wannacry | 268b9b8e07f7c0f7b895de751634cae25e5189aa33ec4da924b243adda41186c

Resubmissions

01-05-2024 16:21

240501-ttyxjaba41 10

01-05-2024 12:38

240501-pvah4seh9x 8

Analysis

max time kernel
628s
max time network
703s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
01-05-2024 16:21

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

1.bat
Size

42B
MD5

781f882af4fc7061ede473ee5d75e17c
SHA1

41b54f6c7bbb19327bbf88880ff3a3010e7af6a6
SHA256

268b9b8e07f7c0f7b895de751634cae25e5189aa33ec4da924b243adda41186c
SHA512

9471507eb329ea7050e2da756b8af58dbe3a63d7f0a707d24a6416565cb505d2967046faaeb7d45bce98e65468b95203725b09eebe3310ba589a6c38c9806697

Score

10^/10

wannacry discovery persistence ransomware worm

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\@[email protected]

Family

wannacry

Ransom Note

Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �

Wallets

115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn

Signatures

Wannacry
WannaCry is a ransomware cryptoworm.
ransomware worm wannacry
Deletes shadow copies 2 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware

File Deletion
T1070.004

Inhibit System Recovery
T1490
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.

Query Registry
T1012

System Information Discovery
T1082

Processes:

cmd.exe

description ioc process

Key value queried \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\International\Geo\Nation cmd.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\International\Geo\Nation	cmd.exe

Drops startup file 2 IoCs

Processes:

WannaCry.exe

description	ioc	process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD26AC.tmp	WannaCry.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD26B3.tmp	WannaCry.exe

Executes dropped EXE 22 IoCs

Processes:

taskdl.exe@[email protected]@[email protected]taskhsvc.exetaskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exe

pid	process
7008	taskdl.exe
4420	@[email protected]
1752	@[email protected]
6468	taskhsvc.exe
2848	taskdl.exe
6704	taskse.exe
5588	@[email protected]
6416	taskdl.exe
6388	taskse.exe
5124	@[email protected]
360	taskse.exe
4468	@[email protected]
1844	taskdl.exe
1372	taskse.exe
1696	@[email protected]
5180	taskdl.exe
396	taskse.exe
7116	@[email protected]
6516	taskdl.exe
2820	taskse.exe
5176	@[email protected]
4760	taskdl.exe

Loads dropped DLL 8 IoCs

Processes:

taskhsvc.exe

pid process

6468 taskhsvc.exe
6468 taskhsvc.exe
6468 taskhsvc.exe
6468 taskhsvc.exe
6468 taskhsvc.exe
6468 taskhsvc.exe
6468 taskhsvc.exe
6468 taskhsvc.exe
Modifies file permissions 1 TTPs 1 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

icacls.exe

pid process

3008 icacls.exe

pid	process
6468	taskhsvc.exe
6468	taskhsvc.exe
6468	taskhsvc.exe
6468	taskhsvc.exe
6468	taskhsvc.exe
6468	taskhsvc.exe
6468	taskhsvc.exe
6468	taskhsvc.exe

pid	process
3008	icacls.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

reg.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\svgirwyi764 = "\"C:\\Users\\Admin\\Desktop\\tasksche.exe\""	reg.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service
T1102

Processes:

flow ioc

321 raw.githubusercontent.com
262 camo.githubusercontent.com
268 camo.githubusercontent.com
320 raw.githubusercontent.com

flow	ioc
321	raw.githubusercontent.com
262	camo.githubusercontent.com
268	camo.githubusercontent.com
320	raw.githubusercontent.com

Sets desktop wallpaper using registry 2 TTPs 2 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

Processes:

WannaCry.exe@[email protected]

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	WannaCry.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	@[email protected]

Drops file in Windows directory 6 IoCs

Processes:

MicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	ioc	process
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Enumerates processes with tasklist 1 TTPs 1 IoCs

Process Discovery
T1057

Processes:

tasklist.exe

pid process

6420 tasklist.exe

pid	process
6420	tasklist.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Interacts with shadow copies 2 TTPs 1 IoCs
Shadow copies are often targeted by ransomware to inhibit system recovery.
ransomware

File Deletion
T1070.004

Inhibit System Recovery
T1490

Processes:

vssadmin.exe

pid process

4184 vssadmin.exe

pid	process
4184	vssadmin.exe

Kills process with taskkill 64 IoCs

evasion

Processes:

taskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exe

pid	process
6860	taskkill.exe
6220	taskkill.exe
5388
4932
5176	taskkill.exe
6236
4968
6620
6244
4608
2436
6104
6396
2820	taskkill.exe
5664	taskkill.exe
4332	taskkill.exe
6628
6452
2520
5716
648
6372
2208	taskkill.exe
4932	taskkill.exe
884	taskkill.exe
3508
1824
5644	taskkill.exe
32	taskkill.exe
6804	taskkill.exe
6060
6384
5680	taskkill.exe
5828
5220
3896
3844
5316
5952	taskkill.exe
4924	taskkill.exe
4684
4356
4544
4712	taskkill.exe
2040	taskkill.exe
3304	taskkill.exe
3236
1116
2040
6788	taskkill.exe
7016	taskkill.exe
6504
6340	taskkill.exe
3344	taskkill.exe
4588
436
4440	taskkill.exe
6528
6772
5552
376
2260
4664
6348

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

Processes:

browser_broker.exeMicrosoftEdgeCP.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133590543385718037"	chrome.exe

Modifies registry class 64 IoCs

Processes:

MicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeNOTEPAD.EXEMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\ufile.io\NumberOfSubdomains = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\ufile.io\ = "72"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CacheLimit = "256000"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$MediaWiki	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.msn.com	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "173"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\ufile.io	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\NodeSlot = "3"	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\ufile.io\NumberOfSubdomai = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\ufile.io\NumberOfSubdomains = "1"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\NextUpdateDate = "421412766"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main\OperationalData = "1"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\ufile.io	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\NextUpdateDate = "421361543"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\NextUpdateDate = "421428717"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = a6f3b3bce39bda01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\NextPromptBuild = "15063"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$WordPress	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\msn.com	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingDelete	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = feb363a9e39bda01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState\EdpCleanupState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 0000000000000000	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "395205405"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$http://www.typepad.com/	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com\NumberOfSubdomain = "1"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com\Total = "103"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	NOTEPAD.EXE

Modifies registry key 1 TTPs 1 IoCs

Modify Registry
T1112

Processes:

reg.exe

pid process

5096 reg.exe
Opens file in notepad (likely ransom note) 2 IoCs
ransomware

Processes:

NOTEPAD.EXENOTEPAD.EXE

pid process

6828 NOTEPAD.EXE
5760 NOTEPAD.EXE

pid	process
5096	reg.exe

pid	process
6828	NOTEPAD.EXE
5760	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

chrome.exechrome.exetaskhsvc.exe

pid	process
6712	chrome.exe
6712	chrome.exe
6340	chrome.exe
6340	chrome.exe
6468	taskhsvc.exe
6468	taskhsvc.exe
6468	taskhsvc.exe
6468	taskhsvc.exe
6468	taskhsvc.exe
6468	taskhsvc.exe

Suspicious behavior: MapViewOfSection 10 IoCs

Processes:

MicrosoftEdgeCP.exe

pid	process
2392	MicrosoftEdgeCP.exe
2392	MicrosoftEdgeCP.exe
2392	MicrosoftEdgeCP.exe
2392	MicrosoftEdgeCP.exe
2392	MicrosoftEdgeCP.exe
2392	MicrosoftEdgeCP.exe
2392	MicrosoftEdgeCP.exe
2392	MicrosoftEdgeCP.exe
2392	MicrosoftEdgeCP.exe
2392	MicrosoftEdgeCP.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

chrome.exe

pid process

6712 chrome.exe
6712 chrome.exe
6712 chrome.exe
6712 chrome.exe
6712 chrome.exe
6712 chrome.exe
6712 chrome.exe
6712 chrome.exe
6712 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

MicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdge.exefirefox.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	2276	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2276	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2276	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2276	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	596	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	596	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1116	MicrosoftEdge.exe
Token: SeDebugPrivilege	1116	MicrosoftEdge.exe
Token: SeDebugPrivilege	6088	firefox.exe
Token: SeDebugPrivilege	6088	firefox.exe
Token: SeShutdownPrivilege	6712	chrome.exe
Token: SeCreatePagefilePrivilege	6712	chrome.exe
Token: SeShutdownPrivilege	6712	chrome.exe
Token: SeCreatePagefilePrivilege	6712	chrome.exe
Token: SeShutdownPrivilege	6712	chrome.exe
Token: SeCreatePagefilePrivilege	6712	chrome.exe
Token: SeShutdownPrivilege	6712	chrome.exe
Token: SeCreatePagefilePrivilege	6712	chrome.exe
Token: SeShutdownPrivilege	6712	chrome.exe
Token: SeCreatePagefilePrivilege	6712	chrome.exe
Token: SeShutdownPrivilege	6712	chrome.exe
Token: SeCreatePagefilePrivilege	6712	chrome.exe
Token: SeShutdownPrivilege	6712	chrome.exe
Token: SeCreatePagefilePrivilege	6712	chrome.exe
Token: SeShutdownPrivilege	6712	chrome.exe
Token: SeCreatePagefilePrivilege	6712	chrome.exe
Token: SeShutdownPrivilege	6712	chrome.exe
Token: SeCreatePagefilePrivilege	6712	chrome.exe
Token: SeShutdownPrivilege	6712	chrome.exe
Token: SeCreatePagefilePrivilege	6712	chrome.exe
Token: SeShutdownPrivilege	6712	chrome.exe
Token: SeCreatePagefilePrivilege	6712	chrome.exe
Token: SeShutdownPrivilege	6712	chrome.exe
Token: SeCreatePagefilePrivilege	6712	chrome.exe
Token: SeShutdownPrivilege	6712	chrome.exe
Token: SeCreatePagefilePrivilege	6712	chrome.exe
Token: SeShutdownPrivilege	6712	chrome.exe
Token: SeCreatePagefilePrivilege	6712	chrome.exe
Token: SeShutdownPrivilege	6712	chrome.exe
Token: SeCreatePagefilePrivilege	6712	chrome.exe
Token: SeShutdownPrivilege	6712	chrome.exe
Token: SeCreatePagefilePrivilege	6712	chrome.exe
Token: SeShutdownPrivilege	6712	chrome.exe
Token: SeCreatePagefilePrivilege	6712	chrome.exe
Token: SeShutdownPrivilege	6712	chrome.exe
Token: SeCreatePagefilePrivilege	6712	chrome.exe
Token: SeShutdownPrivilege	6712	chrome.exe
Token: SeCreatePagefilePrivilege	6712	chrome.exe
Token: SeShutdownPrivilege	6712	chrome.exe
Token: SeCreatePagefilePrivilege	6712	chrome.exe
Token: SeShutdownPrivilege	6712	chrome.exe
Token: SeCreatePagefilePrivilege	6712	chrome.exe
Token: SeShutdownPrivilege	6712	chrome.exe
Token: SeCreatePagefilePrivilege	6712	chrome.exe
Token: SeShutdownPrivilege	6712	chrome.exe
Token: SeCreatePagefilePrivilege	6712	chrome.exe
Token: SeShutdownPrivilege	6712	chrome.exe
Token: SeCreatePagefilePrivilege	6712	chrome.exe
Token: SeShutdownPrivilege	6712	chrome.exe
Token: SeCreatePagefilePrivilege	6712	chrome.exe
Token: SeShutdownPrivilege	6712	chrome.exe
Token: SeCreatePagefilePrivilege	6712	chrome.exe
Token: SeShutdownPrivilege	6712	chrome.exe
Token: SeCreatePagefilePrivilege	6712	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

firefox.exechrome.exe

pid	process
6088	firefox.exe
6088	firefox.exe
6088	firefox.exe
6088	firefox.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe

Suspicious use of SendNotifyMessage 51 IoCs

Processes:

firefox.exechrome.exe

pid	process
6088	firefox.exe
6088	firefox.exe
6088	firefox.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe
6712	chrome.exe

Suspicious use of SetWindowsHookEx 19 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exefirefox.exeNOTEPAD.EXE@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]

pid	process
1116	MicrosoftEdge.exe
2392	MicrosoftEdgeCP.exe
2276	MicrosoftEdgeCP.exe
2392	MicrosoftEdgeCP.exe
4708	MicrosoftEdgeCP.exe
6088	firefox.exe
5332	NOTEPAD.EXE
4420	@[email protected]
4420	@[email protected]
1752	@[email protected]
1752	@[email protected]
5588	@[email protected]
5588	@[email protected]
5124	@[email protected]
4468	@[email protected]
1696	@[email protected]
7116	@[email protected]
5176	@[email protected]
5176	@[email protected]

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

MicrosoftEdgeCP.exefirefox.exe

description	pid	process	target process
PID 2392 wrote to memory of 2028	2392	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2392 wrote to memory of 2028	2392	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2392 wrote to memory of 2028	2392	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2392 wrote to memory of 2028	2392	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2392 wrote to memory of 2028	2392	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2392 wrote to memory of 2028	2392	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2392 wrote to memory of 2028	2392	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2392 wrote to memory of 2028	2392	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2392 wrote to memory of 2028	2392	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2392 wrote to memory of 2028	2392	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2392 wrote to memory of 2028	2392	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2392 wrote to memory of 2028	2392	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2392 wrote to memory of 2028	2392	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2392 wrote to memory of 2028	2392	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2392 wrote to memory of 2028	2392	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2392 wrote to memory of 2028	2392	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2392 wrote to memory of 2028	2392	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2392 wrote to memory of 2028	2392	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2392 wrote to memory of 2028	2392	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2392 wrote to memory of 2028	2392	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2392 wrote to memory of 2028	2392	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2392 wrote to memory of 2028	2392	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2392 wrote to memory of 2028	2392	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2392 wrote to memory of 2028	2392	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2392 wrote to memory of 2028	2392	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2392 wrote to memory of 2160	2392	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2392 wrote to memory of 2160	2392	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2392 wrote to memory of 2160	2392	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2392 wrote to memory of 2160	2392	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2392 wrote to memory of 2160	2392	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2392 wrote to memory of 2160	2392	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2392 wrote to memory of 2160	2392	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2392 wrote to memory of 2160	2392	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2392 wrote to memory of 2160	2392	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2392 wrote to memory of 2160	2392	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2392 wrote to memory of 2160	2392	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2392 wrote to memory of 2160	2392	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2392 wrote to memory of 2160	2392	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2392 wrote to memory of 2160	2392	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2392 wrote to memory of 2160	2392	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2392 wrote to memory of 2160	2392	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2392 wrote to memory of 2160	2392	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2392 wrote to memory of 2160	2392	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2392 wrote to memory of 2160	2392	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2392 wrote to memory of 2160	2392	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2392 wrote to memory of 2160	2392	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2392 wrote to memory of 2160	2392	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2392 wrote to memory of 2160	2392	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2392 wrote to memory of 2160	2392	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2392 wrote to memory of 2160	2392	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2392 wrote to memory of 2160	2392	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2392 wrote to memory of 2160	2392	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2392 wrote to memory of 2160	2392	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 7124 wrote to memory of 6088	7124	firefox.exe	firefox.exe
PID 7124 wrote to memory of 6088	7124	firefox.exe	firefox.exe
PID 7124 wrote to memory of 6088	7124	firefox.exe	firefox.exe
PID 7124 wrote to memory of 6088	7124	firefox.exe	firefox.exe
PID 7124 wrote to memory of 6088	7124	firefox.exe	firefox.exe
PID 7124 wrote to memory of 6088	7124	firefox.exe	firefox.exe
PID 7124 wrote to memory of 6088	7124	firefox.exe	firefox.exe
PID 7124 wrote to memory of 6088	7124	firefox.exe	firefox.exe
PID 7124 wrote to memory of 6088	7124	firefox.exe	firefox.exe
PID 7124 wrote to memory of 6088	7124	firefox.exe	firefox.exe
PID 7124 wrote to memory of 6088	7124	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Views/modifies file attributes 1 TTPs 2 IoCs
evasion

Hidden Files and Directories
T1564.001

Processes:

attrib.exeattrib.exe

pid process

5236 attrib.exe
6792 attrib.exe

pid	process
5236	attrib.exe
6792	attrib.exe

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\1.bat"
1⤵
- Checks computer location settings
PID:4924

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1116

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:5000

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2392

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2276

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:2028

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:596

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:3432

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:4696

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:2160

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4708

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:7124

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:6088

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6088.0.1601436207\1786469866" -parentBuildID 20221007134813 -prefsHandle 1740 -prefMapHandle 1720 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {84e15771-3802-4df8-ad62-c277385c9b4f} 6088 "\\.\pipe\gecko-crash-server-pipe.6088" 1832 24e7c3d6e58 gpu
3⤵
PID:796

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6088.1.1196160394\1797182719" -parentBuildID 20221007134813 -prefsHandle 2156 -prefMapHandle 2152 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6fbd446c-86ec-457c-9123-884b5ae397a9} 6088 "\\.\pipe\gecko-crash-server-pipe.6088" 2184 24e71372e58 socket
3⤵
PID:5460

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6088.2.500805873\560675360" -childID 1 -isForBrowser -prefsHandle 2808 -prefMapHandle 2732 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f0e48a2-f5cb-4997-9584-08c865e983f1} 6088 "\\.\pipe\gecko-crash-server-pipe.6088" 2716 24e023cdf58 tab
3⤵
PID:6172

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6088.3.1513931096\985220135" -childID 2 -isForBrowser -prefsHandle 3404 -prefMapHandle 3400 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e0672b5-2729-4123-9547-2acb8d40e14e} 6088 "\\.\pipe\gecko-crash-server-pipe.6088" 3452 24e0286fe58 tab
3⤵
PID:5944

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6088.4.168341368\1255972778" -childID 3 -isForBrowser -prefsHandle 4112 -prefMapHandle 4132 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {48495a8c-23eb-4f8c-99ff-2b73bbf81a4f} 6088 "\\.\pipe\gecko-crash-server-pipe.6088" 4140 24e035c0c58 tab
3⤵
PID:5792

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6088.5.1324652023\1281732144" -childID 4 -isForBrowser -prefsHandle 4964 -prefMapHandle 4960 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {61cf7f34-d997-40d2-817b-77c53670d0d1} 6088 "\\.\pipe\gecko-crash-server-pipe.6088" 4972 24e035bee58 tab
3⤵
PID:5004

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6088.6.1038033677\680561223" -childID 5 -isForBrowser -prefsHandle 4784 -prefMapHandle 4780 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {261fc30d-1945-4ce3-a90f-e6a1541dc694} 6088 "\\.\pipe\gecko-crash-server-pipe.6088" 5100 24e04b58f58 tab
3⤵
PID:1108

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6088.7.417419294\191321156" -childID 6 -isForBrowser -prefsHandle 5216 -prefMapHandle 5220 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {99f06982-ab3d-46c8-85c3-c349e78034c2} 6088 "\\.\pipe\gecko-crash-server-pipe.6088" 5208 24e04b58358 tab
3⤵
PID:2272

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6088.8.1734106913\112475731" -childID 7 -isForBrowser -prefsHandle 5672 -prefMapHandle 5668 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eebec732-a954-4889-898c-d8ff17fa4e95} 6088 "\\.\pipe\gecko-crash-server-pipe.6088" 5680 24e0684d058 tab
3⤵
PID:5672

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:6712

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fffb9b69758,0x7fffb9b69768,0x7fffb9b69778
2⤵
PID:6724

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1724,i,2646455697465752942,10641567191435637805,131072 /prefetch:2
2⤵
PID:6948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1900 --field-trial-handle=1724,i,2646455697465752942,10641567191435637805,131072 /prefetch:8
2⤵
PID:6932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2080 --field-trial-handle=1724,i,2646455697465752942,10641567191435637805,131072 /prefetch:8
2⤵
PID:6920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2852 --field-trial-handle=1724,i,2646455697465752942,10641567191435637805,131072 /prefetch:1
2⤵
PID:7040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2860 --field-trial-handle=1724,i,2646455697465752942,10641567191435637805,131072 /prefetch:1
2⤵
PID:3548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3848 --field-trial-handle=1724,i,2646455697465752942,10641567191435637805,131072 /prefetch:1
2⤵
PID:1352

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4608 --field-trial-handle=1724,i,2646455697465752942,10641567191435637805,131072 /prefetch:8
2⤵
PID:4764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4632 --field-trial-handle=1724,i,2646455697465752942,10641567191435637805,131072 /prefetch:8
2⤵
PID:5316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4908 --field-trial-handle=1724,i,2646455697465752942,10641567191435637805,131072 /prefetch:8
2⤵
PID:6216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 --field-trial-handle=1724,i,2646455697465752942,10641567191435637805,131072 /prefetch:8
2⤵
PID:5716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4900 --field-trial-handle=1724,i,2646455697465752942,10641567191435637805,131072 /prefetch:8
2⤵
PID:5644

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5032 --field-trial-handle=1724,i,2646455697465752942,10641567191435637805,131072 /prefetch:1
2⤵
PID:5236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3828 --field-trial-handle=1724,i,2646455697465752942,10641567191435637805,131072 /prefetch:1
2⤵
PID:1876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 --field-trial-handle=1724,i,2646455697465752942,10641567191435637805,131072 /prefetch:8
2⤵
PID:5068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5352 --field-trial-handle=1724,i,2646455697465752942,10641567191435637805,131072 /prefetch:1
2⤵
PID:7064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2856 --field-trial-handle=1724,i,2646455697465752942,10641567191435637805,131072 /prefetch:8
2⤵
PID:5784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2928 --field-trial-handle=1724,i,2646455697465752942,10641567191435637805,131072 /prefetch:8
2⤵
PID:5448

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5580 --field-trial-handle=1724,i,2646455697465752942,10641567191435637805,131072 /prefetch:1
2⤵
PID:5808

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5072 --field-trial-handle=1724,i,2646455697465752942,10641567191435637805,131072 /prefetch:1
2⤵
PID:6572

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=2892 --field-trial-handle=1724,i,2646455697465752942,10641567191435637805,131072 /prefetch:1
2⤵
PID:4704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5808 --field-trial-handle=1724,i,2646455697465752942,10641567191435637805,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:6340

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6016 --field-trial-handle=1724,i,2646455697465752942,10641567191435637805,131072 /prefetch:8
2⤵
PID:5468

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6040 --field-trial-handle=1724,i,2646455697465752942,10641567191435637805,131072 /prefetch:8
2⤵
PID:4712

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3900 --field-trial-handle=1724,i,2646455697465752942,10641567191435637805,131072 /prefetch:8
2⤵
PID:3180

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6100 --field-trial-handle=1724,i,2646455697465752942,10641567191435637805,131072 /prefetch:8
2⤵
PID:3676

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4464

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:7092

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\test.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:6828

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\test - Copy.txt
1⤵
PID:1380

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\test - Copy.txt
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5332

C:\Users\Admin\Desktop\WannaCry.exe
"C:\Users\Admin\Desktop\WannaCry.exe"
1⤵
- Drops startup file
- Sets desktop wallpaper using registry
PID:2992

C:\Windows\SysWOW64\attrib.exe
attrib +h .
2⤵
- Views/modifies file attributes
PID:5236

C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
2⤵
- Modifies file permissions
PID:3008

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:7008

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 108281714580947.bat
2⤵
PID:6644

C:\Windows\SysWOW64\cscript.exe
cscript.exe //nologo m.vbs
3⤵
PID:6232

C:\Windows\SysWOW64\attrib.exe
attrib +h +s F:\$RECYCLE
2⤵
- Views/modifies file attributes
PID:6792

C:\Users\Admin\Desktop\@[email protected]
@[email protected] co
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4420

C:\Users\Admin\Desktop\TaskData\Tor\taskhsvc.exe
TaskData\Tor\taskhsvc.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:6468

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c start /b @[email protected] vs
2⤵
PID:6356

C:\Users\Admin\Desktop\@[email protected]
@[email protected] vs
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1752

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
4⤵
PID:356

C:\Windows\SysWOW64\vssadmin.exe
vssadmin delete shadows /all /quiet
5⤵
- Interacts with shadow copies
PID:4184

C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic shadowcopy delete
5⤵
PID:3940

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:2848

C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
2⤵
- Executes dropped EXE
PID:6704

C:\Users\Admin\Desktop\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Sets desktop wallpaper using registry
- Suspicious use of SetWindowsHookEx
PID:5588

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "svgirwyi764" /t REG_SZ /d "\"C:\Users\Admin\Desktop\tasksche.exe\"" /f
2⤵
PID:516

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "svgirwyi764" /t REG_SZ /d "\"C:\Users\Admin\Desktop\tasksche.exe\"" /f
3⤵
- Adds Run key to start application
- Modifies registry key
PID:5096

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:6416

C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
2⤵
- Executes dropped EXE
PID:6388

C:\Users\Admin\Desktop\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5124

C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
2⤵
- Executes dropped EXE
PID:360

C:\Users\Admin\Desktop\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4468

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:1844

C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
2⤵
- Executes dropped EXE
PID:1372

C:\Users\Admin\Desktop\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1696

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:5180

C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
2⤵
- Executes dropped EXE
PID:396

C:\Users\Admin\Desktop\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:7116

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:6516

C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
2⤵
- Executes dropped EXE
PID:2820

C:\Users\Admin\Desktop\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5176

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:4760

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\test.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:5760

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\test - Copy.txt
1⤵
PID:6140

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\test - Copy.txt
1⤵
PID:6584

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:5660

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\test - Copy.txt
1⤵
PID:5988

C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\FA Adv Security Tool.bat
1⤵
PID:7112

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\FA Adv Security Tool.bat" "
1⤵
PID:3796

C:\Windows\system32\tasklist.exe
tasklist
2⤵
- Enumerates processes with tasklist
PID:6420

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5584

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6508

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4516

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:236

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:7120

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6520

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4064

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6944

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2916

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
- Kills process with taskkill
PID:4332

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5988

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6464

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5580

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:516

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5592

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2456

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:400

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:996

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4664

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6804

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6408

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6236

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6352

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2552

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:1352

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5560

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5664

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4712

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5264

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6624

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:7064

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3528

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4468

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5224

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5024

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5596

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3716

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4484

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:1716

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3304

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:7072

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4992

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6484

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2804

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3216

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5732

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:7112

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5904

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2268

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
- Kills process with taskkill
PID:5952

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5440

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4512

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4892

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:1372

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5016

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6672

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6060

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5240

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5300

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6356

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:7148

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4616

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5680

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6472

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5288

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:424

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5992

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:7008

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5408

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6580

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5588

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
- Kills process with taskkill
PID:2208

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4896

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6928

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5372

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:7028

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2072

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6364

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6992

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6584

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6200

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4540

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:7128

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:876

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6232

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3508

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4108

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
- Kills process with taskkill
PID:6860

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4168

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6400

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:704

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6504

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
- Kills process with taskkill
PID:6340

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5292

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6688

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6776

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4544

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5712

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:7156

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4572

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2520

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:436

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:7100

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:1844

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3104

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2448

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2004

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6288

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6852

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:1960

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3180

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4768

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4172

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6292

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2980

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6620

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4476

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4552

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5324

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:596

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6020

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:1964

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:884

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5428

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4720

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6872

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:660

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6348

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6388

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
- Kills process with taskkill
PID:2820

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4264

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:760

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3516

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:1296

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6472

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5288

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:424

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5992

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:7008

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6244

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2500

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6580

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5588

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2208

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4896

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6928

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5372

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:7028

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2072

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6364

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6992

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6584

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6200

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4540

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:7128

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:876

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6232

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3508

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4108

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6860

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4168

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6400

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:704

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:7096

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3892

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6784

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2344

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5276

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5248

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6780

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5260

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6536

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3816

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5220

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3700

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:360

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:832

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5536

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4416

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4908

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3248

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4952

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5884

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2532

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2584

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4656

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5720

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3544

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3012

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3844

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5172

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2008

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:304

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6800

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6156

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4440

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6420

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6360

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6024

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2352

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4460

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2252

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5528

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4028

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5144

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:396

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3148

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:7004

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6816

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5408

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
- Kills process with taskkill
PID:5644

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4420

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:1692

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6508

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4516

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:236

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:7120

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2376

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4064

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6944

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2916

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4332

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5988

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6464

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5580

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:516

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5592

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2456

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:400

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6788

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6220

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:1744

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6400

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6644

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6312

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5676

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:7144

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5268

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5664

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4980

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6540

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5792

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5544

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3528

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:7092

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2360

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3076

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6828

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:7040

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:1880

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:8

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6492

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6296

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2900

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:1120

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:880

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2236

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:376

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3176

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6104

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2268

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5952

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5440

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:860

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4892

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6836

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6404

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6672

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5432

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5316

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6356

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:7148

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:364

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5284

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3028

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2572

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:7068

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6160

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:524

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3552

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:1468

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4808

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4744

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4968

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:7036

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:372

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6772

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3388

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6844

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:1204

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5764

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5920

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5752

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
- Kills process with taskkill
PID:32

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5568

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:700

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6528

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5436

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5576

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5632

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6384

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6408

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4320

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:508

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3860

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:1352

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:764

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5328

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6692

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:592

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:1448

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3540

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4356

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3572

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5540

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:7088

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6976

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4880

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4580

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:1604

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5088

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4768

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4172

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:200

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2584

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:644

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4656

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5720

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5904

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:1440

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3844

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5172

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:1088

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5332

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:352

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:1372

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6396

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:1876

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6360

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2160

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5388

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4616

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2508

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:7116

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4684

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5744

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3148

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6260

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:344

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5160

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:1316

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3552

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:1468

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4808

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4744

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4968

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:7036

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:372

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6772

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3388

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6844

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:1204

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5764

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5920

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5752

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:32

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5568

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:700

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2804

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2456

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:400

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6788

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2432

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4868

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:1076

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:1752

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6784

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5308

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5448

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5468

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:1320

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
- Kills process with taskkill
PID:5664

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4980

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6540

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5792

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5544

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3528

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:7092

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:360

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3076

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6828

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5092

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:1604

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:8

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2028

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5368

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4132

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3216

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5732

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:7112

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:924

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4432

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:1968

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4576

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:1280

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4380

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6148

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2308

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4140

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6420

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3140

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4264

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5228

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4612

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5880

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3100

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2920

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5300

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5288

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:1460

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:7008

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6816

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5408

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6380

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2232

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5584

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2336

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6808

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:1392

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3200

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6996

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:7132

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5692

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5924

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4764

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5828

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5032

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:960

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5212

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6548

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4504

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5000

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2436

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4168

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4900

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6504

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6340

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5292

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5272

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6688

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5560

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
- Kills process with taskkill
PID:2040

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
- Kills process with taskkill
PID:4712

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5328

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6692

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:592

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:1448

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3540

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3700

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3572

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5540

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:7088

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6976

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4880

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3248

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6424

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6336

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6484

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:168

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6700

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:644

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4656

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5720

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5904

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:1440

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3844

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5172

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3132

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4128

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:660

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3536

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6060

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:7056

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
- Kills process with taskkill
PID:5176

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4460

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3516

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:364

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2352

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5144

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4684

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4760

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:7068

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:7004

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:7020

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:524

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4932

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3552

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:1692

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6508

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3940

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:356

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2072

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4064

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2564

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:676

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4588

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6452

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:7128

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5580

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4244

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5592

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:1016

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5552

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6972

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6860

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2524

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5576

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5632

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6384

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6400

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:1752

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:508

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3860

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:1352

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:764

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5268

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6876

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4472

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6668

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3204

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5524

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:1504

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5596

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4676

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2284

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:1380

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:7072

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6864

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4992

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
- Kills process with taskkill
PID:4924

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6620

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4476

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2236

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5324

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3012

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6020

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6980

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5180

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
- Kills process with taskkill
PID:884

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5140

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2744

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:352

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4128

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:660

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3536

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6060

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:7056

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5176

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4460

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3516

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:364

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2352

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5144

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4684

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4760

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:7068

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:7004

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:7020

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:524

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
- Kills process with taskkill
PID:4932

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:308

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2144

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4968

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6300

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:356

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:7036

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6996

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:7132

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3388

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6844

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:1204

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5764

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3864

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6704

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5212

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3984

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4504

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4820

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2456

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:400

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6248

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6560

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6644

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5292

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4320

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:1072

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5308

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6792

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:7156

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4072

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6448

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4472

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6668

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3204

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5524

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:1504

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5596

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4676

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2284

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:1380

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:7072

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6864

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4992

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4924

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6620

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4476

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2236

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5324

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3012

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6020

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6980

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5180

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:884

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5140

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2744

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:352

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4128

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:660

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3536

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6060

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:7056

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5176

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4460

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3516

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4028

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2820

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3028

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2572

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:7016

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5808

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6580

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:1316

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3552

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4932

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:308

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2144

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4968

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6300

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:356

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:7036

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6996

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:7132

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3388

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6844

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:1204

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5764

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3864

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6704

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5212

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3984

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3232

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
- Kills process with taskkill
PID:6220

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
- Kills process with taskkill
PID:6788

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2432

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4868

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6776

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3344

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5676

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5560

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5448

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5468

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4412

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5260

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5220

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4772

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5336

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4356

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2448

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4696

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3184

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6852

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6828

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:1960

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6028

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5884

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4768

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5196

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6628

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6544

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:7112

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:1696

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2268

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5952

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5440

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:1280

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4892

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4440

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:1372

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6404

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5240

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2628

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6356

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5388

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2052

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2508

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:364

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3516

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4028

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2820

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3028

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2572

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
- Kills process with taskkill
PID:7016

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5808

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6580

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:1316

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4516

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2336

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:7120

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6856

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5320

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6440

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5704

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6768

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6664

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5520

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5920

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5752

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:32

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3236

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:7124

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5556

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2132

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6972

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2752

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4168

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4900

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6504

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6340

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:1076

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5272

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6688

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6552

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:1320

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5664

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4980

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6536

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:1448

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3540

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:832

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5536

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4484

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:7088

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3876

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:1880

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5092

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:1604

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:8

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:1424

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5196

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6628

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4476

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2236

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:7112

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:1696

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2268

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5952

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5440

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:1280

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4892

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
- Kills process with taskkill
PID:4440

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:1372

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6404

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5240

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:1876

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6360

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6820

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:760

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4912

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6472

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:1824

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5744

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4684

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4884

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:7068

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:7004

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3744

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5416

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:7032

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5584

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6564

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6868

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:1392

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:7012

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6992

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6584

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5692

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5988

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4764

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5828

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:876

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5208

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3864

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6704

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5212

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5000

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
- Kills process with taskkill
PID:6804

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5684

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6860

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6236

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:7096

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3704

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6384

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2344

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4544

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6792

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:7156

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4072

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:7100

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5792

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6668

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3204

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5524

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:1504

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4696

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4676

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6852

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6828

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:1960

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6028

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6336

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4924

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6532

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5104

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3216

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4656

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5720

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5904

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6980

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3844

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5172

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3132

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6148

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2308

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:7084

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:660

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6568

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:224

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5228

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
- Kills process with taskkill
PID:5680

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5880

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:532

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5068

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5992

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3148

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6160

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6696

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2572

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5160

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5808

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6580

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:1316

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6508

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2144

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4968

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6856

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:828

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6440

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2916

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6200

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:7132

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3388

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5096

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6076

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5580

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5592

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4100

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4504

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5436

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:996

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3596

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6860

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6788

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6372

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5652

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6776

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
- Kills process with taskkill
PID:3344

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:1752

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:7064

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5468

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6692

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6448

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4468

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6496

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:1376

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:212

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3716

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4416

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:7040

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
- Kills process with taskkill
PID:3304

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:4952

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6480

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6296

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:8

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6620

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3648

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6700

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5324

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3012

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6020

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2008

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5180

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:884

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6156

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3608

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6672

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5432

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:208

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:3536

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2628

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:508

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5528

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5284

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:164

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:2920

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5300

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:5288

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:1460

C:\Windows\system32\taskkill.exe
taskkill /f /im @[email protected]
2⤵
PID:6260

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

File and Directory Permissions Modification

T1222

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Inhibit System Recovery

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\@[email protected]
Filesize
240KB

MD5
7bf2b57f2a205768755c07f238fb32cc

SHA1
45356a9dd616ed7161a3b9192e2f318d0ab5ad10

SHA256
b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25

SHA512
91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

Download Submit
C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\@[email protected]
Filesize
583B

MD5
b826ae29ebeed2da39050e1398755a09

SHA1
7f096bc98b0d72af32fef23f7e0285a0a71884b4

SHA256
6538497ff907182badba2c8c6f7c57110a3df96a284fa3d27056f3fc28e22679

SHA512
8f5f4554b9b108154abfff44de20a005bfd5601f1dc5ffd6aabc0dbb98f266977b6befa11d8849bd40a14ea10e522ab0c1cc8a525d4dcc0d60a1860fc6bff5a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
Filesize
4KB

MD5
1bfe591a4fe3d91b03cdf26eaacd8f89

SHA1
719c37c320f518ac168c86723724891950911cea

SHA256
9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

SHA512
02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000030
Filesize
48KB

MD5
0c2234caae44ab13c90c9d322d937077

SHA1
94b497520fcfb38d9fc900cad88cd636e9476f87

SHA256
d8e6f62282e12c18c930a147325de25aef1633a034eaf7a3ce8de1fb8de09912

SHA512
66709f74b19499df1e06700e1c257e14a82ca4287194e4b177b3f333748d927f413c8c459a35e7e5a2f92d28410b0129f106d94e3dd85bc0dd0b986add83b18f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031
Filesize
44KB

MD5
a4b04ba2b9a56f5911fee0c29629e53e

SHA1
939e8e65e22ae978a6b63dd1400fc6f58c5015eb

SHA256
523d8983d24e050e6e7e1f43d0caca6bd77bef38ec046d181b13bf32702fc025

SHA512
1c3357e9ecd3ac0de53d14f5d4c8d8d0aeafd30cb2e0dd6cfd1be68cca4fd4e178e79938a5ffe9a17b43e4f60f6e8e08c1054fa44160377fea740da70761c80f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000032
Filesize
24KB

MD5
e1831f8fadccd3ffa076214089522cea

SHA1
10acd26c218ff1bbbe6ac785eab5485045f61881

SHA256
9b9a4a9191b023df1aa66258eb19fc64ae5356cfc97a9dda258c6cc8ba1059ac

SHA512
372c486ac381358cc301f32cd89b7a05da7380c03fa524147c2ddf3f5e23f9b57c17485aaedc85b413461a879afc42e729547b0c96c26c49bbdb7301cd064298

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000034
Filesize
20KB

MD5
8b2813296f6e3577e9ac2eb518ac437e

SHA1
6c8066353b4d463018aa1e4e9bb9bf2e9a7d9a86

SHA256
befb3b0471067ac66b93fcdba75c11d743f70a02bb9f5eef7501fa874686319d

SHA512
a1ed4d23dfbe981bf749c2008ab55a3d76e8f41801a09475e7e0109600f288aa20036273940e8ba70a172dec57eec56fe7c567cb941ba71edae080f2fdcc1e0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003b
Filesize
21KB

MD5
9ccb3e387ecf1d1c32d33a33b61db8f3

SHA1
9d6625afcaa4d6bfe223268ccf82ff32ea9532a3

SHA256
3d34b64d0099f608de0e555d46338252a99d36f2a25af7180702c9966621fa0b

SHA512
05c3d41fd4115bd66c1a938ad644424f8df93f96ae27004c800e43acbc4b23568456574ceba605ea696fb594585811fedd0f9ec547a697344479e4d7516f65f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
1fc9d307e9c95703949db44b485f3ed0

SHA1
211d9293e8e2218933af631c4c248b4f9fcd7d77

SHA256
ebe400bd1537e5a7c87a1eb224c1c07184478ffb171b7481e809b606c1e15cad

SHA512
9d8eb5470e5aeaeeccf072004778bbde66ae83b13e416b11b300d22cad11a25637f7e57c0552fa48bb64a30afde83c241e1392af0f8e0575f28ea99bf10f17e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
555590cd56dc58c0e5323f2dfb349e5b

SHA1
202128f481420d9f4e4a5959c91fca04f3077bb9

SHA256
94cd16b6bd174facb15a6e990bfaf03a8d8c31b13b011d432f8e570cd210a652

SHA512
6124d62a4837549727b2ef5a9a5b7ee578fd550158912e3d61a5fcf0e64bd81aebd6382b8fe72b08170fe0b66aa093f6307021950ecfbd1c9aff2121e6e6d164

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
ce00b9c45ae57e522d90bff6131a3ce8

SHA1
061a3f2f949f67cfc767b62c27bffc442cb56e5e

SHA256
487677704b314caf213ef07ea6f0fbf4d082d5c13a187631470c7032aad07b85

SHA512
8f835494a0ff73509331f5ca819999d53a09faaee1ffee7001bcefcab6d149ccc8c13bea36163f01e7406562556bcbdabb3fdd184424c2c97b156ddfce63a66d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\73b1a476-218d-418f-9606-606dcbaeedf7.tmp
Filesize
5KB

MD5
86a7fb5f6c65b37cf15f66c810793e44

SHA1
461f7be0ed64cb72a720b43db8e91a94b160cd06

SHA256
46952e836bc53fb26e690bd7f07a066308141f1ba0133965110d5d3a4e4c14ca

SHA512
6ce6d197e6ad766f15b4e2f6b6254e54187176534b15ce184635ca6eb3fc440a95534123621c4f406c3dac94c2c8d28fc49c1fb5892c448f199173e3de623f03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
5KB

MD5
6c8c769397ae2838cc2f9420d5237832

SHA1
c267d31232836bcc2d117953d884d31a331eaa08

SHA256
c14fb0ba7b2be16210ce406c312d0a51d3b01af55aa1829162de824089139a24

SHA512
73c2e678a39013386adbbd36f2bbb93a78f75da757efbd45816b61752603e33f5a50cf0aa05605427d3e634107c444d6e0d172df4e52346813ef247a50295c0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
5KB

MD5
ce22db42a265c4445e396eec27db1976

SHA1
e92a55fae88f4b825e498bcf56f70dda2a872140

SHA256
5ced9cf6391dcc5b3cbfa5d628c0c1f9627a087a624a8781bd44b0df00894f2b

SHA512
55e6968fe16d0b293d22e569885d5863b42e316ea315c7b4e09496e9febb653434ba36dcc56848c43b4db8a29eb1a445dc5650f6b94a8f05a6a2b7a61a0c4d13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
ac1cf8c326784095db73ba6ffd8ccbe0

SHA1
c1c2e017253bf9b9b078057d39c402782400dbd8

SHA256
3b5697a4c750a3940f66735f6841d3c329ac4aba365df4661e98017af1a5dfe2

SHA512
862781aa60e979efb02254be0cf75d8943f356cc70d3c2f3552f8843affe106d718a56d04c53eceff70e6b8f23c7730cdf277ddb1f8f8707a92d65e9b25e053b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
ab70c1170582b3a32e28e9d642354969

SHA1
a90651f567c0702d5b193ca244e6d1375cc57825

SHA256
5093b424d157114614da084e32c1e9ce8f307d11b90a4bd62c42f590ba7ab81d

SHA512
14054f8709926c9ea86fc30750b92d11bf000e67cb3816b9b3190fbc1e271e401dea209e255d02fe1ba1441c3ea8a5fa262c52cd6af180ac7595db5a4444f0f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
6bd4b60a9370adc5ff85387b637c6e51

SHA1
419af73b327d1fe6bbe8086e154238196bba12de

SHA256
9bd439834ff8dc6292cbb6aa10634238172208ab34054472994d94c13d57fd68

SHA512
cbf099ab4e50420e2762a90c2c7a070ca55a6e56d9ac3698f50444800382cb39d03f57ffc8c76dd5034ddf15a5d648eb2707a21479141dc3c7d9ca72a33539cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
73c434946cb96f00801b3f7dda83bbef

SHA1
c293fd3423da0a854a28e6eb72a1abb58f8221d6

SHA256
646e8ca538b9553b9baad626d0b40f3a425dde14fe185715d2d60fb33b1a437d

SHA512
cb818a1fe91d0dabece7cebf033a3bd891cf7175c37675190ab48ede1da3ac0e4348dfa756c7212d55152d8adeb18e98f922358bc3cef1a2a452477a8ce15e06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
371B

MD5
e59a418679600db57212954efcd070ad

SHA1
7fea673619746217a7b7de349bcf612e3635508f

SHA256
8c88c102107f31d585eadc180a49a22b970f793be538c0cc3b0c8e7070a853f0

SHA512
7233df11ab4dfe66a55cb175cb8e2264f778b6ec6414f2258f85c758428e74b1e2870cc34dd166ba25c12ba8ad8f9b4af22bea3b95778f349846e60f18f3ca5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
21f6d919bd14fe9b15d036ac4e682222

SHA1
10ad83a64882d9278f8eea43918f7a2847f2299a

SHA256
4edd4a4bc4d48acf61e2ebbc02eab529dbf6931415ba54d5d3fda1aec47bf16a

SHA512
b446002ca532b33f830f4c65d5088832067d640e2c470978436fa4e1f74fd35af79058757ab8fdee4868af3014f2e5ec22acd86ea012fd45960e860e9d7cabca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
3dfcb811d6354ae7aa0869fddeac248c

SHA1
9b0e6bc0533b78d7ded48b9d721497c4f223f3fe

SHA256
188bce78f4c5c10a580c6aea8f7a4ca66bec6d2f0060a1d84de05100b9b5131a

SHA512
357156da7cf631d1d75087ea835e95ab0814534eb27b4743a9877b5bd59cd90ebb4046f5aab50c7d828a41830f3a232784339c21e62ae2fcceb19349a025b866

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
41a93bd1d6c063ff63887177da16e6cc

SHA1
13ace521b4f32b686601138173b1d8b815143b60

SHA256
6aa4f02f241884ebf743b6eeb99974a5cfd6bc3377fd28a2599019b2ec82c52c

SHA512
3c53f05cee08ec8123dd9b5083ba73b3dc708a21b0b4aaa5dd979767199d235816a0d9df6197a0b471dfce82de6e6ff54012f3639ce0c81b3e870b496e6777b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
6d1329e52db06016465ff6f931f47035

SHA1
c7070ea4258749524b75e99a5c08a867a78a63f8

SHA256
6d95fa35e118ed8d36e358d08cfe518050fe5c6b3368ed338308ceeee8311f96

SHA512
fbe8b2958579df6a2a645104a65ac926f9fd8562dce9d31e617eb43636ab47d75ab5848e4fdeb7317704514a8dc2b4d64beffc290d356b05b0f60d2d3f1775db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
874B

MD5
522eb3c06daf6fd57cafb30d7df9edba

SHA1
13d763137f7700a8822b1ed0195b38eacc06499b

SHA256
372ca11507b76c9febc3ece6b4da1dfe84795d264bd377dec7158b54f8fe5523

SHA512
d62665a86b104dd22c3042355bb2ee03b584e0eec620bc0e9e6d895e21a98de3e83bb7ed7950f771f844bb2d0a39ae39f76cdde962dc724f83207b73d9624d08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
34c758423517578ef839fa9127573a33

SHA1
4d805382eadd2fa06210b807fd34a9abe586b713

SHA256
7bcec9bcb69a70e0b83c9f1a7b43b0684082f398d713ec82d3caa07dda157895

SHA512
d57f2970a0c9ea38b1361c86d8e74c169ce4ad32a7cd293d80f78727afd6775b44ee52d005a8215718cb62affa756b94c1ea7ca6c9ad974743a6f2388d9b8300

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
040827a35897d366bb50255fa98ff041

SHA1
9b0da3069888d976fb91eb692cc154ba18a9b341

SHA256
4506adba580e6b21d5ea4b8f3bfc049110e8a67bcacbe61b46db27d6580c158f

SHA512
3293e55fb51f57665be5b5445ffa1b69231830bf7dbd69c162a90d3331e6f8697f716e883c5e53245a77bba878b357e79506e362fe56170c27a782a3846b7b84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
e59d4caad28123735c42fe3c296ace38

SHA1
21fd757e872e75ece47bb6830a1908dbd04e8926

SHA256
4c1e9eba924afe74c8ba6465afc05d0484f9f431538ec7169ea49f0b4d651d93

SHA512
57b317cd6a36e42c47b695d32a73a8f084703dacae0370a721f5908bb36101d965a6c27f3afa05e98b9ea2c1a6a26d1b84c25c6ef300bde279976ee96a263e2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
307fcc121f6e25b668d6294895a73775

SHA1
286830e594325fcb489e39f33762b80540b73dbf

SHA256
f93d4fd6cbdc048fcefd3a11edf4da374b212ed7ce2d62adae0de4e57315da25

SHA512
3371fe155d652bacb25f2938707f93b248b18b665974fc15ee8d8300810f8456d06c344cf8d8d2217488d840485b8ea793e29b8bfd4ec02bb6b378c9d1be18a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
f83a449358ace65bae6669e611de6d71

SHA1
932cc12615e2f8685469a7d4f713319b757001fd

SHA256
da6c72735306af54e2a84e05b3aa1d9317b10f8ebed556e33d400d7bf7cc7a30

SHA512
8dee58692d25a47966cf588d4fdbc3012642308418b602b84e22eeb55c25015ecc6d8c4d26e37b6c3d56e0c9989bc174681845112c1cf50ad708bf0f9bf58c1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
51dffe93561abd036c764d7c11a699da

SHA1
bd56e530fd0cc9398e1d5a845ea3b0cae2bb8b0b

SHA256
02b255fe7fca2201c8580d44be683bb7a79ed9e33a7e97c64952e1be6a292211

SHA512
96ce6f92a6eeb44a474186cba9034ab5cd45d1011798b8f02de7a5d3ac6920cddd71b3021c21eadc0b04cf5e68c04c4b271244345ef484056ca5c69cbc13d650

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
6c49e116ab6ff314d2b622c00daafc06

SHA1
44b01bbcc4c58a51c35597035c1465bd12ecf6f2

SHA256
292828ef439cdb5860b946435d6ad01260892a8054d5d88d483e118c46c025dd

SHA512
218b34b8fe686a1e9459b536d2628a81da4e034c494ead6ffd56670f33da54a8d1f4da6eb7fcc75cfe6a0130ec1fbb360dc167eef44b43788300dd251d0f03aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
39ed591214d3e7d6b297d1f084183e16

SHA1
2e5aba42cda62711e92c40cebc9aeca8bbc4c2da

SHA256
bfcb891f2845be546936d2714cf4844511fa5169033056726a2806de28210fd6

SHA512
f66e220efee5e359a3e34142d22fcc74f523fcd4439c623de6b31b3a8add39dbe3a54ddb96e0fc599455599822da72f45611dcd2a2c60a69a22876d04e8983d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
12KB

MD5
3b15fb5a2bdc3fd81a94595a0a9b2614

SHA1
f51c4df3452da7345db7a3db8eb83be985841524

SHA256
2bb427a56178f28868cdb72c6e77176926b56f4fcfef83f6ec5ec87b925680ec

SHA512
f3bbe918c91254075af9ed50dfac8bfbcdd8b07021f7d0d0c382262e6971fab8a87dfbf77b596feb9fdf2b35b441edba3d1aa1e17bcfd085e636be7d301cccf1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
120B

MD5
d4e5e3588de117ab4f2385ec9c7e7115

SHA1
c0f9e788a629edd5a570117dcf6faeb40c9e1b48

SHA256
6d37d6bafcb67d7221ebc33a42d9fe9b027410507972065b793c833d49b6beeb

SHA512
d5c6378aeec4657330359d5483d79d0b6bf5ba7d802a2b70d3be9bfba33b41c63e73d95fc7508d581039abe07802b4fb0996b1ffae381ed94391c2852b267149

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5b2622.TMP
Filesize
120B

MD5
5078e89b28b4a0e95d98283120b2009a

SHA1
0b08f66d6190614c6fbbeb8ce4a478574bae1b1d

SHA256
1d1b241064ac2fedab0b301f581e2c02fc0bd4f53458f74c110a8e93f7d43fea

SHA512
bb41b4ac3aa5de23631212ffe372f390ac8d5addd1c641ccbd0c1a61af2f76689223236b1bc857327d3ea4f07ab6523684f60a4e300cff6a81147976d586eca6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
272KB

MD5
1be90c61f785410833d7859379bd2294

SHA1
d83fabaa9c561b8a26593c2052c87d9361778fc1

SHA256
46b9b971938cf04457eae139c925791f05119fd526a349301dc5f9c7a79995a8

SHA512
6cb3a919e646fdadbe6606bca9696b5e4f53b98b86a5bcfbae7b1ef061b91c783baedd0502f01eab16c0aa47584f38170705fee77916e74bedf245c9d16221d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
272KB

MD5
cd63839f9da1a43b7a5b28b4b96daf8d

SHA1
77648f2f563f42888e2bdb2b6d04f09d2293705c

SHA256
8e80cb8f90b8fbffa84bc83bf2dc9c675a112f334bdfff70e5984731cf113733

SHA512
5d0584f5da4885b5e8621ec7b729390c2c976e72a9e55d0def3ff72c83ba939e6508cb06892276cf1dd1b953aa488083e48a4ed0f0c7ed5d2b8d6216612cfb98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
93KB

MD5
49d6a26bf2e2b6fc9b2fb53a92648bd2

SHA1
8eaf2b12095569df1f5e69577ee493fe1ee76457

SHA256
be8ce5b81eba7e5b0d3638e06e27a77c978627985ba90db1c67c7f88a15aef29

SHA512
555354434f5f91df465a8d944b19cf8334088c6862c3bdaea772c0730558c2af4b491b01918502c4c8c4e3937a8d2b0f09b056e47a7870890fd75adcf186bbbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
101KB

MD5
dc97e82d4a0427f03ef5ac47ec233795

SHA1
e68c3c5f3f53eb2a2848f88ae1abaafe8bb0f7ae

SHA256
4d0d76d8062519c613d3a516fdcb78bbfcbd61105312ee10615b0793ccc634be

SHA512
b2619165f80b427d579e15390a32178b687c543f1f83aa87002797891dc50338dd321e5f93d3a23a186900022791ec8cca24f096507424716a797baacf4d8332

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5b4989.TMP
Filesize
93KB

MD5
96e121c7265ef5d15adc9397cac9c8ae

SHA1
72c07e59ce698c25d11a032804da3f028861863b

SHA256
67474c1b0444760520b90a78e3718ded1765ba0bb74a1d1c091d46d781f1fd7c

SHA512
a5a499f1b62b3f224fcfd826337b8d83fc05e4722a37d03b356319635e23545d038a18bdd92384b21bf400720e113ea9a6021c0cc7b7fcb6d196bf12b8632aac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\B4U56X23\edgecompatviewlist[1].xml
Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\0F6E48FC2FE3BA07CF39A943382347AA9FC8C2FC
Filesize
60KB

MD5
1a5ac1b64daf474ec9988a8042180e25

SHA1
1c661c3f7fc2fe7358b15a9b2fb502bc3c09ee1f

SHA256
84d2d7f4946bc8e5616146cebbca544e46a582bbad4b601b7bd90418c1994db9

SHA512
7d84251fa8a9cc0897954b47ab5ca5eb1b46d32ef52024f5a6906839fdc604548fb561b247565e2052e3061b287c22f4525ebc7028dad7a0bdb36f6fbcbaa6bb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\9FC8C85689D31525EACE26158B83B464F43A027B
Filesize
24KB

MD5
d1c8ac237673bc8e4bff7551c9f49193

SHA1
4cb4b8329dd4590ced57776228fd70ed92f91a6f

SHA256
e9b638021c4b36e9741e313ba8de2f8f2d842d847f8743ce66a9bd6e7fb4b2ee

SHA512
402bd0843f3bc410d0c470aa110b9340deed582c6dd29a6d0405cab53f9807d9df5e244eac551a29357cc21d7f911bbdfde0567cfd65fcf388a7580a672e1448

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\A752BE816C32A166B4212612D41570FEFDA0B4E8
Filesize
24KB

MD5
535e2e99af3e0a2ff8f919cc3e45fb65

SHA1
7c8817d1b3667ca43e044520c57e5c7ac08bf77a

SHA256
b99ec65fce1db2946e562cf56817af558758ee9cfa63b9c2bc2b5a6f90b7f217

SHA512
45fa74a60907a41abab65622a7eae2f5a598a5f7a2d99be9c88105329573f625e1e7209a030eccc338876d27cfaf61fc0b048ab546c45903e92a0d2606ca7b3b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\D8C2CFE0485DFC922614553B1999E8CE09530D68
Filesize
24KB

MD5
26b0fae0d90120b41e8b52a138b49c39

SHA1
1c76947caaabfaa070571064d75cc3bb2f8f190d

SHA256
08a90abf9c89ad7ec5117dc443c7eea90e4173d2a4cc04622dfc527897e73285

SHA512
305745104c1d8248e8e80f9a8ba1d5471bb3a090ae60061b70f9ec30afff181d5dac131577469153f4864eaf7b0e4fdf49b71e2de61381b3422d2a0d77f12a3d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\13OTCO78\styles__ltr[1].css
Filesize
55KB

MD5
2c00b9f417b688224937053cd0c284a5

SHA1
17b4c18ebc129055dd25f214c3f11e03e9df2d82

SHA256
1e754b107428162c65a26d399b66db3daaea09616bf8620d9de4bc689ce48eed

SHA512
8dc644d4c8e6da600c751975ac4a9e620e26179167a4021ddb1da81b452ecf420e459dd1c23d1f2e177685b4e1006dbc5c8736024c447d0ff65f75838a785f57

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7FDLW5XG\Dahk90Fxhr1MEtfyZ-6_j6N-qVuiwfy-NjSFsUln5nQ[1].js
Filesize
17KB

MD5
5bc0a82a24abe097e6f6c1098bef9591

SHA1
2da9f4ad273be56e0bfbefc24209cdeba5f9f270

SHA256
0da864f7417186bd4c12d7f267eebf8fa37ea95ba2c1fcbe363485b14967e674

SHA512
14351ce0be86a502718daa7a695ea4404d215af58acac418a0e7963219300f749b1feb9d7cbf3cfa088811fb5daf6948379f4421cf67b41974eab5db55924d8b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\A59LIN70\recaptcha__en[1].js
Filesize
505KB

MD5
e2e79d6b927169d9e0e57e3baecc0993

SHA1
1299473950b2999ba0b7f39bd5e4a60eafd1819d

SHA256
231336ed913a5ebd4445b85486e053caf2b81cab91318241375f3f7a245b6c6b

SHA512
d6a2ed7b19e54d1447ee9bbc684af7101b48086945a938a5f9b6ae74ace30b9a98ca83d3183814dd3cc40f251ab6433dc7f8b425f313ea9557b83e1c2e035dff

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\X3NOJDS5\bootstrap[1].css
Filesize
31KB

MD5
52b774832a36fdaae83e67c3c7ff533c

SHA1
60fa1a2daabb26f27894a8eae50f72bc1d181076

SHA256
9d45581f99961212923b84cdf880b7b6d1afcb01350ab8961a1271d7ba795053

SHA512
8b13c4f2042dca47264dd4fee5cc73e292524180e41feafa576f3a407403c6b013610efe1658e865545b8727338d1e8c8c768e88763fb5a4b5a72c48f9c36888

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\X3NOJDS5\theme[1].css
Filesize
85KB

MD5
7360bdee398ceb8a8381901e64b63d5c

SHA1
555c413f454b8e2c6ac940a8faf00af941b84831

SHA256
009c3d2ca8bbde159cb3bf6cd1c65bff8205f49f7723d8cd6cca97c15386ba07

SHA512
e40a1160580efeaf99096cac2a93cc8432a4284c60ea5fe42ea4ea17278a2742cfee18522bd6f1e68ba8bd7a5ceac74bcec438834e128e7472bb28ca66580b0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\X3NOJDS5\utils[1].css
Filesize
60KB

MD5
9bb8cb37a5beb272bdec1d575169bb29

SHA1
8a8816d76a4062618a2b833411dcafe509d0c3b3

SHA256
5f6486ad0481a073337fbfa0c22d2fe27e73f99874ca68702eb5c42e78f81677

SHA512
f5830fb48ad88be6f89d72c0621cde9069cbe3a92545d74c6c497d292e2d7637f75c4e20ee1b91d7d8c62613fde848ee29030590b72c1f23f156cac0f8a1c06a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\7KBKNT57\ufile[1].xml
Filesize
308B

MD5
9bf7a06d37246a54924231eb47b1fca9

SHA1
a4b04988c51d8c3322c919f7fb5420402b09ece1

SHA256
63083b2be474f6525392af2c32d5af97aafea15d9e87a8911cfbdb9a370cb5b8

SHA512
805e0664e94a3b1d8a20ad662a9ce4c4c6e6a42bc19a943223ac0c633d63188bf6a0451667b8a648d45bc531638f804e6f39265411bb71481fc848efc847d8c6

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\HAG6C6Q9\www.google[1].xml
Filesize
98B

MD5
b77060adc195754aa84f365e09004e5c

SHA1
7885ef432532ff88c4a1bbe4b8ec676e92ab02ba

SHA256
295f2079a54fdaeca2224ef6489ac9f330185ada28b2669dd9bdfad622545967

SHA512
6d4319560f34dd8273bfc174b8f79a0d0aa41f18da94d30543eec843bb60613833f93021b40e98a1d16b3e66b83120c9c3ccb7aaa8ce4f4f9db8e375058a1923

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\TQC57QZE\suggestions[1].en-US
Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\VSHOANEA\favicon-96x96[1].png
Filesize
3KB

MD5
f4098f98e17fc3801f6f353bf8dfcbda

SHA1
fcba7cb3d2a783d8791125ec09d601ba32d3bc8e

SHA256
c212b77b52ea3e688d8a872e025adeeb0905b38e73e219b8fea8d4b014101b6e

SHA512
14044f29caa9e9b0d33176b5000237c563084c3e37323f8b5e8e3327bf744152a057c8ba4c3da4a049cdc2f8faf3ac955429e8f12ce51c2423ee17ce996d4ada

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DFEB7DE2284996C8A0.TMP
Filesize
24KB

MD5
d3cdb7663712ddb6ef5056c72fe69e86

SHA1
f08bf69934fb2b9ca0aba287c96abe145a69366c

SHA256
3e8c2095986b262ac8fccfabda2d021fc0d3504275e83cffe1f0a333f9efbe15

SHA512
c0acd65db7098a55dae0730eb1dcd8aa94e95a71f39dd40b087be0b06afc5d1bb310f555781853b5a78a8803dba0fb44df44bd2bb14baeca29c7c7410dffc812

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\13OTCO78\client_legacy[1].css
Filesize
406KB

MD5
f93ec55b981283a1dac3fa56f245138a

SHA1
744632867c9c0bd160c48d7849a81f4cdd579004

SHA256
c92e939d22d78691dfbc18966ee973868f94a172befe55e3882ba1efc1f67b73

SHA512
9883ab67a114e26d35238bf8427d0e2f2b6b3981a9edd8cfffd30e16dbf32b127c21988c2d24f515f006983f77f4037d5d04602d817a2236671bf079161a3ab6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\13OTCO78\l[1].js
Filesize
8KB

MD5
53a5d8cfc09a3c72ef8e6a2bb242b1c6

SHA1
f931ea21235ec9e71398f6402ba320e880855b56

SHA256
4901808999e281959993c10648bef18cbda4d8af309a6478d2393a72e9c36cf8

SHA512
0e3f6f0d5f1dddc30ad9156bc706439864121d8b4272a5d4fa4f1cc3113b32025366bd6955f1be3e29983d75bd0c669af0be75c24002cf79e5ae18ded6cc9152

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\13OTCO78\noto_sans_regular[1].woff2
Filesize
131KB

MD5
2fb655bd33eb118d7683a06660cdecfd

SHA1
b5515dd450a0df635fe11e5953f0482f37e624cd

SHA256
d042b1f54ba3e981ec220bf4537e2c51b1a68a65fab5eff46022b2f75d6a8477

SHA512
64fa7479435b0f394f1a4548bcb6f9768cb45164971baef9c70b684ad28b35cae5f7152f5c8885fd660e97226be3ddb23da29b7d7b215fae9abbc109aa3cd32b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\13OTCO78\roboto-v20-latin-100[1].woff2
Filesize
15KB

MD5
7370c3679472e9560965ff48a4399d0b

SHA1
7d02b9455622a72bfc55a938a3e6bcccfcd57d0e

SHA256
12823d585605238121554aff8bb060a235dc36f37efd9fb1e7e6ea1a9622bc35

SHA512
9f55b026356dea636c2d0e6a05cbd071e3b86b3d4acccd40b4e9ccd6597982262d5482093fd4a527ca26ef0b1392abe78c223e048a43ca0619552ca0d6ed2201

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\13OTCO78\v55bfa2fee65d44688e90c00735ed189a1713218998793[1].js
Filesize
18KB

MD5
3be93fd15d2f7dee2fc0c8981c6fa5c6

SHA1
8cd88c36fad3e96641dbc4d781f5ddbe5123312f

SHA256
17106bf803d42bcf2f2bdf778ece084d3f91c68e7ea41dae7bff61fefa573dee

SHA512
148291151c600f6d26a00a3dea1919432ff94288d90c06f2c74990d7b8c418708973fbe2d06d875cbb687f00fb4373668afbcff5ab7911581b46a39a3906fe46

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7FDLW5XG\ab[1].js
Filesize
2KB

MD5
6c8aea16904065fcfe03022b29881808

SHA1
53f9a1896120840a901425fcdcac405ad42720f9

SHA256
0fc795b42e6ad7232caa5faba5cb169a76cffbfe54c147346af1d923fcd3ca9c

SHA512
e26404c0a924bca6405039cee4d7eb5db49878b3bdb491f904c06e6a2cc11c685d57c6b2efe1ac1b3a37f784d149bd6e7c4e28bb3d559ddc631ad4e4beeceb68

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7FDLW5XG\beacon.min[1].js
Filesize
18KB

MD5
4c980ee97cb5c001b4d19e2895fa5603

SHA1
2c6fe998aa7486c4becd74cf253bdd82666a64c3

SHA256
d2e817d2c44b9cf45f0e45cfa351abba3203af38f5aa1c8576a2db69ebd15192

SHA512
1330ae76fda063282b09c561bbae45900c5c95fde660ce810b0886526e8112e2f349be6e955860a24cc26440fbc8c224cd8560eb99b17c804d74dadae5914dc9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7FDLW5XG\client[1].js
Filesize
412KB

MD5
86906ea058bc675b568fc9bea09423e5

SHA1
31497d2b270611a0ea1dc181ac0fc49d3244359b

SHA256
08b4263e0f042af5d37b9a636df1037b91d39a0ed31759cd65bbc8a4e0ad9eca

SHA512
8cef44dd89f1f5f59799d1b4a20e449edd5bd4d3dc706177b36fbf07986425b1b84181d0584979995bce32c2ddc66944a9eb1940d682e4c8d8a2fe5a6451892a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7FDLW5XG\global[1].js
Filesize
21KB

MD5
68b01c40a695da9652c636f3f581ad1d

SHA1
e64127801e62fdda901256112b993431710588af

SHA256
1837eaba66df0af328d947577dfe741293f471dd8e640cef4c6938c89e61abbf

SHA512
04c281914d75587b9ab56eb3e77ee111ee5e4449d09cc18668b1acbd29488b81d9ba6a94a461d6ea71609b76b0a77a0cc7691804ce107222bc77e574c6533ae2

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7FDLW5XG\jquery[1].js
Filesize
87KB

MD5
51175ac478a2eec31f39c648260a1044

SHA1
a9ac4b258fa956d5c4918cb8781d4b20bbbd65af

SHA256
72037311a4dfde4d042df73e31b7cbeafc0bdf2aaa605b69aff3326015a396da

SHA512
3ac522d66dc441c53eddfc27347ae85a1fd2e77ed26750919dfc6c6937aeb2fd8defa087b6d89ca696d23d85f38baeb79b7d6d9127920b244b7348d475cd8e3e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7FDLW5XG\logo-dark[1].svg
Filesize
2KB

MD5
c31593d9a31857b05336c477de93355b

SHA1
b87f1769250f60fe822179655dcf42fd5030a2bd

SHA256
5ccbcf6d22ea0b761807062453a2acd95a34bb9b2603b2650b605df1af2f2960

SHA512
b17b8475637f5677b51786d06f0af82ab5e4282d23bf5334ec13d77e5a5295a1c420fcba26b687c39351ca72f63a731b6547c24b5086bbf661c635592f9f2027

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7FDLW5XG\noto_sans_bold[1].woff2
Filesize
130KB

MD5
5bf316a9068b966d1ac330f12596fdc3

SHA1
9969fbeed8908ce3371c80f35e051cc507493c88

SHA256
b42924933d2ea4fcf05fcb66225e001c111f9e48d56625168b739736ed37ef2e

SHA512
03c91209988f448ffc27b3d2a035e92e21283c72ea096326ccb5a1338f2b517d6e08a2ae70fe8ee8481fe178eaba6553414c1d436eb76d7ae90a0d397ce92947

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\A59LIN70\en[1].js
Filesize
7KB

MD5
fd5dd8a0479aab393892771ec74b595d

SHA1
dc5c14f526c213fe50c8d557484e66306b2f0394

SHA256
8b30d69f252107c7c9cf262ca435e1753efa9349f81144ad9152d7329c9e72c1

SHA512
b609737f71ea547504b22ebdf259dd93673763d7bd826075e44f3f1695aac6fdf55e13bf1a1d81dfdb8b2244a86e95b3fa437ef28d669fc5a2a35161fef10101

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\X3NOJDS5\1[1].jpg
Filesize
54KB

MD5
3abb061bcee63edfcf8898c15fef2c22

SHA1
5d51df55f28f21337bbbe1a206815f93d6a7d652

SHA256
cf2bbcf6bf35f8508ccab0385831ac322ebc333ac4f56db91a958cf4bebb2903

SHA512
36475c3a8df7a287c77ba04ebb99d3876fe50703f944d87996cb9c6cf47168e177997755610d4152c98581860710c9177146f07eb08ef55e6215b7dc84911897

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\X3NOJDS5\9891a594-d15f-44d2-ad63-5e086be01a3a[1].js
Filesize
1KB

MD5
d87d83c3d08312eb4860fc67d4df44bb

SHA1
13ca43b24291698285d49920c0108b21ab9efa05

SHA256
9ca8191a2d4b48a6819532190c5d945e33645847494e06fb1fef27a65077fb81

SHA512
191e4e867cfbe049bf95899ec3f46bf758145c573a8de63c587c6db38ef7a70aa840508aaa0a554a7de067deca4657abf450c68279e1b0465c6b964c92b338c6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\X3NOJDS5\js[1].js
Filesize
249KB

MD5
8845bd4f703ed2b1cbc77a39ccac6655

SHA1
ebd62772be982b25d0dd1da1a1822b9902bd25e6

SHA256
a6ccfcb2861a008f30c01f47c3452e519e269e7bf53b08c65cd4f38fc1f9e401

SHA512
7f1394014d948a8c7bd7cb62939b81593e2e1c86b452a890614f6cbe2e733022a52ed989313cc0ffca38f70a73f2ab2b72cb43552ce5d3cd0b0a58a22c539fae

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\X3NOJDS5\utils[1].js
Filesize
33KB

MD5
57c5f3c1dfaf412bf72f56151829afb6

SHA1
0bece9828691604830e6c67d57f36db3139427bc

SHA256
f7f768f129c2c71cdd195bc42f800c081e5d9804df4df180f851497957822151

SHA512
cd09ab9f0efcfee03b5ca2fed4b30db55538d3c6d896c2ca33ea384ac173ca03f242a38cf145105e3eb6f6ea95969baf8c742af086308d8c7c648d835968f139

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
Filesize
717B

MD5
822467b728b7a66b081c91795373789a

SHA1
d8f2f02e1eef62485a9feffd59ce837511749865

SHA256
af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9

SHA512
bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\1B1495DD322A24490E2BF2FAABAE1C61
Filesize
299B

MD5
5ae8478af8dd6eec7ad4edf162dd3df1

SHA1
55670b9fd39da59a9d7d0bb0aecb52324cbacc5a

SHA256
fe42ac92eae3b2850370b73c3691ccf394c23ab6133de39f1697a6ebac4bedca

SHA512
a5ed33ecec5eecf5437c14eba7c65c84b6f8b08a42df7f18c8123ee37f6743b0cf8116f4359efa82338b244b28938a6e0c8895fcd7f7563bf5777b7d8ee86296

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize
1KB

MD5
99a0d432fc76891e10101274130c11af

SHA1
ede5f93cc5e517dfcd3b4e0bfb4576fb68806817

SHA256
c37f6af3f2edb4df584a83758d6c4cb225c6727f5ef17f0e22eaf18b2437c94e

SHA512
3be97294f3dd5470b9f8852865c8befcd540164b719c1e8045ba5e8cec2afb93d5a0bc04cadebc29a38ba1a030d48b206e1ea87ffd6b8cd1d7879cff9f91bb93

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_9E57962407F9525599575A43BE833E07
Filesize
472B

MD5
8cc7ed2f52da366ad4ba00417709ef35

SHA1
948ddfde3b935a9a2abf2bf15ffc63e8287017b3

SHA256
8feef6520de454d5ba9493524277c7f2a9ddc184fb30b40c500627c6fba58c9f

SHA512
18605b073d4a0ff911a5e57ecd9dfd4e53e143b1a3a61e40ba60b8f119730fc4272fcf76c7b4cb83da7f7d3412e4821527b07bc54fef754ffcb4c7097001cc87

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
Filesize
724B

MD5
8202a1cd02e7d69597995cabbe881a12

SHA1
8858d9d934b7aa9330ee73de6c476acf19929ff6

SHA256
58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5

SHA512
97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
Filesize
192B

MD5
a2e7a8479616d2b728055c911973395b

SHA1
8adafde55b889f02db921451dcc4de7f7ae55ad5

SHA256
14b4c99e99f3b4a78089359e7ab5d912f0d7a3beab370ac491867372aaf362aa

SHA512
6e00f0929c4585b5de2adb41b94c17a13b0528f9a57a75100a8f73d20ebcbe7cb5a350216c5da4d1a509b2b63ca274d67589750774b55c3539a4f6537cd89df0

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\1B1495DD322A24490E2BF2FAABAE1C61
Filesize
192B

MD5
d3b10caf7b0e6e683b08c62a58de248e

SHA1
b0b059912ea28695be7f7e5fe3862e7e31da3c83

SHA256
21a323bf73dbbd582339ce150548376da65cc01d61755a0c3758430bfeac1907

SHA512
e8b9da8f75c71277ca478dd7b6af33fda96e5050036638bdc4355f2509f897278bc9cd0148be7e30a38145ac58598a8941133d19717e652af47fe249c43ad6c0

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize
410B

MD5
056f149d52c0960713db8dc9f7bdda6c

SHA1
993f127c190809ddc674248eebc52bfeeb9b6f20

SHA256
1fdf6607fa60d61645cc094d9be52cdc6941f8f2accc0f5815a2db62d007f1c1

SHA512
c94fef8daf48803c458b7210e69d99639303938b9cb0c3445899eb9ac7cada46362d88ed4205e104aa84990b905fbcb81828591b8845ebf498f2591ae9b90dfd

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_9E57962407F9525599575A43BE833E07
Filesize
402B

MD5
80ebee15c2c55796f42437b4aa121712

SHA1
5ef81be3a2b2ca8113cc7d9e49747dab0a0a1ad6

SHA256
d79921c037ab68e40d5d73e89778631572a8ba9ccbc9e318636402c67d3d3229

SHA512
4d0e8ae8fa1f6d34dab91fb4a36bd275b0a366af2ee2aca916ec8e0a6100d081c8ca62c5149f25efa170c3f3eb25fb1858af1f4f9a6f27d5f5615c66fc387c9b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
Filesize
392B

MD5
799d5d748d087ac2f58bb8e9bb2e5487

SHA1
07931322dac15084a7b0b68ff0bedb03e7cc1cb1

SHA256
2d1f027689e0f46e2bf78b7aaab1db4256bf298b4469cd9d650e06cca86855af

SHA512
250aa26e2e2dc4595c9b93547b6da1bdfedfd40b61a2f9384e2d8746872aa154992fbf44d7f3d3216eb903c13d6eecb1d1738dbe5011e5907e6da4c19a42a7d6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
Filesize
392B

MD5
5d167b7642f576428d7a9bd8feeea86a

SHA1
74ae48020bc1da80fa7bd11b071d4302203d6ea0

SHA256
819667c5c167b454c96aa9ba10fe423d3745272634d920d81acad5932008a94e

SHA512
b74009ec51f308ca34d11acc7045d719347ff6e86ec30c3856529a08a2570af5b1e970ac45e4698a4ff84a09eaa6cc50f3be00db7d379ce931d0057301286b03

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon
Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize
7KB

MD5
7bc62d63306ad092bb64246f36b0c1a7

SHA1
a6d4ce4426a9280c5105afd98b95bac0406348f8

SHA256
4db34b695bc94b948e037b1d3a444edca3697b7d6a45781d4472e56d142e522d

SHA512
39854c151392dea5563f90ce25c3a295fe3c8bf1cf7826e6e2de0a3633cd482853858ffce3d4b44aaca1bb0e9e95ddeea00adcca8addd2fec8a51cbf5b0e18e9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin
Filesize
2KB

MD5
2496f35c53f5665bd34bb255aff96fad

SHA1
321063e4103635ab88657d445fb48dee3733aa01

SHA256
0ffd98c68d662cb71e7855441422d2bb5279b1cca98a47905d2812f7084c3cda

SHA512
c0f829675e14b39c263365faf290cd15ee5e6bd53a7454373088fc78c72d3832511401467ad46d37dd1a0bcda8f5d6552ff0b232503f68de1f724907300d0825

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\069022fc-50b6-493c-ade0-cbd352f67f03
Filesize
11KB

MD5
5124f26eeda66fb8461f382b15bc7f16

SHA1
2466b29b83576119486220c335e7d27effa204b0

SHA256
1aaad6a4fd3ef879645bb9c0871500edcfec44d2621d4eff3837a348a42c1811

SHA512
7a003ec1c15dd449e431b022e333175d42d51cebfe688f76eb0cf03b9d85362ae1ae3be555a0c341f3de782b6686a7fb04e25c3f4bdaf8fa6e7330da461bfe83

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\1c9a6022-b022-48fe-8b15-e63ebf0cc725
Filesize
746B

MD5
035d0161c946fcc8a17b046fe1b85fe6

SHA1
f1dda0d024692506b1e4dceead7e3acd1db2bfa7

SHA256
ca3e824f5a5ee718d957a9b9e5e219709407fb9af41fb6165e01d45011c13289

SHA512
533c9166f81d45f032c5687dea5cb2220df1232d703b09d33c30c7f6c8ac72f8e75a0a4d3d6b9cb69ec82218d7ee49fd029229056478be77b855fcc0045fba8d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
Filesize
7KB

MD5
a4995d07c25ce1a01cb4924bbf74cb14

SHA1
bffb781887492b005ede03779c1a28fd1be563d3

SHA256
c6ea40381d27c26ce84ce157f809549a4cf042e276b9f03454de049f1d4a47ef

SHA512
80ec335f54d65c22ec87868bd065398c8909b329bad829797961df0c9165bcc6d73e56f88926402444ea9477483b0627546e769ace4f6099030e665383050a8d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
Filesize
6KB

MD5
c40f16330c991747be3e4e6becdde35a

SHA1
648b6e306815b3fd061cbbcc47fd1c8fa642fb5a

SHA256
8a5b84a780de4129ab623f5890a926699eeb04ef2db4f5f5b6ad3a02e5b86534

SHA512
e7445b29c6568e0c6e896d25e7da572ec6afd3bf5ec72d7b5ae63055d0b878836e4074223a1d7ba5fc84f0f83428e66c9018496ad9176780aa95a1ab9b67bc9a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
Filesize
7KB

MD5
03204e96ec2ad7848e9928954922ef47

SHA1
99f5c585cf17162d53eed1e606900ecc7ecfee9c

SHA256
3e74ca4dabaac4644fc1be0c4ccd485b281c5713bafcfa28ea737ecde3505d83

SHA512
02870fb11ba90143d81718cd6898382b7caeb52861dbce0d5fc0f9e94a82260547a1b7f1079d03ade25dba9a47ea05d7f57d31efb015687d40541c9fb240fb06

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js
Filesize
7KB

MD5
f23d5efde28533e21bdb659bff383711

SHA1
ef09fdc21566944f2595ad25b42be89a084486b4

SHA256
07e721c1df09ff81de2c117871779862eb20432c2692ca5f439206a446df47d6

SHA512
0c48c22cf57e142546d8102bedbdf0eab86904931ed9053d1f7f9bd14635196412ea6f9bf3e8cb34628198eb4441f233301e129819bce4abe0abe838a0d308fc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json.tmp
Filesize
259B

MD5
700fe59d2eb10b8cd28525fcc46bc0cc

SHA1
339badf0e1eba5332bff317d7cf8a41d5860390d

SHA256
4f5d849bdf4a5eeeb5da8836589e064e31c8e94129d4e55b1c69a6f98fb9f9ea

SHA512
3fa1b3fd4277d5900140e013b1035cb4c72065afcc6b6a8595b43101cfe7d09e75554a877e4a01bb80b0d7a58cdcfe553c4a9ef308c5695c5e77cb0ea99bada4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
3KB

MD5
39f3845548746066ed6d195b23d50d31

SHA1
8265a910a162a0327c0366bef18a280e541b609e

SHA256
17e263fb66c9dd499b6835078b71e36f0af2345c9670c08071742623ab8231ed

SHA512
4f08d5cb82574b205397f878f71aed1603e2a1f310be1e600b50b0f0e70d8ad5fd91118537bff59110e75005756b061d82b81f4e4f581f4e2b4feb5012d29edf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
4KB

MD5
54d3af74586b3fe3257b60b6878c235c

SHA1
eb15ff6c5534cb9151ead161fba6780c2f0687c9

SHA256
6fba96b00e7c4c16a6aa1bbd38471e50c6581825a8a31de7e59e9fa1ee018020

SHA512
6318c27ac85ea79768c8bb22a0840f732e0a44a22cc1be9343abbebea8a6be0be7d49cd92d9596a195e28dd5b7079bc1a35c1820d3de1dbc62f10c135d39bcf4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
4KB

MD5
caae2eccce4830dd4d8687f7ac958239

SHA1
9a221f5e31ee5570baf6e39691d18d099d793280

SHA256
0436c61f25df5597e6dd23f67c53942e312f567cb4392ab62bbf9681b1fe8e16

SHA512
c1f1841ef8c2535a20dc823c1f1e95ea66b9a6fa98b7471cfd80f93627d995a4ea1a1f48eaf89379472e84b0c19577c56109b92f8672f9ab45b6fd492baec6af

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore.jsonlz4
Filesize
4KB

MD5
0a9e9bdcaa5e44438b1779681b274a76

SHA1
5cb56b6ced509494e86b2c07f4e28bf089895d15

SHA256
919cf01b94efd0378c7ba0abbf663c75ddd417884a7f3efa3fb89972a9335d65

SHA512
5256e80a98e48c2d28d0a74de8657f1b5e170d4a89548eed4c86efef01db758c1dc56d54aae10758eeddbe21c7e0abacf87e0d4d4d4ff8d42f41dcbc3af23320

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize
192KB

MD5
d53aabbf1b847046551738cad9399533

SHA1
5a0cb20c79898842e2cfb51748e466354ba0f913

SHA256
6a3c8d09350e594ea8e2f8dda7c78c4c0c853571ec95a0acfba9cedb0dacf134

SHA512
eec5ad1c58b2b636c6c60933dc2d54a8644611ae41433c2cc105bdc3aaf13ce519084fb8020d1977db4d04b114072ae413700bc352d72d9f3f9cc91927af1274

Download Submit
C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new
Filesize
18.8MB

MD5
9b239cd6aa56cff46f7078dd4f846958

SHA1
e448a16fd926d0dcfbd475fbdae46c33176a1f64

SHA256
883157945ecdffb926726e39a00e0b8fdc26614814c945b5b8f95cf7aa08a1ba

SHA512
18765701a1075462f9bc55a6c9dc2120d0fac5f373a44f9e8096b84fcb6bf175d5a126c39bd64fb26a79e0414019c43b6d9559055f1bea9824730a1672726e28

Download Submit
C:\Users\Admin\Desktop\@[email protected]
Filesize
933B

MD5
f97d2e6f8d820dbd3b66f21137de4f09

SHA1
596799b75b5d60aa9cd45646f68e9c0bd06df252

SHA256
0e5ece918132a2b1a190906e74becb8e4ced36eec9f9d1c70f5da72ac4c6b92a

SHA512
efda21d83464a6a32fdeef93152ffd32a648130754fdd3635f7ff61cc1664f7fc050900f0f871b0ddd3a3846222bf62ab5df8eed42610a76be66fff5f7b4c4c0

Download Submit
C:\Users\Admin\Desktop\TaskData\Tor\tor.exe
Filesize
3.0MB

MD5
fe7eb54691ad6e6af77f8a9a0b6de26d

SHA1
53912d33bec3375153b7e4e68b78d66dab62671a

SHA256
e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb

SHA512
8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f

Download Submit
C:\Users\Admin\Desktop\b.wnry
Filesize
1.4MB

MD5
c17170262312f3be7027bc2ca825bf0c

SHA1
f19eceda82973239a1fdc5826bce7691e5dcb4fb

SHA256
d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa

SHA512
c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

Download Submit
C:\Users\Admin\Desktop\c.wnry
Filesize
780B

MD5
383a85eab6ecda319bfddd82416fc6c2

SHA1
2a9324e1d02c3e41582bf5370043d8afeb02ba6f

SHA256
079ce1041cbffe18ff62a2b4a33711eda40f680d0b1d3b551db47e39a6390b21

SHA512
c661e0b3c175d31b365362e52d7b152267a15d59517a4bcc493329be20b23d0e4eb62d1ba80bb96447eeaf91a6901f4b34bf173b4ab6f90d4111ea97c87c1252

Download Submit
C:\Users\Admin\Desktop\msg\m_bulgarian.wnry
Filesize
46KB

MD5
95673b0f968c0f55b32204361940d184

SHA1
81e427d15a1a826b93e91c3d2fa65221c8ca9cff

SHA256
40b37e7b80cf678d7dd302aaf41b88135ade6ddf44d89bdba19cf171564444bd

SHA512
7601f1883edbb4150a9dc17084012323b3bfa66f6d19d3d0355cf82b6a1c9dce475d758da18b6d17a8b321bf6fca20915224dbaedcb3f4d16abfaf7a5fc21b92

Download Submit
C:\Users\Admin\Desktop\msg\m_chinese (simplified).wnry
Filesize
53KB

MD5
0252d45ca21c8e43c9742285c48e91ad

SHA1
5c14551d2736eef3a1c1970cc492206e531703c1

SHA256
845d0e178aeebd6c7e2a2e9697b2bf6cf02028c50c288b3ba88fe2918ea2834a

SHA512
1bfcf6c0e7c977d777f12bd20ac347630999c4d99bd706b40de7ff8f2f52e02560d68093142cc93722095657807a1480ce3fb6a2e000c488550548c497998755

Download Submit
C:\Users\Admin\Desktop\msg\m_chinese (traditional).wnry
Filesize
77KB

MD5
2efc3690d67cd073a9406a25005f7cea

SHA1
52c07f98870eabace6ec370b7eb562751e8067e9

SHA256
5c7f6ad1ec4bc2c8e2c9c126633215daba7de731ac8b12be10ca157417c97f3a

SHA512
0766c58e64d9cda5328e00b86f8482316e944aa2c26523a3c37289e22c34be4b70937033bebdb217f675e40db9fecdce0a0d516f9065a170e28286c2d218487c

Download Submit
C:\Users\Admin\Desktop\msg\m_croatian.wnry
Filesize
38KB

MD5
17194003fa70ce477326ce2f6deeb270

SHA1
e325988f68d327743926ea317abb9882f347fa73

SHA256
3f33734b2d34cce83936ce99c3494cd845f1d2c02d7f6da31d42dfc1ca15a171

SHA512
dcf4ccf0b352a8b271827b3b8e181f7d6502ca0f8c9dda3dc6e53441bb4ae6e77b49c9c947cc3ede0bf323f09140a0c068a907f3c23ea2a8495d1ad96820051c

Download Submit
C:\Users\Admin\Desktop\msg\m_czech.wnry
Filesize
39KB

MD5
537efeecdfa94cc421e58fd82a58ba9e

SHA1
3609456e16bc16ba447979f3aa69221290ec17d0

SHA256
5afa4753afa048c6d6c39327ce674f27f5f6e5d3f2a060b7a8aed61725481150

SHA512
e007786ffa09ccd5a24e5c6504c8de444929a2faaafad3712367c05615b7e1b0fbf7fbfff7028ed3f832ce226957390d8bf54308870e9ed597948a838da1137b

Download Submit
C:\Users\Admin\Desktop\msg\m_danish.wnry
Filesize
36KB

MD5
2c5a3b81d5c4715b7bea01033367fcb5

SHA1
b548b45da8463e17199daafd34c23591f94e82cd

SHA256
a75bb44284b9db8d702692f84909a7e23f21141866adf3db888042e9109a1cb6

SHA512
490c5a892fac801b853c348477b1140755d4c53ca05726ac19d3649af4285c93523393a3667e209c71c80ac06ffd809f62dd69ae65012dcb00445d032f1277b3

Download Submit
C:\Users\Admin\Desktop\msg\m_finnish.wnry
Filesize
37KB

MD5
35c2f97eea8819b1caebd23fee732d8f

SHA1
e354d1cc43d6a39d9732adea5d3b0f57284255d2

SHA256
1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e

SHA512
908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

Download Submit
\??\pipe\crashpad_6712_QLKMJKHRKXKKZXRJ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1116-17-0x000001E422830000-0x000001E422840000-memory.dmp

Filesize
64KB

Download
memory/1116-35-0x000001E421990000-0x000001E421992000-memory.dmp

Filesize
8KB

Download
memory/1116-255-0x000001E428EF0000-0x000001E428EF1000-memory.dmp

Filesize
4KB

Download
memory/1116-254-0x000001E428EE0000-0x000001E428EE1000-memory.dmp

Filesize
4KB

Download
memory/1116-0-0x000001E422720000-0x000001E422730000-memory.dmp

Filesize
64KB

Download
memory/2028-86-0x000001F07BB30000-0x000001F07BB32000-memory.dmp

Filesize
8KB

Download
memory/2028-65-0x000001F07B2E0000-0x000001F07B2E2000-memory.dmp

Filesize
8KB

Download
memory/2028-124-0x000001F07C280000-0x000001F07C282000-memory.dmp

Filesize
8KB

Download
memory/2028-320-0x000001E810920000-0x000001E810922000-memory.dmp

Filesize
8KB

Download
memory/2028-322-0x000001E810960000-0x000001E810962000-memory.dmp

Filesize
8KB

Download
memory/2028-69-0x000001F07B650000-0x000001F07B652000-memory.dmp

Filesize
8KB

Download
memory/2028-72-0x000001F07B670000-0x000001F07B672000-memory.dmp

Filesize
8KB

Download
memory/2028-76-0x000001F07B690000-0x000001F07B692000-memory.dmp

Filesize
8KB

Download
memory/2028-316-0x000001E810570000-0x000001E810572000-memory.dmp

Filesize
8KB

Download
memory/2028-88-0x000001F07BBF0000-0x000001F07BBF2000-memory.dmp

Filesize
8KB

Download
memory/2028-84-0x000001F07BAF0000-0x000001F07BAF2000-memory.dmp

Filesize
8KB

Download
memory/2028-132-0x000001F07A9B0000-0x000001F07A9B2000-memory.dmp

Filesize
8KB

Download
memory/2028-67-0x000001F07B610000-0x000001F07B612000-memory.dmp

Filesize
8KB

Download
memory/2028-60-0x000001F07A840000-0x000001F07A940000-memory.dmp

Filesize
1024KB

Download
memory/2028-331-0x000001E8109F0000-0x000001E8109F2000-memory.dmp

Filesize
8KB

Download
memory/2028-328-0x000001E8109D0000-0x000001E8109D2000-memory.dmp

Filesize
8KB

Download
memory/2028-318-0x000001E810900000-0x000001E810902000-memory.dmp

Filesize
8KB

Download
memory/2028-324-0x000001E810970000-0x000001E810972000-memory.dmp

Filesize
8KB

Download
memory/2028-326-0x000001E8109B0000-0x000001E8109B2000-memory.dmp

Filesize
8KB

Download
memory/2028-162-0x000001F07D000000-0x000001F07D100000-memory.dmp

Filesize
1024KB

Download
memory/2276-43-0x000001E128340000-0x000001E128440000-memory.dmp

Filesize
1024KB

Download
memory/2276-44-0x000001E128340000-0x000001E128440000-memory.dmp

Filesize
1024KB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads