85991700034c1c76c134c41aa693c4ada5d99637eec6ebcfe6f08e9a26f63e84e4484fd2bbd040ad90b48a8b4bb2b4
-
Filesize
3KB
MD51b10c8fbae72b740cf1646cd0bdd9ca7
SHA1a2877dc8cb05efd6081e0c108c4e2c9b8eabb86c
SHA2564c5a4717e22a37eaf1a1f3f9d1c4f2b50b412f81543edce3c01d857896c84ccb
SHA51264b248bfc35dd6206d21844beb9c1b27b40cef949c55fbcc4ef40b3034fdbbec4d10569344c4fe541783468bdb8feceb33d26a9c003355d3fb5e39da8324b635
-
Filesize
1KB
MD56e68584786de6b30a1c42c651c810d2b
SHA1b67a3212a6a890d1a5bfb797a852ebc10bd8c02b
SHA2567dbe01e6c4e2dde51e908de8c46da2fd1b0829c829425edeeab08c3408053286
SHA512d204d509bba45a809af430e60160124135ffe916e3eac22ad14789da8d81eb8f04577a925adbb5e21943129227dea30b6559409cd1f9d594e1efa8dbf9a4fb8a
-
Filesize
3KB
MD5e73bd173b8150ba14dc5680eeb268363
SHA1a16831c92b62bbacc58f141e1c61feb00d8d48bb
SHA2567319eaa4ee809c4148e98cdbcfebaede6765f9af3ac7ce249f23776d075aa9ab
SHA512b10ed0cbdf14635746775c48dc70931e68f3404e2579799f712d0774bde7db9679f9a7b393233d10120d112c090b3dbe265baa80f8caef06920c924795d9d275
-
Filesize
1KB
MD50d89981f932b851ea780e75d1dcdf03a
SHA1ae575f46efd49f259f1f007a8cacedee8a7f20a1
SHA256d038df44330ee5d1984ad9183319591cb6078575d272203bf600d6553b6c0199
SHA5122bb596dedb1287ebe57e59026d9e3584810816bb91ff241150cc5631e3f1d04bdc31eafe8eaf0c4f6be46b5651ec9d497c55f9a773c22ce72bf3bacc362fe261
-
Filesize
1KB
MD575666668ecb70b9f5b20ccac46228329
SHA193e38e4bbe08a0bf44c921dc2be94285b53f35b6
SHA256ed29fdd687ed092c10af9d3bd36f2d4571bdf911b8ed5d104041d39f5b41d236
SHA512fd54f89d26fc042c578aabda4064e71a4906e2d0c6aa476c96217179284050dedf7395ebc7c7fc990243e24ef2d1c16177bdf0e54f0a80dfaa9eaf09cea2997b
-
Filesize
2KB
MD58ee2b1124f936112471007177858dc18
SHA16d4100948b7df01fd995c9a48118b0e9226f7c3c
SHA256edcb7b89b18fc8992e2de9382e18adc16de86824d58a54b51689769683742869
SHA512b522b6e6269a685719b8ff4dc70dbfebd3e6225f2de47b31a3c7cc4ec48144cc9430a9e4d2f6cca6bd938c8e3ef035f2f8aac8e840616b6273938f39e943f4a5
-
Filesize
2KB
MD539f1fbe83e7125a1b72a3f204fb6df24
SHA1996fb86a98eaf9dcb3f9f30966d39633209f88d6
SHA25676666e8158724de8fdee5cbfdf5df50d8b8dadb7884e40ead9e93d1b6acc9fee
SHA51207aef83b99513769f9ab4b26119be76381a425f5bb0124b108262ee053bdcfc206281fafc05c3105e0f5415eb31bf310ade3a50627d78fddd04d9920bf778034
-
Filesize
3KB
MD5b0ba6a90ab21ceba4c58c60c119cda1a
SHA1dcb580b0ff29838edaefc2246d8c0f3a6cc3ea21
SHA256409283eaaca0b90a9dab2ef598024c7338b47ccaa195bf60cbcee86a1fac86ef
SHA512993d72a1b48f7b7e096453543f3cbd8aa5c4b5a944200fe7a3fbe0556e3e555a02b168c3ccb46030e36b3273bc2ac85cee8bc12023e53650a082700f6ade10e4
-
Filesize
1KB
MD59a4752885a7c5cc40b1e29e3b4ac15cb
SHA1755df3e89a22d8043f393a2ce23f172330999e4d
SHA256904972b85fcb3a1ebf8937e5cec6934fd6849413d779f1b4d6a34e024a89c8eb
SHA512dfcc84fcf4e20b3b8db125e0d313e2a363e8309a16be2900dc552bfe1c90c914925bffe58025d669163d4b74c9aa27c567a200dd82848c380f2bede6ef764908
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
16B
MD5aefd77f47fb84fae5ea194496b44c67a
SHA1dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA2564166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3
-
Filesize
2KB
MD575629144d81d4e367f9a41f4d003e4c9
SHA1bf08bc21a0698a18c01c47f69ff6ddc2132b9eea
SHA256132ee2de8940a18cb7b3805155761d67e7b8872f79afdc2fecd73998d42e4b85
SHA5125b18fb530911282d5b8d0fff0844b9f950791e6b417f9c65aedfed64bf742823c47cf65e832ddc68e15e559817b4a12cc3f936438ad3a08408d0a53ae64273cd
-
Filesize
2KB
MD503d6dba2f291f25277a0386e6411a241
SHA164a99c9d97376668a87308836f37795cb03222a2
SHA25659e5716fe879bd4274acabc627c608c13b64dea7b3b5f2484df6f97520494b38
SHA512e1c48a239100a66d3891edf8d6238ad88e1f566b43fb18e6cec77ea613c0bd6a266525a87546b1dca75fbe4f041c4091da274f006b0eee574bdc9c18205aec3f
-
Filesize
2KB
MD503d6dba2f291f25277a0386e6411a241
SHA164a99c9d97376668a87308836f37795cb03222a2
SHA25659e5716fe879bd4274acabc627c608c13b64dea7b3b5f2484df6f97520494b38
SHA512e1c48a239100a66d3891edf8d6238ad88e1f566b43fb18e6cec77ea613c0bd6a266525a87546b1dca75fbe4f041c4091da274f006b0eee574bdc9c18205aec3f
-
Filesize
2KB
MD56437bfcc89b60cd73f89a2a9d4494657
SHA1c4c65b64d0db3888bff659e8c0f1fe20488e5489
SHA256ee26d5caa8a7cd3de5fe2fc1869f86b08936bb2dbda4dc7a216556d842f6b1d7
SHA512663d575540e95f7c3d41aee2402b089f531ec0c7d2c51d9872bf25ae8fc31bfe3a2341bb719aacd9ba3cb3b87b9eee8f1d86df3b116deedbc6a47dbb05b5c4b1
-
Filesize
2KB
MD56437bfcc89b60cd73f89a2a9d4494657
SHA1c4c65b64d0db3888bff659e8c0f1fe20488e5489
SHA256ee26d5caa8a7cd3de5fe2fc1869f86b08936bb2dbda4dc7a216556d842f6b1d7
SHA512663d575540e95f7c3d41aee2402b089f531ec0c7d2c51d9872bf25ae8fc31bfe3a2341bb719aacd9ba3cb3b87b9eee8f1d86df3b116deedbc6a47dbb05b5c4b1
-
Filesize
2KB
MD503d6dba2f291f25277a0386e6411a241
SHA164a99c9d97376668a87308836f37795cb03222a2
SHA25659e5716fe879bd4274acabc627c608c13b64dea7b3b5f2484df6f97520494b38
SHA512e1c48a239100a66d3891edf8d6238ad88e1f566b43fb18e6cec77ea613c0bd6a266525a87546b1dca75fbe4f041c4091da274f006b0eee574bdc9c18205aec3f
-
Filesize
12KB
MD5c7fd38ace8606f077704ef6afda0d33c
SHA17c84ed1360b7bc8573aba30e7db44173d87d9115
SHA25656e8fa0dd3858774a8b7d0679e3406f889f91d154cef5d33340c62b12d8cfb10
SHA5122489ceaa110f947c68be67d2614990c7074bbe463b4adb71b2d39db856f3f86e60cdc81b4275b2f2c030030dc671fab4a0269f33f846de19c30b5d90a8d86775
-
Filesize
2KB
MD575629144d81d4e367f9a41f4d003e4c9
SHA1bf08bc21a0698a18c01c47f69ff6ddc2132b9eea
SHA256132ee2de8940a18cb7b3805155761d67e7b8872f79afdc2fecd73998d42e4b85
SHA5125b18fb530911282d5b8d0fff0844b9f950791e6b417f9c65aedfed64bf742823c47cf65e832ddc68e15e559817b4a12cc3f936438ad3a08408d0a53ae64273cd
-
Filesize
2KB
MD575629144d81d4e367f9a41f4d003e4c9
SHA1bf08bc21a0698a18c01c47f69ff6ddc2132b9eea
SHA256132ee2de8940a18cb7b3805155761d67e7b8872f79afdc2fecd73998d42e4b85
SHA5125b18fb530911282d5b8d0fff0844b9f950791e6b417f9c65aedfed64bf742823c47cf65e832ddc68e15e559817b4a12cc3f936438ad3a08408d0a53ae64273cd
-
Filesize
12KB
MD5cfbd2079b3623fe4e8c7c6b474f219ba
SHA178193d546d4850ef676d45afae2f9bc52fd9d329
SHA2565e3b9ea587e0f5186ddb18550c78aa850899bbdefa092f3734c613eff25e19a3
SHA512248cf840e4721536e69a438d9a469b03aac9b2608116853fb3b8ef6fb507b6a90f9bf4e53faf6a14bb6c9ad3294f3a3992a03a6ebc8afbf2eb50bf4a5c4261b9
-
Filesize
3KB
MD5127038be94064085470f8f3babb8b422
SHA19d7c8ffeaff46f21395d826766b28ce942d990d5
SHA256b91486167998762650c8fd56da14c0afba149b5ab04be7939fd21c8cc3efb397
SHA512502ad7a0fc63822124e04e9f089b9274f32b8b5083918dac754034e0825cd8731ff0b0a1ddde793c5f29c91a42255c45546a4b6612a5c4224cbac7ee72814919
-
Filesize
3KB
MD5127038be94064085470f8f3babb8b422
SHA19d7c8ffeaff46f21395d826766b28ce942d990d5
SHA256b91486167998762650c8fd56da14c0afba149b5ab04be7939fd21c8cc3efb397
SHA512502ad7a0fc63822124e04e9f089b9274f32b8b5083918dac754034e0825cd8731ff0b0a1ddde793c5f29c91a42255c45546a4b6612a5c4224cbac7ee72814919
-
Filesize
329KB
MD549197d4a91c33d9ec952ff98318e296a
SHA17d87bb7418298e9aa71bc88e65789fa537a6ed1e
SHA256a98a89d805bfa81e15eb1a88ff08f63e6a652769357043a12db2b27250942abd
SHA51214424a8436d2c363d9776384ecde188032ec70d8dd6428ca54ecbb59acaabf5cf61007f87a14c4e02d5c143d6105c19127301feac6f79c5cc34f5d801ada73b2
-
Filesize
76B
MD50f8eb2423d2bf6cb5b8bdb44cb170ca3
SHA1242755226012b4449a49b45491c0b1538ebf6410
SHA256385347c0cbacdd3c61d2635fbd390e0095a008fd75eeb23af2f14f975c083944
SHA512a9f23a42340b83a2f59df930d7563e8abd669b9f0955562cd3c2872e2e081f26d6d8b26357972b6d0423af05b2392bddbb46da769788e77fd169b3264ff53886
-
Filesize
1.3MB
MD5b547e028eef4572f9996cf8fec6259db
SHA1cf06406c9ee6dc24414a2514292135384939d5a9
SHA2567e1320febc80d276f5e1b8b5b324371586268e254ec12dc9a43c42302872aa7d
SHA512bf577e1bdf90f58c8393834d1c11a99910fddf85ab758eb8cb0ccd6b1f364488865c0b5575b0762302f1ee0e10b993e11df9b1e2e2be0b98a8bec6655b173b43
-
Filesize
8KB
MD57dfd7504a4964accc704890437dcf2f9
SHA10685e96bfde755e5183daab67caac754ecbb02c6
SHA2566cbad878fcd1826f04b0d15b0b93bd0df2a6530af37a6c33bfbcca7719c0b4f1
SHA512a1c2b57fb2c9338aa333db5cda0b4eee70887f7ba0d4bccc8470b772c52366c7928524ca1426ff2a94e33fe7a0421e7e4d096f61441797fd540ed5c9f39d6498
-
Filesize
12KB
MD5df34441e95f6cf6ed5037de12225d281
SHA1b1d47177477696ad6af91e83a7bc34043569cbca
SHA256e6e853aa9e737fd050bb44ec85d86d1376ea81628e7faa4f7d487457338c3aaf
SHA512c1a1b314e719da671f31727108b0b0e68222a3a1a4b8567725790fb1af1f5faa1c90392f853c5a5c72eb3ef5e7d992a5f9be39e2529c99c9d0850b64f5ede6ff
-
Filesize
40.2MB
MD5fb4aa59c92c9b3263eb07e07b91568b5
SHA16071a3e3c4338b90d892a8416b6a92fbfe25bb67
SHA256e70e80dbbc9baba7ddcee70eda1bb8d0e6612dfb1d93827fe7b594a59f3b48b9
SHA51260aabbe2fd24c04c33e7892eab64f24f8c335a0dd9822eb01adc5459e850769fc200078c5ccee96c1f2013173bc41f5a2023def3f5fe36e380963db034924ace
-
Filesize
808B
MD541f674ecd82f0a6214cdb9518abd2798
SHA1409fad15a3aa2fc299aa112814d168b95e329938
SHA256543a1675d754f164ced55c7b7e1bb5cdfcd2fe8fa61174a4b601d4744be067fe
SHA5127afa9801c219999cf817d9357fd98a78c133cdc67a78a7a678259755c55c56c437984a7b76deb38ff9f833c2c65d1dae7d7551e994586a382575b980bfe5413a
-
Filesize
63KB
MD5e516a60bc980095e8d156b1a99ab5eee
SHA1238e243ffc12d4e012fd020c9822703109b987f6
SHA256543796a1b343b4ebc0285d89cb8eb70667ac7b513da37495e38003704e9d88d7
SHA5129b51e99ba20e9da56d1acc24a1cf9f9c9dbdeb742bec034e0ff2bc179a60f4aff249f40344f9ddd43229dcdefa1041940f65afb336d46c175ffeff725c638d58
-
Filesize
18KB
MD5fc9b201bd7bddca559f40ecbb0f89938
SHA16506dd79d95c299475969ed84c6f67bb009e4528
SHA2569b65f5a39c63512ae24de4d75af0df237230d34df2193e10cb91d277a0d4d923
SHA51295ba9745347626fd3fb1abd4e725766413f298142c7ce93c9bbf0ae27982860f538ef9611c4d2c779cd5e910ca17065ea0095f838b976b53f14c44ff979fe598
-
Filesize
726B
MD553244e542ddf6d280a2b03e28f0646b7
SHA1d9925f810a95880c92974549deead18d56f19c37
SHA25636a6bd38a8a6f5a75b73caffae5ae66dfabcaefd83da65b493fa881ea8a64e7d
SHA5124aa71d92ea2c46df86565d97aac75395371d3e17877ab252a297b84dca2ab251d50aaffc62eab9961f0df48de6f12be04a1f4a2cbde75b9ae7bcce6eb5450c62
-
Filesize
104KB
MD5effecce1b6868c8bd7950ef7b772038b
SHA1695d5a07f59b4b72c5eca7be77d5b15ae7ae59b0
SHA256003e619884dbc527e20f0aa8487daf5d7eed91d53ef6366a58c5493aaf1ce046
SHA5122f129689181ffe6fff751a22d4130bb643c5868fa0e1a852c434fe6f7514e3f1e5e4048179679dec742ec505139439d98e6dcc74793c18008db36c800d728be2
-
Filesize
97B
MD554cad9840e798ef7844e4c78d3fed195
SHA1adf97c182735b5657366615ed62d86d269e09630
SHA256f940ca20452b05c3cff647feec78aa624509a9ab3d5eb1beb2d814bc367d36ac
SHA512c495efe72289ede85d243e592084fa4d627c689d7fa835a958bca55fda6be6d9a53cc84e4e78e3e72e68af4e7bf9482ec27c1feb1f93b14520a984c8a87482dc
-
Filesize
77KB
MD5f6c11271bdb063f6f13c31a8adbfff7c
SHA1a6867069dc266b24cd3d9f13c563d68ab1f214e5
SHA2569c49de735bca13ef43daec9f72372c9b946151ea691d095eda0a0b9241668ba6
SHA512e7601c4bb9f6d2475ad88b1fae095e3cc99a9f2540617318a89542f0fb8a3be70deb8a71d379bac4727a00cd03fe15573d63054fc783068fc598d7b077c3e9f9
-
Filesize
11KB
MD5e098bbcb91f02a438cc77d8a5e07846d
SHA197891cd0f36bba0ea2926f163dacf5e15783b1e2
SHA256d97a47ffd0c61c0119d0f221cbbd698193c9cc4904b28989feec74f9b2277212
SHA5121a0f1a8caad5520396459b997f3736943c74f50ae824f0f8ca04ee796ee58dbfe49d4251ae61bf62f7f1ed19eb90addb5f450b5a6b9ccb5aba772fbe7903d6c9
-
Filesize
16KB
MD5ded2f2c0857b8a30e0f335abc1a6eb52
SHA1d0a8d16c6a260961cc15c308db670eae82b87136
SHA2566dcf27707b40f98d933651a38e805aedb4b356eccffd4b631f653de39040b5d1
SHA512e1f215409044d8f24dda229f15aeff12a96adfc4f1195bfdd6dc50d641b363a54ba4f2068837a5a831809c506a0d52a31bf7375b970c7ec3ee4fc14aa2621557
-
Filesize
26B
MD5e0a0ed720424ba7cabbcaf3c3b88385a
SHA1a7d9472f31a0886f1069ba87e2f752adaf2ebd67
SHA256eb569fcefe72a453ea7216a1ca3a9d756371cfa73b0a984b25e5e5d86b7f2f31
SHA512e5a025ddf5cb4302af6d6593757c29aaaad4afb84ee29dc0d03a1b1d3041f253b6de022dd59c02cd67d9d9e977631152a2da6bcff219adef3459a99a529d9dd5
-
Filesize
3.5MB
MD545b3206b0a14eb850f21a52116f021ea
SHA1f287403bed53875136f30a99350e90b93772b9c3
SHA256c6407f48bae9ff72044f64b06622076a84d9e8f36a9e0f4f0632a5e644adb6aa
SHA51213cd2891e896257271d6a1263295716855847cfd55cbe05c9420b1c4ea677f6535596888695e79ad5918ea1d01984a9482a717b86f6de4e064bb8bc154a6f80c
-
Filesize
1KB
MD58cbd78a09dddde817f09a0f6ef339e1a
SHA102866c85fcbb48de69e30e468712d24e072de7ae
SHA2562d42315aa6278a120d1a4af208c52ada5b91d1d8ae61ca1ad4a4c87c5ce57f22
SHA51258c304dd8f1f8bdd7ea64a36408dfe69f7a7fe85db7ed768df5a3d46dce2771f9785c3a3006b30450de505bac40f1c6a7b59a418bce58b87de35ba1106470500
-
Filesize
202B
MD54566d1d70073cd75fe35acb78ff9d082
SHA1f602ecc057a3c19aa07671b34b4fdd662aa033cc
SHA256fe33f57205e2ebb981c4744d5a4ddc231f587a9a0589e6565c52e1051eadb0c0
SHA512b9584ebfdd25cc588162dd6525a399c72ac03bf0c61709b96a19feba7217d840ae2c60d7b0d3b43307a2776f497a388e79ef8a646c12ae59a7f5cc4789bbf3c8
-
Filesize
202B
MD54566d1d70073cd75fe35acb78ff9d082
SHA1f602ecc057a3c19aa07671b34b4fdd662aa033cc
SHA256fe33f57205e2ebb981c4744d5a4ddc231f587a9a0589e6565c52e1051eadb0c0
SHA512b9584ebfdd25cc588162dd6525a399c72ac03bf0c61709b96a19feba7217d840ae2c60d7b0d3b43307a2776f497a388e79ef8a646c12ae59a7f5cc4789bbf3c8
-
Filesize
202B
MD5dd0c1d22223d8d0e4e271a25a6576eb5
SHA124db1209d718bd8eb443da6eec2ee28d39aaecd8
SHA256c5b636a315f8af0aac9068a2517dbb1fe136a77b9baefd12af102e65b28a13e2
SHA512fe7568b22218c10b268c115f2209ffa8282777e354a9ce0980857879c0364f005fb6af69627e95286a8229191d34e97479498986c657c6d4a394e54731653195
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
Filesize
24B
MD54fcb2a3ee025e4a10d21e1b154873fe2
SHA157658e2fa594b7d0b99d02e041d0f3418e58856b
SHA25690bf6baa6f968a285f88620fbf91e1f5aa3e66e2bad50fd16f37913280ad8228
SHA5124e85d48db8c0ee5c4dd4149ab01d33e4224456c3f3e3b0101544a5ca87a0d74b3ccd8c0509650008e2abed65efd1e140b1e65ae5215ab32de6f6a49c9d3ec3ff
-
Filesize
3KB
MD576ae3af700fdddcc4d682275985052c8
SHA15e5bb1c6b3d39f7d64f214f24bf59d0f0217771e
SHA2566c4153ec8feecc3c47eed5f898ab2e922611174de632c204ef26d0759984f842
SHA512ca4c7773c2ab51ec6adaf9eda20ca4464b1fd0eb8f00fcc1fa391fb23071975dba4c412073fabd1f1a0a5c64282e893ea1e8390e4413d77ea875c253539ae555
-
Filesize
3KB
MD58a808cf7e823e292f53fb582d4997968
SHA162fbae08d067fd7346e01cdaeb9393c69f65486b
SHA256e216f93f400b3060068502cc825c349e6dd1d5134ca07b342d7031cccdffa4d7
SHA5122b0a22e88213f4998bcaa80b0cd2ff2faec38522bf0489f3815fa2a6ec67173dd4614a06a33843246351742777db52e8c2079f2146ac9d020da4f7e4023479d1
-
Filesize
3KB
MD56a03e35f82bb110635a9f9414e637eac
SHA16b201bcb3d58c65af45b8f072beb0f7909ef5073
SHA25640f2bbdf41502152a0ca6e9b592b8d36a63ffc4089e262ae8edd0e6f99e049c3
SHA512d229748a216a6465873774868cc96ec62921097ec7e83e7c43c6651ad0b5d512ba3d03be521ebf296f569db8fe63efdaeef769ca70b289fc39e0f8a381d466ce
-
Filesize
3KB
MD5850c86cb0d61aee172ab258badd32c7e
SHA1301b3eee76a58e2f59c0bb2a46bce4c53c0992e6
SHA256f0c89897e310006b39bf17bf39993bf2a6fda5d218bd3d91927ca768736add87
SHA5125308211827154615d0c2c23b4eb0c51e0070e184eef2dc9264f8bd5eee4eebe014d52b4252ef7563a3950637d94e3a76e20e3b67fd1dc90a3a89b62603e936b8
-
Filesize
3KB
MD53b9e1c3e33e37da8fc470c65a180c6d0
SHA16d9cc95cf7c46469e5947e478fdb6a80a84520f6
SHA2563125abf7fdd40b7c742bc7fc21f93668ba93ffec453ce7fffc3521bc63633d0f
SHA5122806cb3d196ba681e88674b00b6a182f342d1057ceb564e6ae15afaa11b3729ba72429f0077c698c64d02e8b8dbf0d20233e4aba83c701eaf4ef19ed80d91da9
-
Filesize
3KB
MD53b9e1c3e33e37da8fc470c65a180c6d0
SHA16d9cc95cf7c46469e5947e478fdb6a80a84520f6
SHA2563125abf7fdd40b7c742bc7fc21f93668ba93ffec453ce7fffc3521bc63633d0f
SHA5122806cb3d196ba681e88674b00b6a182f342d1057ceb564e6ae15afaa11b3729ba72429f0077c698c64d02e8b8dbf0d20233e4aba83c701eaf4ef19ed80d91da9
-
Filesize
3KB
MD5cd98376f3d874e0aa4e99070fc4d1cec
SHA1fdf97326fa83c75ee766d6e4515126e7710c9460
SHA256eb7579efef67e4a67bd23680108c9c5ad68183d015168dc3483bfadb4959c312
SHA512f6bf9cf713c4dacace28c7ec65f5410f059ea772e478c0bfaaf98b33113d5d778d0f6e126dd87ae466fbe6ad24e64e43f625582f8a5eead5ea858a14e3546848
-
Filesize
417KB
MD54a70035c3b0d42634a9c0d0da9cde821
SHA169de21977f13bc10f440b50abd87ac446b883b26
SHA256ddf797d618c9104944ca53e6d8c993c01ab3d0c1bc51d7ad9e76d1ba373ceec3
SHA512e2a7307aa8c61d7ee400bf8fe1a6446b7e35be93f4316ccc5dd9e3683459f44cf49ecfbfe4f214ac0950c072cebabbf2565dd2859fba7b35dcc305ba817d2831
-
Filesize
162B
MD5cee555c0a409cfb55987a2584b287b04
SHA15e115e6e12fd3ecf1625a140b5aa7cb2b37f8e41
SHA2560beab033cadc137bc74f16b62eb090a796cafa643a323e13cf3b4f908c644bc2
SHA5120e7d492e8100a6de3f4467276994bb8779c388bb29eb9e3d44aba75925c97bdecc3409231a028719c4168e99c7c3972cb016c88c4d45d0604675445f2dfa1283
-
Filesize
10KB
MD5ff34d8b6ac5f68021985a2fae567efc1
SHA1b4a47926d0a0e81883c67bdb3fd7bfb8155d40f9
SHA256ee1c0389623a081cbfce731a8060feed910572f23e2f0c50f21bcc9fd3ba4046
SHA512fa28b5f21dde6f107bc61af00959ced9683d5028cc705bd94a90c091cc2a642c2d04dddcc2cb343b0f269ca3ff5f979afbc60a32254a7106e9f722cdd4ed7798
-
Filesize
11KB
MD5601d07e25025c4b98beb614f6d5402a3
SHA1b5accfea55d91b7f58bf5d4f3cf771e51fb9f492
SHA2565bc2f6ad0a0c19dc1695308f3ec15accadcd28bf5e986ae4c1ee89b697766316
SHA5129d526a791ef17856d239b1bf12273e0ca9207f398b528ebee178d463a1263cb0d495588256a5941cd220cc55ce48468c596601ba3dd4baaa662f53a4b754e6b2
-
Filesize
7KB
MD55d60c5130f6681076ae58fd08c621fda
SHA1e6540af1e30dd27a1bc6e219b720f2d4ec737f83
SHA256d08bfc8b5fd77a6337840e861a989ffa6503f6279b5b2ba1f11566fac3be126d
SHA512d6f593321e3d61ef67a3eb421684b248ca19260ae5f2ef11288e7542be2f31dddd61ae8410db77eae1739282015355a89b3ff0490b808c2264a3baf75c8c174f
-
Filesize
10KB
MD5c70854221783c00de85bc214a7221630
SHA1690ff566d77de5491b729da7c57375c79f2f189d
SHA2566133afadece25205e80f0e5ac4bd6bb0bf9998ca4cc0f5102598b02d369878a5
SHA512a284cf5fe31103cde2ee36e7c25657bac255d643c31a6c8bbda324794d86e33ffd0ae8f9c1b4b633a88a9accd571545fdf5be48477c42534057444395c006151
-
Filesize
101KB
MD5fbbd2889c1ef26ba3ba41058403e427b
SHA1f10bc253d9bb8890c9b1ceb15440460ac65b32a0
SHA256c3674ed1fd6458f204908076abfdf5cab812d1efdbb7c6a506c9a0e063b61a3e
SHA5121242130de52ab0c4f596ec595b5292c7531edca16404da8db40b74d4d823da8a152a5e661f62859028951408caabfe6e9bd06f5b396b4306d7342758b0571b86
-
Filesize
150KB
MD5c813ecdb8c550862a04c5e0b48bd6ce2
SHA1e120de71d504ad17f1f33ef1a9eee5b9f0a49f9b
SHA256f1bb92b1e68c45e58bb868a42077cb7581f705ece6f83b433532e97f1bf66761
SHA512727b201a829003fc8989f27497257c9668015fed763932c0c9595652d7523354f8b2de5326d69db00685400c2d3434b454d98ed07516fcd50cce5e24bdbb89ee
-
Filesize
115KB
MD5d84f5e9e2f1b5ca7d8b102e66c630545
SHA10ef0fa4cc1cbff4d0f62e600545e455409f2ba43
SHA256d3a85bfa7778d08662d4a3216819a5876b1afb01b5c8557c7491e0d45dffdca8
SHA5121cdd7e72293e11dbcafb69519b5f85d9f0f88570b819f2c86f8d74bb5b8eb89c4829fb7dc4fc9f18499679b66a69a2c26885626ecbb63bc3ce0a6feb236b6020
-
Filesize
1.1MB
MD5b98e3bcbc0b56546cbe0f80f79d4e614
SHA172abb7a89d5f4afb9bb2a563983569bf2560149c
SHA25640fbfc882a37163fee4f71ce1e807deff14330bd24385936d4332868a0147f55
SHA512276bc508df8c71eeb364565d66db3ca41e0decae03ab1453278c020da3c6a0d81f4d570e983f7d7f19e35a59af10326b5d225039a2eaa12025bc31a916a27cc1
-
Filesize
68KB
MD533033ab23de30d4a750325903cee9118
SHA149f5566ace855addb9e6dd2f43e212afaafd02f2
SHA256c655f28cb2ece6805b77709033bddd9583cdb5af3e7fe3f98fe7b99047541d2a
SHA512446d42d69b961115d73c05cbb37b36911fae73b71ea2dafb483507d2bc444e5258c165d4de1598ad648237a587d51ae5d30b2ae9f596f4ff2022920746a565af
-
Filesize
96KB
MD524e62d756d4e07447befddbe36c69a10
SHA1a8737776d2872aafbd58c62dff917112fbfea519
SHA256c3ca687c92561e245b8a9431da6abd0adec8bd4192b9b3b7ec3690e73a7f3f80
SHA5120c3f21cc652b7be9380c6c98dc0a764f528d2b2a8c504ff9c7667ee251cdcd6255050339b46458c793e8a384280bbc708c6d403dc70b90e051b8382ce4809620
-
Filesize
21KB
MD522d3881ed0f97e7f44ef1374340d3c6e
SHA1fd4b1b39973715bcb7ed99876db7803e4d650143
SHA256e8e57c997870c200c31472caa121699ea8ce4edc381f913a1d66ff650dc70f0e
SHA512cb7efee600b446e49935d34e3c727a29611cb908ba9e16f750269173c2d28bb3026664d05ab0fd927d14a8ce43b96ed068486ef6e4e622dafdca29b060a1b92d
-
Filesize
7KB
MD50116b95b613beece50cd4ca022380c8b
SHA12bfbe5afcaaed6e7dc755b9fe29e9342fc2686c8
SHA2562643839594aa8c861df9bbad16292530a84ab45dbc6552e2043764390d95170e
SHA512b8e9f0dd6cb8424cb6908c7dd79fae31c7bac53f3b41982ffa012e859b6c77b98edc48bba104ff42467ab7c513f50119b005e5e214b5bcea283c26db5a96881f
-
Filesize
9KB
MD584f5bb39a5ac5dfc89023be8972d5f93
SHA127d3a6205bbe0c5d6e70be79d73f829c9d6fff26
SHA2562c53652e35ea4df2e2ba8c0136ce2a70004ee12418f20314f530b5051be44b88
SHA5128cd7d2a1a1a585889c87f8df5f2db8c28ca5bc078c523fab89f98bba7785af7c3fbedb17db203fcac322cf0b5f8837cc017d83c62e6e07ff875bf99b8eb0f821
-
Filesize
146KB
MD524650b1317b2171767aedcdeb5b7acc4
SHA1f6ea4c5a4016755ed233b91d34078b609ce0b18b
SHA25615f8aa6d0ff68c1e3fb2cabdae1c8f7eb1495da9a8c26aef73e9a1511745d5c7
SHA512c80578de9ffb5628599cb23c13f1cced809d52b97576e7427acee1327cfb0013fb13352a2a62852b611e39118f1a227c5fe5fc6312b8f51bdb36655684fd4339
-
Filesize
8KB
MD545e886156e8e287ea91eb7fafe296082
SHA10499e4fc76a475807547f8eaaf50a0638bd9ab26
SHA2565e8202e752624d1018c373eeae7ba381efe082e741e77cea4645541b283682a5
SHA5124f675e29b905427bfa16ac18f97bc24aab8eecea2aebda71ee048bc8b1b6005b58cc4e6128f121cb5707712ccb68f367a7e17c32626d1067fe056b4e91ce1a4f
-
Filesize
7KB
MD542bdd0578ddcfa73c65e768d869a6a1e
SHA1b56f03ae362ecb5ccc28d84b8fae0c15026f428f
SHA256a235f2e40963010cbffa829cb076276af01ec1a1aa9154f0c4fc6387e514df66
SHA512adb77af2144a65cdcc100ead6009bde328fd3c8595c0171dce5abdf7a8b68eb380712170b0bdb13a065286bac52639519852a412af9a97e39971344d2e1c2c4b
-
Filesize
8KB
MD5cb943cae5497c83d6acb32d49d3e9a31
SHA1ed07c21d13c6bf97e20b7b8b3b3b725e7fcb2bc2
SHA25645d52550c4ee08495f20bef9ef2d0b9f386938b5287ec6be45c13b990987a2b6
SHA5125aa46af3632861d275f4a0858aaa2b827cd32dce29fdc54d5f98e5a8b33a8d406459f15829d52a54f30ea762a177f66cba24b53fe36ff1656443b77fb6ee760c
-
Filesize
5KB
MD5d19b3d1b4244f0aa8504ee6130e52d02
SHA1abc30838468b0235605b31813611f4f8b35e73f5
SHA256e9350300715f49ee4dce23a586bb7395a87d71cae98f42739271002268c188c4
SHA512006b88161d9e58e7e70cd766fe74bf688ba110216c2dc12cccdb9a0ddd37924be11691980f6b63dc077637680d34f54aa95a23d2a0778ef1bd44eb0d6bcd55f5
-
Filesize
142KB
MD51bd26a75846ce780d72b93caffac89f6
SHA1ff89b7c5e8c46c6c2e52383849bbf008bd91d66e
SHA25655b47d0f965800c179a78314b6489d02788a44fa2ce00f68b2d860440216927a
SHA5124f5e14637e9e89700f1ee2d0e575d26d4f3d164d859487f1471bf4410dec6d0d7dbf552c6f791c12388be035c6b974610cda8882c6394438e2220b79e4d74e9e
-
Filesize
147KB
MD56d4b430c2abf0ec4ca1909e6e2f097db
SHA197c330923a6380fe8ea8e440ce2c568594d3fff7
SHA25644f8db37f14c399ea27550fa89787add9bfd916ffb0056c37f5908b2bac7723e
SHA512cf28046fb6ab040d0527d7c89870983c02a110e9fe0ecf276395f080a3bd5745b920a79b3ce3bb820d7a5a878c0d13c37f67f4b5097245c5b93ca1111c1e830b
-
Filesize
141KB
MD56adbb878124fcd6561655718f12bff5f
SHA11711619dda04178fb47eea6658da6ad52f6cf660
SHA2560b16ac631d596f85f0062dbe5da238c0745bd4c033207cba2508465c7c7983cf
SHA51288ec8b3c4670970900ef8fdaf0865e24a5bbc9c0ca375eb6ce12e8d8a3ec08c8a45dfc8ae3c7f4ff1974d5e4b53e0905c5dffadb852e730eb8097a22cd750006
-
Filesize
142KB
MD5d7d1b8bc2cf56644da193ee364a777f9
SHA14dd169d3f3034db20cd30e424cc02b7eb4b28ae2
SHA25641e5824ff8d0e3cd25724f39f2857974db5ecd3acc84d0b28d971ee31a34a74e
SHA5122cb675e2eab0992c0d3fd70a300b676ff4994ca43d8ec60dcb0138314a28639e7d51d7a60639de1b6c801052dc5d30fb8acbd8ce61014e017725bfce48dadaaa
-
Filesize
125KB
MD5eef14d868d4e0c2354c345abc4902445
SHA1173c39e29dbe6dfd5044f5f788fa4e7618d68d4d
SHA2569f32176066529c5699d45728fcad1bccce41d19dded4649b49cb24f7eef9ce7f
SHA512c926f13a0fc900dd7d740e2d7d33cdd1902ece0bfb44b6e1f5fed6ffd348c3e7d71089fb9792e38799e8df6573bc09e67bbe132cf9c2ae0a7199534dc5d959ee
-
Filesize
710KB
MD582d7f8765db25b313ecf436572dbe840
SHA1da9ed48d5386a1133f878b3e00988cbf4cdebab8
SHA2563053aa67e9cb37cd6f9645ef3bec8d43b1863afd852d3860ea73fcd83c7010c3
SHA51259766b408b548dc020b54c79a426b361112c33c7263c16ca2e69485dadca05fb4c63b6433063e77c6a9e28a43ec6d3c8206ea702a33b79151fa6309d83b316a8
-
Filesize
680KB
MD5407f4fed9a4510646f33a2869a184de8
SHA1e2e622f36b28057bbfbaee754ab6abac2de04778
SHA25664a9d789cc9e0155153067c4354e1fc8baf3aa319fa870a2047482450811f615
SHA5121d420ea7ac787df81bbc1534e8fac89227f54fffff70c08c6d2da385762e6c5766448ab4a47aae1c5cbc671776522b6fb6d9c27870b505ae101462bce912867e
-
Filesize
758KB
MD58c1615b6c17ee2486e2aac7151f23fcb
SHA1137f5687991dcca8c647c6c1df6288b8fb1f6721
SHA2561332555a20a9d471b23f69e25a6628cb061b1067511bfcf2197205c66d37cd68
SHA512cda1485f53fa6591fac6ea5d8af69f8421eaa1a9bc4b2e61737bf30fbaec8b7b17e62e3754629508d351d93da896fa3ea6a0cedfbbae1683f706c8e109a693ae
-
Filesize
762KB
MD5f0aadc378bf104a4ded850bf8214a32f
SHA1ec5c34131cc08b38a5cd8c891c908fe6da4d9e95
SHA256721ba15ce5668712c527c7d4b4ee8fb86e22c25cf18209ed6539362ad02a829a
SHA512873ebcd4cc2c339f90628a62185357c0ba7132ffd9034eb5af2418119fe08dca8b892bdc51eb45b1d1ac01ffa65edea1ddcca5a08f41e738b2bece3e2f13448d
-
Filesize
751KB
MD582e56f9621c3961913859fee9ebecef1
SHA1d861df1e11ffabdda0d79feb6aedda8ded111625
SHA256f33066dc47a70f746029668e0dcb41bd284db39f69829350ef1634cea40b14d4
SHA5124b77462d9b5ab77f4d201ba54384d74d3d3c5095a514efbc5691ce247b76f9510c0c2671280b00a06a0766ae756c9e3a5ffb8bb56ed7d95648c41a9abcd62640
-
Filesize
466KB
MD5725300df47e21bf6adc1e51b0646efc1
SHA102f12225661de7e1082eb7ea08c2ba332c789514
SHA2567caeabba4ea91169828c6aad0975eb69e0e70229e4e4c5c263eb62a6d51308c3
SHA5120bdd332e598415d091643da9b0ea1a2bc18fe9a716f7fc56e1599cca1fbbcd8c049dfa66d3b6015c4651c277101059ae2ca172138510ad3258a8eeda8b1b13af
-
Filesize
3KB
MD5b133a676d139032a27de3d9619e70091
SHA11248aa89938a13640252a79113930ede2f26f1fa
SHA256ae2b6236d3eeb4822835714ae9444e5dcd21bc60f7a909f2962c43bc743c7b15
SHA512c6b99e13d854ce7a6874497473614ee4bd81c490802783db1349ab851cd80d1dc06df8c1f6e434aba873a5bbf6125cc64104709064e19a9dc1c66dcde3f898f5
-
Filesize
47KB
MD540b778225a1abcd93b6c03c410599a94
SHA110a9069ddb6eb032d450894c6c94f85704b1f887
SHA25640dd2732b634f11150bbc2d0fb6ea49ede1928bef97dc028286733134ad53d6e
SHA512f2c64e4510421d5d8a8dceb37032f0d8dfb2b58808a48b3344ac7e9823be8b3a7bb2b5cd349a6eb8ce53f7e531d42616f275ca7cede0afd6734560377856af55
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
116KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
56KB
-
Filesize
40KB
-
Filesize
32KB