268b9b8e07f7c0f7b895de751634cae25e5189aa33ec4da924b243adda41186c

Resubmissions

01-05-2024 16:21

240501-ttyxjaba41 10

01-05-2024 12:38

240501-pvah4seh9x 8

Analysis

max time kernel
1049s
max time network
565s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
01-05-2024 12:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1.bat
Size

42B
MD5

781f882af4fc7061ede473ee5d75e17c
SHA1

41b54f6c7bbb19327bbf88880ff3a3010e7af6a6
SHA256

268b9b8e07f7c0f7b895de751634cae25e5189aa33ec4da924b243adda41186c
SHA512

9471507eb329ea7050e2da756b8af58dbe3a63d7f0a707d24a6416565cb505d2967046faaeb7d45bce98e65468b95203725b09eebe3310ba589a6c38c9806697

Score

8^/10

discovery evasion

Malware Config

Signatures

Modifies Windows Firewall 2 TTPs 51 IoCs

evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

Processes:

netsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exe

pid	process
5960	netsh.exe
1968	netsh.exe
3060	netsh.exe
6052	netsh.exe
5720	netsh.exe
2988	netsh.exe
6768	netsh.exe
4664	netsh.exe
4840	netsh.exe
404	netsh.exe
716	netsh.exe
1124	netsh.exe
3144	netsh.exe
520	netsh.exe
2316	netsh.exe
3036	netsh.exe
4820	netsh.exe
5416	netsh.exe
6444	netsh.exe
6660	netsh.exe
1780	netsh.exe
5748	netsh.exe
2880	netsh.exe
5000	netsh.exe
2084	netsh.exe
6840	netsh.exe
1068	netsh.exe
7044	netsh.exe
4500	netsh.exe
4724	netsh.exe
7136	netsh.exe
6492	netsh.exe
4264	netsh.exe
5736	netsh.exe
5604	netsh.exe
3872	netsh.exe
5632	netsh.exe
2376	netsh.exe
1120	netsh.exe
5132	netsh.exe
6612	netsh.exe
2388	netsh.exe
6812	netsh.exe
4596	netsh.exe
5744	netsh.exe
5192	netsh.exe
5116	netsh.exe
4008	netsh.exe
712	netsh.exe
5672	netsh.exe
2972	netsh.exe

Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.

Query Registry
T1012

System Information Discovery
T1082

Processes:

cmd.exe

description ioc process

Key value queried \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\International\Geo\Nation cmd.exe
Modifies file permissions 1 TTPs 1 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

takeown.exe

pid process

5780 takeown.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\International\Geo\Nation	cmd.exe

pid	process
5780	takeown.exe

Drops file in Windows directory 11 IoCs

Processes:

taskmgr.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdge.exeMicrosoftEdge.exe

description	ioc	process
File created	C:\Windows\rescache\_merged\1601268389\715946058.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\4183903823\2290032291.pri	taskmgr.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Delays execution with timeout.exe 4 IoCs
evasion

Processes:

timeout.exetimeout.exetimeout.exetimeout.exe

pid process

5324 timeout.exe
6316 timeout.exe
6328 timeout.exe
2488 timeout.exe
Enumerates processes with tasklist 1 TTPs 6 IoCs

Process Discovery
T1057

Processes:

tasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exe

pid process

1372 tasklist.exe
6276 tasklist.exe
6588 tasklist.exe
6332 tasklist.exe
5160 tasklist.exe
5716 tasklist.exe

pid	process
5324	timeout.exe
6316	timeout.exe
6328	timeout.exe
2488	timeout.exe

pid	process
1372	tasklist.exe
6276	tasklist.exe
6588	tasklist.exe
6332	tasklist.exe
5160	tasklist.exe
5716	tasklist.exe

Gathers network information 2 TTPs 16 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

Processes:

NETSTAT.EXENETSTAT.EXEipconfig.exeNETSTAT.EXENETSTAT.EXEipconfig.exeNETSTAT.EXEipconfig.exeNETSTAT.EXENETSTAT.EXENETSTAT.EXEipconfig.exeNETSTAT.EXEipconfig.exeipconfig.exeNETSTAT.EXE

pid	process
2500	NETSTAT.EXE
1400	NETSTAT.EXE
2464	ipconfig.exe
2896	NETSTAT.EXE
6248	NETSTAT.EXE
2224	ipconfig.exe
6388	NETSTAT.EXE
5316	ipconfig.exe
6732	NETSTAT.EXE
5484	NETSTAT.EXE
3580	NETSTAT.EXE
5888	ipconfig.exe
6720	NETSTAT.EXE
1756	ipconfig.exe
1904	ipconfig.exe
4740	NETSTAT.EXE

Gathers system information 1 TTPs 3 IoCs
Runs systeminfo.exe.

System Information Discovery
T1082

Processes:

systeminfo.exesysteminfo.exesysteminfo.exe

pid process

4268 systeminfo.exe
4696 systeminfo.exe
3124 systeminfo.exe

pid	process
4268	systeminfo.exe
4696	systeminfo.exe
3124	systeminfo.exe

Kills process with taskkill 64 IoCs

evasion

Processes:

taskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exe

pid	process
2304	taskkill.exe
6364	taskkill.exe
4160	taskkill.exe
772	taskkill.exe
6956	taskkill.exe
1572	taskkill.exe
5428	taskkill.exe
7104	taskkill.exe
6324	taskkill.exe
2844	taskkill.exe
3652	taskkill.exe
5900	taskkill.exe
3672	taskkill.exe
6496	taskkill.exe
5616	taskkill.exe
4116	taskkill.exe
6792	taskkill.exe
6584	taskkill.exe
3496	taskkill.exe
5568	taskkill.exe
2472	taskkill.exe
6504	taskkill.exe
6984	taskkill.exe
5636	taskkill.exe
2228	taskkill.exe
5236	taskkill.exe
3060	taskkill.exe
5984	taskkill.exe
3920	taskkill.exe
5528	taskkill.exe
5780	taskkill.exe
5632	taskkill.exe
6928	taskkill.exe
1152	taskkill.exe
6172	taskkill.exe
6456	taskkill.exe
684	taskkill.exe
5124	taskkill.exe
5892	taskkill.exe
5800	taskkill.exe
3296	taskkill.exe
6936	taskkill.exe
6476	taskkill.exe
4440	taskkill.exe
4168	taskkill.exe
5864	taskkill.exe
5828	taskkill.exe
2884	taskkill.exe
1556	taskkill.exe
2872	taskkill.exe
2676	taskkill.exe
1988	taskkill.exe
2368	taskkill.exe
5820	taskkill.exe
376	taskkill.exe
4976	taskkill.exe
2180	taskkill.exe
2404	taskkill.exe
5100	taskkill.exe
5372	taskkill.exe
796	taskkill.exe
4412	taskkill.exe
6288	taskkill.exe
504	taskkill.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

Processes:

browser_broker.exeMicrosoftEdgeCP.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies registry class 64 IoCs

Processes:

MicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\google.com\NumberOfSubdom = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = e61348efc49bda01	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState\EdpCleanupState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\ufile.io	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\en-US = "en-US.1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com\Total = "138"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "101"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$vBulletin 3	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com\ = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\google.com	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "253"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DomStorageState	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "142"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 5a6518efc49bda01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\FileVersion = "2016061511"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\JumpListInPrivateBrowsingAllowed = "1"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = f2a74f93c49bda01	MicrosoftEdge.exe

NTFS ADS 1 IoCs

Processes:

browser_broker.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\FA Adv Security Tool.bat.ghafei3.partial:Zone.Identifier browser_broker.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\FA Adv Security Tool.bat.ghafei3.partial:Zone.Identifier	browser_broker.exe

Opens file in notepad (likely ransom note) 11 IoCs

ransomware

Processes:

NOTEPAD.EXENOTEPAD.EXENOTEPAD.EXENOTEPAD.EXEnotepad.exeNOTEPAD.EXENOTEPAD.EXENOTEPAD.EXENOTEPAD.EXENOTEPAD.EXENOTEPAD.EXE

pid	process
5132	NOTEPAD.EXE
1616	NOTEPAD.EXE
6208	NOTEPAD.EXE
1492	NOTEPAD.EXE
2472	notepad.exe
3624	NOTEPAD.EXE
6924	NOTEPAD.EXE
6860	NOTEPAD.EXE
1148	NOTEPAD.EXE
5428	NOTEPAD.EXE
6324	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

taskmgr.exe

pid	process
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

taskmgr.exe

pid process

2524 taskmgr.exe

Suspicious behavior: MapViewOfSection 18 IoCs

Processes:

MicrosoftEdgeCP.exe

pid	process
3584	MicrosoftEdgeCP.exe
3584	MicrosoftEdgeCP.exe
3584	MicrosoftEdgeCP.exe
3584	MicrosoftEdgeCP.exe
3584	MicrosoftEdgeCP.exe
3584	MicrosoftEdgeCP.exe
3584	MicrosoftEdgeCP.exe
3584	MicrosoftEdgeCP.exe
3584	MicrosoftEdgeCP.exe
3584	MicrosoftEdgeCP.exe
3584	MicrosoftEdgeCP.exe
3584	MicrosoftEdgeCP.exe
3584	MicrosoftEdgeCP.exe
3584	MicrosoftEdgeCP.exe
3584	MicrosoftEdgeCP.exe
3584	MicrosoftEdgeCP.exe
3584	MicrosoftEdgeCP.exe
3584	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

MicrosoftEdgeCP.exeMicrosoftEdgeCP.exetaskmgr.exetasklist.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exe

description	pid	process
Token: SeDebugPrivilege	424	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	424	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	424	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	424	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2264	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2264	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2524	taskmgr.exe
Token: SeSystemProfilePrivilege	2524	taskmgr.exe
Token: SeCreateGlobalPrivilege	2524	taskmgr.exe
Token: SeDebugPrivilege	1372	tasklist.exe
Token: SeDebugPrivilege	6724	taskkill.exe
Token: SeDebugPrivilege	6828	taskkill.exe
Token: SeDebugPrivilege	6644	taskkill.exe
Token: SeDebugPrivilege	6756	taskkill.exe
Token: SeDebugPrivilege	6504	taskkill.exe
Token: SeDebugPrivilege	372	taskkill.exe
Token: SeDebugPrivilege	5488	taskkill.exe
Token: SeDebugPrivilege	5900	taskkill.exe
Token: SeDebugPrivilege	7036	taskkill.exe
Token: SeDebugPrivilege	6244	taskkill.exe
Token: SeDebugPrivilege	6236	taskkill.exe
Token: SeDebugPrivilege	6452	taskkill.exe
Token: SeDebugPrivilege	6324	taskkill.exe
Token: SeDebugPrivilege	6524	taskkill.exe
Token: SeDebugPrivilege	2488	taskkill.exe
Token: SeDebugPrivilege	6856	taskkill.exe
Token: SeDebugPrivilege	2680	taskkill.exe
Token: SeDebugPrivilege	5784	taskkill.exe
Token: SeDebugPrivilege	6196	taskkill.exe
Token: SeDebugPrivilege	6184	taskkill.exe
Token: SeDebugPrivilege	4412	taskkill.exe
Token: SeDebugPrivilege	2836	taskkill.exe
Token: SeDebugPrivilege	5232	taskkill.exe
Token: SeDebugPrivilege	5156	taskkill.exe
Token: SeDebugPrivilege	800	taskkill.exe
Token: SeDebugPrivilege	5636	taskkill.exe
Token: SeDebugPrivilege	5360	taskkill.exe
Token: SeDebugPrivilege	4432	taskkill.exe
Token: SeDebugPrivilege	5468	taskkill.exe
Token: SeDebugPrivilege	5068	taskkill.exe
Token: SeDebugPrivilege	4268	taskkill.exe
Token: SeDebugPrivilege	3948	taskkill.exe
Token: SeDebugPrivilege	5524	taskkill.exe
Token: SeDebugPrivilege	5864	taskkill.exe
Token: SeDebugPrivilege	6348	taskkill.exe
Token: SeDebugPrivilege	380	taskkill.exe
Token: SeDebugPrivilege	4492	taskkill.exe
Token: SeDebugPrivilege	2304	taskkill.exe
Token: SeDebugPrivilege	8	taskkill.exe
Token: SeDebugPrivilege	7004	taskkill.exe
Token: SeDebugPrivilege	6904	taskkill.exe
Token: SeDebugPrivilege	6984	taskkill.exe
Token: SeDebugPrivilege	2172	taskkill.exe
Token: SeDebugPrivilege	7000	taskkill.exe
Token: SeDebugPrivilege	7152	taskkill.exe
Token: SeDebugPrivilege	2648	taskkill.exe
Token: SeDebugPrivilege	6256	taskkill.exe
Token: SeDebugPrivilege	5484	taskkill.exe
Token: SeDebugPrivilege	5328	taskkill.exe
Token: SeDebugPrivilege	1904	taskkill.exe
Token: SeDebugPrivilege	996	taskkill.exe
Token: SeDebugPrivilege	1364	taskkill.exe
Token: SeDebugPrivilege	1896	taskkill.exe
Token: SeDebugPrivilege	5880	taskkill.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

taskmgr.exe

pid	process
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

taskmgr.exe

pid	process
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe
2524	taskmgr.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

pid process

316 MicrosoftEdge.exe
3584 MicrosoftEdgeCP.exe
424 MicrosoftEdgeCP.exe
3584 MicrosoftEdgeCP.exe
2060 MicrosoftEdgeCP.exe

pid	process
316	MicrosoftEdge.exe
3584	MicrosoftEdgeCP.exe
424	MicrosoftEdgeCP.exe
3584	MicrosoftEdgeCP.exe
2060	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

MicrosoftEdgeCP.exe

description	pid	process	target process
PID 3584 wrote to memory of 3032	3584	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3584 wrote to memory of 3032	3584	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3584 wrote to memory of 3032	3584	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3584 wrote to memory of 3032	3584	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3584 wrote to memory of 3032	3584	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3584 wrote to memory of 3032	3584	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3584 wrote to memory of 3032	3584	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3584 wrote to memory of 3032	3584	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3584 wrote to memory of 3032	3584	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3584 wrote to memory of 3032	3584	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3584 wrote to memory of 3032	3584	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3584 wrote to memory of 3032	3584	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3584 wrote to memory of 3032	3584	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3584 wrote to memory of 3032	3584	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3584 wrote to memory of 3032	3584	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3584 wrote to memory of 3032	3584	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3584 wrote to memory of 3032	3584	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3584 wrote to memory of 3032	3584	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3584 wrote to memory of 3032	3584	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3584 wrote to memory of 3032	3584	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3584 wrote to memory of 3032	3584	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3584 wrote to memory of 3032	3584	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3584 wrote to memory of 3032	3584	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3584 wrote to memory of 3032	3584	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3584 wrote to memory of 3032	3584	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3584 wrote to memory of 3032	3584	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3584 wrote to memory of 3032	3584	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3584 wrote to memory of 3032	3584	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3584 wrote to memory of 3032	3584	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3584 wrote to memory of 3032	3584	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3584 wrote to memory of 3032	3584	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3584 wrote to memory of 3032	3584	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3584 wrote to memory of 3032	3584	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3584 wrote to memory of 3032	3584	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3584 wrote to memory of 3032	3584	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3584 wrote to memory of 3032	3584	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3584 wrote to memory of 3032	3584	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3584 wrote to memory of 3032	3584	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3584 wrote to memory of 3032	3584	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3584 wrote to memory of 3032	3584	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3584 wrote to memory of 3032	3584	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3584 wrote to memory of 2084	3584	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3584 wrote to memory of 2084	3584	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3584 wrote to memory of 2084	3584	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3584 wrote to memory of 2084	3584	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3584 wrote to memory of 2084	3584	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3584 wrote to memory of 2084	3584	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3584 wrote to memory of 2084	3584	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3584 wrote to memory of 2084	3584	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3584 wrote to memory of 2084	3584	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3584 wrote to memory of 2084	3584	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3584 wrote to memory of 2084	3584	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3584 wrote to memory of 2084	3584	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3584 wrote to memory of 3032	3584	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3584 wrote to memory of 3032	3584	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3584 wrote to memory of 3032	3584	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3584 wrote to memory of 3032	3584	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3584 wrote to memory of 2084	3584	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3584 wrote to memory of 2084	3584	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3584 wrote to memory of 3032	3584	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3584 wrote to memory of 3032	3584	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3584 wrote to memory of 3032	3584	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3584 wrote to memory of 3032	3584	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3584 wrote to memory of 3032	3584	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\1.bat"
1⤵
- Checks computer location settings
PID:2232

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:316

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
- NTFS ADS
PID:4948

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3584

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:424

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:3032

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:2264

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:2224

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:4340

C:\Windows\System32\DataExchangeHost.exe
C:\Windows\System32\DataExchangeHost.exe -Embedding
1⤵
PID:5004

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2060

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:4668

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:2084

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:3568

C:\Windows\System32\DataExchangeHost.exe
C:\Windows\System32\DataExchangeHost.exe -Embedding
1⤵
PID:4672

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:7040

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:1068

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1316

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\FA Adv Security Tool.bat" "
1⤵
PID:6108

C:\Windows\system32\tasklist.exe
tasklist
2⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:1372

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:6724

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:6828

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:6644

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:6756

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:6504

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:372

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:5488

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:5900

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:7036

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:6244

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:6236

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:6452

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:6324

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:6524

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:2488

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:6856

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:2680

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:5784

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:6196

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:6184

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:4412

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:2836

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:5232

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:5156

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:800

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:5636

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:5360

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:4432

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:5468

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:5068

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:4268

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:3948

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:5524

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:5864

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:6348

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:380

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:4492

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2304

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:8

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:7004

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:6904

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:6984

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:2172

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:7000

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:7152

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:2648

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:6256

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:5484

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:5328

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:1904

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:996

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:1364

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:1896

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:5880

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Kills process with taskkill
PID:5984

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5976

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6016

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6028

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:3856

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4368

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5736

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Kills process with taskkill
PID:2884

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6072

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6872

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5288

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4964

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6292

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Kills process with taskkill
PID:1556

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Kills process with taskkill
PID:2844

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6068

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Kills process with taskkill
PID:3920

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5300

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Kills process with taskkill
PID:4976

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6776

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6768

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6560

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:2744

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6852

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4504

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6840

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:7028

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6648

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4464

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:1620

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4172

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4804

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:2224

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:1404

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:2052

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:2588

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Kills process with taskkill
PID:3296

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:3332

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4848

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6432

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Kills process with taskkill
PID:6456

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:2896

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:1972

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5100

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:2920

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:596

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4724

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6756

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6508

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4152

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:2880

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:2152

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:396

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:2800

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5672

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:7044

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5336

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:660

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:7068

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:1080

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:3872

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:7104

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4740

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4984

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:912

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:948

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Kills process with taskkill
PID:3652

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:3596

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:3888

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:1128

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5368

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:3892

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5024

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:7040

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5512

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5204

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6272

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6308

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6360

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6320

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6332

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6368

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5876

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6352

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6632

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5872

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6172

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4164

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5040

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4992

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5892

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5292

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4512

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5400

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5396

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Kills process with taskkill
PID:4116

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:796

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5740

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Kills process with taskkill
PID:5528

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5932

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6496

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5776

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5228

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Kills process with taskkill
PID:2228

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5064

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:1704

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Kills process with taskkill
PID:6936

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6992

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6964

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6980

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6900

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:7164

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4196

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4824

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5744

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:2484

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:400

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:2760

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5640

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:996

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:1364

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:1896

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5880

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5984

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5976

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6016

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6028

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:3856

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4368

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5736

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:2884

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6072

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6812

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5148

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Kills process with taskkill
PID:6792

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5316

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5632

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5756

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5848

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5464

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5300

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4976

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6776

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6768

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6560

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:2744

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6852

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4504

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6012

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6712

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:1428

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:1836

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:2468

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4664

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:96

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Kills process with taskkill
PID:2872

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:3496

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4668

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:1068

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:3604

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:2676

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:3992

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6772

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6436

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4892

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:1304

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:3316

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4460

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Kills process with taskkill
PID:6584

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6788

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Kills process with taskkill
PID:6476

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:7092

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:820

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:3036

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:2408

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Kills process with taskkill
PID:1572

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:2340

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5696

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:7096

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Kills process with taskkill
PID:2180

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:2996

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5684

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Kills process with taskkill
PID:772

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5264

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:652

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:2868

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:1968

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6468

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:1644

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:3144

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4352

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:2148

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6492

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:3032

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:2060

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5036

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:3584

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5488

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5108

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:7036

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6264

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6236

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6452

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6380

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6564

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4812

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Kills process with taskkill
PID:6364

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4320

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5644

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:1744

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5060

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4412

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5284

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5780

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5472

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5304

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Kills process with taskkill
PID:5428

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5360

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4432

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5468

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5068

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4268

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5916

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:2364

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:1796

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6916

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:512

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5448

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:1936

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:7088

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Kills process with taskkill
PID:6928

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:7144

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6940

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6888

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:7008

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:7156

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4440

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:3540

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5532

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:1060

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5020

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Kills process with taskkill
PID:684

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5576

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5664

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5792

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5896

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5992

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:1864

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6040

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:1916

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5236

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6512

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Kills process with taskkill
PID:376

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4576

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:2368

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:2888

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5888

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5256

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5956

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:2128

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Kills process with taskkill
PID:2404

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6060

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6732

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5516

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4348

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6604

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6768

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6560

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:2744

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6852

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4760

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:236

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:3312

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:2316

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:204

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4340

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:2384

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:96

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:2872

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Kills process with taskkill
PID:3496

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4668

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:1068

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:3604

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Kills process with taskkill
PID:2676

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:3992

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4264

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Kills process with taskkill
PID:4160

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:2388

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:1972

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Kills process with taskkill
PID:5100

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:2920

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5028

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6804

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6756

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6708

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4044

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:2428

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:3164

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4884

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:1884

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5620

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:7044

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4708

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5688

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6112

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:7124

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:3872

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:7136

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:988

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:752

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:912

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:3104

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Kills process with taskkill
PID:5124

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:792

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:1120

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:372

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6528

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5056

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4540

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:700

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Kills process with taskkill
PID:5900

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Kills process with taskkill
PID:6288

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6244

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:2444

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6484

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6328

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6656

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6368

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6384

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6352

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6632

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5644

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:1744

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5060

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4412

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5284

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Kills process with taskkill
PID:5780

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5472

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5304

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5276

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5360

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4432

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5468

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5068

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5424

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5812

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4800

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:1280

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5188

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:7112

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6932

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6908

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:7148

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6896

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Kills process with taskkill
PID:6956

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:7012

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5260

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:3132

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:7156

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Kills process with taskkill
PID:4440

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:3540

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5532

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:360

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5724

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5704

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5996

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5940

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Kills process with taskkill
PID:504

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4428

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:196

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6208

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5420

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6128

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Kills process with taskkill
PID:5236

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6512

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:376

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4576

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:2368

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:2888

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5888

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5256

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5956

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:2128

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:2404

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6060

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:2516

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5192

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5116

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6412

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5852

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6668

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5816

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5280

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6268

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5712

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6840

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Kills process with taskkill
PID:4168

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:1428

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:1836

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:2468

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4664

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4408

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:2924

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5144

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4184

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5332

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:7100

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6624

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6444

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6432

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6456

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:2896

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:3896

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:1092

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:2188

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:596

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4356

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6788

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6476

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:7092

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:820

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:3036

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:2408

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:1572

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:2340

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5696

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5588

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:1712

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:660

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5684

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:508

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:3916

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:1124

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4956

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:1464

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:3160

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4048

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4820

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4100

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:2456

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:424

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:524

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Kills process with taskkill
PID:3060

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Kills process with taskkill
PID:5568

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:3412

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6228

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6276

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6316

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6312

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:3884

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6540

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5168

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:920

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6216

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6152

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:1468

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6156

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6200

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:704

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4992

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:240

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Kills process with taskkill
PID:2472

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4216

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4644

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Kills process with taskkill
PID:5372

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Kills process with taskkill
PID:1988

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5456

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6472

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:3348

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:3948

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5524

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Kills process with taskkill
PID:5864

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6348

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:380

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4492

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:2304

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:8

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5216

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6976

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:2936

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:692

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:7020

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4824

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:2360

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:2492

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5660

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Kills process with taskkill
PID:5828

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5996

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5940

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:504

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4428

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:196

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6208

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5420

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4368

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:3128

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:2884

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5944

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4576

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Kills process with taskkill
PID:2368

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:2888

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5888

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Kills process with taskkill
PID:5632

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:7048

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6764

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5416

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6416

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6844

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6616

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5280

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:2292

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:2588

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4716

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6592

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6784

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6508

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4152

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:2296

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:3448

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:1980

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4596

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:396

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:3116

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4188

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:7096

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:716

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4500

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Kills process with taskkill
PID:1152

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4788

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:2424

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Kills process with taskkill
PID:7104

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Kills process with taskkill
PID:3672

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:1624

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:3424

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:948

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:3620

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:3596

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:2480

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:1128

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5368

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:316

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5024

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5760

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6252

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6284

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6244

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:2444

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6484

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6324

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6620

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:2192

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:2680

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6248

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6196

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Kills process with taskkill
PID:6172

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4164

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5040

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Kills process with taskkill
PID:5820

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Kills process with taskkill
PID:5892

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:1920

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5356

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5440

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5304

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5276

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Kills process with taskkill
PID:796

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5740

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5468

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:3092

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Kills process with taskkill
PID:6496

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Kills process with taskkill
PID:5800

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6876

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:1280

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5188

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:3328

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6924

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6908

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6904

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6896

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6956

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5260

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:2792

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4792

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5584

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
- Kills process with taskkill
PID:5616

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:6000

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5828

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5996

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:5940

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:504

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4428

C:\Windows\system32\taskkill.exe
taskkill /f /im MicrosoftEdge.exe
2⤵
PID:4192

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2524

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
PID:5712

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
PID:348

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
PID:1412

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
PID:5332

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
PID:3896

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\FA Adv Security Tool.bat" "
1⤵
PID:5364

C:\Windows\system32\netsh.exe
netsh firewall set opmode enable
2⤵
- Modifies Windows Firewall
PID:5132

C:\Windows\system32\netsh.exe
netsh firewall set opmode mode=ENABLE
2⤵
- Modifies Windows Firewall
PID:5736

C:\Windows\system32\netsh.exe
netsh advfirewall set currentprofile state on
2⤵
- Modifies Windows Firewall
PID:6052

C:\Windows\system32\netsh.exe
netsh advfirewall set domainprofile state on
2⤵
- Modifies Windows Firewall
PID:6812

C:\Windows\system32\netsh.exe
netsh advfirewall set privateprofile state on
2⤵
- Modifies Windows Firewall
PID:5720

C:\Windows\system32\netsh.exe
netsh advfirewall set publicprofile state on
2⤵
- Modifies Windows Firewall
PID:5960

C:\Windows\system32\netsh.exe
netsh advfirewall set allprofiles state on
2⤵
- Modifies Windows Firewall
PID:2988

C:\Windows\system32\netsh.exe
netsh firewall set opmode enable
2⤵
- Modifies Windows Firewall
PID:5632

C:\Windows\system32\netsh.exe
netsh firewall set opmode mode=ENABLE
2⤵
- Modifies Windows Firewall
PID:5192

C:\Windows\system32\netsh.exe
netsh advfirewall set currentprofile state on
2⤵
- Modifies Windows Firewall
PID:5116

C:\Windows\system32\netsh.exe
netsh advfirewall set domainprofile state on
2⤵
- Modifies Windows Firewall
PID:5416

C:\Windows\system32\netsh.exe
netsh advfirewall set privateprofile state on
2⤵
- Modifies Windows Firewall
PID:6768

C:\Windows\system32\netsh.exe
netsh advfirewall set publicprofile state on
2⤵
- Modifies Windows Firewall
PID:5604

C:\Windows\system32\netsh.exe
netsh advfirewall set allprofiles state on
2⤵
- Modifies Windows Firewall
PID:6660

C:\Windows\system32\netsh.exe
netsh firewall set opmode enable
2⤵
- Modifies Windows Firewall
PID:2376

C:\Windows\system32\netsh.exe
netsh firewall set opmode mode=ENABLE
2⤵
- Modifies Windows Firewall
PID:1780

C:\Windows\system32\netsh.exe
netsh advfirewall set currentprofile state on
2⤵
- Modifies Windows Firewall
PID:4664

C:\Windows\system32\netsh.exe
netsh advfirewall set domainprofile state on
2⤵
- Modifies Windows Firewall
PID:520

C:\Windows\system32\netsh.exe
netsh advfirewall set privateprofile state on
2⤵
- Modifies Windows Firewall
PID:2316

C:\Windows\system32\netsh.exe
netsh advfirewall set publicprofile state on
2⤵
- Modifies Windows Firewall
PID:6840

C:\Windows\system32\netsh.exe
netsh advfirewall set allprofiles state on
2⤵
- Modifies Windows Firewall
PID:6612

C:\Windows\system32\netsh.exe
netsh firewall set opmode enable
2⤵
- Modifies Windows Firewall
PID:6444

C:\Windows\system32\netsh.exe
netsh firewall set opmode mode=ENABLE
2⤵
- Modifies Windows Firewall
PID:4264

C:\Windows\system32\netsh.exe
netsh advfirewall set currentprofile state on
2⤵
- Modifies Windows Firewall
PID:2388

C:\Windows\system32\netsh.exe
netsh advfirewall set domainprofile state on
2⤵
- Modifies Windows Firewall
PID:4008

C:\Windows\system32\netsh.exe
netsh advfirewall set privateprofile state on
2⤵
- Modifies Windows Firewall
PID:1068

C:\Windows\system32\netsh.exe
netsh advfirewall set publicprofile state on
2⤵
- Modifies Windows Firewall
PID:4724

C:\Windows\system32\netsh.exe
netsh advfirewall set allprofiles state on
2⤵
- Modifies Windows Firewall
PID:5748

C:\Windows\system32\netsh.exe
netsh firewall set opmode enable
2⤵
- Modifies Windows Firewall
PID:712

C:\Windows\system32\netsh.exe
netsh firewall set opmode mode=ENABLE
2⤵
- Modifies Windows Firewall
PID:2880

C:\Windows\system32\netsh.exe
netsh advfirewall set currentprofile state on
2⤵
- Modifies Windows Firewall
PID:4840

C:\Windows\system32\netsh.exe
netsh advfirewall set domainprofile state on
2⤵
- Modifies Windows Firewall
PID:5000

C:\Windows\system32\netsh.exe
netsh advfirewall set privateprofile state on
2⤵
- Modifies Windows Firewall
PID:3036

C:\Windows\system32\netsh.exe
netsh advfirewall set publicprofile state on
2⤵
- Modifies Windows Firewall
PID:4596

C:\Windows\system32\netsh.exe
netsh advfirewall set allprofiles state on
2⤵
- Modifies Windows Firewall
PID:404

C:\Windows\system32\netsh.exe
netsh firewall set opmode enable
2⤵
- Modifies Windows Firewall
PID:5672

C:\Windows\system32\netsh.exe
netsh firewall set opmode mode=ENABLE
2⤵
- Modifies Windows Firewall
PID:7044

C:\Windows\system32\netsh.exe
netsh advfirewall set currentprofile state on
2⤵
- Modifies Windows Firewall
PID:716

C:\Windows\system32\netsh.exe
netsh advfirewall set domainprofile state on
2⤵
- Modifies Windows Firewall
PID:5744

C:\Windows\system32\netsh.exe
netsh advfirewall set privateprofile state on
2⤵
- Modifies Windows Firewall
PID:4500

C:\Windows\system32\netsh.exe
netsh advfirewall set publicprofile state on
2⤵
- Modifies Windows Firewall
PID:3872

C:\Windows\system32\netsh.exe
netsh advfirewall set allprofiles state on
2⤵
- Modifies Windows Firewall
PID:7136

C:\Windows\system32\netsh.exe
netsh firewall set opmode enable
2⤵
- Modifies Windows Firewall
PID:1124

C:\Windows\system32\netsh.exe
netsh firewall set opmode mode=ENABLE
2⤵
- Modifies Windows Firewall
PID:2972

C:\Windows\system32\netsh.exe
netsh advfirewall set currentprofile state on
2⤵
- Modifies Windows Firewall
PID:1968

C:\Windows\system32\netsh.exe
netsh advfirewall set domainprofile state on
2⤵
- Modifies Windows Firewall
PID:3144

C:\Windows\system32\netsh.exe
netsh advfirewall set privateprofile state on
2⤵
- Modifies Windows Firewall
PID:4820

C:\Windows\system32\netsh.exe
netsh advfirewall set publicprofile state on
2⤵
- Modifies Windows Firewall
PID:6492

C:\Windows\system32\netsh.exe
netsh advfirewall set allprofiles state on
2⤵
- Modifies Windows Firewall
PID:1120

C:\Windows\system32\netsh.exe
netsh firewall set opmode enable
2⤵
- Modifies Windows Firewall
PID:2084

C:\Windows\system32\netsh.exe
netsh firewall set opmode mode=ENABLE
2⤵
- Modifies Windows Firewall
PID:3060

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\FA Adv Security Tool.bat" "
1⤵
PID:1052

C:\Windows\system32\tasklist.exe
tasklist
2⤵
- Enumerates processes with tasklist
PID:6276

C:\Windows\system32\timeout.exe
timeout /t 5
2⤵
- Delays execution with timeout.exe
PID:6316

C:\Windows\system32\tasklist.exe
tasklist
2⤵
- Enumerates processes with tasklist
PID:6588

C:\Windows\system32\timeout.exe
timeout /t 5
2⤵
- Delays execution with timeout.exe
PID:6328

C:\Windows\system32\tasklist.exe
tasklist
2⤵
- Enumerates processes with tasklist
PID:6332

C:\Windows\system32\timeout.exe
timeout /t 5
2⤵
- Delays execution with timeout.exe
PID:2488

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\FA Adv Security Tool.bat" "
1⤵
PID:6384

C:\Windows\system32\NETSTAT.EXE
netstat -o
2⤵
- Gathers network information
PID:6248

C:\Windows\system32\tasklist.exe
tasklist
2⤵
- Enumerates processes with tasklist
PID:5160

C:\Windows\system32\tasklist.exe
tasklist /APPS /FI "STATUS EQ NOT RESPONDING"
2⤵
- Enumerates processes with tasklist
PID:5716

C:\Windows\system32\timeout.exe
timeout /t 10
2⤵
- Delays execution with timeout.exe
PID:5324

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\FAproconectlist.txt
2⤵
- Opens file in notepad (likely ransom note)
PID:5428

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\FA Adv Security Tool.bat" "
1⤵
PID:816

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\FAproconectlist.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:1492

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\FA Adv Security Tool.bat" "
1⤵
PID:6800

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\FAproconectlist.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:6324

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:5292

C:\Windows\system32\takeown.exe
takeown /f C:\Users\Admin\Desktop\FAproconectlist.txt
2⤵
- Modifies file permissions
PID:5780

C:\Windows\System32\notepad.exe
"C:\Windows\System32\notepad.exe" "C:\Users\Admin\Desktop\CompressLock.ps1"
1⤵
- Opens file in notepad (likely ransom note)
PID:2472

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Desktop\FA Adv Security Tool.bat"
1⤵
PID:5428

C:\Windows\System32\Wbem\WMIC.exe
wmic diskdrive get size
2⤵
PID:5356

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get name
2⤵
PID:5152

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\FAtemphdwinf.txt
2⤵
- Opens file in notepad (likely ransom note)
PID:3624

C:\Windows\System32\Wbem\WMIC.exe
wmic diskdrive get size
2⤵
PID:6136

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get name
2⤵
PID:2304

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\FAtemphdwinf.txt
2⤵
- Opens file in notepad (likely ransom note)
PID:6924

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\FA Adv Security Tool.bat" "
1⤵
PID:6396

C:\Windows\system32\systeminfo.exe
systeminfo
2⤵
- Gathers system information
PID:4268

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\FAsysinf.txt
2⤵
- Opens file in notepad (likely ransom note)
PID:5132

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\FA Adv Security Tool.bat" "
1⤵
PID:3128

C:\Windows\system32\netsh.exe
netsh wlan show profiles
2⤵
PID:648

C:\Windows\system32\ipconfig.exe
ipconfig
2⤵
- Gathers network information
PID:5316

C:\Windows\system32\ipconfig.exe
ipconfig
2⤵
- Gathers network information
PID:5888

C:\Windows\system32\find.exe
find /i "IPv4"
2⤵
PID:6428

C:\Windows\system32\NETSTAT.EXE
netstat -an
2⤵
- Gathers network information
PID:2500

C:\Windows\system32\NETSTAT.EXE
netstat -anob
2⤵
- Gathers network information
PID:1400

C:\Windows\system32\NETSTAT.EXE
netstat -anob
2⤵
- Gathers network information
PID:6732

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\FAnetinf.txt
2⤵
- Opens file in notepad (likely ransom note)
PID:6860

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\FA Adv Security Tool.bat" "
1⤵
PID:4564

C:\Windows\system32\netsh.exe
netsh wlan show profiles
2⤵
PID:2476

C:\Windows\system32\ipconfig.exe
ipconfig
2⤵
- Gathers network information
PID:2224

C:\Windows\system32\ipconfig.exe
ipconfig
2⤵
- Gathers network information
PID:2464

C:\Windows\system32\find.exe
find /i "IPv4"
2⤵
PID:6652

C:\Windows\system32\NETSTAT.EXE
netstat -an
2⤵
- Gathers network information
PID:6388

C:\Windows\system32\NETSTAT.EXE
netstat -anob
2⤵
- Gathers network information
PID:6720

C:\Windows\system32\NETSTAT.EXE
netstat -anob
2⤵
- Gathers network information
PID:2896

C:\Windows\system32\systeminfo.exe
systeminfo
2⤵
- Gathers system information
PID:4696

C:\Windows\System32\Wbem\WMIC.exe
wmic diskdrive get size
2⤵
PID:4572

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get name
2⤵
PID:4480

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\FAallinfo.txt
2⤵
- Opens file in notepad (likely ransom note)
PID:1148

C:\Windows\system32\netsh.exe
netsh wlan show profiles
2⤵
PID:3608

C:\Windows\system32\ipconfig.exe
ipconfig
2⤵
- Gathers network information
PID:1756

C:\Windows\system32\ipconfig.exe
ipconfig
2⤵
- Gathers network information
PID:1904

C:\Windows\system32\find.exe
find /i "IPv4"
2⤵
PID:3540

C:\Windows\system32\NETSTAT.EXE
netstat -an
2⤵
- Gathers network information
PID:5484

C:\Windows\system32\NETSTAT.EXE
netstat -anob
2⤵
- Gathers network information
PID:4740

C:\Windows\system32\NETSTAT.EXE
netstat -anob
2⤵
- Gathers network information
PID:3580

C:\Windows\system32\systeminfo.exe
systeminfo
2⤵
- Gathers system information
PID:3124

C:\Windows\System32\Wbem\WMIC.exe
wmic diskdrive get size
2⤵
PID:4048

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get name
2⤵
PID:6140

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\FAallinfo.txt
2⤵
- Opens file in notepad (likely ransom note)
PID:1616

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\FAallinfo.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:6208

C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\FA Adv Security Tool.bat
1⤵
PID:6320

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

File and Directory Permissions Modification

T1222

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
Filesize
4KB

MD5
1bfe591a4fe3d91b03cdf26eaacd8f89

SHA1
719c37c320f518ac168c86723724891950911cea

SHA256
9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

SHA512
02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\B4U56X23\edgecompatviewlist[1].xml
Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5DSZ1G5Q\cqkymsa9[2].htm
Filesize
79KB

MD5
d352aa321051191d09dc71e1f169b151

SHA1
1bc9d97e30dd655ff69d69d1c8adb35dee903049

SHA256
87e00a0106023ef98a1e0e99be1101e3cd09045dcb68a9f603d272bc11f3af9d

SHA512
d905ad820a9d7edc53f1a31c98b72cf1c573d47cb88e34808059fbae3f6cd15135e02210b4d06ff9f0daeff42791bf4b0ab7caaa313741876aef0acb7e2b6be6

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5DSZ1G5Q\js[1].js
Filesize
217KB

MD5
2f865e9c0f93fa21d2e94e9984e6b5b9

SHA1
d8a48393ad41a6c717a30b9260176cd8eee14723

SHA256
916aaca93807e9b6509b06a102265c02cfbd1f6de96bd4d05f71254196962ae1

SHA512
e772d5a14bbd8214bb0f44fef50570a32250cb474167b28a5d4c658c633543a4f2483f1eb532c8ee2651768800dfceaf7644b3c4cb4938c3a5e4a9229116d058

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5DSZ1G5Q\utils[1].css
Filesize
60KB

MD5
9bb8cb37a5beb272bdec1d575169bb29

SHA1
8a8816d76a4062618a2b833411dcafe509d0c3b3

SHA256
5f6486ad0481a073337fbfa0c22d2fe27e73f99874ca68702eb5c42e78f81677

SHA512
f5830fb48ad88be6f89d72c0621cde9069cbe3a92545d74c6c497d292e2d7637f75c4e20ee1b91d7d8c62613fde848ee29030590b72c1f23f156cac0f8a1c06a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\I6G8NN7L\Dahk90Fxhr1MEtfyZ-6_j6N-qVuiwfy-NjSFsUln5nQ[1].js
Filesize
17KB

MD5
5bc0a82a24abe097e6f6c1098bef9591

SHA1
2da9f4ad273be56e0bfbefc24209cdeba5f9f270

SHA256
0da864f7417186bd4c12d7f267eebf8fa37ea95ba2c1fcbe363485b14967e674

SHA512
14351ce0be86a502718daa7a695ea4404d215af58acac418a0e7963219300f749b1feb9d7cbf3cfa088811fb5daf6948379f4421cf67b41974eab5db55924d8b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\I6G8NN7L\ab[1].js
Filesize
2KB

MD5
6c8aea16904065fcfe03022b29881808

SHA1
53f9a1896120840a901425fcdcac405ad42720f9

SHA256
0fc795b42e6ad7232caa5faba5cb169a76cffbfe54c147346af1d923fcd3ca9c

SHA512
e26404c0a924bca6405039cee4d7eb5db49878b3bdb491f904c06e6a2cc11c685d57c6b2efe1ac1b3a37f784d149bd6e7c4e28bb3d559ddc631ad4e4beeceb68

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\I6G8NN7L\theme[1].css
Filesize
85KB

MD5
7360bdee398ceb8a8381901e64b63d5c

SHA1
555c413f454b8e2c6ac940a8faf00af941b84831

SHA256
009c3d2ca8bbde159cb3bf6cd1c65bff8205f49f7723d8cd6cca97c15386ba07

SHA512
e40a1160580efeaf99096cac2a93cc8432a4284c60ea5fe42ea4ea17278a2742cfee18522bd6f1e68ba8bd7a5ceac74bcec438834e128e7472bb28ca66580b0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\I6G8NN7L\utils[1].js
Filesize
33KB

MD5
57c5f3c1dfaf412bf72f56151829afb6

SHA1
0bece9828691604830e6c67d57f36db3139427bc

SHA256
f7f768f129c2c71cdd195bc42f800c081e5d9804df4df180f851497957822151

SHA512
cd09ab9f0efcfee03b5ca2fed4b30db55538d3c6d896c2ca33ea384ac173ca03f242a38cf145105e3eb6f6ea95969baf8c742af086308d8c7c648d835968f139

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\I6G8NN7L\v55bfa2fee65d44688e90c00735ed189a1713218998793[1].js
Filesize
18KB

MD5
3be93fd15d2f7dee2fc0c8981c6fa5c6

SHA1
8cd88c36fad3e96641dbc4d781f5ddbe5123312f

SHA256
17106bf803d42bcf2f2bdf778ece084d3f91c68e7ea41dae7bff61fefa573dee

SHA512
148291151c600f6d26a00a3dea1919432ff94288d90c06f2c74990d7b8c418708973fbe2d06d875cbb687f00fb4373668afbcff5ab7911581b46a39a3906fe46

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LA96I5QB\bframe[1].htm
Filesize
7KB

MD5
21c3010f55be71928865121165df8f67

SHA1
ee648b54801a2bdaeb84d3ccb4b7af588d7bf335

SHA256
5495da760c8ec830a37515aa0f8d3042d7b9a7d203452ddb16b47c893491d6cb

SHA512
aac07b2660cd7a3c61c8c65d6045cb180b6508c7cc875ae619199ec8b239d9f0cae729f798b9296e01ecdef9fb4e0fe5ab0b6866556a53f7ec517e2f5c51ff4d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LA96I5QB\bootstrap[1].css
Filesize
31KB

MD5
52b774832a36fdaae83e67c3c7ff533c

SHA1
60fa1a2daabb26f27894a8eae50f72bc1d181076

SHA256
9d45581f99961212923b84cdf880b7b6d1afcb01350ab8961a1271d7ba795053

SHA512
8b13c4f2042dca47264dd4fee5cc73e292524180e41feafa576f3a407403c6b013610efe1658e865545b8727338d1e8c8c768e88763fb5a4b5a72c48f9c36888

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LA96I5QB\download[1].js
Filesize
4KB

MD5
6fc08c2097f2a2bc5fce6bfcbcb91f23

SHA1
f706a2cd058c739e5b98f82a0e2680eaa885275e

SHA256
0b1d26389f36c06c51de5c2e21ff754189bed8f2ab99191c264db8fd3912e9a7

SHA512
7fc61fa3a157f2ffff7fc95a589df1bdc4ed47f43025dfba8bcef1d4b193ef3a19ed89ba50c2a5fc15f05de7bd0618f21324d830fe068dc820ad44a73e3799bd

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LA96I5QB\global[1].js
Filesize
21KB

MD5
68b01c40a695da9652c636f3f581ad1d

SHA1
e64127801e62fdda901256112b993431710588af

SHA256
1837eaba66df0af328d947577dfe741293f471dd8e640cef4c6938c89e61abbf

SHA512
04c281914d75587b9ab56eb3e77ee111ee5e4449d09cc18668b1acbd29488b81d9ba6a94a461d6ea71609b76b0a77a0cc7691804ce107222bc77e574c6533ae2

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LA96I5QB\jquery[1].js
Filesize
87KB

MD5
51175ac478a2eec31f39c648260a1044

SHA1
a9ac4b258fa956d5c4918cb8781d4b20bbbd65af

SHA256
72037311a4dfde4d042df73e31b7cbeafc0bdf2aaa605b69aff3326015a396da

SHA512
3ac522d66dc441c53eddfc27347ae85a1fd2e77ed26750919dfc6c6937aeb2fd8defa087b6d89ca696d23d85f38baeb79b7d6d9127920b244b7348d475cd8e3e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LA96I5QB\prelude[1].js
Filesize
215B

MD5
cfedf93ec2c5b344c041fe57bc3cec8e

SHA1
aad3c50ecca25c598fd30c50ed307906ce18942f

SHA256
b366d490e5af22055a3322d7b3ada4425a74c9c324f40fbdefb4488a066bc344

SHA512
a5338d4da4cd4f4c36dd3820e40108ddefc3cedd703d18267432afcc2d7b520c9fc3ebef84abc3c03fa7efd4bb966ba56678b314f8216da8c0e36dff0c027271

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LA96I5QB\recaptcha__en[1].js
Filesize
505KB

MD5
e2e79d6b927169d9e0e57e3baecc0993

SHA1
1299473950b2999ba0b7f39bd5e4a60eafd1819d

SHA256
231336ed913a5ebd4445b85486e053caf2b81cab91318241375f3f7a245b6c6b

SHA512
d6a2ed7b19e54d1447ee9bbc684af7101b48086945a938a5f9b6ae74ace30b9a98ca83d3183814dd3cc40f251ab6433dc7f8b425f313ea9557b83e1c2e035dff

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XJ9IGGWA\beacon.min[1].js
Filesize
18KB

MD5
4c980ee97cb5c001b4d19e2895fa5603

SHA1
2c6fe998aa7486c4becd74cf253bdd82666a64c3

SHA256
d2e817d2c44b9cf45f0e45cfa351abba3203af38f5aa1c8576a2db69ebd15192

SHA512
1330ae76fda063282b09c561bbae45900c5c95fde660ce810b0886526e8112e2f349be6e955860a24cc26440fbc8c224cd8560eb99b17c804d74dadae5914dc9

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XJ9IGGWA\styles__ltr[1].css
Filesize
55KB

MD5
2c00b9f417b688224937053cd0c284a5

SHA1
17b4c18ebc129055dd25f214c3f11e03e9df2d82

SHA256
1e754b107428162c65a26d399b66db3daaea09616bf8620d9de4bc689ce48eed

SHA512
8dc644d4c8e6da600c751975ac4a9e620e26179167a4021ddb1da81b452ecf420e459dd1c23d1f2e177685b4e1006dbc5c8736024c447d0ff65f75838a785f57

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\CHCF129X\www.google[1].xml
Filesize
99B

MD5
e22088afcda9ef006353926f254f9e60

SHA1
c63a210e5aadd1597492fa7a4a2cb2a8630d4b7b

SHA256
125a5fb3eba75f7467cccd197776e7442424502aa741195bde357bfe21596256

SHA512
470d0e9281f2b18ff2f3b4dd0f3aea4cb38667727b31fda64900a9faa573953c6c01785dc733202958712846c72f81c02f70d6bbf019227d427e8bbe162f0e1f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\CHCF129X\www.google[1].xml
Filesize
237B

MD5
400dde32ca2f2dcb997fab2e8b0c6363

SHA1
3d5658d4d12bf7dce4544b33e90553ab6e30c907

SHA256
681d622c2b00850cc76548f2dabe04bdb5fc2136f3770eb0273e4f4ffd4d1478

SHA512
9ae1cbf4d76d13eec01796c180a58e68c5c2474c13b162c7962a87854ff7d2850edda12e706b98ac981fc722df78eda0489890c5c2d633c2be5ff986140766f3

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\3E3C9WN2\suggestions[1].en-US
Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\FH9DW2FC\favicon-96x96[1].png
Filesize
3KB

MD5
f4098f98e17fc3801f6f353bf8dfcbda

SHA1
fcba7cb3d2a783d8791125ec09d601ba32d3bc8e

SHA256
c212b77b52ea3e688d8a872e025adeeb0905b38e73e219b8fea8d4b014101b6e

SHA512
14044f29caa9e9b0d33176b5000237c563084c3e37323f8b5e8e3327bf744152a057c8ba4c3da4a049cdc2f8faf3ac955429e8f12ce51c2423ee17ce996d4ada

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5DSZ1G5Q\KFOlCnqEu92Fr1MmEU9fChc4EsA[1].woff2
Filesize
11KB

MD5
16aedbf057fbb3da342211de2d071f11

SHA1
fdee07631b40b264208caa8714faaa5b991d987b

SHA256
7566a2f09ff8534334b7a44f72a1afaba6bdbb782209be8804636ee8b963c75f

SHA512
5cd45dfb0d0ee44afd9b3ffd93c2942c2f04e359d067d4631edd67a2ee09149766294b29c75aaab7436dacc775a8ca02392c5e4cfb8d7fede19c028448507e0e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5DSZ1G5Q\KFOlCnqEu92Fr1MmEU9fCxc4EsA[1].woff2
Filesize
5KB

MD5
6bef514048228359f2f8f5e0235f8599

SHA1
318cb182661d72332dc8a8316d2e6df0332756c4

SHA256
135d563a494b1f8e6196278b7f597258a563f1438f5953c6fbef106070f66ec8

SHA512
23fb4605a90c7616117fab85fcd88c23b35d22177d441d01ce6270a9e95061121e0f7783db275ad7b020feaba02bbbc0f77803ca9fb843df6f1b2b7377288773

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5DSZ1G5Q\KFOlCnqEu92Fr1MmYUtfCBc4EsA[1].woff2
Filesize
1KB

MD5
7cbd23921efe855138ad68835f4c5921

SHA1
78a3ae9ec08f2cf8ebb791a2331b33a03ab8cc76

SHA256
8eaae4c8680e993b273145315c76a9a278f696467c426637d4beab8cb3dc4a3d

SHA512
d8a4db91d2063273d31f77728b44557612b85f51143973caa3cfd60ab18f8c3e4b8cdaab43af843fe29441cd1d8299bf2f139a78e47bf740277b33a377377177

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5DSZ1G5Q\KFOlCnqEu92Fr1MmYUtfCRc4EsA[1].woff2
Filesize
14KB

MD5
e904f1745726f4175e96c936525662a7

SHA1
af4e9ee282fea95be6261fc35b2accaed24f6058

SHA256
65c7b85c92158adb2d71bebe0d6dfb31ab34de5e7d82134fe1aa4eba589fc296

SHA512
7a279d41c8f60806c2253cba5b399be7add861bd15bf0ac4fa7c96fa1eee6557bf1ebd684e909086d9292739f27fa18947af5c98f4920fe00da3acf209c6260a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5DSZ1G5Q\KFOlCnqEu92Fr1MmYUtfChc4EsA[1].woff2
Filesize
11KB

MD5
29542ac824c94a70cb8abdeef41cd871

SHA1
df5010dad18d6c8c0ad66f6ff317729d2c0090ba

SHA256
63ef838f895e018722b60f6e7e1d196ff3d90014c70465703fc58e708e83af64

SHA512
52f91e02b82f9f27d334704b62a78e746c80023ee8882b96cb24cb4043f9a256f395d24830b1f4513bd7597f8c564af20db9c715ab014eb2ab752fd697156591

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5DSZ1G5Q\KFOmCnqEu92Fr1Mu7WxKOzY[1].woff2
Filesize
5KB

MD5
a835084624425dacc5e188c6973c1594

SHA1
1bef196929bffcabdc834c0deefda104eb7a3318

SHA256
0dfa6a82824cf2be6bb8543de6ef56b87daae5dd63f9e68c88f02697f94af740

SHA512
38f2764c76a545349e8096d4608000d9412c87cc0cb659cf0cf7d15a82333dd339025a4353b9bd8590014502abceb32ca712108a522ca60cbf1940d4e4f6b98a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5DSZ1G5Q\api[1].js
Filesize
907B

MD5
4824118fa2f410f82b5444037e2f8fae

SHA1
d681978fa27e0818a2d10b8cd66bf32d3d7c1ccc

SHA256
9f8b80336817b6e390d7942d7cb2b856df8d46c2b7c5da82dcdb05ab984c36b8

SHA512
3df48eac4d6c6a25d4b951f6d11448b3c16a23603d9ebb8d7b56bce84a538c6ffb91d1277a66a2af9791f3898a5d48e0f8b8c7a80e26ccf1225d3c446b48d813

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5DSZ1G5Q\fa-solid-900[1].woff2
Filesize
73KB

MD5
b5cf8ae26748570d8fb95a47f46b69e1

SHA1
07bed153d47f9129a944ee54dd72952deed074c8

SHA256
cd398be1a91817126cef10224738e624358edf6f08043abad7e60c1aaeccc8d0

SHA512
f08b9289695cf530094f076b2df4d2b0e1a1daedd00190d123b4179b2c1a1b5e8b2bb988d86fc6dc9eee117d88a58dd5b6dfe7689586c17068f5d2da01904d76

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5DSZ1G5Q\noto_sans_regular[1].woff2
Filesize
131KB

MD5
2fb655bd33eb118d7683a06660cdecfd

SHA1
b5515dd450a0df635fe11e5953f0482f37e624cd

SHA256
d042b1f54ba3e981ec220bf4537e2c51b1a68a65fab5eff46022b2f75d6a8477

SHA512
64fa7479435b0f394f1a4548bcb6f9768cb45164971baef9c70b684ad28b35cae5f7152f5c8885fd660e97226be3ddb23da29b7d7b215fae9abbc109aa3cd32b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\I6G8NN7L\KFOlCnqEu92Fr1MmEU9fABc4EsA[1].woff2
Filesize
9KB

MD5
df648143c248d3fe9ef881866e5dea56

SHA1
770cae7a298ecfe5cf5db8fe68205cdf9d535a47

SHA256
6a3f2c2a5db6e4710e44df0db3caec5eb817e53989374e9eac68057d64b7f6d2

SHA512
6ff33a884f4233e092ee11e2ad7ef34d36fb2b61418b18214c28aa8b9bf5b13ceccfa531e7039b4b7585d143ee2460563e3052364a7dc8d70b07b72ec37b0b66

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\I6G8NN7L\KFOlCnqEu92Fr1MmEU9fBBc4[1].woff2
Filesize
15KB

MD5
285467176f7fe6bb6a9c6873b3dad2cc

SHA1
ea04e4ff5142ddd69307c183def721a160e0a64e

SHA256
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

SHA512
5f9bb763406ea8ce978ec675bd51a0263e9547021ea71188dbd62f0212eb00c1421b750d3b94550b50425bebff5f881c41299f6a33bbfa12fb1ff18c12bc7ff1

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\I6G8NN7L\KFOlCnqEu92Fr1MmYUtfCxc4EsA[1].woff2
Filesize
4KB

MD5
133b0f334c0eb9dbf32c90e098fab6bd

SHA1
398f8fd3a668ef0b16435b01ad0c6122e3784968

SHA256
6581d0d008bc695e0f6beffbd7d51abb4d063ef5dedc16feb09aa92ea20c5c00

SHA512
2a5a0956ecc8680e4e9ef73ec05bc376a1cc49ddb12ee76316378fe9626dccedb21530e3e031b2dae2830874cc1b6bfd6cce2d6d0dce54587ff0fc3780041ace

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\I6G8NN7L\KFOmCnqEu92Fr1Mu7GxKOzY[1].woff2
Filesize
11KB

MD5
15d8ede0a816bc7a9838207747c6620c

SHA1
f6e2e75f1277c66e282553ae6a22661e51f472b8

SHA256
dbb8f45730d91bffff8307cfdf7c82e67745d84cb6063a1f3880fadfad59c57d

SHA512
39c75f8e0939275a69f8d30e7f91d7ca06af19240567fb50e441a0d2594b73b6a390d11033afb63d68c86c89f4e4bf39b3aca131b30f640d21101dc414e42c97

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\I6G8NN7L\en[1].js
Filesize
7KB

MD5
fd5dd8a0479aab393892771ec74b595d

SHA1
dc5c14f526c213fe50c8d557484e66306b2f0394

SHA256
8b30d69f252107c7c9cf262ca435e1753efa9349f81144ad9152d7329c9e72c1

SHA512
b609737f71ea547504b22ebdf259dd93673763d7bd826075e44f3f1695aac6fdf55e13bf1a1d81dfdb8b2244a86e95b3fa437ef28d669fc5a2a35161fef10101

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\I6G8NN7L\fa-regular-400[1].woff2
Filesize
13KB

MD5
e07d9e40b26048d9abe2ef966cd6e263

SHA1
c744217caa82b3245cffa2714aaf2ec9f749614d

SHA256
6a16c04229bc2b4da226eb97e68d94f49ba6437b7b5e16c14a101b21a29384e9

SHA512
4275ec48bc24143bf793d2084445231d3552dc64296bffdf7b9ae83417d366f050688de45e8736e7204de00ae621de79e2ad5d5f998e743b72c13229da229669

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\I6G8NN7L\file-types[1].svg
Filesize
29KB

MD5
6f8f435cdac444442831c762843fa7c9

SHA1
9392f052d26e6b88f7744be274f52937b4fa50dd

SHA256
d28cb356bfe09c34dd67189ce84e733e47ffc1ab0813bf23696228e146524f34

SHA512
8edf2aabb75e15f26a60a96988de4687566d0af7b2edc907c827a19d332be2302546d6b7460edb79ccfb8ef99f7272a9cfce5ded001928f402ed67f43b75518d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\I6G8NN7L\logo-dark[1].svg
Filesize
2KB

MD5
c31593d9a31857b05336c477de93355b

SHA1
b87f1769250f60fe822179655dcf42fd5030a2bd

SHA256
5ccbcf6d22ea0b761807062453a2acd95a34bb9b2603b2650b605df1af2f2960

SHA512
b17b8475637f5677b51786d06f0af82ab5e4282d23bf5334ec13d77e5a5295a1c420fcba26b687c39351ca72f63a731b6547c24b5086bbf661c635592f9f2027

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\I6G8NN7L\roboto-v20-latin-100[1].woff2
Filesize
15KB

MD5
7370c3679472e9560965ff48a4399d0b

SHA1
7d02b9455622a72bfc55a938a3e6bcccfcd57d0e

SHA256
12823d585605238121554aff8bb060a235dc36f37efd9fb1e7e6ea1a9622bc35

SHA512
9f55b026356dea636c2d0e6a05cbd071e3b86b3d4acccd40b4e9ccd6597982262d5482093fd4a527ca26ef0b1392abe78c223e048a43ca0619552ca0d6ed2201

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LA96I5QB\9891a594-d15f-44d2-ad63-5e086be01a3a[1].js
Filesize
1KB

MD5
d87d83c3d08312eb4860fc67d4df44bb

SHA1
13ca43b24291698285d49920c0108b21ab9efa05

SHA256
9ca8191a2d4b48a6819532190c5d945e33645847494e06fb1fef27a65077fb81

SHA512
191e4e867cfbe049bf95899ec3f46bf758145c573a8de63c587c6db38ef7a70aa840508aaa0a554a7de067deca4657abf450c68279e1b0465c6b964c92b338c6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LA96I5QB\KFOlCnqEu92Fr1MmEU9fBxc4EsA[1].woff2
Filesize
7KB

MD5
207d2af0a0d9716e1f61cadf347accc5

SHA1
0f64b5a6cc91c575cb77289e6386d8f872a594ca

SHA256
416d72c8cee51c1d6c6a1cab525b2e3b4144f2f457026669ddad34b70dabd485

SHA512
da8b03ee3029126b0c7c001d7ef2a7ff8e6078b2df2ec38973864a9c0fd8deb5ecef021c12a56a24a3fd84f38f4d14ea995df127dc34f0b7eec8e6e3fc8d1bbd

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LA96I5QB\KFOlCnqEu92Fr1MmEU9fCBc4EsA[1].woff2
Filesize
1KB

MD5
52e881a8e8286f6b6a0f98d5f675bb93

SHA1
9c9c4bc1444500b298dfea00d7d2de9ab459a1ad

SHA256
5e5321bb08de884e4ad6585b8233a7477fa590c012e303ea6f0af616a6e93ffb

SHA512
45c07a5e511948c328f327e2ef4c3787ac0173c72c51a7e43e3efd3e47dd332539af15f3972ef1cc023972940f839fffe151aefaa04f499ae1faceaab6f1014f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LA96I5QB\KFOlCnqEu92Fr1MmYUtfABc4EsA[1].woff2
Filesize
9KB

MD5
797d1a46df56bba1126441693c5c948a

SHA1
01f372fe98b4c2b241080a279d418a3a6364416d

SHA256
c451e5cf6b04913a0bc169e20eace7dec760ba1db38cdcc343d8673bb221dd00

SHA512
99827a3fab634b2598736e338213e1041ef26108a1607be294325d90a6ba251a947fd06d8cb0a2104b26d7fe9455feb9088a79fe515be1896c994c5850705edc

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LA96I5QB\KFOlCnqEu92Fr1MmYUtfBxc4EsA[1].woff2
Filesize
7KB

MD5
585f849571ef8c8f1b9f1630d529b54d

SHA1
162c5b7190f234d5f841e7e578b68779e2bf48c2

SHA256
c6dcdefaa63792f3c29abc520c8a2c0bc6e08686ea0187c9baac3d5d329f7002

SHA512
1140c4b04c70a84f1070c27e8e4a91d02fda4fc890877900c53cfd3a1d8908b677a412757061de43bc71022dfdd14288f9db0852ef6bf4d2c1615cb45628bebc

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LA96I5QB\l[1].js
Filesize
8KB

MD5
53a5d8cfc09a3c72ef8e6a2bb242b1c6

SHA1
f931ea21235ec9e71398f6402ba320e880855b56

SHA256
4901808999e281959993c10648bef18cbda4d8af309a6478d2393a72e9c36cf8

SHA512
0e3f6f0d5f1dddc30ad9156bc706439864121d8b4272a5d4fa4f1cc3113b32025366bd6955f1be3e29983d75bd0c669af0be75c24002cf79e5ae18ded6cc9152

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LA96I5QB\noto_sans_bold[1].woff2
Filesize
130KB

MD5
5bf316a9068b966d1ac330f12596fdc3

SHA1
9969fbeed8908ce3371c80f35e051cc507493c88

SHA256
b42924933d2ea4fcf05fcb66225e001c111f9e48d56625168b739736ed37ef2e

SHA512
03c91209988f448ffc27b3d2a035e92e21283c72ea096326ccb5a1338f2b517d6e08a2ae70fe8ee8481fe178eaba6553414c1d436eb76d7ae90a0d397ce92947

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LA96I5QB\spacer[1].png
Filesize
84B

MD5
c791e19fde8325467fa82b06b1bed80b

SHA1
fb07588facc39f549684de6f1dd782308089efea

SHA256
89e344fdb98002d91c819a31aba52d61893604cb816ebea0c3426b5001b9d0f4

SHA512
449ce6033e4544db69bbb6117a6f0e0b22c6ea26ed1f2e8ad8e8b0474ecce037eb454a80334973701940cd0b1eee9eb6b052e9e9678af351c161a48a33c14332

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XJ9IGGWA\1[1].jpg
Filesize
54KB

MD5
3abb061bcee63edfcf8898c15fef2c22

SHA1
5d51df55f28f21337bbbe1a206815f93d6a7d652

SHA256
cf2bbcf6bf35f8508ccab0385831ac322ebc333ac4f56db91a958cf4bebb2903

SHA512
36475c3a8df7a287c77ba04ebb99d3876fe50703f944d87996cb9c6cf47168e177997755610d4152c98581860710c9177146f07eb08ef55e6215b7dc84911897

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XJ9IGGWA\KFOlCnqEu92Fr1MmEU9fCRc4EsA[1].woff2
Filesize
14KB

MD5
79c7e3f902d990d3b5e74e43feb5f623

SHA1
44aae0f53f6fc0f1730acbfdf4159684911b8626

SHA256
2236e56f735d25696957657f099459d73303b9501cc39bbd059c20849c5bedff

SHA512
3a25882c7f3f90a7aa89ecab74a4be2fddfb304f65627b590340be44807c5c5e3826df63808c7cd06daa3420a94090249321a1e035b1cd223a15010c510518df

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XJ9IGGWA\KFOmCnqEu92Fr1Mu4WxKOzY[1].woff2
Filesize
7KB

MD5
7aa7eb76a9f66f0223c8197752bb6bc5

SHA1
ac56d5def920433c7850ddbbdd99d218d25afd2b

SHA256
9ca415df2c57b1f26947351c66ccfaf99d2f8f01b4b8de019a3ae6f3a9c780c7

SHA512
e9a513741cb90305fbe08cfd9f7416f192291c261a7843876293e04a874ab9b914c3a4d2ed771a9d6484df1c365308c9e4c35cd978b183acf5de6b96ac14480d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XJ9IGGWA\KFOmCnqEu92Fr1Mu4mxK[1].woff2
Filesize
14KB

MD5
5d4aeb4e5f5ef754e307d7ffaef688bd

SHA1
06db651cdf354c64a7383ea9c77024ef4fb4cef8

SHA256
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

SHA512
7eb7c301df79d35a6a521fae9d3dccc0a695d3480b4d34c7d262dd0c67abec8437ed40e2920625e98aaeafba1d908dec69c3b07494ec7c29307de49e91c2ef48

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XJ9IGGWA\KFOmCnqEu92Fr1Mu5mxKOzY[1].woff2
Filesize
9KB

MD5
efe937997e08e15b056a3643e2734636

SHA1
d02decbf472a0928b054cc8e4b13684539a913db

SHA256
53f2931d978bf9b24d43b5d556ecf315a6b3f089699c5ba3a954c4dde8663361

SHA512
721c903e06f00840140ed5eec06329221a2731efc483e025043675b1f070b03a544f8eb153b63cd981494379a9e975f014b57c286596b6f988cee1aaf04a8c65

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XJ9IGGWA\KFOmCnqEu92Fr1Mu72xKOzY[1].woff2
Filesize
15KB

MD5
e3836d1191745d29137bfe16e4e4a2c2

SHA1
4dc8845d97df9cb627d9e6fdd49be1ef9eb9a69c

SHA256
98eec6c6fa4dcd4825e48eff334451979afc23cd085aea2d45b04dc1259079dd

SHA512
9e9ec420cf75bf47a21e59a822e01dc89dcf97eec3cc117c54ce51923c9a6f2c462355db1bc20cdf665ef4a5b40ffcfa9c8cee05bb5e112c380038bfef29c397

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XJ9IGGWA\KFOmCnqEu92Fr1Mu7mxKOzY[1].woff2
Filesize
1KB

MD5
57993e705ff6f15e722f5f90de8836f8

SHA1
3fecc33bac640b63272c9a8dffd3df12f996730b

SHA256
836f58544471e0fb0699cb9ddd0fd0138877733a98b4e029fca1c996d4fb038d

SHA512
31f92fb495a1a20ab5131493ab8a74449aabf5221e2901915f2cc917a0878bb5a3cbc29ab12324ffe2f0bc7562a142158268c3f07c7dca3e02a22a9ade41721e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XJ9IGGWA\banner[1].svg
Filesize
16KB

MD5
d79ff33addb78835b8012e1fdea6b684

SHA1
12f3b76051d5f2afd983550bb17d24ab5d213568

SHA256
a50fb9ae1b5262d504366decc64cb6e262be51a9f07bacc82d698e08e4eb9b1f

SHA512
5438810e709d372692eabbe795541fc7c516271d09bf1628f445e780e2340020b3647e8e148f5da20dec4fc388f924f51c66449cc6218347c2a38ff1b2a3f680

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XJ9IGGWA\client[1].js
Filesize
412KB

MD5
86906ea058bc675b568fc9bea09423e5

SHA1
31497d2b270611a0ea1dc181ac0fc49d3244359b

SHA256
08b4263e0f042af5d37b9a636df1037b91d39a0ed31759cd65bbc8a4e0ad9eca

SHA512
8cef44dd89f1f5f59799d1b4a20e449edd5bd4d3dc706177b36fbf07986425b1b84181d0584979995bce32c2ddc66944a9eb1940d682e4c8d8a2fe5a6451892a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XJ9IGGWA\client_legacy[1].css
Filesize
406KB

MD5
f93ec55b981283a1dac3fa56f245138a

SHA1
744632867c9c0bd160c48d7849a81f4cdd579004

SHA256
c92e939d22d78691dfbc18966ee973868f94a172befe55e3882ba1efc1f67b73

SHA512
9883ab67a114e26d35238bf8427d0e2f2b6b3981a9edd8cfffd30e16dbf32b127c21988c2d24f515f006983f77f4037d5d04602d817a2236671bf079161a3ab6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\CHCF129X\www.google[1].xml
Filesize
238B

MD5
5133a8647bb2dd6fe07c3a449a0fdcda

SHA1
3f460e7c47ebe31c4b48461355d6c4f12b508c1e

SHA256
7a7cb525a2cad60c248ac869db6a292966bd2d0acdcb5c48afc560bbfeabfd87

SHA512
dc15577db816c734a3319298d7fbecb8d53b36d2bcd6b62577a4806954cad6c2c0b200241cf9a64efc17e9dd19d9500d2e8d0451d72146e65dcbf3e5075ec63e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
Filesize
717B

MD5
822467b728b7a66b081c91795373789a

SHA1
d8f2f02e1eef62485a9feffd59ce837511749865

SHA256
af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9

SHA512
bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\1B1495DD322A24490E2BF2FAABAE1C61
Filesize
299B

MD5
5ae8478af8dd6eec7ad4edf162dd3df1

SHA1
55670b9fd39da59a9d7d0bb0aecb52324cbacc5a

SHA256
fe42ac92eae3b2850370b73c3691ccf394c23ab6133de39f1697a6ebac4bedca

SHA512
a5ed33ecec5eecf5437c14eba7c65c84b6f8b08a42df7f18c8123ee37f6743b0cf8116f4359efa82338b244b28938a6e0c8895fcd7f7563bf5777b7d8ee86296

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize
1KB

MD5
6007ca6192acc48214149185effd485e

SHA1
9e1bd79f873aa5bd113e6d1f3fd30078478f3239

SHA256
19d440e3d197437fa64e98ffd71ab3eae51f107c438b25fe712bbc92491d5af7

SHA512
ce79184486b1b9da0b1ed9564b89a3641fbd593ea34f303f6fd50e9b3b6f66ccebb824f71ea229af04248fd64f4bc48b65cff61af5beaf8533f6c3475aa235a8

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_9E57962407F9525599575A43BE833E07
Filesize
472B

MD5
8cc7ed2f52da366ad4ba00417709ef35

SHA1
948ddfde3b935a9a2abf2bf15ffc63e8287017b3

SHA256
8feef6520de454d5ba9493524277c7f2a9ddc184fb30b40c500627c6fba58c9f

SHA512
18605b073d4a0ff911a5e57ecd9dfd4e53e143b1a3a61e40ba60b8f119730fc4272fcf76c7b4cb83da7f7d3412e4821527b07bc54fef754ffcb4c7097001cc87

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
Filesize
724B

MD5
8202a1cd02e7d69597995cabbe881a12

SHA1
8858d9d934b7aa9330ee73de6c476acf19929ff6

SHA256
58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5

SHA512
97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_D7C1EE155B4C5E8C9EE3042DF21F688A
Filesize
472B

MD5
1998325f70d44dd89e04f03aa959be97

SHA1
76139c4da8b3f549c66d3834c2a35360a6bdeec7

SHA256
b8d8242657926d4935811a4b0ad38b4b1a0064763c3e28f0f2e88784c54f1638

SHA512
22615eb81b05b0537ca4d0d9d960344b5dad5393b3f40ac1bd098504a5d96a779be56eb68c8a9ec704c91e73f8386b4bb0ef0bd54c7750e44d9e86be9090515b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
Filesize
192B

MD5
a1d585d696af92c4fb86e077d4658513

SHA1
ba0b56f520af7112cadb2089d3c925bc676cc4e3

SHA256
1e003f76f4eee4a25c8cb601434222f99302f86a5c1a91f0b96f677aa9d2946f

SHA512
ab31a3d4cd0bd0d9205fdcfa81b0632affb0464157af8363a5f3d2826fb2403e596acbc9d8a1feca14bd043f4291f52990d8da0102c97f6e9d52a2e7f568cacf

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\1B1495DD322A24490E2BF2FAABAE1C61
Filesize
192B

MD5
630c7a77b8dba8db50aadbe291a7f296

SHA1
825948ba4297e285d3a2f94387b6d4fa629ab68e

SHA256
fbc37d89a718548f248f966b982649bf0dbe70db1cec2eed6f2472d14314650c

SHA512
7c6c2698aa0e3d85b44e7e4789b90a69aece3648c77ff4cb51fe86840d732cfe04ed77046435a8997976a7dd2d53e6d84bfa4f03aaa4eb0af70f893f5679bbd9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize
410B

MD5
93978588e8839987ab4d7eb528038204

SHA1
0c30fa0c3058008b742ea93e0512ffbdb1a68735

SHA256
6e538aa8d378994bc0ccff82126e12c2c056907f4429618f2af06b1bc940e304

SHA512
ccc0873f67a26b3d5500bf4636c83800dd4f7237604cd95f7b526ed84cf291824a63baa4539d870f0cb99e4a4b19c9d42daa873adf48f0c467ad872d175d6324

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_9E57962407F9525599575A43BE833E07
Filesize
402B

MD5
b310d4e8f5ccbdf1a0552d1391c36886

SHA1
0d6aca2bb5bdf2221aef86a0c492c0c23fd735cd

SHA256
f2fcae792bc2e924324f2ae6f7fa7eba0ef8f9b3d5d973a3eeeb05dc9fee8e37

SHA512
488a718621271464787f3d0582ff814ef69bf9be765430fb3333aa58ba7698114f689372625da17cecab56e1b589662babfdaba64ea835f415631f601bd66371

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
Filesize
392B

MD5
fa456f802f5671dd534c33cd0b9913ad

SHA1
622eb8799b83c0d1c55a57ff1533a0d4f421054b

SHA256
20eb47dc637151290998a14f90674c016e30a173528d6e5e3755dc2ef67b3f6f

SHA512
f347a02942d2ec125fe3915a63b8efeebb06bf1e4f21fbad6722b39dcf67255a67996045fb4e154b2719ee053b286e07f3c4b3c20a8b5d46dae7de77607c1703

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
Filesize
392B

MD5
bc029532dda7ace9e7adfc9ad36d8f0e

SHA1
3ce8446aa4535b1808c318261bf2aaa6bcca60a0

SHA256
4a2687ce6891fed918e09ac7f1ef186890d6f86915140faaca07c588c862de3c

SHA512
86ad4977eac86c8a6d67f8dd141a3023d9844645ce15675aad1a0cac38bbb1b3f32a0dbbd6a766064891df66a20bba29b08eb7159c96a973876167d6febd1f8d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_D7C1EE155B4C5E8C9EE3042DF21F688A
Filesize
414B

MD5
2925152b80f9a15eb9a2e1d4ceb74c43

SHA1
57c06de8b3400b70f598e35ae7995455069b2195

SHA256
3d59fc5ed599f14a26411a61b94b660664a9d73192303ff7b70bb44e37aff41f

SHA512
e70316a9e8bcfc587a4e33a63a6b38e76d4fa001f9c775581199f324a4ad9f70c28e3c7c1c3a350e31d04f471a444f26efb7fbbda4b90d2116d0a4af2241718c

Download Submit
C:\Users\Admin\Desktop\FAallinfo.txt
Filesize
451B

MD5
0498fc81060f96abf51908b93953403b

SHA1
a0bd6641ed8ba4c7024d6a60b810912ab977bcae

SHA256
8a3623895e0b6f2984ca2adcc349435fe809483104beab620bb20b595b4c907e

SHA512
8770ad60e68950b179a4f9099dd45980d5c5357de5f4c6e2f9dd173d81d53e6cbb9aaccaea146feef9dbb234c328d5723b1417c5e15da58f9c5aa811419eb87c

Download Submit
C:\Users\Admin\Desktop\FAnetinf.txt
Filesize
11KB

MD5
4c8c40210be0205ec5f81ebe8603241a

SHA1
ad84ef2551ba475f61319ccf8b95fe4d98d93e54

SHA256
2c91e16576e29216d9e216f2702aa95b532e8366e3da5a76b48ecb97597a4e90

SHA512
600c2902aba6b5b0ccbb603b4896a5139e400547ff56628cb8fb50d4433cb7f15989d24854a4cd0c0ed5f6e8516780a1b341569d8cdde78e63b6824f56129250

Download Submit
C:\Users\Admin\Desktop\FAproconectlist.txt
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\Desktop\FAproconectlist.txt
Filesize
54B

MD5
e830260066289222400e107189885793

SHA1
77033952b2216d65b52b477e06ac3abe3fa7d580

SHA256
d6e87f50ab4c8220e3f5454df1a4858ff205a903871a12b8e27994a39241a551

SHA512
b20727f3d476db1efccc5029aa13c32cc3f171ac5c2a35159f8bafeb6aabd849e20a980f6a3f8dcd78a4cb8a0068885b946934ece11140091b72369036af4b2b

Download Submit
C:\Users\Admin\Desktop\FAproconectlist.txt
Filesize
55B

MD5
7c32e1c054342b71b0e4e6c28b296bee

SHA1
571046c050c742b097b5cffb1ef63cf9a916f379

SHA256
f7132cbbb665a83bfa565b1a474c9c8ac3bc875e0a7ad305a9b8b859191af134

SHA512
3480c4230b31c26795fa993cee5d0c77a12ec35a4cd4c4f6ef0f89cf9903105065b47f0c72420f417577ad663db496857117d07a87be1a85d2a0b810e71c47fb

Download Submit
C:\Users\Admin\Desktop\FAproconectlist.txt
Filesize
55B

MD5
5be8cf4b13065b1ef6f4f57512e410c4

SHA1
3561c36804cf0f97eb272c76651c3d16553558e6

SHA256
a739674bf9c1d3c3e11b45e0768adcfd1b808ecd89e70b8b8edbb6927188bb4b

SHA512
f75243dab558931d53bf79446c85c4c8fbd35f679cead6d7bae07cb2b122206f97180d347f6d8a7265a040d950989adefaea0681347a2e616c5749270fc9baa2

Download Submit
C:\Users\Admin\Desktop\FAproconectlist.txt
Filesize
55B

MD5
c4153a0bc9d77310075664fe708db707

SHA1
2dbc019f96a77d3daef19ec6c8b5770421d33adb

SHA256
1123f7ab95fc292fa25398378b40fb2945fe6b7096d0535dddbed96e2ef637c9

SHA512
21b85fe26d08d9262a864d4637775b2ff8fe58a2138c5c31fc5ce5c213bcd5923c5bdf478a19c87e7f6d61fb65d3e202dd6311c9d543b3fb13d45fdacacc44fd

Download Submit
C:\Users\Admin\Desktop\FAproconectlist.txt
Filesize
55B

MD5
f639b33af7f94515ee0fe8c2aad53c9b

SHA1
341d4eadde55c050ee4ddbffa575fb7a2b5d2372

SHA256
dac57d9fef199a3efe3bcb1a8ed234f8c37037e7038384b22daafe5f66768d9d

SHA512
1593813be22708f0c551829c879d67d970ee262c7f1773bdaa941535340407f2c962db37b409c6107f1dbb3900a6c29669bd131f924e88c875131a356e6f4edc

Download Submit
C:\Users\Admin\Desktop\FAproconectlist.txt
Filesize
6KB

MD5
4e01ef5771d4a6094c7991b90587393d

SHA1
c77f6baa5d0f0bd953451069a3eaad8707d6d829

SHA256
416dbc2fcea07997bd704cc8e64d731066fa8c296008ca7793b2216c4ee2ddd7

SHA512
292a5f9f4a31aad7f4a47c02bec3859393e7dc3fe86117a0c8e932f310fe8e9f61ad244cfa57c149262b280b7744fff9865fe4657f3ed3f1e07e88f7c5ac1b66

Download Submit
C:\Users\Admin\Desktop\FAtemphdwinf.txt
Filesize
264B

MD5
686841ef05f5cf7aebc776ae45bf1b09

SHA1
b64d97c9c1b6b64cc50985185574fc8b123fc9c2

SHA256
00a5113f9780ca03a8f8ed6d13af562b82f71dfab28ed7151344b238bb5c2d0d

SHA512
3925761828b09e40436c3bf8d7e6c817c095e125c3e93812781aaf1dd7b54d7c332fc4a55b3830a618e4c68b81e3cd7bdbc1b2e454df3a03b51a61f693892f63

Download Submit
C:\Users\Admin\Downloads\FA Adv Security Tool.bat
Filesize
11KB

MD5
573715a51bc0c17f240dd5ed6c0ced68

SHA1
fa43f284aa8aaa976a63a9c90d47e40944c4506e

SHA256
8b97c75c28e866a828d62ce4eb5aee165e6dc933a107d0adc1b730b5d8c90139

SHA512
b24f3bcdd59a0d4afaac94b40109532b9835be84486a7167465f144b1f9f238311a1f08b3147ff5c3fa5abd0444774aeb64d4702714b219bd97364aefd085afd

Download Submit
memory/316-16-0x000001BF3EB20000-0x000001BF3EB30000-memory.dmp

Filesize
64KB

Download
memory/316-293-0x000001BF455C0000-0x000001BF455C1000-memory.dmp

Filesize
4KB

Download
memory/316-292-0x000001BF455B0000-0x000001BF455B1000-memory.dmp

Filesize
4KB

Download
memory/316-0-0x000001BF3EA20000-0x000001BF3EA30000-memory.dmp

Filesize
64KB

Download
memory/316-35-0x000001BF3BEA0000-0x000001BF3BEA2000-memory.dmp

Filesize
8KB

Download
memory/424-43-0x000002B46A900000-0x000002B46AA00000-memory.dmp

Filesize
1024KB

Download
memory/424-45-0x000002B46A900000-0x000002B46AA00000-memory.dmp

Filesize
1024KB

Download
memory/3032-341-0x0000025125BF0000-0x0000025125BF2000-memory.dmp

Filesize
8KB

Download
memory/3032-115-0x0000025125210000-0x0000025125212000-memory.dmp

Filesize
8KB

Download
memory/3032-117-0x00000251252D0000-0x00000251252D2000-memory.dmp

Filesize
8KB

Download
memory/3032-112-0x00000251250F0000-0x00000251250F2000-memory.dmp

Filesize
8KB

Download
memory/3032-106-0x0000025125090000-0x0000025125092000-memory.dmp

Filesize
8KB

Download
memory/3032-64-0x0000025113C40000-0x0000025113D40000-memory.dmp

Filesize
1024KB

Download
memory/3032-65-0x0000024911F00000-0x0000024912000000-memory.dmp

Filesize
1024KB

Download
memory/3032-110-0x00000251250D0000-0x00000251250D2000-memory.dmp

Filesize
8KB

Download
memory/3032-108-0x00000251250B0000-0x00000251250B2000-memory.dmp

Filesize
8KB

Download
memory/3032-104-0x0000025124EF0000-0x0000025124EF2000-memory.dmp

Filesize
8KB

Download
memory/3032-127-0x0000025125400000-0x0000025125402000-memory.dmp

Filesize
8KB

Download
memory/3032-181-0x00000251260D0000-0x00000251261D0000-memory.dmp

Filesize
1024KB

Download
memory/3032-217-0x0000025124540000-0x0000025124542000-memory.dmp

Filesize
8KB

Download
memory/3032-227-0x0000025128E00000-0x0000025128F00000-memory.dmp

Filesize
1024KB

Download
memory/3032-298-0x0000025126000000-0x0000025126002000-memory.dmp

Filesize
8KB

Download
memory/3032-337-0x0000025125B10000-0x0000025125B12000-memory.dmp

Filesize
8KB

Download
memory/3032-335-0x0000025125B00000-0x0000025125B02000-memory.dmp

Filesize
8KB

Download
memory/3032-333-0x0000025125AA0000-0x0000025125AA2000-memory.dmp

Filesize
8KB

Download
memory/3032-331-0x0000025124BA0000-0x0000025124BA2000-memory.dmp

Filesize
8KB

Download
memory/3032-329-0x0000025124B80000-0x0000025124B82000-memory.dmp

Filesize
8KB

Download
memory/3032-339-0x0000025125BB0000-0x0000025125BB2000-memory.dmp

Filesize
8KB

Download
memory/3032-344-0x0000025125C10000-0x0000025125C12000-memory.dmp

Filesize
8KB

Download