Analysis
-
max time kernel
713s -
max time network
711s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
07-01-2025 09:24
General
-
Target
http://goooooogle.lv
Malware Config
Signatures
-
Disables Task Manager via registry modification
-
Downloads MZ/PE file
-
Executes dropped EXE 38 IoCs
-
Loads dropped DLL 9 IoCs
-
Adds Run key to start application 2 TTPs 3 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
-
Detected potential entity reuse from brand MICROSOFT.
-
Sets desktop wallpaper using registry 2 TTPs 3 IoCs
-
Suspicious use of SetThreadContext 2 IoCs
-
UPX packed file 4 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 43 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 17 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 39 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Checks SCSI registry key(s) 3 TTPs 11 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 15 IoCs
-
Modifies Internet Explorer settings 1 TTPs 6 IoCs
-
Modifies data under HKEY_USERS 29 IoCs
-
Modifies registry class 64 IoCs
-
NTFS ADS 10 IoCs
-
Opens file in notepad (likely ransom note) 1 IoCs
-
Suspicious behavior: AddClipboardFormatListener 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 62 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 6 IoCs
-
Suspicious behavior: LoadsDriver 64 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 62 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of SetWindowsHookEx 27 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://goooooogle.lv1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe4e6546f8,0x7ffe4e654708,0x7ffe4e6547182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,16039951674770979742,13205243785630408796,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,16039951674770979742,13205243785630408796,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2488 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,16039951674770979742,13205243785630408796,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,16039951674770979742,13205243785630408796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,16039951674770979742,13205243785630408796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,16039951674770979742,13205243785630408796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,16039951674770979742,13205243785630408796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,16039951674770979742,13205243785630408796,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4132 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,16039951674770979742,13205243785630408796,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4132 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,16039951674770979742,13205243785630408796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4056 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,16039951674770979742,13205243785630408796,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\msinfo32.exe"C:\Windows\system32\msinfo32.exe" "C:\Users\Admin\Desktop\DismountDisconnect.nfo"1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
-
C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Windows\system32\OptionalFeatures.exe"C:\Windows\system32\OptionalFeatures.exe"2⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
-
-
C:\Windows\system32\msdt.exe"C:\Windows\system32\msdt.exe" -id PCWDiagnostic -ep ControlPanelSearch2⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
-
-
C:\Windows\system32\OptionalFeatures.exe"C:\Windows\system32\OptionalFeatures.exe"2⤵
- Suspicious behavior: GetForegroundWindowSpam
-
-
C:\Windows\system32\OptionalFeatures.exe"C:\Windows\system32\OptionalFeatures.exe"2⤵
- Suspicious behavior: GetForegroundWindowSpam
-
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}1⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\srtasks.exeC:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:21⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}1⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\System32\sdiagnhost.exeC:\Windows\System32\sdiagnhost.exe -Embedding1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\aktymh2m\aktymh2m.cmdline"2⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES389A.tmp" "c:\Users\Admin\AppData\Local\Temp\aktymh2m\CSCA3F3D6096C7A40C9ACD77E70FC285D14.TMP"3⤵
-
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\zpldt3kb\zpldt3kb.cmdline"2⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3946.tmp" "c:\Users\Admin\AppData\Local\Temp\zpldt3kb\CSC859C9A4D67C4972B99912FF43A1C294.TMP"3⤵
-
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\41jsl5g4\41jsl5g4.cmdline"2⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3B59.tmp" "c:\Users\Admin\AppData\Local\Temp\41jsl5g4\CSCB9E09EF278004B5B98953762DF127.TMP"3⤵
-
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\1fy2i5ta\1fy2i5ta.cmdline"2⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4F3F.tmp" "c:\Users\Admin\AppData\Local\Temp\1fy2i5ta\CSCCF3A2166F5464899881EA261ED22F78D.TMP"3⤵
-
-
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}1⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{FCC74B77-EC3E-4DD8-A80B-008A702075A9}1⤵
- System Location Discovery: System Language Discovery
-
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe"C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe" /uninstall2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe"C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe" -burn.filehandle.attached=544 -burn.filehandle.self=564 /uninstall3⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
-
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe"C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe" -q -burn.elevated BurnPipe.{B0C7578F-3BA8-446A-A3D2-43057ACE3EE8} {B47EF916-5006-41AC-84F4-E3372927DF04} 30764⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
-
-
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 556F3C4815F5E12BA4C4CE74A6A196272⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding BDD2B26EC7D45055A8E688E87174FE452⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 1C6EF181CED7DB039683CBCA8A2790E82⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 51FE3511999D5F506DF38BAE13B283F62⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe4e6546f8,0x7ffe4e654708,0x7ffe4e6547182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,5780164545163169758,2836295453313897807,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,5780164545163169758,2836295453313897807,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5780164545163169758,2836295453313897807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3120 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5780164545163169758,2836295453313897807,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3136 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,5780164545163169758,2836295453313897807,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3460 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5780164545163169758,2836295453313897807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5780164545163169758,2836295453313897807,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,5780164545163169758,2836295453313897807,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,5780164545163169758,2836295453313897807,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5780164545163169758,2836295453313897807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5780164545163169758,2836295453313897807,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5780164545163169758,2836295453313897807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5780164545163169758,2836295453313897807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5780164545163169758,2836295453313897807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5780164545163169758,2836295453313897807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3140 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5780164545163169758,2836295453313897807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5780164545163169758,2836295453313897807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2108,5780164545163169758,2836295453313897807,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5972 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5780164545163169758,2836295453313897807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1288 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,5780164545163169758,2836295453313897807,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\BabylonToolbar.txt2⤵
- Opens file in notepad (likely ransom note)
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5780164545163169758,2836295453313897807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2108,5780164545163169758,2836295453313897807,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6668 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,5780164545163169758,2836295453313897807,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6660 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Users\Admin\Downloads\Amus.exe"C:\Users\Admin\Downloads\Amus.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\Downloads\Amus.exe"C:\Users\Admin\Downloads\Amus.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\Downloads\Amus.exe"C:\Users\Admin\Downloads\Amus.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5780164545163169758,2836295453313897807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2108,5780164545163169758,2836295453313897807,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6484 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,5780164545163169758,2836295453313897807,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4796 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Users\Admin\Downloads\Bugsoft.exe"C:\Users\Admin\Downloads\Bugsoft.exe"2⤵
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c c:\windows\jk.bat3⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Users\Admin\Downloads\Bugsoft.exe"C:\Users\Admin\Downloads\Bugsoft.exe"2⤵
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c c:\windows\jk.bat3⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5780164545163169758,2836295453313897807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2108,5780164545163169758,2836295453313897807,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6212 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5780164545163169758,2836295453313897807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,5780164545163169758,2836295453313897807,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5872 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2108,5780164545163169758,2836295453313897807,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5076 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2108,5780164545163169758,2836295453313897807,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5992 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,5780164545163169758,2836295453313897807,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6020 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,5780164545163169758,2836295453313897807,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6728 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Users\Admin\Downloads\Pikachu.exe"C:\Users\Admin\Downloads\Pikachu.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\Downloads\$uckyLocker.exe"C:\Users\Admin\Downloads\$uckyLocker.exe"2⤵
- Executes dropped EXE
- Sets desktop wallpaper using registry
- System Location Discovery: System Language Discovery
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5780164545163169758,2836295453313897807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5780164545163169758,2836295453313897807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1284 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5780164545163169758,2836295453313897807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5780164545163169758,2836295453313897807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5780164545163169758,2836295453313897807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7060 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5780164545163169758,2836295453313897807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7108 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5780164545163169758,2836295453313897807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7188 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5780164545163169758,2836295453313897807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7380 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5780164545163169758,2836295453313897807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7756 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5780164545163169758,2836295453313897807,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5780164545163169758,2836295453313897807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6852 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5780164545163169758,2836295453313897807,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6972 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5780164545163169758,2836295453313897807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2108,5780164545163169758,2836295453313897807,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5076 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5780164545163169758,2836295453313897807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7796 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2108,5780164545163169758,2836295453313897807,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8076 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,5780164545163169758,2836295453313897807,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6916 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,5780164545163169758,2836295453313897807,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4768 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x338 0x3d01⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\Desktop\Amus.exe"C:\Users\Admin\Desktop\Amus.exe"1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Desktop\Xyeta.exe"C:\Users\Admin\Desktop\Xyeta.exe"1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 4482⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2988 -ip 29881⤵
-
C:\Users\Admin\Desktop\Xyeta.exe"C:\Users\Admin\Desktop\Xyeta.exe"1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 4162⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 2360 -ip 23601⤵
-
C:\Users\Admin\Desktop\Xyeta.exe"C:\Users\Admin\Desktop\Xyeta.exe"1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4948 -s 4162⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 4948 -ip 49481⤵
-
C:\Users\Admin\Desktop\Xyeta.exe"C:\Users\Admin\Desktop\Xyeta.exe"1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5780 -s 4162⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 5780 -ip 57801⤵
-
C:\Users\Admin\Desktop\Xyeta.exe"C:\Users\Admin\Desktop\Xyeta.exe"1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4984 -s 4162⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4984 -ip 49841⤵
-
C:\Users\Admin\Desktop\Xyeta.exe"C:\Users\Admin\Desktop\Xyeta.exe"1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5716 -s 4282⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 5716 -ip 57161⤵
-
C:\Users\Admin\Desktop\Xyeta.exe"C:\Users\Admin\Desktop\Xyeta.exe"1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6120 -s 4242⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 6120 -ip 61201⤵
-
C:\Users\Admin\Desktop\Xyeta.exe"C:\Users\Admin\Desktop\Xyeta.exe"1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5976 -s 4162⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 5976 -ip 59761⤵
-
C:\Users\Admin\Desktop\Xyeta.exe"C:\Users\Admin\Desktop\Xyeta.exe"1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5604 -s 4162⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 5604 -ip 56041⤵
-
C:\Users\Admin\Desktop\Xyeta.exe"C:\Users\Admin\Desktop\Xyeta.exe"1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4768 -s 4162⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 4768 -ip 47681⤵
-
C:\Users\Admin\Desktop\Xyeta.exe"C:\Users\Admin\Desktop\Xyeta.exe"1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5148 -s 4242⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 5148 -ip 51481⤵
-
C:\Users\Admin\Desktop\$uckyLocker (1).exe"C:\Users\Admin\Desktop\$uckyLocker (1).exe"1⤵
- Executes dropped EXE
- Sets desktop wallpaper using registry
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\Desktop\$uckyLocker (1).exe"C:\Users\Admin\Desktop\$uckyLocker (1).exe"1⤵
- Executes dropped EXE
- Sets desktop wallpaper using registry
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\Desktop\Pikachu.exe"C:\Users\Admin\Desktop\Pikachu.exe"1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Desktop\Pikachu.exe"C:\Users\Admin\Desktop\Pikachu.exe"1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Desktop\Pikachu.exe"C:\Users\Admin\Desktop\Pikachu.exe"1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Desktop\Pikachu.exe"C:\Users\Admin\Desktop\Pikachu.exe"1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultde90a3f6hc7aeh4ad9h9f69hc030c3944ddc1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe4e6546f8,0x7ffe4e654708,0x7ffe4e6547182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,10822386970094311238,13891002652250855326,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,10822386970094311238,13891002652250855326,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,10822386970094311238,13891002652250855326,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:82⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault9c73d505hbc18h4572hb51ah386554cdd3f91⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffe4e6546f8,0x7ffe4e654708,0x7ffe4e6547182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,2363612870854191411,3594255433252984929,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,2363612870854191411,3594255433252984929,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,2363612870854191411,3594255433252984929,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:82⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault57323948h35e0h4812h8e7fhbbedcff5cd831⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe4e6546f8,0x7ffe4e654708,0x7ffe4e6547182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,16025598606998858923,11553933821251067601,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,16025598606998858923,11553933821251067601,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,16025598606998858923,11553933821251067601,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:82⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Users\Admin\Desktop\Xyeta.exe"C:\Users\Admin\Desktop\Xyeta.exe"1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 4162⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 2124 -ip 21241⤵
-
C:\Users\Admin\Desktop\Xyeta.exe"C:\Users\Admin\Desktop\Xyeta.exe"1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 4282⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 2216 -ip 22161⤵
-
C:\Users\Admin\Desktop\Xyeta.exe"C:\Users\Admin\Desktop\Xyeta.exe"1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6044 -s 4162⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 6044 -ip 60441⤵
-
C:\Users\Admin\Desktop\Xyeta.exe"C:\Users\Admin\Desktop\Xyeta.exe"1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 4242⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 2464 -ip 24641⤵
-
C:\Users\Admin\Desktop\Bugsoft.exe"C:\Users\Admin\Desktop\Bugsoft.exe"1⤵
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c c:\windows\jk.bat2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\Desktop\Bugsoft.exe"C:\Users\Admin\Desktop\Bugsoft.exe"1⤵
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c c:\windows\jk.bat2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffe4e6546f8,0x7ffe4e654708,0x7ffe4e6547182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,9504944983379880651,13418432392274508761,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,9504944983379880651,13418432392274508761,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,9504944983379880651,13418432392274508761,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2964 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9504944983379880651,13418432392274508761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9504944983379880651,13418432392274508761,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9504944983379880651,13418432392274508761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9504944983379880651,13418432392274508761,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4536 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,9504944983379880651,13418432392274508761,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,9504944983379880651,13418432392274508761,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2084,9504944983379880651,13418432392274508761,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5496 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9504944983379880651,13418432392274508761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9504944983379880651,13418432392274508761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3688 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9504944983379880651,13418432392274508761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9504944983379880651,13418432392274508761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9504944983379880651,13418432392274508761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9504944983379880651,13418432392274508761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9504944983379880651,13418432392274508761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9504944983379880651,13418432392274508761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6784 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9504944983379880651,13418432392274508761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9504944983379880651,13418432392274508761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6484 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9504944983379880651,13418432392274508761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6476 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2084,9504944983379880651,13418432392274508761,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7440 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2084,9504944983379880651,13418432392274508761,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5620 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Users\Admin\Downloads\Satana.exe"C:\Users\Admin\Downloads\Satana.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\Downloads\Satana.exe"C:\Users\Admin\Downloads\Satana.exe"3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 3484⤵
- Program crash
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9504944983379880651,13418432392274508761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7440 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9504944983379880651,13418432392274508761,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:12⤵
-
-
C:\Users\Admin\Downloads\Satana.exe"C:\Users\Admin\Downloads\Satana.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Users\Admin\Downloads\Satana.exe"C:\Users\Admin\Downloads\Satana.exe"3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 3484⤵
- Program crash
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9504944983379880651,13418432392274508761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3104 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9504944983379880651,13418432392274508761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6704 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9504944983379880651,13418432392274508761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7788 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2084,9504944983379880651,13418432392274508761,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7340 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2084,9504944983379880651,13418432392274508761,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7232 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2084,9504944983379880651,13418432392274508761,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7792 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Users\Admin\Downloads\butterflyondesktop.exe"C:\Users\Admin\Downloads\butterflyondesktop.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\is-4OHK9.tmp\butterflyondesktop.tmp"C:\Users\Admin\AppData\Local\Temp\is-4OHK9.tmp\butterflyondesktop.tmp" /SL5="$603BE,2719719,54272,C:\Users\Admin\Downloads\butterflyondesktop.exe"3⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
-
C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe"C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe"4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://freedesktopsoft.com/butterflyondesktoplike.html4⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe4e6546f8,0x7ffe4e654708,0x7ffe4e6547185⤵
-
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9504944983379880651,13418432392274508761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9504944983379880651,13418432392274508761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2824 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9504944983379880651,13418432392274508761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7908 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9504944983379880651,13418432392274508761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,9504944983379880651,13418432392274508761,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2756 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9504944983379880651,13418432392274508761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:12⤵
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 3132 -ip 31321⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 3816 -ip 38161⤵
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}1⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /71⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault6537cb9dh5f7ch4a59hbe5ehd8d01523cbca1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe4e6546f8,0x7ffe4e654708,0x7ffe4e6547182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,15654523518491161300,769522410872683671,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,15654523518491161300,769522410872683671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}1⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}1⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\system32\wwahost.exe"C:\Windows\system32\wwahost.exe" -ServerName:App.wwa1⤵
- Modifies Internet Explorer settings
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\SystemSettingsAdminFlows.exe"C:\Windows\system32\SystemSettingsAdminFlows.exe" EditUser S-1-5-21-940901362-3608833189-1915618603-10011⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\helppane.exeC:\Windows\helppane.exe -Embedding1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:https://go.microsoft.com/fwlink/?LinkId=5170092⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x7c,0x108,0x7ffe4e6546f8,0x7ffe4e654708,0x7ffe4e6547183⤵
-
-
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x0 /state0:0xa3f46055 /state1:0x41c64e6d1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
68B
MD50f1916e9bbf740149210c5ffaa88158d
SHA140f020e60fd31355bd4a7c6916ffdef000a0f5f0
SHA256b1d06274db9b93fdf229e106a4b19b50676f94bef0762dd0bc26b16f07050705
SHA5126bd6fa7706f91ea2e0363e9a2bb0cbf6d28e0e3dc48a6d32a65966aac58c3d38ed7836ddc5afb69c570172ee7143c8664bcc93393b88d9a442bad451519d78ef
-
Filesize
131KB
MD59686732cb773af5d71dd333aa948a02d
SHA1247ebf72df37cbf37ac061c7e03eb2d8c628d8fd
SHA2568c80414daaa62e60fa5a5b24a5285c316e50a7fb4229c98fedbc47ce775d30c8
SHA5125edfdc3c49fa2ba6c1cf3198071f584593efa63fc7c44ab5492cac36dc6cfebc91989828e9e619611744a8502e44c22a7dc989c141334101bc2bb27a2bae52fb
-
Filesize
9KB
MD555eabddbb9385024155e53aff378c7a7
SHA1cf81fcf9510d967e46848443291c7811c8b42154
SHA25620e738dc2804ab5bd84524f96d5c75d9929928a77cc17bee2c26ec190cac7474
SHA5124f883020487fe054afe8609c514339e8a762fa5d3979bf750bc6882c83eec4437ffb597a6f846da8f67c73197a4cb6ee1c473893a91866d82bd5a617af3f13e7
-
Filesize
8KB
MD51c8c30e78621b228036753d7873fdc0c
SHA1f089874fff8286fa5846d4783be50a53f6d4271b
SHA25671de9574c53713fe331abdcfc82bbd1287e099d9b631ddccdeebb0e7b03bf4ff
SHA5128707bf38eaab74bb59fa6381dfb80410c96a8e76e13d5a9a4e6a458256f509fa4f79f8593c43a0ce17f2855823b760c46ffe5d620973c2ef8dd4c49ec6431afe
-
Filesize
85KB
MD53813c6334e810adfcd4fc0f404a02e7c
SHA1586f9c0f014d03f8990acdc924e822015bab3d38
SHA25687f360e7461f205a1663f2f7f1144f2824cbf7cb7e9ff6434fa402fd3c22c61b
SHA512ca5119afbc60536532b6916688d832d151fb5e22d64e5bac78168a3c138fa754c32e2652a691e03b2aebee0fd47998f737b122cf664a9f693914bb6cdbd1088f
-
Filesize
3.0MB
MD581aab57e0ef37ddff02d0106ced6b91e
SHA16e3895b350ef1545902bd23e7162dfce4c64e029
SHA256a70f9e100dddb177f68ee7339b327a20cd9289fae09dcdce3dbcbc3e86756287
SHA512a651d0a526d31036a302f7ef1ee2273bb7c29b5206c9b17339baa149dd13958ca63db827d09b4e12202e44d79aac2e864522aca1228118ba3dcd259fe1fcf717
-
Filesize
5KB
MD57bc816a26c851b546b048db5d7bc200c
SHA1be2a82eae41fea349e556c0ff168763c7681c607
SHA2560d8c30ce0506923440da2533f4ce9ec733abff33f108bb5747bb6cc0a550a984
SHA512ecf76884055f94196fbe2d1004b0292071f41ad233937777d8ce6c9e3eb04d532db3ba191b86a147838882813708b356a3917d2823a96fd5abab5968a52e0074
-
Filesize
47KB
MD5310e1da2344ba6ca96666fb639840ea9
SHA1e8694edf9ee68782aa1de05470b884cc1a0e1ded
SHA25667401342192babc27e62d4c1e0940409cc3f2bd28f77399e71d245eae8d3f63c
SHA51262ab361ffea1f0b6ff1cc76c74b8e20c2499d72f3eb0c010d47dba7e6d723f9948dba3397ea26241a1a995cffce2a68cd0aaa1bb8d917dd8f4c8f3729fa6d244
-
Filesize
152B
MD5e55832d7cd7e868a2c087c4c73678018
SHA1ed7a2f6d6437e907218ffba9128802eaf414a0eb
SHA256a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574
SHA512897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f
-
Filesize
152B
MD513aeb4e98e2bdeec64c4ad10a4559cc6
SHA14a090ed69a1f52ccaff79052e4cedb7717b85333
SHA2565c6c21e04a3721002f60e91c2eb4b2e13e2fca32ff6a4fa3850374275db9d5ca
SHA5123458e02db6be587d9d69d76b156d4db6bbda5e98f06d7ad728e9d70467a60195b59086b67c420563223b330282e6a7240d45a97084c9c23febc8606a556404ba
-
Filesize
152B
MD54627389456ea5af0b6a523d267a0a63d
SHA11268e90d5cf692a95ac4ec17c1802eeff23f4993
SHA25674af0051d855a3357b6ca0493e1d616be8953d238392344cfc07b46c2fb7a1d9
SHA512de526ae8b80422277376c1707f36e6ebf15a559b0fea19459c2019326e0831ecb66b1b5afb25bee4674bd93a5d378bd5c447fb065ba958ab2a3c897a3c135f11
-
Filesize
152B
MD5dbef3086419ae42bd95cafc8cb4f3680
SHA1b24f8e0f85ff97c6296ff08532d336ab5d5ced19
SHA2564f59179382f2a0a6cf7ac2b7fe410718d82af68a8b09521dae5d7f934ffc5472
SHA5128f81a460a15e18cd52719b7198a237ce25ddb8cceb1478f613fc5145f46f91edf63848a8e68cb19e3ed52e9e822a37675f927849b3affe464b08496256279862
-
Filesize
152B
MD5cc2be345bba5f532e4ec107eb2b76585
SHA144beed5d33d8a2e7d0bb5a5f45da5d045082ce71
SHA25684ed8516a4e1ed4cf422ba54c331a18bab26ea6e254576316d6a698f80a206e4
SHA5127e55809b83438d03a4c382ffe20f750ee3b3e83d5e6327cecab1880d0ae645d0c2e71df30f1d153ba07c556f32ee6dbed7e3085ea6022adac96c6794a1e8b2b4
-
Filesize
152B
MD5c2d9eeb3fdd75834f0ac3f9767de8d6f
SHA14d16a7e82190f8490a00008bd53d85fb92e379b0
SHA2561e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66
SHA512d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd
-
Filesize
152B
MD538f3451a5a95fa068f1f0edc4529f950
SHA148531f43873433223b01ff802f416000545ed740
SHA256b3c51d8edc70c6e510855adeedb331c738abc9a26d142f918a2928f3f9831cd9
SHA51235706c4fb48cf75193cae953753632a2ac560f2d77f54a11015dccc5e2926830836842f1c91edf63364f034c2afb299d9a039b261630f9c60548678e54dd564f
-
Filesize
152B
MD5f0f43f6b2ba5eb4024b5f8ff71b9f436
SHA157446562fafa3f2fdca146af456e1319a1becade
SHA2568aa2acd12dcd0867bc78ad1157bdd8840808afb3d21f448d7fc0bd958c45f339
SHA512dc2475ad30ceb0d8947523cf8dbdb047d426974da0beb3440810f5d4e00ca964f9ce04a09144c774eb3c1e435003555f1269f1736579705c0b3fa98e5a4c0029
-
Filesize
152B
MD58b29aaa93eb4048ecd8d6c97ac6e7b27
SHA1fe76ff76f840a3ebda680321bf3e8bb0c0eb14c0
SHA25625a33f09696211c7099e2ce39d9a9606389829db5c24c00fdd3e6b75d626ac0c
SHA51207fabf45b5341c6928a2d1bb13aa5f8953713e7b281b581e886fee53a0d81a17d5c9184676d4db55b0dcc1a4b630221d087772640f7b5aae32e995774f18ff28
-
Filesize
64KB
MD5d6b36c7d4b06f140f860ddc91a4c659c
SHA1ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA25634013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA5122a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487
-
Filesize
67KB
MD569df804d05f8b29a88278b7d582dd279
SHA1d9560905612cf656d5dd0e741172fb4cd9c60688
SHA256b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608
SHA5120ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e
-
Filesize
19KB
MD51bd4ae71ef8e69ad4b5ffd8dc7d2dcb5
SHA16dd8803e59949c985d6a9df2f26c833041a5178c
SHA256af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725
SHA512b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863
-
Filesize
63KB
MD5226541550a51911c375216f718493f65
SHA1f6e608468401f9384cabdef45ca19e2afacc84bd
SHA256caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5
SHA5122947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516
-
Filesize
18KB
MD57d54dd3fa3c51a1609e97e814ed449a0
SHA1860bdd97dcd771d4ce96662a85c9328f95b17639
SHA2567a258cd27f674e03eafc4f11af7076fb327d0202ce7a0a0e95a01fb33c989247
SHA51217791e03584e77f2a6a03a7e3951bdc3220cd4c723a1f3be5d9b8196c5746a342a85226fcd0dd60031d3c3001c6bdfee0dcc21d7921ea2912225054d7f75c896
-
Filesize
414KB
MD5c850f942ccf6e45230169cc4bd9eb5c8
SHA151c647e2b150e781bd1910cac4061a2cee1daf89
SHA25686e0eac8c5ce70c4b839ef18af5231b5f92e292b81e440193cdbdc7ed108049f
SHA5122b3890241b8c8690aab0aed347daa778aba20f29f76e8b79b02953b6252324317520b91ea60d3ef73e42ad403f7a6e0e3f2a057799f21ed447dae7096b2f47d9
-
Filesize
67KB
MD5bcfda9afc202574572f0247968812014
SHA180f8af2d5d2f978a3969a56256aace20e893fb3f
SHA2567c970cd163690addf4a69faf5aea65e7f083ca549f75a66d04a73cb793a00f91
SHA512508ca6011abb2ec4345c3b80bd89979151fee0a0de851f69b7aa06e69c89f6d8c3b6144f2f4715112c896c5b8a3e3e9cd49b05c9b507602d7f0d6b10061b17bd
-
Filesize
20KB
MD50efcdae8412f64713244acb713cf7412
SHA1b33e187d7323f15050885e512ca9eec3afb1c33c
SHA25618a3bf2c3d887e6c3e3b534ab36354d59933cecc05302093c22768e9bd7a02e7
SHA512ac3f28737f4cf8d9b392f50633e5e76b9d60f42033ec9235956ec63f30c75cf85f2e1766793651c2310c55a6295ed08b1c75cd63b38b83974be4e6eae5a85217
-
Filesize
4KB
MD5fb21cb259e876f7f94fc4caa98ea38e2
SHA1bacbc261eb7a9c3baaced2c8c4d4a85b576b8157
SHA2568a631423b53de46cd2a0510f20418bde874392f02b24d5fde7e0cb1e2b1dc9d5
SHA51211756a51fe3ac25345625e843aa02636e4b789293b8a7a62797e34e35868fd075415e50a39c2fa912a43029c594a07c812be426ba6edcd54a33be833d702086d
-
Filesize
3KB
MD5fe5f3e86f302340c5e90badecc5cc8e0
SHA167c5ffd857bf9a0406cd1a1ff9188c4598c0c7fa
SHA25673ead1da998d70a1154c452fa55d99d730f5ab2ff26bbb033502f16a4f660fca
SHA5121353137e17bdb5ddedd737266092eb98a8aa46c8d02e6377724ed1eb89909e75051ae478ba64e86a6cfc210e01700240ea26f32c2fa4aa2c0a7b8ebe009ba7f7
-
Filesize
4KB
MD58b7817308ef6d13e384b4d65b37ca105
SHA1b0843d12f633948dd435860624bfc4c3f332d97b
SHA2561ca7e78e0c8d7342abcc60670de7bdbe8c12a377f946985f2b52ba7910678f62
SHA51237f37d1449aa25fd781f74633c4aa4af9847d2c3e201f2806f309520751a22eed3743a1559cc7cc243d7948a70f98aafb32e4edfb0f5dbdc59494cf9f11f427a
-
Filesize
5KB
MD545675826039420cac9c2f640a9bb451b
SHA18253c0b8514e6c50615d65452962a90fa3d6f762
SHA256bc5ea8a675d861a1149028ca7773ef4a82f84083f6e79787bfcfac059c3998f4
SHA5127836d40da6110aaefa858765c44a8d7880df0e00022c003ce881b5b07fe3e946a2fddded20061d0cda293f192af3798df07e762ad197a1372e93ff7adb601524
-
Filesize
2KB
MD5821b1f7dab0e3bc6348568ab8c873f8b
SHA1c641918f9825d0086353c59b0ee1e996e7f1a908
SHA2569d029f4237f449c5ea0b3c21e86a8b9cc79e5f1e9a7268a0ff6eb85882d4d71a
SHA51211c5e638c7b62d99191302023cd2ce99cfc8db1dd2d1f9b9c54fc52e8ad3f72a85121b86b197184a05bd07c988f4f22a25626b445ea915bcf52ddacd66a5bbd2
-
Filesize
1KB
MD52c09f5630205430938581f06d4ad18af
SHA1aa1b42edc821d176fe5850f05a2f7fea81adeb05
SHA256f6ab218768b0e651d0cf971f5518655f14d2f1c2c9daa3950e0cbe5d6fd55bfc
SHA512ed3e68f048930ad7285cdf17dca40049a5e3fe11f202a9416fb2677af21f7ecd0e57456c28fbd16647a7f9305b001035b168e59cd817a7ea18af640c1ff40f06
-
Filesize
6KB
MD5b45ab6d0ff42557a10b2e24358f3792b
SHA1bbac507b9d2f8d3d6418844d806d11d3a23eee43
SHA256e596e0afd928a4475c14d06a110b3c354f8cc5ecd3b45fb33039d04c54e69f2c
SHA5120024f3bb161a5fb5bd6f60c1d793e24e85eaa7db6431741dc7273c617304f4ab11a92080c1605e9485096e47dc35b1ff215dd18f05facb2085b16ff104bd27a9
-
Filesize
8KB
MD52ccb79eb50cef1ab05461bdd19dbba3b
SHA10efe663adc98cd1be1b858cebf732907a01a6506
SHA2566505288edbcf697862e3691bd8c94138d4465adcda6810e723f939a6dd90a1ec
SHA51282b5d2a941765b6ab2f3dc33ddf75e2f90b88b1a9dd9883319149c9d8a43b4454b2ac5555d184b6a7878377b7a6442d4afcb3c3ee1418a4fb442d99c45ff4451
-
Filesize
61B
MD54df4574bfbb7e0b0bc56c2c9b12b6c47
SHA181efcbd3e3da8221444a21f45305af6fa4b71907
SHA256e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377
SHA51278b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
11KB
MD5370699a9bc76040a051890214edada47
SHA1ec030abab661672501956e2e19d374f6d3941f64
SHA256188aa07406b55d5258d3736f6ad8cda7730c8f0bf778046915c4e48efdbe3f92
SHA5125b055d1e4748d6b706789ccd036ce0c2e181d2d7a6cab83a31422c07a38fd77af4c00134f4b84211cebda127578a69e3503a1a16baafcf02f7b0aabe2c47af2a
-
Filesize
6KB
MD5c929f9bea086017c39856cc43ea078b3
SHA13e63e073141724c7704db0e41a846c13c4aecf0a
SHA2560fa8552cf8945bb1663ab593927efb32b8e3968d6ce38b68e5292a0d52d92b5c
SHA5128755f3b30e189e20043f8dfbe9c486c7fde3002c82f4723523d7621d07c7ceac30fd283555b187f3f254668b346ca18db9effd51e633dfbc8f915f03c6cdf7cc
-
Filesize
9KB
MD5ce6a785982a51ed78efd6ea8d6d65119
SHA16eab719dac0389ebfe54a95ca7d29f96830666c2
SHA2566f164a8c1fefc76c8b1ad853b9c4773cb9492b359ffb041ae132731ca4ffed74
SHA5120bd37038273e788df316482e53d596ad346b0be8d3b1c92e917e86abd5f4acfcb5f1e30992a264ec8d65e29a6c811a2b43fc1f89d09957e13fdbacd3e25abd5b
-
Filesize
6KB
MD520e79694004960bf65494bc1002c3db3
SHA16cac58181024ef32e5e7c920d890cc5cc142d5ac
SHA25688595ae6cc79cad966ab41c523d07e95cff1c90e2970ed79c35c17b7ac87ccff
SHA5126e4c5177619807c415ba371119a48f5159ecd3b4fb1158b41d9d84321989183a92be3e0797caeecdce9c329eaacc88249228f6975eab65b984c953422809c813
-
Filesize
6KB
MD5f29c9343cafb656a36cf6e5c931f232a
SHA1ce9d17ef4636298737164e716574df5b442bcb8d
SHA2564f2c755b3550e3eb8c4b90a717dff1b4bcffbf19844ac0812cc6120b97cb9b0d
SHA512eda630d0bc351e5c9e55a26ee422c3ff323cb40babe15e2b20f4d1f03b68847498fd4ad6eba7c0d6e8d6a8c8c742ef308ecc83652fe5555344e60b38f8f5829d
-
Filesize
7KB
MD534430b86823c92f01392d8b6a059268b
SHA1f684126e2d85edf969c1c3a9555486594ffd488e
SHA256991e930ed9b15f6d23f2ef74aa20ffd58ffcc266cebf4620b7251e311acbc2df
SHA512d99c39c810b35cab2ae4c39db822b9187dfbdd939e4e3414b8d5c91e7e3755a9ef0bc36f329f86bdf56755302c5669f3f46b98ea38a192efc4f383e091acca0e
-
Filesize
10KB
MD53a5a95b6d3e4456ef9f79b953ae27c9e
SHA1161c749dab03e048a2d2c2babeefb4514d4610c3
SHA2566748c3a13b7328da74b20c615854bb750da2098ad2ecb90f36e0b5d81a8d557b
SHA512d4575ccf201518d419055b254f919548f4a6f538cc1ea5925739da536f5b37e735ccecad571ea745655983e458171a3b2cfca5f9884775f7be0e05e0545781b8
-
Filesize
11KB
MD5d5ef4487b3d369614d2730805be6ba70
SHA1c52e5b42d0438edfb0f8b43a1cea21a3c48067d8
SHA256886d4c4d80667bfae623c59b8c3296aaf42e7945c6b275900142c5909e150c25
SHA512fcd6ab136df39baaf2fccb3b7148dc4d4b619e23bde41287ec0e4c0646b2f4295e3c6e16f70ef6f9c783f5e364de46b1cfff5cb630f95c187caf6869535c7d71
-
Filesize
7KB
MD5ec7bfd15d594f5b56f638612b9147fe1
SHA1ee9c08c85acdbf0b012ba63ff6d79a3461332b73
SHA25604f8c333cbc96a57af0a0665c251dc19a935f028688c19c531d6579529911a32
SHA512b48787e65b1eebc1cf10e54d85daa0aeae2d6b231cded73b70d0fba841f89f1f3ebd35a15566a14e55ca5ee9bd876712b903567e10cd4f0daefb039c5deeb6ea
-
Filesize
8KB
MD5ca3c5a8a2162984aeb8c04b16fcd4d79
SHA152db130391ba8baefb30cfcd117db5fec76df9a8
SHA256a876adf959e315622b4a303d6844856b8d56b097db0ae0286c4da0218814f4c6
SHA5120ddf99afe05944c4320c362317bbc48463529b114e238d0268fdedb6926b3bdfd5cb2467d104acbdca62ea85c7317e49881fc3822113272fe32fa95639c3554d
-
Filesize
10KB
MD5b04cf577e732aa4018dcd91675426c48
SHA1a646bfe44cc61b748a90fbceb427f1972ae2c071
SHA256905b94fca88a69d9e0e3d1e07b6d94f8b8441a10eee2f89a79e1fecb1ceb708d
SHA51257292c7cbdfc2df0eea69aff24f61542981959d5ef4bee5ec7c8c3ef939c07ea7ea233003e6bf7f58d9433f2a47e3dfc17d85eb0643c89e6d3d0040695ce5629
-
Filesize
10KB
MD5489fe892618b483c18e8e45585f036bd
SHA149e26f1b27b03049fd8a60baab1a3746240620ca
SHA25605766b722cf7adf4f55fd4be5d31ee2a1bf4ff96fdd0e5cde63065425a93562a
SHA512c71935dad325d8be5904452b3ef8334becc3b541844f21fbcb8b12925112827cc04875a00b07279d80f1e147b3296fa4598b19b72bd099416a0ea1ae3827b81d
-
Filesize
5KB
MD58bdfaea9e56c2db40118d46ff0a79e93
SHA18cc2071ebdc01d0305ceee137081be75b06d90e3
SHA2568c032319d73a4c8cbf49a753915a26c406585e13b3650f7a9eef0ea6e91b6ba2
SHA51215955d2d12159b1d343e0cacae52d7fbe487da1e27eda1b664684ea0cb4a862ea190a707a9f5b16b4ab1c4772aead3b0b3ff55402b4f565299620c9ddeb61fd1
-
Filesize
13KB
MD5d3af1915926fa85c98cc6bb476f4de72
SHA1b12f8ae541c0534b5162dd5cca8a70750a137a95
SHA256cc2b50291845cf47a2ffd9d79cdd3405a2172022f165a9ad84e87c947d2013d6
SHA512e04247b4457962d5db6dc4fd1a13197a673751023bd48bd2c23d19b3deaa3b4e161faec1c78e70a4ec6bd552cf97ed71d19cdb3082fe95e352b4da78e2e505e5
-
Filesize
6KB
MD56c1a42754ea5f1885d1ac2cb7810e69e
SHA12b1dbe5a6c6955b8aa38bb7ec5d8b29cb2588b0b
SHA256e4c036e65b2ce1347f73a00b59ebcd1d52668243ea8f888b662b906fa19bec18
SHA5121de012baecf2cb819a9d5a194750f518173899bc5b87b03f83d65311f2342b35e58f2c8df8f0bde586bc6cb03b0e5f69cf131b6f4528fba0f3921f515c7369a2
-
Filesize
9KB
MD5b76895e8700f5d350d042d02c0c293bf
SHA13a78d8d1245dc03f8aca7bf0b08839974c9e30fe
SHA256e523eac49065f0bd24c001c519f3225a8346707e6241483169cd0bff50e7ec32
SHA512aaeef79882c5c594da7812a597a00116827e9369faac5a7e2b2f9c3cd3de3b766066cb1c8aa7046dd5999b61e679a71a301f82c5749cadac312db441af532ebb
-
Filesize
13KB
MD52e2c36579fe1730a2671bd0bbab1829d
SHA1ef4747c3e3deabfb421171d9350df8bd6a33c034
SHA25635cefaa4dfc621c8467d48481f4443ea36a37d7d17fde74db7ea5aff3613f66b
SHA512766f571f28603f554bc0809e6cc43f8c8fc9f42a0391c5e837565aa622d5325b3eb059c2e0d699dab824222558e58bc6952d8f56f6aa1e8eb830aba058f9ccc5
-
Filesize
2KB
MD52e4d7d1017b74a3edbcb2fbf363e5587
SHA1bc42878cbd0215f2a6cb70b7877455bdb6e2771c
SHA2561761b4b45676b98da5d655cd18cf34d2b0355b4ba58852c4dc18d161f325a3f9
SHA5127b16c1d1068abe1d98b280ce9b69100b995d7a8384d3c7d0a03f6de11739ee04babe53a68b547fac54142c1475c31fbe726c1c95791587738556f295af9bf959
-
Filesize
1KB
MD59279d554bdef46974b718d40c081613a
SHA1be6fd4e42e3217c42aa5dfb3d29c4267e208f1f6
SHA25615e15b4de9459d86d5801f0df2ec20f173004c44cf4e558aab3c2b43a1af14ae
SHA51253eee6d73d1bee49b4cd48677fb8e275c7f56db65a61a02e5b31420085f0f1b2cf846a37c4cf805c42110fcdfc8d1961817fd9b4f2cb827b95c6adccf74cc060
-
Filesize
1KB
MD5b57b8fbe49f7f5347ab0b79ba7b6cdfb
SHA17df610044f551c91a58474d8d36644ef284e59d3
SHA2561766bfb7c543ddcce44e78031be1354ab219978c79106fe5b8488b9045b3071e
SHA5129759c88859b53722f17ca9a8fbc0e9d738059c0f529360784993fd6dfa9d80d96d0e236ce6985a21d366e74b5f103fedbcd9f057a0c27b67acea36260f3ed053
-
Filesize
2KB
MD5c946ec6c844299b1e932a82833bbcca3
SHA1953acac6b73369cb50ace041c1001c12e84fb9c8
SHA25662d46fa68d1075cb83341d2cd8e4a40ea946d3301c5c97d284e90b7c11f3d7d7
SHA512427ad40eeb3a5209cc2dfc42e67182d39c487f6a3af0dc7f628a40ed3534e05f667c152bba5ebe028ca5033e47cbf513964fc0a89c4a292ca1357c1b543cff5f
-
Filesize
1KB
MD579ce3b0ddb37f480f733d9b5e56c2986
SHA11ececcdd856df787c2269032ab20e957ae6374c1
SHA2566fc12f4f3a61ebd1586bbe6b4623cc46e9ee23f2fe0ee9cfc72f3b8d3a2f0aeb
SHA512986e3994b4ef8c3e81acb84e772d499db877c6ba881d067c8941375adc02678c8cd69c18c31257cfd89b4642b2719e0a3ac1bc61c5c039bfff14add5e19076b2
-
Filesize
1KB
MD5e0be95b310b7cbeb252b6a85f2f36ddc
SHA1bdb98c69fad0dd10c25f142d010fdde3b9992e0d
SHA256d718e7959189587d5dbf84d80dec23b341f85fd0fe7752fbcfee9e57ef19f4ad
SHA512a020463b93c15e154b0a7e35b99286c753bc5beebc334ef6c0ff005571782a39de1c6dde5647698d9b638563f250d0117a151a7dcecccdc28c4e0f964f20076c
-
Filesize
3KB
MD56478702d2178caf181aa3ffa4b9540c8
SHA1ac94d2428087c890e183f41d4e36ee8d92459ff5
SHA25627459fca633c3f2f3732c3790a0a88277a5c2db9cd6fe2645d81faaa3a4e2285
SHA512b81e4c989c6ea060ad1460bcf9f6f60702a7659fe947a458df0eaba518564179fbdc95830a525bf522122f63e3252b3bc47d71a9b4a698fc6b8cb3fb255ac09e
-
Filesize
1KB
MD5f5bf39372c61c746252f7229dae82f8b
SHA1c95b72b7511aa48a62dfe87144d69b62baf01aed
SHA256b9492c0ddbd465ef3105b771aa278b7bf32a7858551eff1ecde37368ab40c5e6
SHA5123fae380a881273d5c9a2e39322112ad8f473a8d01a8d061ed77b8a5f199f65bbf24367d7fdc0b2b8081428866de40520504ff49ae47a23c84b1452abddfacc3a
-
Filesize
1KB
MD58e8fe79d040b79e3174f7d1a75dbdd0c
SHA12d6af5455eb0b166e2f64dad04a84f566e74df39
SHA25655ae29f027205078f4168d37dc8dbac2f7e8ac4cb1b8df543887bbf51b59882a
SHA512e13ab19952d2260286f5faabdba562f899a6e04c987fa967b6c3aabb18e2f0ffce5d491c9787a882309ec522f8a0cfac65d30978ae427f003789057ccf6c0f7c
-
Filesize
2KB
MD50feae7f913a7777eb88d91dab90114d1
SHA1a48dd4bc42e91f4d1af32bb8e5c8c57232896163
SHA256f5b31ad68587fc4661c9c6c1c2c676b683327a8dd4253177b1fab4992fb0d61d
SHA512749a35590137b07f5b7819fa7b807b91ab2abc39ae2a97a91edee8c9581bd5bd77afd687f9c35c85f2a1e23848cfc81b8073e90f647dc81d3a2dc20173b3e283
-
Filesize
2KB
MD50c02e9765bb9ec0a804af56a8f9a98cb
SHA11ec0b2158492103a13ca589982843962e8e3f50e
SHA256cb0eb07e8a6e69bfbb905d0e003e916f0cfd9d6befc7cb1585ae737d34d7fd12
SHA5128d195ba5ebae5b9ad6885cd30e195bbf59f578f8008bd90c5b7e262324af6e72993e5d3176714032899b253a3f8ce35fa5cd298347f7c004fd4bd70641adc0c7
-
Filesize
1KB
MD574722954e3d715513f13248f12bdeccf
SHA125823ea68be59356521d0bef1994aaaeff2e4d18
SHA25648226b2428193f76b4af4f1da218dbe58527ccab5820da9c8ec086be0e125b5b
SHA5122a0ae82520f5fd2af8c105155ff81476d3b13bed0205f9feefa4c11f82a683ca4a924721d5cc8c7cfe8a5a8f9fe864879c0fed9f197e5141fd8cbd3eb80fe26e
-
Filesize
3KB
MD5368e8c0f614d74047cba135672859a2d
SHA1dccb708f47359580b820b9111493a8d58c901bb0
SHA25676b43f35d566311985d0618717b6f58877c9fa7ac8bc350488cba28ee906eb73
SHA512a604863a02f2b58eeb06f2fe9f4860bcd218645adea7b98cf08f8b1b13ab17d5806072db2cb9492eb73ed3422b4b9fa75c601f97128657c9f04c4da2fd10b859
-
Filesize
2KB
MD56deeb8b39df5d68403d5ea18db90eb4a
SHA166d7002829d0b34ab5d99241c0c212b875690f88
SHA2564502e3472cd0a08f68cd65e9d2588d21a3ae9ea88d6ea39d8ce4c7285ec789c5
SHA5124537e34312aaccb69ed2de4da8868f68520df5bcafcf2241fed13bbc9614950c3360fe13123b1d390d021a95171f7d1c8410f44f68341c7d127f5857b220008d
-
Filesize
2KB
MD5fa48f3bb4bf8008d776cc7ee14e07abd
SHA19bdf9fb92c29a6d6baf1f4d6326d76e3857a8331
SHA256cee1f6e91752557c35e9eee84e623d9541a6cfc44f3468cc77c0ac2289111cb2
SHA51298f424757fb74c7c424c933c276651d5070a7af5c97e9c46f507a5e60292160184628a05ef2ffe87819ed730f111ed4b8d484314f5bcf2fee65c0c9e4e01a793
-
Filesize
2KB
MD5e0c4eca7de9d090a739ec691a48e37e0
SHA1ecb04433616c67878e76e18d5caa31b365771ea0
SHA2561576b4a5baa6db5c22b252ccab8a23492815bdc604c2c834b7d507185a6f77dc
SHA512b7ff1b4e44c9ad2b4b8c0822bd0000b006f14e31c5d73517dc65cba10f068d2cb751abbe487e05efbe0175da92d5b84f4fc820a91756ecee6e76379afa4612a0
-
Filesize
1KB
MD5c10efeb07b608772e515d5ff095a8e2d
SHA10f9251a18e1e69a788968d0370e9b1cda5fd7b92
SHA2561a35972a9c88aa43e27fc7334067ee5b683f6db2c135cef6d5c3eaa71809206b
SHA51240da7159b235ffd12e75b7da298a3ab073bbdc537d55dfa0eb85663d89ead5ffcd6adcd460fbe193fa75f3576ae43373186a804954f780538272615d323711a7
-
Filesize
1KB
MD57bdc8edb072d99408b7f60c059d2c397
SHA1e7400db27dd95c4828a0ad7bdc967f9a1b665227
SHA256e193b76836568dfed8b3ca59ac834f078bfdcc2722a10fa85d67b4d9f4eea07b
SHA512036766e1b2f32e3368c0d7a513166d0dfe7004fb33fd22e74685113ac07dc35e2e430e5831bbd601a874106350c21cfa4e9d944f9de735cc7b443e3e2e3ce979
-
Filesize
1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
Filesize
16B
MD5aefd77f47fb84fae5ea194496b44c67a
SHA1dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA2564166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11B
MD5838a7b32aefb618130392bc7d006aa2e
SHA15159e0f18c9e68f0e75e2239875aa994847b8290
SHA256ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA5129e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9
-
Filesize
12KB
MD56de29d0f9e9b8dcdba77d1af4330c38e
SHA13b9f9024d46463f489ccd74382ac1238536bd0c2
SHA25696a34bc4b76cc6d189aa3f3dc5d8808baa17f028a81d68e25c1e8f1dc026f595
SHA51239738a53c4282084072042bfdf2886fbbdfc90fd1d94dfba809a7d0ea5692493c96594c806e6c65910accd60ea0166e5c518e279a8eee5d3de4f7a34488f964a
-
Filesize
10KB
MD5ff125363a85ba8b4c531a0796b4ef638
SHA12208df240e801aa508ee63137ee2df98a98f3c15
SHA256658466d2f78b756622ee3e5c8ea51e32d61ca478080b0549c2b0db1ff6858bd3
SHA5124ef16c90b17cf822bb2dc6c322e5bdcea918e0892d0a84d1097e082e1286d71f9d420b2d62e8dbb1cf49442c2d37338394a118b87ca8547df60ff6f41b1f5aa0
-
Filesize
11KB
MD5d70c1f4dbfb427062d7c5e03fb7befa6
SHA13860e674c8e61a0ef66d5a46d07ec120d666893c
SHA256925d73d141f27e605156ae8005d206f885e641b3a28a078692e500af93ead54c
SHA5123b769021d7fe6ba16ba88e66dfcab210421ccc485463ec2d318937523870fb51fb353a90d769e03198f5b82a43562736623afca493daa5dad7f06091283342fa
-
Filesize
12KB
MD53073c5a52f8c6e4a8943559c49b2ef6b
SHA16ceadeffa1792b194add14478e9c2480663c983d
SHA256b1f3a489d5e5e459dd5076ee51ec8c4959ebde38c7aa5965155e74578b6c1e9b
SHA512ec28d2d3bbd3fd9acfc10a3dc1c33ee01ebf84d026ff71642f5bae9fd6ceaaddb0ec4cca8bb5d8dbc715d16dc0f70810ec9a67b43c961d779b2488a705a19507
-
Filesize
12KB
MD5152797b9ccd0b71f3580caafd43397dc
SHA14607cd962ca3a03e2575be7251cbddd9d51b277b
SHA256dd366ffaecdff448008e8d6c590544c6e34e0ccd8ac0428b2ca6c1a5bc06b9cc
SHA512eb7cbbd46954223502e5f2be8f1b5d61abd0b2c79e59e2fb48ebb11cbd2b588987b2243d21b8e026e5d609e10092076d5d896ff783d8f259f672cdf0e77f0a75
-
Filesize
12KB
MD5d1c3b5d3521873df30939768654ff430
SHA116302a53bb39e8bb4198fb6b4e22efb06f412ad2
SHA2561f3d5a51586aa48e840657e791caffc5678f96d8c8c6c02e0156c09e6924cc13
SHA512f8faefd9c70335d152a25492551a4b842c5113479fe0c53e4f922152a2888e7c021f43fa6d1ed143a819d55ec87f53d31e62c23c3e3404348009634d3d3dcb7a
-
Filesize
10KB
MD5f46a495f9823209b3fbc978e33947bbf
SHA19070eb2820c75446e169964ea39a53e286d86b7e
SHA25670fd8ecb37b4526054f3099b4b370ac108a3bb27fc9b56819ad88ea9776fccd7
SHA51248c389176fb7f6583a08cf960e0cfbdcfed6189fec3751527c96a76e8cdadb9dde677086e4e81151289b7d4763cf5d2f4a175107c62c03657be612037c613ce9
-
Filesize
12KB
MD5f23df78227b9395ac9b24afb5d65c155
SHA12b41b1586ce5f98e7f555e2bce6bc650d9110808
SHA256d683eb4430739fc878b67fcaa7578ab16c94c2ae1d44f800704a0a2ddcc75ee1
SHA512e8e1e99f82dd7aae7c7604136d03b9df6c7c6f84bbea8c22fae934e7dd53066859450dbacefdaf2bae97463f3e28b201d5a07299c65fa67da0d1d437c6ec4d16
-
Filesize
11KB
MD5430bfb951b05c497ebb70a51d0d50c38
SHA11e59f6ab7dab8e3149efa93f330bcf508b9a6235
SHA256186e9e5fd6bdf93b343fb10dceb79fb4f27a6f7c041ea46664db23051206f8e2
SHA5125ab15baccf40e058ebb650449d53ba81555f780258e21b0b8a5e059b635ba5a5e636121fc6efa383dbda7404e42ee529089c00906ad5140efbe3c4daa7f0423a
-
Filesize
11KB
MD5b91528f1e0b7a5c7356f781482238912
SHA1ada197530e2350ae29929c14a2ca08b7acd9fb40
SHA2563d4689d3166e4f2015ae377ecba7c640c6b79a16a3b356fccfed23f87e02b069
SHA51298645cd3126e88d4bbd8d9821c6809399764c76fac71a5dd651c78c3329261d514b12495073482a50341de3b222ac594109ef42705c2ec4a5ced7466746cdfce
-
Filesize
11KB
MD5b4089a3aaa96187efc72ff8898cd6e81
SHA1729489f71a9eaa84d79835e3e6af58d3ca388ee8
SHA2563873256dae5ccd5a025a0f3abf7c34f393bd0b2701af43aa98e54b9e44ff1dbd
SHA512d6d5a6a430b291a4f247e8677f2f2f5460eac19fe2380cb0f98f957483a476bf3116a5ae04b1f059dd590ded575f23c075d0c833b907877ae0af929a7d54441a
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
4KB
MD52426a724af7371e7e8f58224f97b8286
SHA130748d7d69c10d0e32ce6338f5a1ca5e3fa195c0
SHA25606ac33b447d72eeb3ea468709e8706abd9d23375f375c773b360b5d34005ca6d
SHA5124725aa20203c57cd283d7428f89cfd4fec9315d13067af2cb8d7440b51b62773bf38b68722ed1f9b5b5f8daec4973f0df643f37f2eb9950a632998ea602d0f47
-
Filesize
13B
MD5c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA135e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA5126be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed
-
Filesize
9KB
MD574ea7aadd89432eb58af0ef3cfba3a39
SHA100f83da7c205efa6d77f9f0931bd006a050f80f4
SHA2567d996121ca4783e9de617f727f4444c9df597ca2f7a2c9c0765bb5d7e13ca551
SHA512d9b22530a24194d5d894c67103d97c776d570250f3bff3be96107dda83938da70009f91a78bfa2af512e57be7dd27a32e08aab7a2a07a5e400f23426d36ae254
-
Filesize
3KB
MD56138c916abe426f56c33490854bef322
SHA1058d27af3429f4b3652eb3da5cfd16852eb1c8df
SHA256d2910417404523cc50c69d53b6c81b403d088b547ecca2cd3850554d524a543c
SHA51276cccf896ea7899ef3bcf24e9ed1e6ab2fdd3b45da34d4a94fd77ffb96fb49042182015342b294d485ed2e8d580a656c472ca7d191854f0c64cbd59a82541081
-
Filesize
1KB
MD516aba89c79f1611cc8e4f37f75b0c699
SHA133badcfa4b9b39f7e981ef0d5a76b45df608eabf
SHA256a646db30a42581da6405034f2380e946ab86f890abe4f42ca0fa662fed413ed0
SHA5129145c578632020580c7a0258391c0a787257f55217217bd94cbb0cbe9f417bba38192eeb4de13f6f3dad158a540c0a811693930bf77e05e16c4c7808b6954ca9
-
Filesize
1KB
MD5c337c2b6348dfdb77706ba528db3906f
SHA117a09083870d4b1b281cde8f72bee779cd4d19f0
SHA2569c5a533beb27e891a45b45fc1d012afb722c8c5c06ead001cb6d2d10b9a468c7
SHA5122cf7ccaf9fbed1787f12d726a61f37b6d79668e95423bd348f1dd4175796140d6250be3a36224962afbbc87c0b60a7c529b4795a66dab036ea3f3cfde29ec6c3
-
Filesize
1KB
MD5d89540ae43533d94db0b5cb5ede80426
SHA1ff8e91b966edb47d8c0db1deafa6938752b92f0d
SHA2564192adf3638772509d5314037dd271dda80b2220253f13a9f5a1f6bde8c6c819
SHA51265be44a679e130ad10b5767d7075470c1dde6a9fa0d62fda6bad96be1c13afee0e19e3658c41ee4917697f44064bcf12948cee976a9b2eaecf7bd136f94f1b34
-
Filesize
1KB
MD507ab6b1f0a700523defb0a2819690054
SHA14bbdab755d3dc6aff060b2d30d38f787f05221a8
SHA256b9ad4478cb8190a9d0a864fd4b610cc0665620d7ae4263ff60418347cffdd531
SHA51281a3fefe26b6cc07b4ebdf5d97abe18ecfcea9a2c42f0ac5bd47398c1160d520c8c78dc0cbe53b0d7d9b8edd2c8c252c4aa3e412b80eb3092b08f76eddef35b9
-
Filesize
1KB
MD5c85911e7fe5cf404f77418b1041adf27
SHA1548d77335a89d1a61269e34e0e4296948a5b7bad
SHA256fd23685f5e6d6a9b95412a639efa66a39115bf0b4b34743e8afcd5bedbd225a8
SHA5127142c6baa88f3483895765effce324b3deb031afc298ca4170ac166edeab872c391de929947787e4444141992abc7fd6dd5df5b8e9a8ecc0248e5337077e4f30
-
Filesize
1KB
MD57d365d0a6efbf8b10b7e9117c2160879
SHA11b48763a077b97853d47c7823d5bb7bd01780d4b
SHA25668c52e044f4d6e5a138c80670565a6d37fc39d9e7dbb49cb0fe3d6cd198c4d6c
SHA512c0dec1e3b396675df976c6f9f88dd76809e7ca82204d53f91a34418e38f500a45485bd4bf17976b93b01629fa906710478991447e1342ce9ae01da401e511c74
-
Filesize
1KB
MD524b14db2324bcabf89b588a43183dacb
SHA16f1b8208c2c13e892357140d1647d5b9d1866a0e
SHA256cac66910fb763eedea56b97f984471ae6655f0449bc51ac5675ae6324f9a016d
SHA5126e1a2860bfd4dff71e618e7b27e5377b7f4978f2b7dd9053c1b9dc02181f3c5c5cf0c9b0da0485a36be7874875260c4b0d5ad93f1110dcfc3cc78fd21e077761
-
Filesize
1KB
MD55542312b39e364441a8b7dcd96bd1007
SHA1efd3ef77a5374b67232b31f560c9b3dc0d31b30e
SHA256600200e4dfd10a5beaa4f2599cdc09d31e41ef336d9ef145dcb7d2325d1300f4
SHA5129315035a377d0beb9aece9358fe4bb6fbda5ecacd68fb0cf523511297d474f58d6058a1ae5f63426286e67c96aeb9871ba257dcc2bc5a4abc7f0308dd6c9c20e
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
Filesize
5KB
MD5ebc1047e71b05a3b0829721cb3b40b00
SHA161ed5fdc8b6d889af51837f679c09ad215b30d29
SHA256a241d826c063ff6411c52d83a8c90071f0baa806e1bd09eda23266ac1a42a1b0
SHA5123d5d65c8fa437a331db0f630e2d9cd6dadcf04dd923be41a1efd259c757d2f0652fcc67768afcd83f9ce8d9d82d22f92ca65b50982919191a7dca67da2cae92b
-
Filesize
3KB
MD5f5ff9d6880e482b5edad4e4765b6de82
SHA1db847791fe103850fae1c3d41644b425d040f7d2
SHA25624cdd312dd784f41f64aa7133ad577d677a437bfc7dae31e6127ad516d586d5e
SHA51255e2ed62a4e30df89b37a59ee12f9c94e563fa556b965d73cbf58adba1d3be57439672da7b3d10675fe695e06ca4d7ae519a099c51f4c0ea19f212e5a69e52e3
-
Filesize
10KB
MD58e9830a6f4b794d11dde5b0110b3b05a
SHA1ea0b19859b07558fe71682b75c737e86d353a0d1
SHA2564e7d30453bbad62738c491fa50683ad099c92d5407c606a9243741e7f9c1bb93
SHA51258e26a5ce96945497083b73a8c5140d9261ae87ae911dceb39263fdfc4358edb8f68bd12714a8d32741f5f87fe0bf66b376cd742df917d1590c63edf4cb03891
-
Filesize
10KB
MD558827f59f07551a42cdd6af5e0da339e
SHA1e3cd72c724f810efd0ecf4e62e83ff85d1a8e807
SHA256719f358256c3ffa74df6e0d25accd60d44076303fb45d7fca2bf1e24696dccb9
SHA512ba8408306c1cb77ae7936bb4c9184828fda89f4bcdbead2ab56f9c3efcd8455d8d0e340ac28f602e245d9f6cc642cb027dadefef0aad349ec960e520e9282e3f
-
Filesize
57B
MD52ab0eb54f6e9388131e13a53d2c2af6c
SHA1f64663b25c9141b54fe4fad4ee39e148f6d7f50a
SHA256d24eee3b220c71fced3227906b0feed755d2e2b39958dd8cd378123dde692426
SHA5126b5048eeff122ae33194f3f6089418e3492118288038007d62cdd30a384c79874c0728a2098a29d8ce1a9f2b4ba5f9683b3f440f85196d50dc8bc1275a909260
-
Filesize
49KB
MD546bfd4f1d581d7c0121d2b19a005d3df
SHA15b063298bbd1670b4d39e1baef67f854b8dcba9d
SHA256683a09da219918258c58a7f61f7dc4161a3a7a377cf82a31b840baabfb9a4a96
SHA512b52aa090f689765d099689700be7e18922137e7a860a00113e3f72aa6553e94a870bbb741e52de9617506a236a2a59198fb224fcd128576d76642eec9d715df5
-
Filesize
184KB
MD5c9c341eaf04c89933ed28cbc2739d325
SHA1c5b7d47aef3bd33a24293138fcba3a5ff286c2a8
SHA2561a0a2fd546e3c05e15b2db3b531cb8e8755641f5f1c17910ce2fb7bbce2a05b7
SHA5127cfa6ec0be0f5ae80404c6c709a6fd00ca10a18b6def5ca746611d0d32a9552f7961ab0ebf8a336b27f7058d700205be7fcc859a30d7d185aa9457267090f99b
-
Filesize
84KB
MD59d15a3b314600b4c08682b0202700ee7
SHA1208e79cdb96328d5929248bb8a4dd622cf0684d1
SHA2563ab3833e31e4083026421c641304369acfd31b957b78af81f3c6ef4968ef0e15
SHA5129916397b782aaafa68eb6a781ea9a0db27f914035dd586142c818ccbd7e69036896767bedba97489d5100de262a554cf14bcdf4a24edda2c5d37217b265398d3
-
Filesize
32KB
MD570f549ae7fafc425a4c5447293f04fdb
SHA1af4b0ed0e0212aced62d40b24ad6861dbfd67b61
SHA25696425ae53a5517b9f47e30f6b41fdc883831039e1faba02fe28b2d5f3efcdc29
SHA5123f83e9e6d5bc080fb5c797617078aff9bc66efcd2ffac091a97255911c64995a2d83b5e93296f7a57ff3713d92952b30a06fc38cd574c5fe58f008593040b7f0
-
Filesize
50KB
MD547abd68080eee0ea1b95ae31968a3069
SHA1ffbdf4b2224b92bd78779a7c5ac366ccb007c14d
SHA256b5fc4fd50e4ba69f0c8c8e5c402813c107c605cab659960ac31b3c8356c4e0ec
SHA512c9dfabffe582b29e810db8866f8997af1bd3339fa30e79575377bde970fcad3e3b6e9036b3a88d0c5f4fa3545eea8904d9faabf00142d5775ea5508adcd4dc0a
-
Filesize
7B
MD54047530ecbc0170039e76fe1657bdb01
SHA132db7d5e662ebccdd1d71de285f907e3a1c68ac5
SHA25682254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750
SHA5128f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e
-
Filesize
2.8MB
MD51535aa21451192109b86be9bcc7c4345
SHA11af211c686c4d4bf0239ed6620358a19691cf88c
SHA2564641af6a0071e11e13ad3b1cd950e01300542c2b9efb6ae92ffecedde974a4a6
SHA5121762b29f7b26911a7e6d244454eac7268235e2e0c27cd2ca639b8acdde2528c9ddf202ed59ca3155ee1d6ad3deba559a6eaf4ed74624c68688761e3e404e54da
-
Filesize
32KB
MD5715614e09261b39dfa439fa1326c0cec
SHA152d118a34da7f5037cde04c31ff491eb25933b18
SHA256e1dfc005d5403fb2f356276f0abe19df68249ce10e5035450926d56c2f8d3652
SHA512fe905c388b0711f54941076a29b11f2b605655b4a3f409d9f0f077f2fe91f241401035310daa490afb6df50a6deff5456be5ee86984e7b9069506efa07af51ae
-
Filesize
225KB
MD5d711da8a6487aea301e05003f327879f
SHA1548d3779ed3ab7309328f174bfb18d7768d27747
SHA2563d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283
SHA512c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681
-
Filesize
49KB
MD5edf1259cd24332f49b86454ba6f01eab
SHA17f5aa05727b89955b692014c2000ed516f65d81e
SHA256ab41c00808adad9cb3d76405a9e0aee99fb6e654a8bf38df5abd0d161716dc27
SHA512a6762849fedd98f274ca32eb14ec918fdbe278a332fda170ed6d63d4c86161f2208612eb180105f238893a2d2b107228a3e7b12e75e55fde96609c69c896eba0
-
Filesize
16KB
MD5925f0b68b4de450cabe825365a43a05b
SHA1b6c57383a9bd732db7234d1bb34fd75d06e1fb72
SHA2565b1be3f6c280acfe041735c2e7c9a245e806fd7f1bf6029489698b0376e85025
SHA512012aadec4ed60b311f2b5374db3a2e409a0708272e6217049643bf33353ab49e4e144d60260b04e3ae29def8a4e1b8ada853a93972f703ca11b827febe7725af
-
Filesize
453B
MD560a20ce28d05e3f9703899df58f17c07
SHA198630abc4b46c3f9bd6af6f1d0736f2b82551ca9
SHA256b71bc60c5707337f4d4b42ba2b3d7bcd2ba46399d361e948b9c2e8bc15636da2
SHA5122b2331b2dd28fb0bbf95dc8c6ca7e40aa56d4416c269e8f1765f14585a6b5722c689bceba9699dfd7d97903ef56a7a535e88eae01dfcc493ceabb69856fff9aa
-
Filesize
6KB
MD52c81a148f8e851ce008686f96e5bf911
SHA1272289728564c9af2c2bd8974693a099beb354ad
SHA2561a2381382671147f56cf137e749cb8a18f176a16793b2266a70154ee27971437
SHA512409c2e953672b0399987ec85c7113c9154bc9d6ca87cf523485d9913bb0bf92a850638c84b8dc07a96b6366d406a094d32dc62dd76417c0d4e4ae86d8fcb8bbb
-
Filesize
65KB
MD579134a74dd0f019af67d9498192f5652
SHA190235b521e92e600d189d75f7f733c4bda02c027
SHA2569d6e3ed51893661dfe5a98557f5e7e255bbe223e3403a42aa44ea563098c947e
SHA5121627d3abe3a54478c131f664f43c8e91dc5d2f2f7ddc049bc30dfa065eee329ed93edd73c9b93cf07bed997f43d58842333b3678e61aceac391fbe171d8461a3
-
Filesize
10KB
MD5d7309f9b759ccb83b676420b4bde0182
SHA1641ad24a420e2774a75168aaf1e990fca240e348
SHA25651d06affd4db0e4b37d35d0e85b8209d5fab741904e8d03df1a27a0be102324f
SHA5127284f2d48e1747bbc97a1dab91fb57ff659ed9a05b3fa78a7def733e809c15834c15912102f03a81019261431e9ed3c110fd96539c9628c55653e7ac21d8478d
-
Filesize
4KB
MD59eb0320dfbf2bd541e6a55c01ddc9f20
SHA1eb282a66d29594346531b1ff886d455e1dcd6d99
SHA2569095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79
SHA5129ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d
-
Filesize
197KB
MD54356ee50f0b1a878e270614780ddf095
SHA1b5c0915f023b2e4ed3e122322abc40c4437909af
SHA25641a8787fdc9467f563438daba4131191aa1eb588a81beb9a89fe8bd886c16104
SHA512b9e482efe9189683dabfc9feff8b386d7eba4ecf070f42a1eebee6052cfb181a19497f831f1ea6429cfcce1d4865a5d279b24bd738d702902e9887bb9f0c4691
-
Filesize
3KB
MD5a725af7c07b52549023be73328e55809
SHA1c9d8072aaac80f6cf1edfaeaba6c934196631c81
SHA256e009a52eeb2138531c799905010f7677b0fdd4190abe4ac0a25e0e15eb30d865
SHA512d4cd904da5c6a5c6112d212b218abc76429da0e4d6382f4fbd9ca51a976eedef26e202607ff6041c4de7e9db783f62e5a24ee560fed068945aef69fa5491a3ce
-
Filesize
11KB
MD5acf1a7b8aab4c6efda423d4842a10a85
SHA1ac55b84b81527ad1224a85640c5a2555b19b685d
SHA256af0a7036a5f650570990f2d562a7c7636b6eaa54f53b6ce3f43aaa070188dafa
SHA51222e5a8b633a0189e836adb0c34c84b5029e8069e2f0a77803da91ce2b0da14b8fa231ddd1f1b164992d534b8a4ccc51c270e8ff2ff3f2f34536432b4abfc04e5
-
Filesize
356B
MD5d70353dc8c62ad48f288d74d187462b7
SHA1c6b9e22099a90576d0b6c91715ca27d408d498e5
SHA2565b940e5fa696b405425bfa763619b04bf2a9accbe0b4bb8766679e9ed853456e
SHA512945dc9041aa0833624c09f449dbf308b79c715d50214b460f8a733f107453a97c7d6a68f0a83d326c6c6b7a2305e5e22fb39e925d6205324a54bb626d8330cc2
-
Filesize
652B
MD5a72660d60cc35eaf321aa01e3d6115d9
SHA1d01c62c2bb63a41ff4017f68f56c7987466e41d8
SHA2560b964de4aafad936e57f657d32bc205161cfb48cc5d15ccd3c5283e3d0b50a1f
SHA512f1e78ee8606e195fc9c17aea479df878bae464fef4e2481fc795e16dda58ea6cd1cb0133a72e9474bfbb594ed15e532fd76cce589733e4363ef4fea4fd0e3040
-
Filesize
1KB
MD51eda31ffaca0513ba2c0f8e79d9c7edf
SHA13be360e5e9e34eba97a47229192443c4ff12a8c8
SHA256c6ab81131a657bd97cc9906bbf29866e762217fca4aad4e263b0b692c9283cb8
SHA512835d22741a51e1697971f048a517713485f918fc155863cce34101a6460bcd98416b2654cb88fd48d59d51ceea6ca94d9d5afa32b267c7a4d3ef57dc45d1ba96
-
Filesize
356B
MD5a07590a2a14d3098c82602fbdfb3bde1
SHA110c62f3dc02f7467cf0996bc007a60d790f3be07
SHA256c48dc9ceea74f68576bc644dff12a9b1553298e5b4fa63d6c7200f76dcae9f88
SHA51219de0a72738d1c8299edaf2b865226ea15d9fb66d7a96eb9f67f20465fcdf3cd05d1810a6e0dd00b10bcfc87ea7b47588b5d6ce8b7e902df29a7d0f4b1545715
-
Filesize
652B
MD5a3b93df38a93aa2842e6a33f8e1da7a9
SHA1dcbe13f59be7b47e7c857e5449a14bd014e71da9
SHA2566e0bf7e47b4cd605d1f06a3832a965f096934e08031507cd26d3a8ec8ff84fc7
SHA512b0e580535982ef4dd2f2144de6a0bb8769f611a3a5d63178c761c8f7675eaa1ec518bb202ec7c3225b740ed7deeac24988891d484db4c3474e37e7164f1df0cb
-
Filesize
652B
MD5412f1a21c1a26bdca084861c04911855
SHA157f388c58da96f0d634cd0344b90d39cdfe42c15
SHA256bd9401e59e515ca97b6c8b74a3c4a6005323d72c3f1a3d2b94b89916741325e6
SHA512eb039c51953aeb255aee9cb0605bbc8c1a168c9e4a6b3577ee40ae4e855d2b1aa35017a562e086600a701b9e8197b4ca4ec397f4f2caff3f55ad8618dab3bb4b
-
Filesize
5KB
MD5fc2e5c90a6cb21475ea3d4254457d366
SHA168f9e628a26eb033f1ee5b7e38d440cfd598c85d
SHA25658fcc3cfb1e17e21401e2a4b2452a6e5b8a47163008b54fdcdcc8cadff7e5c77
SHA512c54b9ce28fa71d7e3629cdd74ac9f23cba873506f1b5825acc2aa407414ed603af4c846dcf388c579f8324e3538e63b26f90421ea9d7fcdd3b277c21bad1a5b6
-
Filesize
356B
MD5f842882a273d7799ac6bf3da64814c42
SHA13d7c080dd7eeefecc4ab8f3d1e26be6d0e48c6b7
SHA2565041dad0f6d0b9a70989dcd899851a94e5d1e45910eee1546fc4b1834fec7804
SHA5123775bf96f2ed6e3ecafa18a08a25c83db3fc28b6cf99fcd7d35cc53977054497f1c983b58913cae64c95116e332289da4db5715066492736b99d00526d66af60
-
Filesize
652B
MD584197bb5f4ba285999963f913548c085
SHA12600b7968f530fb034240950b0acd91f196fed91
SHA2560dc3b43fb4336d992b4e5f4829c099c51f498d3a4ea706f5849f1fa63d900984
SHA512127951415e7c3cb10f7ac4c07205ed03768caacffddad8d6a90956ed0c3d70866ec72eacc3eaffda1bbad5dcd91d2b8408aa101ef2a1c6827ed33dcfdb6c1ad8
-
Filesize
791B
MD53880de647b10555a534f34d5071fe461
SHA138b108ee6ea0f177b5dd52343e2ed74ca6134ca1
SHA256f73390c091cd7e45dac07c22b26bf667054eacda31119513505390529744e15e
SHA5122bf0a33982ade10ad49b368d313866677bca13074cd988e193b54ab0e1f507116d8218603b62b4e0561f481e8e7e72bdcda31259894552f1e3677627c12a9969
-
Filesize
356B
MD5d715cee1074632b45b055f82456e8497
SHA1cc4f56564d30673e5045d5faeec31c4119185b3e
SHA25660f02ff9094a4ffc8ce170169b4016f11642d766c50c9c8b0bb9f714092d6f89
SHA512be433e756dbff22ccf70c678b3da5a88ec6297672a5d03fe14493e678cb24cef255aee8812cf31ba879d6178856e69382ac27c1804cc2b2dd1e798dc82aa40db
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
136KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
472KB
-
Filesize
316KB
-
Filesize
472KB
-
Filesize
472KB
-
Filesize
316KB
-
Filesize
316KB
-
Filesize
56KB
-
Filesize
56KB
-
Filesize
472KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
56KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
56KB
-
Filesize
5.6MB
-
Filesize
440KB
-
Filesize
584KB
-
Filesize
40KB
-
Filesize
32KB
-
Filesize
56KB
-
Filesize
56KB
