Malware Analysis Report

2025-06-15 21:44

Sample ID 230411-r3x1gsda75
Target .
SHA256 fdaf5db4f6ea7dce12bbd41267a11432980cb29522e3311c34d34894437a9a15
Tags
bootkit persistence agilenet evasion ransomware spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

fdaf5db4f6ea7dce12bbd41267a11432980cb29522e3311c34d34894437a9a15

Threat Level: Known bad

The file . was found to be: Known bad.

Malicious Activity Summary

bootkit persistence agilenet evasion ransomware spyware stealer trojan

Modifies WinLogon for persistence

UAC bypass

Modifies extensions of user files

Downloads MZ/PE file

Disables RegEdit via registry modification

Disables Task Manager via registry modification

Obfuscated with Agile.Net obfuscator

Checks computer location settings

Loads dropped DLL

Modifies system executable filetype association

Reads user/profile data of web browsers

Executes dropped EXE

Drops desktop.ini file(s)

Adds Run key to start application

Writes to the Master Boot Record (MBR)

Enumerates connected drives

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Enumerates physical storage devices

Program crash

Modifies Control Panel

Suspicious behavior: RenamesItself

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Uses Volume Shadow Copy WMI provider

Suspicious use of WriteProcessMemory

System policy modification

Uses Task Scheduler COM API

Suspicious use of FindShellTrayWindow

Modifies Internet Explorer settings

Enumerates system info in registry

Suspicious behavior: MapViewOfSection

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Uses Volume Shadow Copy service COM API

Suspicious behavior: GetForegroundWindowSpam

Views/modifies file attributes

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

Modifies registry class

Modifies data under HKEY_USERS

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-04-11 14:43

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-04-11 14:43

Reported

2023-04-11 14:51

Platform

win10-20230220-en

Max time kernel

279s

Max time network

452s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\.js

Signatures

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\MEMZ.exe N/A

Legitimate hosting services abused for malware hosting/C2

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Downloads\MEMZ.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\SysWOW64\mspaint.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133257050506956160" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "50" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = d9f2981a956cd901 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{BA38096A-A65C-41CC-89F5-8BD67DB9FF7C} = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\ImageStoreRandomFolder = "o3f0sim" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-08760 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingDelete C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CacheLimit = "256000" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration\MigrationTime = 3df8bf635a45d901 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-08760 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\softonic.com\NumberOfSubdoma = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OpenSearch C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B7216 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "262144" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 9e041252956cd901 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Extensible Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\ClearBrowsingHistoryOnStart = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SysWOW64\mspaint.exe N/A
N/A N/A C:\Windows\SysWOW64\mspaint.exe N/A
N/A N/A C:\Windows\SysWOW64\mspaint.exe N/A
N/A N/A C:\Windows\SysWOW64\mspaint.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4264 wrote to memory of 2060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4264 wrote to memory of 2060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4264 wrote to memory of 1964 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4264 wrote to memory of 1964 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4264 wrote to memory of 1964 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4264 wrote to memory of 1964 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4264 wrote to memory of 1964 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4264 wrote to memory of 1964 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4264 wrote to memory of 1964 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4264 wrote to memory of 1964 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4264 wrote to memory of 1964 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4264 wrote to memory of 1964 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4264 wrote to memory of 1964 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4264 wrote to memory of 1964 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4264 wrote to memory of 1964 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4264 wrote to memory of 1964 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4264 wrote to memory of 1964 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4264 wrote to memory of 1964 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4264 wrote to memory of 1964 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4264 wrote to memory of 1964 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4264 wrote to memory of 1964 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4264 wrote to memory of 1964 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4264 wrote to memory of 1964 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4264 wrote to memory of 1964 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4264 wrote to memory of 1964 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4264 wrote to memory of 1964 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4264 wrote to memory of 1964 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4264 wrote to memory of 1964 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4264 wrote to memory of 1964 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4264 wrote to memory of 1964 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4264 wrote to memory of 1964 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4264 wrote to memory of 1964 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4264 wrote to memory of 1964 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4264 wrote to memory of 1964 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4264 wrote to memory of 1964 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4264 wrote to memory of 1964 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4264 wrote to memory of 1964 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4264 wrote to memory of 1964 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4264 wrote to memory of 1964 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4264 wrote to memory of 1964 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4264 wrote to memory of 2808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4264 wrote to memory of 2808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4264 wrote to memory of 3824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4264 wrote to memory of 3824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4264 wrote to memory of 3824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4264 wrote to memory of 3824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4264 wrote to memory of 3824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4264 wrote to memory of 3824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4264 wrote to memory of 3824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4264 wrote to memory of 3824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4264 wrote to memory of 3824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4264 wrote to memory of 3824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4264 wrote to memory of 3824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4264 wrote to memory of 3824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4264 wrote to memory of 3824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4264 wrote to memory of 3824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4264 wrote to memory of 3824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4264 wrote to memory of 3824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4264 wrote to memory of 3824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4264 wrote to memory of 3824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4264 wrote to memory of 3824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4264 wrote to memory of 3824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4264 wrote to memory of 3824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4264 wrote to memory of 3824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\.js

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff9e2e89758,0x7ff9e2e89768,0x7ff9e2e89778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1916 --field-trial-handle=1708,i,11231646936966683327,17897443851128719462,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1708,i,11231646936966683327,17897443851128719462,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2084 --field-trial-handle=1708,i,11231646936966683327,17897443851128719462,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3008 --field-trial-handle=1708,i,11231646936966683327,17897443851128719462,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2968 --field-trial-handle=1708,i,11231646936966683327,17897443851128719462,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4312 --field-trial-handle=1708,i,11231646936966683327,17897443851128719462,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4504 --field-trial-handle=1708,i,11231646936966683327,17897443851128719462,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4640 --field-trial-handle=1708,i,11231646936966683327,17897443851128719462,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4640 --field-trial-handle=1708,i,11231646936966683327,17897443851128719462,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4912 --field-trial-handle=1708,i,11231646936966683327,17897443851128719462,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 --field-trial-handle=1708,i,11231646936966683327,17897443851128719462,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff9e2e89758,0x7ff9e2e89768,0x7ff9e2e89778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1896 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1600 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2080 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2832 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2824 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3428 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4472 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4488 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4748 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4880 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4988 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4956 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4836 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4952 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5332 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4352 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5360 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4284 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4288 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5588 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4504 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:8

C:\Users\Admin\Downloads\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ.exe"

C:\Users\Admin\Downloads\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog

C:\Users\Admin\Downloads\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog

C:\Users\Admin\Downloads\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog

C:\Users\Admin\Downloads\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog

C:\Users\Admin\Downloads\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ.exe" /main

C:\Users\Admin\Downloads\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog

C:\Windows\SysWOW64\notepad.exe

"C:\Windows\System32\notepad.exe" \note.txt

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3684 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4292 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6012 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6056 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5252 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5560 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:1

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2928 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:2

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=3612 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:1

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=992 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:1

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=4920 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:1

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x1f0

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=5060 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:1

C:\Windows\SysWOW64\mspaint.exe

"C:\Windows\System32\mspaint.exe"

\??\c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s DeviceAssociationService

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=1072 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:1

C:\Windows\SysWOW64\mmc.exe

"C:\Windows\System32\mmc.exe"

C:\Windows\system32\mmc.exe

"C:\Windows\system32\mmc.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=3716 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=1000 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5388 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5180 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:8

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=2140 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=3508 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:1

C:\Windows\SysWOW64\mmc.exe

"C:\Windows\System32\mmc.exe"

C:\Windows\system32\mmc.exe

"C:\Windows\system32\mmc.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5936 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:8

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=5912 --field-trial-handle=1716,i,1028120338899196498,8756102318467629794,131072 /prefetch:1

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SysWOW64\mmc.exe

"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"

C:\Windows\system32\mmc.exe

"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SysWOW64\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\SysWOW64\mspaint.exe

"C:\Windows\System32\mspaint.exe"

\??\c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s DeviceAssociationService

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /7

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\mmc.exe

"C:\Windows\System32\mmc.exe"

C:\Windows\system32\mmc.exe

"C:\Windows\system32\mmc.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

Network

Country Destination Domain Proto
US 8.8.8.8:53 250.255.255.239.in-addr.arpa udp
US 8.8.8.8:53 163.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
NL 172.217.168.206:443 apis.google.com tcp
US 8.8.8.8:53 100.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 206.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
NL 142.251.36.46:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 46.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 251.0.0.224.in-addr.arpa udp
US 8.8.8.8:53 b.f.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa udp
NL 20.103.253.93:80 tcp
NL 142.251.36.46:443 clients2.google.com tcp
US 8.8.8.8:53 ogs.google.com udp
NL 142.250.179.206:443 ogs.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
NL 172.217.168.195:443 ssl.gstatic.com tcp
US 8.8.8.8:53 206.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 id.google.com udp
NL 172.217.168.206:443 apis.google.com tcp
US 8.8.8.8:53 play.google.com udp
NL 142.250.179.206:443 play.google.com tcp
NL 142.250.179.206:443 play.google.com udp
US 8.8.8.8:53 98.39.251.142.in-addr.arpa udp
US 20.189.173.12:443 tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
NL 142.250.179.182:443 i.ytimg.com tcp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com tcp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com tcp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com tcp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com tcp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com tcp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com tcp
US 8.8.8.8:53 203.151.224.20.in-addr.arpa udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 182.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
NL 142.250.179.194:443 googleads.g.doubleclick.net tcp
NL 142.250.179.198:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
NL 142.251.36.10:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 194.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 198.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.36.251.142.in-addr.arpa udp
NL 142.251.36.10:443 jnn-pa.googleapis.com udp
NL 142.250.179.194:443 googleads.g.doubleclick.net udp
US 93.184.221.240:80 tcp
US 8.8.8.8:53 github.com udp
IN 20.207.73.82:443 github.com tcp
IN 20.207.73.82:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 82.73.207.20.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 collector.github.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.114.22:443 collector.github.com tcp
IN 20.207.73.85:443 api.github.com tcp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 22.114.82.140.in-addr.arpa udp
US 8.8.8.8:53 85.73.207.20.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 216.58.214.3:443 beacons.gcp.gvt2.com tcp
NL 216.58.214.3:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 e2c10.gcp.gvt2.com udp
AU 34.116.74.210:443 e2c10.gcp.gvt2.com tcp
AU 34.116.74.210:443 e2c10.gcp.gvt2.com tcp
US 8.8.8.8:53 3.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 210.74.116.34.in-addr.arpa udp
NL 216.58.214.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 e2cs45.gcp.gvt2.com udp
CA 35.215.11.11:443 e2cs45.gcp.gvt2.com tcp
NL 142.250.179.182:443 i.ytimg.com udp
US 8.8.8.8:53 11.11.215.35.in-addr.arpa udp
US 8.8.8.8:53 beacons2.gvt2.com udp
IN 172.217.166.227:443 beacons2.gvt2.com tcp
NL 216.58.214.10:443 content-autofill.googleapis.com udp
IN 172.217.166.227:443 beacons2.gvt2.com tcp
US 8.8.8.8:53 10.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 227.166.217.172.in-addr.arpa udp
NL 142.250.179.194:443 googleads.g.doubleclick.net udp
NL 142.250.179.198:443 static.doubleclick.net udp
NL 142.251.36.10:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn2.gstatic.com udp
NL 142.251.36.14:443 encrypted-tbn2.gstatic.com udp
US 8.8.8.8:53 google.co.ck udp
NL 172.217.168.228:80 google.co.ck tcp
NL 172.217.168.228:80 google.co.ck tcp
US 8.8.8.8:53 www.google.co.ck udp
NL 142.250.179.195:80 www.google.co.ck tcp
NL 142.250.179.195:80 www.google.co.ck tcp
NL 142.250.179.195:443 www.google.co.ck tcp
US 8.8.8.8:53 228.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.36.251.142.in-addr.arpa udp
NL 142.250.179.195:443 www.google.co.ck tcp
NL 142.250.179.195:443 www.google.co.ck tcp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
US 8.8.8.8:53 116.32.239.216.in-addr.arpa udp
NL 172.217.168.228:80 google.co.ck tcp
NL 172.217.168.228:80 google.co.ck tcp
NL 142.250.179.195:443 www.google.co.ck tcp
NL 142.250.179.195:443 www.google.co.ck tcp
US 8.8.8.8:53 id.google.co.ck udp
GB 216.58.208.99:443 id.google.co.ck tcp
GB 216.58.208.99:443 id.google.co.ck tcp
US 8.8.8.8:53 99.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 static.wikia.nocookie.net udp
DE 74.120.188.204:443 static.wikia.nocookie.net tcp
US 8.8.8.8:53 204.188.120.74.in-addr.arpa udp
NL 172.217.168.228:80 google.co.ck tcp
NL 172.217.168.228:80 google.co.ck tcp
NL 142.250.179.195:443 www.google.co.ck tcp
NL 142.250.179.195:443 www.google.co.ck tcp
GB 216.58.208.99:443 id.google.co.ck tcp
GB 216.58.208.99:443 id.google.co.ck tcp
NL 142.250.179.182:443 i.ytimg.com udp
NL 172.217.168.228:80 google.co.ck tcp
NL 172.217.168.228:80 google.co.ck tcp
NL 142.250.179.195:443 www.google.co.ck tcp
NL 142.250.179.195:443 www.google.co.ck tcp
NL 142.250.179.194:443 googleads.g.doubleclick.net udp
NL 142.250.179.198:443 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
NL 142.250.179.170:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 170.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com udp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
GB 216.58.208.99:443 beacons3.gvt2.com tcp
GB 216.58.208.99:443 beacons3.gvt2.com udp
NL 172.217.168.228:80 google.co.ck tcp
NL 172.217.168.228:80 google.co.ck tcp
NL 142.250.179.195:443 www.google.co.ck tcp
NL 142.250.179.195:443 www.google.co.ck tcp
NL 216.58.214.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 softonic.com udp
US 35.227.233.104:80 softonic.com tcp
US 35.227.233.104:80 softonic.com tcp
US 8.8.8.8:53 104.233.227.35.in-addr.arpa udp
US 35.227.233.104:443 softonic.com tcp
US 8.8.8.8:53 www.softonic.com udp
US 35.227.233.104:443 www.softonic.com tcp
US 35.227.233.104:443 www.softonic.com tcp
US 8.8.8.8:53 en.softonic.com udp
US 35.227.233.104:443 en.softonic.com tcp
US 35.227.233.104:443 en.softonic.com tcp
US 8.8.8.8:53 188.155.64.172.in-addr.arpa udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 sc.sftcdn.net udp
US 8.8.8.8:53 images.sftcdn.net udp
NL 172.217.168.194:443 securepubads.g.doubleclick.net tcp
NL 172.217.168.194:443 securepubads.g.doubleclick.net tcp
US 151.101.1.91:443 sc.sftcdn.net tcp
US 151.101.1.91:443 sc.sftcdn.net tcp
US 8.8.8.8:53 c.amazon-adsystem.com udp
DE 108.156.255.65:443 c.amazon-adsystem.com tcp
DE 108.156.255.65:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 static.criteo.net udp
NL 178.250.1.3:443 static.criteo.net tcp
NL 178.250.1.3:443 static.criteo.net tcp
US 8.8.8.8:53 amplify.outbrain.com udp
NL 23.222.47.122:443 images.sftcdn.net tcp
NL 23.222.47.122:443 images.sftcdn.net tcp
NL 23.222.47.122:443 images.sftcdn.net tcp
DE 23.218.209.87:443 amplify.outbrain.com tcp
DE 23.218.209.87:443 amplify.outbrain.com tcp
NL 23.222.47.122:443 images.sftcdn.net tcp
NL 23.222.47.122:443 images.sftcdn.net tcp
NL 23.222.47.122:443 images.sftcdn.net tcp
US 8.8.8.8:53 200.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 194.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 91.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 65.255.156.108.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 122.47.222.23.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 191.137.222.52.in-addr.arpa udp
US 8.8.8.8:53 87.209.218.23.in-addr.arpa udp
US 8.8.8.8:53 tr.outbrain.com udp
US 50.31.142.127:443 tr.outbrain.com tcp
US 50.31.142.127:443 tr.outbrain.com tcp
US 8.8.8.8:53 67.55.52.23.in-addr.arpa udp
US 8.8.8.8:53 48.20.225.13.in-addr.arpa udp
US 8.8.8.8:53 230.137.222.52.in-addr.arpa udp
US 8.8.8.8:53 127.142.31.50.in-addr.arpa udp
US 8.8.8.8:53 static.hotjar.com udp
NL 52.222.139.116:443 static.hotjar.com tcp
NL 52.222.139.116:443 static.hotjar.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.251.36.34:443 googleads.g.doubleclick.net tcp
NL 142.251.36.34:443 googleads.g.doubleclick.net tcp
US 151.101.1.91:443 sc.sftcdn.net tcp
US 151.101.1.91:443 sc.sftcdn.net tcp
US 8.8.8.8:53 116.139.222.52.in-addr.arpa udp
US 8.8.8.8:53 34.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 gum.criteo.com udp
US 74.119.119.139:443 gum.criteo.com tcp
US 74.119.119.139:443 gum.criteo.com tcp
US 8.8.8.8:53 ocsp.rootca3.amazontrust.com udp
NL 52.222.137.193:80 ocsp.rootca3.amazontrust.com tcp
US 8.8.8.8:53 139.119.119.74.in-addr.arpa udp
US 8.8.8.8:53 193.137.222.52.in-addr.arpa udp
US 8.8.8.8:53 script.hotjar.com udp
NL 13.227.219.71:443 script.hotjar.com tcp
NL 13.227.219.71:443 script.hotjar.com tcp
US 8.8.8.8:53 dnacdn.net udp
US 8.8.8.8:53 ag.gbc.criteo.com udp
SG 182.161.73.136:443 dnacdn.net tcp
SG 182.161.73.136:443 dnacdn.net tcp
US 8.8.8.8:53 gem.gbc.criteo.com udp
SG 116.213.23.214:443 gem.gbc.criteo.com tcp
SG 116.213.23.214:443 gem.gbc.criteo.com tcp
US 8.8.8.8:53 71.219.227.13.in-addr.arpa udp
US 8.8.8.8:53 136.73.161.182.in-addr.arpa udp
US 8.8.8.8:53 214.23.213.116.in-addr.arpa udp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 lens.google.com udp
US 8.8.8.8:53 110.39.251.142.in-addr.arpa udp
NL 172.217.168.228:80 google.co.ck tcp
NL 172.217.168.228:80 google.co.ck tcp
NL 142.250.179.195:443 www.google.co.ck tcp
NL 142.250.179.195:443 www.google.co.ck tcp
US 8.8.8.8:53 play.clubpenguin.com udp
US 8.8.8.8:53 play.clubpenguin.com udp
US 8.8.8.8:53 play.clubpenguin.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 216.58.214.3:443 beacons.gcp.gvt2.com udp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 cdn.donmai.us udp
US 172.67.70.99:443 cdn.donmai.us tcp
US 8.8.8.8:53 99.70.67.172.in-addr.arpa udp
US 172.67.70.99:443 cdn.donmai.us udp
US 8.8.8.8:53 danbooru.donmai.us udp
NL 172.217.168.228:80 google.co.ck tcp
NL 172.217.168.228:80 google.co.ck tcp
NL 142.250.179.195:443 www.google.co.ck tcp
NL 142.250.179.195:443 www.google.co.ck tcp
US 8.8.8.8:53 softonic.com udp
US 35.227.233.104:443 softonic.com tcp
US 8.8.8.8:53 www.softonic.com udp
US 35.227.233.104:443 www.softonic.com tcp
US 35.227.233.104:443 www.softonic.com tcp
NL 172.217.168.194:443 securepubads.g.doubleclick.net tcp
US 8.8.8.8:53 sc.sftcdn.net udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 amplify.outbrain.com udp
US 8.8.8.8:53 images.sftcdn.net udp
NL 178.250.1.3:443 static.criteo.net tcp
US 151.101.1.91:443 sc.sftcdn.net tcp
US 50.31.142.127:443 tr.outbrain.com tcp
US 50.31.142.127:443 tr.outbrain.com tcp
US 8.8.8.8:53 static.hotjar.com udp
DE 23.218.209.87:443 amplify.outbrain.com tcp
NL 52.222.136.109:443 c.amazon-adsystem.com tcp
NL 23.222.47.122:443 images.sftcdn.net tcp
NL 142.251.36.34:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 script.hotjar.com udp
DE 18.66.97.49:443 static.hotjar.com tcp
NL 13.227.219.120:443 script.hotjar.com tcp
US 8.8.8.8:53 120.150.79.40.in-addr.arpa udp
US 8.8.8.8:53 109.136.222.52.in-addr.arpa udp
US 8.8.8.8:53 49.97.66.18.in-addr.arpa udp
US 8.8.8.8:53 120.219.227.13.in-addr.arpa udp
US 74.119.119.139:443 gum.criteo.com tcp
US 74.119.119.139:443 gum.criteo.com tcp
US 8.8.8.8:53 ag.gbc.criteo.com udp
SG 116.213.23.210:443 ag.gbc.criteo.com tcp
SG 116.213.23.210:443 ag.gbc.criteo.com tcp
SG 182.161.73.136:443 dnacdn.net tcp
SG 182.161.73.136:443 dnacdn.net tcp
SG 116.213.23.214:443 ag.gbc.criteo.com tcp
SG 116.213.23.214:443 ag.gbc.criteo.com tcp
US 8.8.8.8:53 notix.io udp
NL 139.45.240.92:443 notix.io tcp
US 8.8.8.8:53 92.240.45.139.in-addr.arpa udp
US 8.8.8.8:53 210.23.213.116.in-addr.arpa udp
US 8.8.8.8:53 9.175.53.84.in-addr.arpa udp
US 8.8.8.8:53 sslwidget.criteo.com udp
FR 178.250.7.11:443 sslwidget.criteo.com tcp
US 8.8.8.8:53 widget.us.criteo.com udp
US 74.119.119.150:443 widget.us.criteo.com tcp
US 8.8.8.8:53 11.7.250.178.in-addr.arpa udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 secure.adnxs.com udp
US 8.8.8.8:53 contextual.media.net udp
NL 142.251.36.34:443 cm.g.doubleclick.net tcp
US 8.8.8.8:53 pixel.rubiconproject.com udp
US 8.8.8.8:53 match.sharethrough.com udp
US 8.8.8.8:53 rtb-csync.smartadserver.com udp
NL 185.89.210.122:443 ib.adnxs.com tcp
US 8.8.8.8:53 sync-t1.taboola.com udp
NL 213.19.162.90:443 pixel.rubiconproject.com tcp
DE 37.252.172.123:443 secure.adnxs.com tcp
JP 35.213.12.39:443 x.bidswitch.net tcp
NL 173.223.112.20:443 contextual.media.net tcp
FR 185.86.138.154:443 rtb-csync.smartadserver.com tcp
SG 52.76.224.60:443 match.sharethrough.com tcp
SG 141.226.229.48:443 sync-t1.taboola.com tcp
US 8.8.8.8:53 criteo-sync.teads.tv udp
US 8.8.8.8:53 eb2.3lift.com udp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
US 8.8.8.8:53 adgen.socdm.com udp
US 8.8.8.8:53 tg.socdm.com udp
NL 173.223.113.34:443 criteo-sync.teads.tv tcp
US 8.8.8.8:53 r.casalemedia.com udp
US 8.8.8.8:53 adx.dable.io udp
DE 3.75.62.37:443 ups.analytics.yahoo.com tcp
US 76.223.111.18:443 eb2.3lift.com tcp
JP 124.146.215.49:443 tg.socdm.com tcp
US 8.8.8.8:53 cs.adingo.jp udp
US 8.8.8.8:53 dis.criteo.com udp
KR 52.78.158.104:443 adx.dable.io tcp
CA 185.80.39.216:443 r.casalemedia.com tcp
JP 124.146.153.150:443 adgen.socdm.com tcp
US 8.8.8.8:53 ads.stickyadstv.com udp
SG 182.161.73.146:443 dis.criteo.com tcp
JP 54.64.172.71:443 cs.adingo.jp tcp
US 8.8.8.8:53 ad.360yield.com udp
NL 23.72.252.152:443 ads.stickyadstv.com tcp
SG 52.77.86.135:443 ad.360yield.com tcp
SG 182.161.73.146:443 dis.criteo.com tcp
US 8.8.8.8:53 ocsp.r2m01.amazontrust.com udp
US 8.8.8.8:53 idsync.rlcdn.com udp
US 8.8.8.8:53 exchange.mediavine.com udp
US 8.8.8.8:53 c.bing.com udp
US 8.8.8.8:53 sync.outbrain.com udp
US 8.8.8.8:53 simage2.pubmatic.com udp
US 8.8.8.8:53 s.ad.smaato.net udp
US 8.8.8.8:53 ade.clmbtech.com udp
US 8.8.8.8:53 sync.aralego.com udp
US 8.8.8.8:53 sync-criteo.ads.yieldmo.com udp
US 204.79.197.200:443 c.bing.com tcp
US 35.190.60.146:443 idsync.rlcdn.com tcp
SG 103.231.98.194:443 simage2.pubmatic.com tcp
DE 3.68.171.222:443 exchange.mediavine.com tcp
US 13.225.16.178:80 ocsp.r2m01.amazontrust.com tcp
US 50.31.142.31:443 sync.outbrain.com tcp
NL 95.101.74.150:443 ade.clmbtech.com tcp
DE 13.32.27.67:443 s.ad.smaato.net tcp
SG 23.108.98.2:443 sync.aralego.com tcp
SG 54.169.120.86:443 sync-criteo.ads.yieldmo.com tcp
US 8.8.8.8:53 150.119.119.74.in-addr.arpa udp
US 8.8.8.8:53 122.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 90.162.19.213.in-addr.arpa udp
US 8.8.8.8:53 123.172.252.37.in-addr.arpa udp
US 8.8.8.8:53 20.112.223.173.in-addr.arpa udp
US 8.8.8.8:53 154.138.86.185.in-addr.arpa udp
US 8.8.8.8:53 34.113.223.173.in-addr.arpa udp
US 8.8.8.8:53 18.111.223.76.in-addr.arpa udp
US 8.8.8.8:53 37.62.75.3.in-addr.arpa udp
US 8.8.8.8:53 216.39.80.185.in-addr.arpa udp
US 8.8.8.8:53 60.224.76.52.in-addr.arpa udp
US 8.8.8.8:53 152.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 39.12.213.35.in-addr.arpa udp
US 8.8.8.8:53 48.229.226.141.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 146.60.190.35.in-addr.arpa udp
US 8.8.8.8:53 222.171.68.3.in-addr.arpa udp
US 8.8.8.8:53 23.249.124.192.in-addr.arpa udp
US 8.8.8.8:53 178.16.225.13.in-addr.arpa udp
US 8.8.8.8:53 150.74.101.95.in-addr.arpa udp
US 8.8.8.8:53 67.27.32.13.in-addr.arpa udp
US 8.8.8.8:53 49.215.146.124.in-addr.arpa udp
US 8.8.8.8:53 104.158.78.52.in-addr.arpa udp
US 8.8.8.8:53 150.153.146.124.in-addr.arpa udp
US 8.8.8.8:53 146.73.161.182.in-addr.arpa udp
US 8.8.8.8:53 31.142.31.50.in-addr.arpa udp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
US 13.225.16.178:80 ocsp.r2m02.amazontrust.com tcp
US 8.8.8.8:53 71.172.64.54.in-addr.arpa udp
US 8.8.8.8:53 135.86.77.52.in-addr.arpa udp
US 8.8.8.8:53 86.120.169.54.in-addr.arpa udp
US 8.8.8.8:53 2.98.108.23.in-addr.arpa udp
US 8.8.8.8:53 194.98.231.103.in-addr.arpa udp
US 8.8.8.8:53 208.137.222.52.in-addr.arpa udp
US 8.8.8.8:53 68.32.18.104.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
NL 142.250.179.182:443 i.ytimg.com udp
US 8.8.8.8:53 174.179.250.142.in-addr.arpa udp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 lens.google.com udp
NL 142.250.179.194:443 cm.g.doubleclick.net udp
NL 142.250.179.198:443 static.doubleclick.net udp
NL 142.250.179.170:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com udp
DE 74.120.188.204:443 static.wikia.nocookie.net tcp
NL 172.217.168.228:80 google.co.ck tcp
NL 172.217.168.228:80 google.co.ck tcp
NL 142.250.179.195:443 www.google.co.ck tcp
NL 142.250.179.195:443 www.google.co.ck tcp
US 8.8.8.8:53 200.232.18.117.in-addr.arpa udp
US 8.8.8.8:53 csm.va.us.criteo.net udp
US 74.119.119.149:443 csm.va.us.criteo.net tcp
US 74.119.119.149:443 csm.va.us.criteo.net tcp
US 8.8.8.8:53 149.119.119.74.in-addr.arpa udp
NL 172.217.168.228:80 google.co.ck tcp
NL 172.217.168.228:80 google.co.ck tcp
NL 142.250.179.195:443 www.google.co.ck tcp
NL 142.250.179.195:443 www.google.co.ck tcp
NL 172.217.168.228:80 google.co.ck tcp
NL 172.217.168.228:80 google.co.ck tcp
NL 142.250.179.195:443 www.google.co.ck tcp
NL 142.250.179.195:443 www.google.co.ck tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 58.250.217.23.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
DE 2.16.241.157:443 www.bing.com tcp
DE 2.16.241.157:443 www.bing.com tcp
US 8.8.8.8:53 131.113.223.173.in-addr.arpa udp
US 8.8.8.8:53 157.241.16.2.in-addr.arpa udp
NL 172.217.168.228:80 google.co.ck tcp
NL 172.217.168.228:80 google.co.ck tcp
NL 142.250.179.195:443 www.google.co.ck tcp
NL 142.250.179.195:443 www.google.co.ck tcp
NL 172.217.168.228:80 google.co.ck tcp
NL 172.217.168.228:80 google.co.ck tcp
NL 142.250.179.195:443 www.google.co.ck tcp
NL 142.250.179.195:443 www.google.co.ck tcp
US 8.8.8.8:53 motherboard.vice.com udp
US 151.101.1.132:80 motherboard.vice.com tcp
US 151.101.1.132:80 motherboard.vice.com tcp
US 151.101.1.132:443 motherboard.vice.com tcp
US 8.8.8.8:53 www.vice.com udp
US 151.101.1.132:443 www.vice.com tcp
US 151.101.1.132:443 www.vice.com tcp
US 8.8.8.8:53 132.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 oembed.vice.com udp
US 151.101.1.132:443 oembed.vice.com tcp
US 151.101.1.132:443 oembed.vice.com tcp
US 8.8.8.8:53 video-images.vice.com udp
US 8.8.8.8:53 vice-web-statics-cdn.vice.com udp
US 8.8.8.8:53 tags.remixd.com udp
US 151.101.1.132:443 vice-web-statics-cdn.vice.com tcp
US 151.101.1.132:443 vice-web-statics-cdn.vice.com tcp
BE 13.225.239.59:443 tags.remixd.com tcp
BE 13.225.239.59:443 tags.remixd.com tcp
US 151.101.1.132:443 vice-web-statics-cdn.vice.com tcp
US 151.101.1.132:443 vice-web-statics-cdn.vice.com tcp
US 8.8.8.8:53 cdn.segment.com udp
US 8.8.8.8:53 www.npttech.com udp
NL 13.227.222.191:443 cdn.segment.com tcp
NL 13.227.222.191:443 cdn.segment.com tcp
US 8.8.8.8:53 59.239.225.13.in-addr.arpa udp
US 172.64.143.38:443 www.npttech.com tcp
US 172.64.143.38:443 www.npttech.com tcp
US 151.101.1.132:443 vice-web-statics-cdn.vice.com tcp
US 151.101.1.132:443 vice-web-statics-cdn.vice.com tcp
US 8.8.8.8:53 191.222.227.13.in-addr.arpa udp
US 8.8.8.8:53 38.143.64.172.in-addr.arpa udp
US 8.8.8.8:53 vmg-useast.gscontxt.net udp
US 129.159.113.125:443 vmg-useast.gscontxt.net tcp
US 129.159.113.125:443 vmg-useast.gscontxt.net tcp
US 8.8.8.8:53 gdpr-tcfv2.sp-prod.net udp
NL 13.227.219.52:443 gdpr-tcfv2.sp-prod.net tcp
NL 13.227.219.52:443 gdpr-tcfv2.sp-prod.net tcp
US 8.8.8.8:53 ccpa.sp-prod.net udp
DE 18.66.112.27:443 ccpa.sp-prod.net tcp
DE 18.66.112.27:443 ccpa.sp-prod.net tcp
US 8.8.8.8:53 widgets.outbrain.com udp
DE 23.218.209.87:443 widgets.outbrain.com tcp
DE 23.218.209.87:443 widgets.outbrain.com tcp
US 8.8.8.8:53 52.219.227.13.in-addr.arpa udp
US 8.8.8.8:53 125.113.159.129.in-addr.arpa udp
US 8.8.8.8:53 27.112.66.18.in-addr.arpa udp
US 151.101.1.132:443 vice-web-statics-cdn.vice.com tcp
US 151.101.1.132:443 vice-web-statics-cdn.vice.com tcp
US 8.8.8.8:53 btloader.com udp
US 172.67.70.134:443 btloader.com tcp
US 172.67.70.134:443 btloader.com tcp
US 8.8.8.8:53 sourcepoint.vice.com udp
US 8.8.8.8:53 cdn.confiant-integrations.net udp
NL 52.222.139.41:443 sourcepoint.vice.com tcp
NL 52.222.139.41:443 sourcepoint.vice.com tcp
US 8.8.8.8:53 z.moatads.com udp
US 104.18.34.10:443 cdn.confiant-integrations.net tcp
US 104.18.34.10:443 cdn.confiant-integrations.net tcp
NL 172.217.168.194:443 securepubads.g.doubleclick.net tcp
NL 172.217.168.194:443 securepubads.g.doubleclick.net tcp
DE 23.218.209.154:443 z.moatads.com tcp
DE 23.218.209.154:443 z.moatads.com tcp
US 8.8.8.8:53 experience.tinypass.com udp
US 104.17.185.177:443 experience.tinypass.com tcp
US 104.17.185.177:443 experience.tinypass.com tcp
US 8.8.8.8:53 d2zue0pgsssbc6.cloudfront.net udp
NL 52.222.137.76:443 d2zue0pgsssbc6.cloudfront.net tcp
NL 52.222.137.76:443 d2zue0pgsssbc6.cloudfront.net tcp
US 8.8.8.8:53 htlbid.com udp
NL 13.227.219.113:443 htlbid.com tcp
NL 13.227.219.113:443 htlbid.com tcp
US 8.8.8.8:53 134.70.67.172.in-addr.arpa udp
US 8.8.8.8:53 41.139.222.52.in-addr.arpa udp
US 8.8.8.8:53 10.34.18.104.in-addr.arpa udp
US 8.8.8.8:53 154.209.218.23.in-addr.arpa udp
US 8.8.8.8:53 177.185.17.104.in-addr.arpa udp
US 8.8.8.8:53 76.137.222.52.in-addr.arpa udp
US 8.8.8.8:53 113.219.227.13.in-addr.arpa udp
US 8.8.8.8:53 widget-pixels.outbrain.com udp
DE 23.218.209.87:443 widget-pixels.outbrain.com tcp
DE 23.218.209.87:443 widget-pixels.outbrain.com tcp
US 8.8.8.8:53 ad-delivery.net udp
US 104.26.2.70:443 ad-delivery.net tcp
US 104.26.2.70:443 ad-delivery.net tcp
US 8.8.8.8:53 ocsp.r2m01.amazontrust.com udp
US 54.230.54.45:80 ocsp.r2m01.amazontrust.com tcp
US 8.8.8.8:53 cdn.privacy-mgmt.com udp
DE 18.155.145.18:443 cdn.privacy-mgmt.com tcp
DE 18.155.145.18:443 cdn.privacy-mgmt.com tcp
US 8.8.8.8:53 70.2.26.104.in-addr.arpa udp
US 8.8.8.8:53 45.54.230.54.in-addr.arpa udp
US 8.8.8.8:53 102.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 18.145.155.18.in-addr.arpa udp
US 8.8.8.8:53 cdn.tinypass.com udp
US 104.17.182.177:443 cdn.tinypass.com tcp
US 104.17.182.177:443 cdn.tinypass.com tcp
US 8.8.8.8:53 api.btloader.com udp
US 130.211.23.194:443 api.btloader.com tcp
US 130.211.23.194:443 api.btloader.com tcp
US 8.8.8.8:53 ccpa-service.sp-prod.net udp
US 18.210.236.91:443 ccpa-service.sp-prod.net tcp
US 18.210.236.91:443 ccpa-service.sp-prod.net tcp
US 8.8.8.8:53 cdn.cxense.com udp
NL 23.222.46.90:443 cdn.cxense.com tcp
NL 23.222.46.90:443 cdn.cxense.com tcp
US 8.8.8.8:53 177.182.17.104.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 91.236.210.18.in-addr.arpa udp
US 8.8.8.8:53 90.46.222.23.in-addr.arpa udp
US 8.8.8.8:53 c2.piano.io udp
US 104.16.240.21:443 c2.piano.io tcp
US 104.16.240.21:443 c2.piano.io tcp
US 8.8.8.8:53 pubcast-files.remixd.com udp
US 35.190.38.143:443 pubcast-files.remixd.com tcp
US 35.190.38.143:443 pubcast-files.remixd.com tcp
US 8.8.8.8:53 21.240.16.104.in-addr.arpa udp
US 8.8.8.8:53 143.38.190.35.in-addr.arpa udp
US 8.8.8.8:53 connect.facebook.net udp
US 157.240.5.10:443 connect.facebook.net tcp
US 157.240.5.10:443 connect.facebook.net tcp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
NL 199.232.148.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 analytics.tiktok.com udp
NL 95.101.74.138:443 analytics.tiktok.com tcp
NL 95.101.74.138:443 analytics.tiktok.com tcp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 138.74.101.95.in-addr.arpa udp
US 8.8.8.8:53 mb.moatads.com udp
IE 52.48.233.13:443 mb.moatads.com tcp
IE 52.48.233.13:443 mb.moatads.com tcp
US 8.8.8.8:53 13.233.48.52.in-addr.arpa udp
US 8.8.8.8:53 ak.sail-horizon.com udp
NL 52.222.139.77:443 ak.sail-horizon.com tcp
NL 52.222.139.77:443 ak.sail-horizon.com tcp
BE 13.225.239.17:443 sdk.snapkit.com tcp
BE 13.225.239.17:443 sdk.snapkit.com tcp
US 8.8.8.8:53 77.139.222.52.in-addr.arpa udp
US 8.8.8.8:53 17.239.225.13.in-addr.arpa udp
US 8.8.8.8:53 tag.aticdn.net udp
NL 52.222.139.33:443 tag.aticdn.net tcp
NL 52.222.139.33:443 tag.aticdn.net tcp
US 8.8.8.8:53 sc-static.net udp
US 8.8.8.8:53 sb.scorecardresearch.com udp
NL 54.192.87.248:443 sc-static.net tcp
NL 54.192.87.248:443 sc-static.net tcp
DE 108.138.7.10:443 sb.scorecardresearch.com tcp
DE 108.138.7.10:443 sb.scorecardresearch.com tcp
US 8.8.8.8:53 static.chartbeat.com udp
US 8.8.8.8:53 tag.durationmedia.net udp
NL 13.227.216.166:443 static.chartbeat.com tcp
NL 13.227.216.166:443 static.chartbeat.com tcp
US 8.8.8.8:53 s.skimresources.com udp
NL 52.222.139.76:443 tag.durationmedia.net tcp
NL 52.222.139.76:443 tag.durationmedia.net tcp
US 8.8.8.8:53 cdn-magiclinks.trackonomics.net udp
US 151.139.128.10:443 s.skimresources.com tcp
US 151.139.128.10:443 s.skimresources.com tcp
NL 52.222.139.79:443 cdn-magiclinks.trackonomics.net tcp
NL 52.222.139.79:443 cdn-magiclinks.trackonomics.net tcp
US 8.8.8.8:53 33.139.222.52.in-addr.arpa udp
US 8.8.8.8:53 248.87.192.54.in-addr.arpa udp
US 8.8.8.8:53 10.7.138.108.in-addr.arpa udp
US 8.8.8.8:53 166.216.227.13.in-addr.arpa udp
US 8.8.8.8:53 76.139.222.52.in-addr.arpa udp
US 8.8.8.8:53 10.128.139.151.in-addr.arpa udp
US 8.8.8.8:53 79.139.222.52.in-addr.arpa udp
US 8.8.8.8:53 t.co udp
US 104.244.42.133:443 t.co tcp
US 104.244.42.133:443 t.co tcp
US 8.8.8.8:53 analytics.twitter.com udp
US 104.244.42.131:443 analytics.twitter.com tcp
US 104.244.42.131:443 analytics.twitter.com tcp
US 104.244.42.133:443 t.co tcp
US 104.244.42.131:443 analytics.twitter.com tcp
US 104.244.42.133:443 t.co tcp
US 8.8.8.8:53 133.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 131.42.244.104.in-addr.arpa udp
US 104.244.42.131:443 analytics.twitter.com tcp
US 8.8.8.8:53 api.sail-personalize.com udp
US 75.2.40.13:443 api.sail-personalize.com tcp
US 75.2.40.13:443 api.sail-personalize.com tcp
US 8.8.8.8:53 api.snapkit.com udp
US 35.190.43.134:443 api.snapkit.com tcp
US 35.190.43.134:443 api.snapkit.com tcp
US 8.8.8.8:53 tr.snapchat.com udp
US 35.190.43.134:443 tr.snapchat.com tcp
US 35.190.43.134:443 tr.snapchat.com tcp
US 35.190.43.134:443 tr.snapchat.com tcp
US 8.8.8.8:53 ping.chartbeat.net udp
US 34.230.229.95:443 ping.chartbeat.net tcp
US 34.230.229.95:443 ping.chartbeat.net tcp
US 8.8.8.8:53 134.43.190.35.in-addr.arpa udp
US 8.8.8.8:53 13.40.2.75.in-addr.arpa udp
US 8.8.8.8:53 95.229.230.34.in-addr.arpa udp
US 8.8.8.8:53 76.38.195.152.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 157.240.5.35:443 www.facebook.com tcp
US 157.240.5.35:443 www.facebook.com tcp
US 157.240.5.35:443 www.facebook.com tcp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 cdn.jwplayer.com udp
NL 52.222.139.53:443 cdn.jwplayer.com tcp
NL 52.222.139.53:443 cdn.jwplayer.com tcp
US 8.8.8.8:53 t.skimresources.com udp
US 35.201.67.47:443 t.skimresources.com tcp
US 35.201.67.47:443 t.skimresources.com tcp
US 8.8.8.8:53 p.skimresources.com udp
US 35.190.91.160:443 p.skimresources.com tcp
US 35.190.91.160:443 p.skimresources.com tcp
US 8.8.8.8:53 53.139.222.52.in-addr.arpa udp
US 8.8.8.8:53 47.67.201.35.in-addr.arpa udp
US 8.8.8.8:53 160.91.190.35.in-addr.arpa udp
US 8.8.8.8:53 geo.moatads.com udp
SG 13.228.198.14:443 geo.moatads.com tcp
SG 13.228.198.14:443 geo.moatads.com tcp
US 8.8.8.8:53 px.moatads.com udp
DE 23.218.209.154:443 px.moatads.com tcp
DE 23.218.209.154:443 px.moatads.com tcp
US 8.8.8.8:53 player-files.remixd.com udp
US 35.190.38.143:443 player-files.remixd.com tcp
US 35.190.38.143:443 player-files.remixd.com tcp
US 35.190.38.143:443 player-files.remixd.com tcp
US 8.8.8.8:53 14.198.228.13.in-addr.arpa udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
NL 142.250.102.156:443 stats.g.doubleclick.net tcp
NL 142.250.102.156:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 234.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 156.102.250.142.in-addr.arpa udp
US 8.8.8.8:53 pixel.tapad.com udp
US 8.8.8.8:53 mv.outbrain.com udp
US 34.111.113.62:443 pixel.tapad.com tcp
US 34.111.113.62:443 pixel.tapad.com tcp
NL 199.232.150.132:443 mv.outbrain.com tcp
NL 199.232.150.132:443 mv.outbrain.com tcp
US 8.8.8.8:53 p1cluster.cxense.com udp
NL 147.75.83.64:443 p1cluster.cxense.com tcp
NL 147.75.83.64:443 p1cluster.cxense.com tcp
US 8.8.8.8:53 62.113.111.34.in-addr.arpa udp
US 8.8.8.8:53 132.150.232.199.in-addr.arpa udp
US 8.8.8.8:53 64.83.75.147.in-addr.arpa udp
US 8.8.8.8:53 buy.tinypass.com udp
US 104.17.183.177:443 buy.tinypass.com tcp
US 104.17.183.177:443 buy.tinypass.com tcp
US 8.8.8.8:53 177.183.17.104.in-addr.arpa udp
US 8.8.8.8:53 mcdp-nydc1.outbrain.com udp
US 70.42.32.31:443 mcdp-nydc1.outbrain.com tcp
US 70.42.32.31:443 mcdp-nydc1.outbrain.com tcp
US 8.8.8.8:53 31.32.42.70.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 7c48dd2f4e33b67ffa3236b9ea4aaff2
SHA1 f66927a44e7de0c0038ce744d1d1d7251742702a
SHA256 b496c6028f1d5fe18f50705c8108ae84820748a3a2286cc9b56d2bb5a38aab02
SHA512 6ccba975ea123b1f59ddda5ec486be685df0ca1def0d34ccd160047a3fc9b126ec58092ed3f98b0cd6cf9df53a95083ddd979ed311d06fcc70eda216501dfa50

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\reports\492fe318-9ecd-4dbf-be22-73a5a4eeedb0.dmp

MD5 1cc2173b8bdbda19a3cce84057ac6e23
SHA1 8536924f7e6766bd0fba517bb438085dcbd9bdcf
SHA256 35faa1fa0ccc1be231fc92a4f7b1d734d9af588d89d6f97c50dc3c06a6cc8723
SHA512 6e8125c4a69d9d9574c9887ced252b922c620cfc36a3b485896794ef7958acedaee0c4c762ae167248d19d3dc95764450eaf9c926c58a0727269b27a4531f225

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\metadata

MD5 d240b4c36ae1ee60440a0eca5f00b7ec
SHA1 b1882537b11988d52ea1243214984b60f9d92e75
SHA256 9ae700f07c5cb75eeab5af151aa87fd79f121e08a23532a2996e75a54a3cf2db
SHA512 76340ace1381d9ea423be691f8090b12f08ac02426b1880ff9eef122fedfd25c13924de04166bcf3d0651aa2d87b5cb9062fd60659ab729cfddc0cac7cf32420

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

MD5 9eae63c7a967fc314dd311d9f46a45b7
SHA1 caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf
SHA256 4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d
SHA512 bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

MD5 6ead189534806177c1dd4d5c9b8e3e16
SHA1 2adfa91ad9829f1f45f7fc8be7b6a12151ad972b
SHA256 5536f51f9a4718c1b19521e2f86b8b8417f4bd9949928c2fa42168b51c1900bb
SHA512 62ebcd86895f1d3fa0c98a8505f7523afe3d03e7eaff4f936c3199cf5ba4d6379802d76b688438515664b91aa66a570f3365b8d200717f7573677db4899284a3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

MD5 7470b8e02105aec32da04baa73d64b0d
SHA1 11b4e400095c81f4ad2d37cfad6d530c90649e3d
SHA256 3d519562d3af6661b3a5cbba55888068b84c758b74713572357b4f210a783ad7
SHA512 f066c395146b294bb851f7340cc4a63901c413b913d40334bb5a7baccb569c298c821f9e5bdacbd06bad2070ce5979f4a69973c560f51e127800f16273723507

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

MD5 ba9b070da9d7e361f78edae71074edf5
SHA1 c0174cd4e51191b038586a8972099190f4c13624
SHA256 b0235ac4cccde03f4e2fe82d38f87c48912529af4189ef729e436dc20c72d0f0
SHA512 71d87aa63b1824d692a54679d8c2f637a9b8b44dc77c17dee5f839ebd889f7d845b28f0bb65479bf675c016dc830ffedf5e254c67d9e2a502e48b4ef23abcb87

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

MD5 fa1af62bdaf3c63591454d2631d5dd6d
SHA1 14fc1fc51a9b7ccab8f04c45d84442ed02eb9466
SHA256 00dd3c8077c2cca17ea9b94804490326ae6f43e6070d06b1516dfd5c4736d94d
SHA512 2c3184f563b9a9bff088114f0547f204ee1e0b864115366c86506215f42d7dbf161bc2534ccaee783e62cc01105edffc5f5dabf229da5ebd839c96af1d45de77

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

MD5 342e2166b0ff71c6132f02d682d0c9f5
SHA1 51acab1c22e66b2095c1ccd2c8ea7ea8418eac3b
SHA256 99ea2cbebaa018e9aa4c22ae939e1ee9ace1843905a5d96516bab0c2b40fb500
SHA512 95b3a832b2fd8b64ac5cf663d8a47375fd07ef0113e067ad1a4df0d5b001d43ce1dac2d0f3147340dd0a6bace9ff8845b4a0b2959ed4a6c28b70628ee79a4182

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

MD5 c46f516ae35f5791c3022a64900c8aed
SHA1 d1e5cfc7a7f332821fa23961d1d955e4f5173e56
SHA256 3559807ff04d6a6852aef9a4abcce4774b076931cdd0df707f8e17ab2afd12de
SHA512 2db044e587d7e030b44c0c97b9baef3acbe78c037747e5bded362345b96a6a431f8b06e387128ba24f659e35e88ffc9af8854f3d7d07ff8e6434bc6f9cddcce7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

MD5 3b01f34b65f6a2b7f8e5a23f80b8b2db
SHA1 5057bd7829c654a7be568392725ea966a2824c4a
SHA256 577600b4ac7cba0102428b8a14a70c749394a39af31a2753319745e39ff90270
SHA512 c0d5eb768c5aff63713c0ccb34721a9af962aa78a1cdc6c0846af251ead8134975aaef29f3892d5f7654624cc17abfe29e00f1ffaf55125e6f81f640902119a2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

MD5 7c8b68b0e553ea94a46265190627f2aa
SHA1 8110e5441794d5b1e52189bd1c12b644b18514c9
SHA256 1804fdd44bc39f37102bf6c8224469d15aee467ecd4bed6c892ee01ed098a1e1
SHA512 3e9e63b4431b2a610c6d1d73da1ffdfb95e1a78ac3fc98c8a17b7f93a12f6b85de2a5c7dba313234fe43bd6313f5a95b3f8bed3f7e3901caa78510a3b8cf9b49

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

MD5 7c87d95855394b97e604c202fde33b5e
SHA1 ffb329a118c488d412b75ce723545477991d880b
SHA256 c62313dbc4347d2b7e6a6afbded349633e5ad8987212b501c7da605729c59690
SHA512 733347a8f6afccc562565d1afe35d62e0fb070ecd9d0e6f7bed02fef5153ff5e975a42c70d3b37bfe646eff963471e8e9b3b67b776f41cac2fabe6d3659607ac

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

MD5 72979feb984a6e0dff9f81908b03e774
SHA1 0b4d2e0c9f08818aaebb3deb73dfe366de6f46ac
SHA256 2a8b121c3953c4cafc622c97e27d60fa777e43c78107186d66788a3c21cc1a53
SHA512 960a0b38f8ec6e611d67bc167123d747a55aa159b4b5facfb030a502d63eec2c2f2aaad07ecdab55d7390685dc026584620c2d74245bdd2c817b16b160797463

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

MD5 4fa2884f5f95a3dc55e979bf0d62f151
SHA1 e8255511ef3b06bf9679d3fc51dcc10aaef7101c
SHA256 5c7aebf4c045d6994cf346df70020b5be9b3e0c8893e48ddb69cc33701d5f1ae
SHA512 3d6695ab0a13fa6f8a69db831724574ff9dcc5fc0a67d7eb2241be14d06bf7960f215631ed617dc64865b669308347dc6757dd951bddde409e74d7b73174d06f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

MD5 c2fcb114d71538fba0321f2afd0fe1bc
SHA1 1aeddd36ceab131ebeec4149cb28b806fb95f731
SHA256 7c315ea25251f7392bee541c93dbcc18308727c284d923b4a4002837a8635f06
SHA512 d5d3b0ee3f8e102973bdd0ac197b45cea1f283483e93ee5f30620236ec973bac08f8fdd7cc3482f6073e0f4563985db740914916f1119eb019fc02650c485131

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

MD5 d04490855d40f3dcbbeaabd4793c4a03
SHA1 91546292e6d1e5110f9ddd70b2837260195180e0
SHA256 b42d8a26e18c996f78be8ca44c590cf929418f73055b908af25e43576a72791a
SHA512 892cddae619730d076b36e50b18f6d9f5a5a85aadaefe55332dff7fa8c83dc910795c5623f01edb8a83bebdef60650b70d7670dea8cfff8bbf55a5786d9b5342

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

MD5 75e08fe364e14b7bc1b0f5bb0926b0f5
SHA1 ae271c86ff272e7ca74db6914883336724657338
SHA256 6764e6fd76d19ea4199da1edd8e7585c99628d5cdb9f6178dfa043680f3369d1
SHA512 9fb177bfe84ec9b83359675e61055da97c13ddc8b4ab4f6136f6b2ee8640205ac321201279f4aef43a488630e5b721f41f4a6da27df4b88097139b3ae429e801

\??\pipe\crashpad_1360_AFWLWPWZSWXVRSZI

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 7c48dd2f4e33b67ffa3236b9ea4aaff2
SHA1 f66927a44e7de0c0038ce744d1d1d7251742702a
SHA256 b496c6028f1d5fe18f50705c8108ae84820748a3a2286cc9b56d2bb5a38aab02
SHA512 6ccba975ea123b1f59ddda5ec486be685df0ca1def0d34ccd160047a3fc9b126ec58092ed3f98b0cd6cf9df53a95083ddd979ed311d06fcc70eda216501dfa50

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

MD5 957af332a6eeb6e28fd29d007278454c
SHA1 65453f3684c73d282eafcf5759add5f831751d0b
SHA256 fd86d7f6b39b9afcc5d5c7e03d4e82cbeb2408001d210f2f021ddbe42985c3a8
SHA512 9f010d2068468a2974741a56ec963533eb8b129e64d6b2db3b8ffe3ec47393cf5efc1729af000df31f7a2700632701f0821599b8ae2b69e1742f2603294fd00d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

MD5 66d514f7a4e15967dd615da85477a4fc
SHA1 c5a54d294d0e31d2af5f0aee49e2b762d343899b
SHA256 862beacad0e0cf5c98ac73d8125cefbad0612fe5cd62afd431879347f8b51a4a
SHA512 ac67c6e691a33997cb6c118ccef1f68418b2b18dcb2c31220cb73692f1c7119865c2fb337b2a7c266426d40f8c0d472413ab7996b8a8444e1b300282b4a49569

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

MD5 47ae9b25af86702d77c7895ac6f6b57c
SHA1 f56f78729b99247a975620a1103cac3ee9f313a5
SHA256 9bde79a1b0866f68d6baa43f920e971b5feb35a8e0af7ffadc114366f8538224
SHA512 72b5296e3dd1c5b4c42d8c3e4a56693819779167b9f02bc2d5f5a626b519a9cf10bee59846d614c929c42094b65d13039f6024f6cb1c023e740969aaefd060c4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13325705048096827

MD5 2d8f7892de4c63b984c330949b6218e3
SHA1 712254f758a47f770fa3fd27422b927e54a8b8d7
SHA256 d2f2e7385fd5a865638b2eba7372398d7a44673159d48c882c70ada26c6bfe45
SHA512 420ea22411c3beeb6af575af7fb8bb5b89dc52c74d755c5f8999432a4896d8436110365f4772aa7b982556e66c06ae69d1b984bfb2003965ca9ef7678f031a1b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Browser

MD5 de9ef0c5bcc012a3a1131988dee272d8
SHA1 fa9ccbdc969ac9e1474fce773234b28d50951cd8
SHA256 3615498fbef408a96bf30e01c318dac2d5451b054998119080e7faac5995f590
SHA512 cea946ebeadfe6be65e33edff6c68953a84ec2e2410884e12f406cac1e6c8a0793180433a7ef7ce097b24ea78a1fdbb4e3b3d9cdf1a827ab6ff5605da3691724

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG

MD5 bf6027604d68d00685b2ede4185f8a7b
SHA1 80d25739ffec2216b275482be17ac176729c6093
SHA256 e750dd45ed831c7123a50dd7b0e6530201a1f54abb35461b94b452562bdd7900
SHA512 a2f9468b5b85fde53d59a6373fe559aa59bc063ced316cf867dd61a4c4d26608c150ca77b353247bf9804b61fe923931be1fd769cf80497e19f4a55dac4d0978

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 5978c4007c74c1da1978919d63e680bb
SHA1 eea4be8009408c013862c1d08a6b568d26046eac
SHA256 3b845dda7619ce70bdae2cb04a970e0c0ed96df7c4f561506668b4b85d86c657
SHA512 0af155d2e2d73a9b68f205d1572640d351a112f7b4721d1c6a709e5fb13356a5d6e85d7c3df5dba0bc583a29eb96d05a7d0984cda68c1da3707a517263f405a7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 799b2c8a9045024af1b56249a998e698
SHA1 69d3cb9b0be81ac405c8356b7548fb3d410f2e7d
SHA256 086f1b162d06d5670eca37db4cf8665439001e43dcb55b8ac52e70b8aaea86eb
SHA512 60c8bd49e584813e6b2df1fbc51362d4cf96188c4527943494ac8f9bd7fdb0942b055265c700e5765b07b7fd6886bd38edadab0a24193c5b2e5624b8025daf01

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b1921ffbf5029680f78cf1dc34cd7532
SHA1 cc9b3ca0292e16645923e6d61e40e8fa72c4527a
SHA256 a2af57b94a06a28bb59e405998103474c42fe0373087d641d0411a35e9e66587
SHA512 181d1ecd559dd5ceba5c939b99a810f4ea228ac50a632788cfaea5d0e61bd341fa479531b2606cb2f4ead37faa09b9943994a4154e1f2b3a46be162b8f6de9a6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 70ee35d3b053a3b7032a08e5ea7eeef8
SHA1 b11b875f91de1ba35656f71c47030ba826deffb3
SHA256 5581184c7319f8995e276180884ecdc154cf7bdce15a52d8c86207e32748956e
SHA512 5f0bcc9d6b10528875d86366bd31bcd5dd9ac51bded02523b6a08f15aaa38927fd465e439a3f0e61a0ea592377ec3e3e577aa0c464d44c3d14fb75527e798036

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1ec31e9b6e7472d4413ef0c3a1519c71
SHA1 feaf65bfd5e916f71ffb92f833ac18a10e479b5a
SHA256 21e276464032cf46adcdcbcf08dac18aaf16cae14785a40d80e985b9afbdf6f4
SHA512 7cffe0990aa0e9f09f56c918998566da005028ad61bec67d9ae551abb698b4e3dac122b285ed6fc48f7ed5b5ce2a09e723f85824f39b77b9756f1f1ddd4acb27

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ea1a925391401bec04f02e5e86a380eb
SHA1 4140eed64800914c2cad606027cd745951b3ddda
SHA256 79551663c4f374c9d317a9ab1b68d7664af085252803fe9bafec86ad0e945b5c
SHA512 3fe61627b1fba0602e0e4b1cd6ffeeff24e73ce8a09630f382a187b8afd82eca51909c74da212113f0236b9a2325bb9a96178c125f08cf9f3c724ecf5c5b188b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 ae1bccd6831ebfe5ad03b482ee266e4f
SHA1 01f4179f48f1af383b275d7ee338dd160b6f558a
SHA256 1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649
SHA512 baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe571424.TMP

MD5 969ac47813533327203e2a55a1e98a7b
SHA1 f09c6fc69172442960f5a3a39cd1ff4d04165b7a
SHA256 2d4793743aba38b37590045e5d72dabab2bb207486d865cba95f18c27d04cbd9
SHA512 160c916d2c93fd933c47224eceaa327e125fe15a1958342883d88528be75b44166773e546124cb30424dc43536bd9ada61570e475df5187c6fccae2620fd6dff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5a37a8442675b17b0d998fd65c606668
SHA1 ee921b388916c4317d472ee8655d390c93406580
SHA256 fc65c30745d5cac765c37ceae76bbfc6f386ac126db278725743dbdfd42b280c
SHA512 d5b6eca34ffd3c3c35b84010bcf2ae6efb0de6976974323b1ee8a5a06414086cbf249b16b9c5176b8f83c96c3a36c6afbb2bf6c04b2838cb8660725bb278f404

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 63c1a7943aeea1c2d3226a07c41a72a5
SHA1 942ed34486fa4184b2655ae4f91c246ca8b60999
SHA256 8f641b13de47e51628768ddd3314e398488a24562b84ddd3110e10eefb7f6721
SHA512 bfa30a8f655bbaaef9874844206801840c089c7b0c32ca5280bc6ac17e90fd17056bb254b40e189c91fdcb0254d344682a67aa35ca0cacb2f0b36bdecb92a694

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

MD5 47ae9b25af86702d77c7895ac6f6b57c
SHA1 f56f78729b99247a975620a1103cac3ee9f313a5
SHA256 9bde79a1b0866f68d6baa43f920e971b5feb35a8e0af7ffadc114366f8538224
SHA512 72b5296e3dd1c5b4c42d8c3e4a56693819779167b9f02bc2d5f5a626b519a9cf10bee59846d614c929c42094b65d13039f6024f6cb1c023e740969aaefd060c4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 03cda034721b7156873820fbc91a2868
SHA1 262f7a60bdfac1db96f49509801cbffd4f6d16ac
SHA256 700d39a01b79dfd5e370f8a6bdab4ff633be663bf5bf41caa63f219a797f8f67
SHA512 ea05ed9ca0488c590d70274fe3b5b55444386b87831ed677ac4a073a1a49e1e602b568ab37462efc4176eae2fd924678e580667033f8d257ff00397537b9d921

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 23d5371b11e1f3f0df8e1e0863ff6fd7
SHA1 124ecc373f1a2d8a77ced92bd443dc37451fd0de
SHA256 bbaa026ad0055ab99b525d39912b34fe1bf8ac4e80127e47a1da2bca05f55d2d
SHA512 13666bf274a504100cf0418a68c343e519d5a3be7a2b848a337f788f0bdceae39e7a313d9e3498969511fa4c8aaf1ba89198370f36639635b352e1580568289e

C:\Users\Admin\Downloads\MEMZ.exe

MD5 1d5ad9c8d3fee874d0feb8bfac220a11
SHA1 ca6d3f7e6c784155f664a9179ca64e4034df9595
SHA256 3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff
SHA512 c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c6c2fb31485030c12ef132c71ce3adcb
SHA1 7fab2a91e8d960eccba451d1cc5a002b709effa9
SHA256 a31bf58e8471702b5ea14859857f8fdc2c16f5c0c75ced004c98b22a5dd165b0
SHA512 2b66acc3ed3a78e2109474b207a24eefd0763681ced35575ea41c13b309e136a6a68c69466eb572843fccc36ce15db9f5e80cdd589aa76b4dfe6ba5aab46f4e5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 a575c207cf81aad4403f3f297def1cff
SHA1 15716d6ae221642edd03cf23e96bd448ca391107
SHA256 d70f19b03ec90d54cb2dea92be115064229426b76857f3b78565f4485a24783b
SHA512 fdba17c3096e4033c80002440dc4684944b74fc51c7dba5c6d9f93e772a406a787e8818ec49c5c9b6f8a2a013770cb255d3556021e39caecbd6f7f351a1373dd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0bce54c23ff709e54f8078bd934089cd
SHA1 9e4d17492699c40fdddce1b5692d370d6c9c7837
SHA256 ddd251c7f3492d3b94f8745108a5a7a37e6a32c9b2303d3ccf5db3a621324013
SHA512 be77f40c09ce0b0eb0b6f5cc7e2ff9371ff2055b0286bc38ab11bf52a2d183d2db0ec6bf8befafdb90244e88e97f8f18bdddf0a6dc337c541f404105578636c6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 d88f7dffb78460e809b2edd3aace8267
SHA1 a95e5ca08bfd24cb427067182a469253a8118e80
SHA256 ca695a940ae0c4099044873acec0eae33855f7c503c19376a1bdb78b83d1e927
SHA512 879fc4f245b7921203dedafe01a266f51d3a1f684088225fe5eb26254ed89b07d5b0dabd03ea2578a73e624e9c8e683cf386a5fa7b01f50aef5d7563e526b79d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57ca26.TMP

MD5 4cc380bbc5b7406eeaf832d227c3c78f
SHA1 42d5d13a7d49456d70b9e92294ebf7bf3042448c
SHA256 7101f748e76d3c9a7102ff5f98c466bfd69fbcf180abf18f43e09a42e7d8452b
SHA512 9ce2d4403a48d37ea98b681bc255f3b38e5d070f04c5f17876ac255f368546431499ca8ce3ed9784ffe81fd56a43f840fbc660b440018cb3877e2d46098f9640

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8fbac896997418cc13242d33941269f1
SHA1 6138fa42f3e56b0667eedb5a05e257b28d8c74cc
SHA256 9fb3b7420b3c79bcd5d05cff447976c32ab46b0b95cac5068bc2eaa761c357f8
SHA512 caa80ca6b54e49235a4d0ac04ccc3860635b2325cdd6979ef25e3f68265d7e56137700bdf7fe17e5df40c22daff938affd93bb922767316c831c6bc8bbb65f0c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 652f9f3a4217d7bd386e0d6f9d27187c
SHA1 116642f94ded5c9218340e32bae5e914a1fafd37
SHA256 fcb891672f19094e839553eccf19cb5b36df2ec1ead30c8c6de54d27ba80a3f8
SHA512 0d062997180e560ce6add8002fcd3d2c7b87f0bbcde93c3ff33101793a7ef8e68c3b7319680a198d8659596ffe681f738a91997f00732b92a4233cf7f8f00b15

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b881328145322d2c3b89717333a3d8b1
SHA1 f17fb4a1f9430a32240e774577519704891684fc
SHA256 801103c90692bfe4bc5814ad220bbb73911c3780794fa7a349b9c7624af53e27
SHA512 a9053584b344bcaec54a42b0bb2f1a54d9dfb2e79ebbf2f6d37c2f9cdf96c5defab1615b9239e62af4ea3bac799a00e2138ae95d6c3dfe2993af4cb6ec1d7364

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a8f790e970a9e4c32048883db41cade8
SHA1 7066f574a671642562e841571a8bc70e88a479a8
SHA256 38b86f8cc4a73c8fa7bfa9c881a358e6bcb77b8a09465d22791860dfa8e2cc9c
SHA512 168a99dc15663b1037baf399f3d1a0a968a33330e7fb026914dbe20c475aad74aacc7143c9b8806f20007ab4fbda1e8ce98a15dbf7818171d3dfca64fad5a26c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

MD5 8cfb369a583b634be760abcaedc40045
SHA1 33a472025b812ca27b3e2881e9e3ad41f686b16e
SHA256 32b399b8d8923e9be93d9e24061e1b9a2e78495ef199806036de13733896d67e
SHA512 4c0c00f26e05cf46e3db3fb84516572c336dea177c197030b1a3929ab9bd2543a783da9954b6d04da23cdb6eaed6990d0872244c13418ddd6b81ff4f7fc2175e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

MD5 1067041b8fa46bae06ebeac837cb67ed
SHA1 9a1e51cfe25d04692592f1dc13ce75058db813d3
SHA256 e6f3a928b555e72664e65ac8d3455b7ace51ce76f205975f98daff89b3a5d533
SHA512 d16c71f87ebcdc4553cb5aa4283f84ba02178e80d237a99d56ec416377031af4354582d459abac88df5b06239e3fb4625466b478bbf67ac5f6f001e82fa58882

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

MD5 aea67f74122273037c235b6ed6795ebc
SHA1 bd47c8a5e54803942184640423903b9271eb2dfb
SHA256 e05d54ccbc06a2e873d242a6a9c82170a8e248446f6a98ad6e803e1ce10b587a
SHA512 34a06904617266265f9e1bea44bb940f9aab427219083d088ab1b616d3f93d29f59fea5e8c220654ae356c243fd37a86ad6b9f6047dd8eb52142523a5e8ca9d0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 3ddb0688e4762d90e1565366ab80ab26
SHA1 35963f12ab2d9d8aac8f2501e6d621abc9d54053
SHA256 d1d2e5ee515d9598620d6e20aa2f4101a3169f58a67d03d67a092cb79796ec07
SHA512 e21761010b33194b6ea3eb9196a97d2e47d1baa257f9598225c639f6126b42b6c640988a1491bd8d8217f66ffa3fb12c4a57f65dfb21c8a64111007b16bf608c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000035

MD5 12a77e39ae534747c26b95bbd2f7bf0a
SHA1 ca24ddb53251ae9e7d3d8488c47330c8258c5784
SHA256 7192b71b6ac93ea4c43285c16e140c889ec3088a72ef89467f132f7922ded9c1
SHA512 0adb2f9b600bc5c9d35a38c0223a06287022d7721032d38fb1db69cc42a018910f36715dd03b33eb36b8a13541b1d437accec692d178cab93a7d9298f266279c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 87ab95f78421e30aa062536c6462ed47
SHA1 e01bdbe19f36919402ca848c760b66d5874f8603
SHA256 e355f9187bc508443d6387fd41f20fdae4c3807e389220cfb2dd33a4a3709871
SHA512 a95f0b943bc3af2d7b298a8906ad0ec46b2e5da6fdaa68c6df817dedb8752798d50b2f37c1a4bd028ba42f1c2bdf9294c42463d1c145f914b89ee972f4cf0728

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 394f31f6e9356e9b5ea94575f7244a28
SHA1 7e2b74f0cc5b9b7d4bb0aeba45988e794a338c39
SHA256 18b51f8517a1a29d97c927545a01d942f98a9df0c92c2b253c0fed7e500aabad
SHA512 f8e952636ae9b9ed94cb15a8589536b2733a1f1ea618b453cb7963e9550078409174a251155ec2868013ce41c30e0a266d30576ed5f13fb8e757daacd3ec7cf8

memory/1492-840-0x000001F57C420000-0x000001F57C430000-memory.dmp

memory/1492-858-0x000001F57CC00000-0x000001F57CC10000-memory.dmp

memory/1492-877-0x000001F57CA90000-0x000001F57CA91000-memory.dmp

memory/1492-879-0x000001F57CF10000-0x000001F57CF12000-memory.dmp

memory/1492-881-0x000001F57D060000-0x000001F57D062000-memory.dmp

memory/1492-882-0x000001F57D0C0000-0x000001F57D0C2000-memory.dmp

memory/1048-908-0x00000242CBAB0000-0x00000242CBAB2000-memory.dmp

memory/1048-910-0x00000242CBAD0000-0x00000242CBAD2000-memory.dmp

memory/1048-912-0x00000242CBAF0000-0x00000242CBAF2000-memory.dmp

memory/1048-914-0x00000242CC270000-0x00000242CC272000-memory.dmp

memory/1048-916-0x00000242CC290000-0x00000242CC292000-memory.dmp

memory/1048-918-0x00000242CC2B0000-0x00000242CC2B2000-memory.dmp

memory/1048-923-0x00000242CCA50000-0x00000242CCA52000-memory.dmp

memory/1048-925-0x00000242CCA80000-0x00000242CCA82000-memory.dmp

memory/1048-928-0x00000242CCAA0000-0x00000242CCAA2000-memory.dmp

memory/1492-943-0x000001F504E20000-0x000001F504E21000-memory.dmp

memory/1492-944-0x000001F504E40000-0x000001F504E41000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\ZZQG9C5Z\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 049328a0c62b9bd6fff9fa46de18bcac
SHA1 2e4a5b376e8a593afaebb285efc4302ed334020e
SHA256 8abfe5a30492c448dc3b03cf4d6e0048de1d288e892e6f64bdc876dddafdfede
SHA512 71a2be63e1d36be5ca3ddeb1095df3cfc0b7b6fc2564f62d5a9a110f340d27ac556d04f6ef571d4f5ab4c26b27cff382c9fb71821e4427bb1a5b7b25956e51ac

memory/1492-983-0x000001F505450000-0x000001F505452000-memory.dmp

memory/1492-986-0x000001F504EF0000-0x000001F504EF1000-memory.dmp

memory/1492-990-0x000001F57C6E0000-0x000001F57C6E1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0953c4e725c2f896546e3066a426a6e9
SHA1 76475643560428b942bc576fb1bb2822c86e99cb
SHA256 15b414970db7ce7f132549d22b00079c6c05a6a9f3dfbf54e3c68394ca7b1ab0
SHA512 5676454ee2fe37019a507bf8ec35804d22321fd416564d54555a1a339fac32c9b2150a5c119d41d068a8a1d64b756f8c028b09827040695f1fbcb0f89c2a8188

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 ce81a00088f6e8c52a2a47a321565453
SHA1 133d63ccf0ed92cb50ee544a7e93e45c4372d4a0
SHA256 c639acbbc2459b491a1ee34dd0a617fa9dcfb753296bb69f78726f84d848a774
SHA512 071dcdf03db83bcd29023d416f238ac038032f7cf669b86705c666dd00c1520d2f3fd8c98e521dd68b82151e4699780b279d110a0d954d3aa0b2bfeb4e07e36a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4710f46974560fdd0cfbff9836b4072c
SHA1 74b55a62b32bba636dcec453ada6d453cd209e80
SHA256 216ac5b0c6788bb76a2383359f60434e4c1e7864ec843e1e3d54842e0a167fa4
SHA512 dc3bae8309612f46c391030bae95836d8df849191b5defeeafac710d1adc88423d00f711f1010588331ba5a5fd892dcaf23c68f26385fc4e235c78b7dc784853

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log

MD5 df50c70ffa70f138753d0fb1bb7eb4cf
SHA1 b00b11ddec7e0efe7ffc3954f7d5970ba46c66be
SHA256 f41165d2e2018fa1194649b19a48be97d0a3decfbf0b6a53746b93e295d49765
SHA512 5e6ff283a44ddc447e5122e4f5cce4ae473c5baa929006569680038b7d915668c7a0de01cd1c38283c0ce98b5e03057ede29d6da2b19cd543c4ae64c2b88f9c0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d2d716c78bf9798aa536ce9f310e93c6
SHA1 fba826ec27b78bfd46c277b3b172733bce6ca52d
SHA256 273f06ac0aa020811dc73f2afcd4bd61ad92e4187f2fd7d2b3ff41e73eb3467d
SHA512 bb68ca2343978db4e2caeedadc48a1dfa9239b2bda1c76e8256db48d55b1327f6f0cec3f2f4dce24e482f08b45995565692aa33a9dd8a981c105aa073ef24512

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 01f0a30f57ef9fd759277e1a7819226f
SHA1 24898969ebb113a24f570a7a180b8c083742120a
SHA256 5be125ff4ac94173313ea9edb92e75394c1178be1a31231dcc9ef99cdcab30c1
SHA512 df9b45bab1348e6ccc4674260309fcaa058d8f1ef6878799a819f849e7912c9626fb3615b8cad93528136e69a215c566e81c6156b485ce31bcf4c7b487b3827e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1d85cd1e35a668ce94ba5c53a148dd52
SHA1 d357a52fa533e97bf5575bba058bc0db65e0c944
SHA256 9815257319e0a855b1dfcd1bbe4c17f76e7049594185f1a3053e6e37752f37aa
SHA512 ef5e667c241654e5dafa89359a6769224740673fd79cf711af3ac32bbd95829d25d6b559b7b30d0dd0cf5884903117c6fe6f5934a9b88983d6823135c6fc8db1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 5bc9d40c07b16f7092c9fddb99cb4eca
SHA1 b2230b1a8b13e8b9dab1a0e13c23bd2abdcfde68
SHA256 363a6377e259e467555ac4f5a745813f726bfd9b7d535e9d84df465e6cc82882
SHA512 efb2cb7b2c7db23e84d3e0dd49105a1da5fc136064da5d370c06200b62e3ea91e2b3ec85b85abcc73312cf99481b1cfa846752d3616bbea6329210bcf72de5b3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ee8389b6fd8c9013ae6efae55da6f8f9
SHA1 6070514d4798e86a830178377626741c52d35031
SHA256 5d72b1a63aff057b9e1a599f9ab84234c2ff0e7aa592c726899e1f0878b6a86a
SHA512 f032246bf9254372188b9c4df1ae17afba6d2d013693cab8ea371a563ddc5fc65bbf72d08c0537a50e8c43eeb7123894165e0243ad7fae53e2fc0bac9d8b8dbf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

MD5 d0f413756d2181cfaaa5d7cb5fbbae89
SHA1 f461ea2aa4606da8a269010bbb6d2d09855c0fd1
SHA256 fb6f0cd7862f681872a57c2b3495e05d1abaea6f87116671a1fa0e88e59a2d53
SHA512 672aca39f16b62a5c0f4ba9888f5706f948af60891802a75bdae5ddb7036917227abca7a5df4b085ac9b5641849e6bc88e7782c7b2ef83ec13e65ca265950cf2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

MD5 f71b0894d35d9dffdcc3db2be42fa0df
SHA1 abfcb6ffe0b38228fcf03fcfd01e5ae7d363d9af
SHA256 bc12e3374035e04abc80bec91a6abccbc6f736c3f91ec29fcc5b715fb1b3dfd2
SHA512 bfb99588b5a33da1d78a2b79d0734029cf16cc85cba2c353361fd1187ea4fe3ad9baf250548edd96980ae07167a1026fae106c2f0fee8792d36479aa3b3350ef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

MD5 36fe1a732c58b0925c88e9f5516a5783
SHA1 5c442ceeefb55696f32e57c79899ddf6385f5643
SHA256 257a3b8ba1825a852b21df00c49e77d09fdcbcab5a24c92f671ac004f770b0e9
SHA512 f44dfb9e71ef980dacc6e0d8a3231ffb412eafeb734502bbc11fb919ed6e3ce944f21d97918cf50c52aa049a6306c501167940d2edf941084d81be6a76216c8f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

MD5 117a24f8df93cb18f513ca58d426ad41
SHA1 cfc25336c98be31856a0d4a064c9119033a95ea8
SHA256 6914dd9ba2bdc56c2dc31ffa487b61b71240d238445d99d1cfd1ff395dc0692d
SHA512 406bfcf17969f06e17dab79005db344ea3bf6bfde4a0891fd4314aebf7e0f21e49364a7c4c3a160908b9f5d2dba6c93ed481ce32139cb7d17540f0eb84aa8285

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

MD5 6d81cd0d857a5d1728e08c77b9b0ae22
SHA1 3cc0e10ffa948e94df63f20a66f5190224c57d07
SHA256 703521ee76a6b56c41ea6bec08e91e25e64705acfce7abfc2ff9e75c3d92b2b4
SHA512 9d0cea67338db2e97b58f30e25c702aaeaa41ea0f480a5b2b0c8e9d2935e4ae65c10b1186507a5bcd86540c6b333b5856fe0902146e1a9ce57cd4ed0eb67d959

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old

MD5 478d97b768b29f8eb064d6d17f803bcc
SHA1 d6b9e6b8b80498007169b6186291f25f1ca8eb36
SHA256 cb1801235d01af91549e147486275dd20f33370b1ba8c7ab1586bc943ac8bda0
SHA512 52f3dcf7016947ddf3fbdaeb1b6d472cafc2802aa0d8cf425c90ddff47492a4f1b23c5f1e353df741359343ea7b5d85de095c46257dc2b79febed5416746f675

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old~RFe5962b8.TMP

MD5 94d8096e3faebb8b77307f89c5afcb98
SHA1 66be5efd901a63004501bfa6d66f02cae571a8dd
SHA256 dae63e6c7a031f63f96d9e8a5b7243ace7ddaa4c24c552996d912b6b30a81f2a
SHA512 24ceb27eccedd9288983f333fc1ee28503299ac91ebcd94df51751d67d9e7c785e425b77fd425db70b56b46c2fe4712ebeddf3eed739f09a2a3b8a51b3460062

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF56DB5C4182F4F4B2.TMP

MD5 043b76d7dd663f79b5dd75c375505d5c
SHA1 9a818d28b0c294dc8b39fdae67acfbd88e5a9755
SHA256 64adb17cc07d3eea5dd1a35ff270d9483ccb47733560fed4035a499f125778db
SHA512 2f2104d21b8a21b8bb78a463c5cbc86230020828cf7d7f78111cc97c14c021943d0f1061a3e90a38c58cd80bf8e52d65b4c7e5f2360a4b971a33b22ce41acb66

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

MD5 aef13a646c7327cbd4a6d3bcebb034db
SHA1 7d9ee720386efcddc69c6d6f810732f5debfd067
SHA256 e22cf8b805411472bc63a30289ad2fddf603a0d4fb1f7ad6ba5a72511da75412
SHA512 ded8aad01610fd13228905f618dc5f6954fc4a175f4ddafb681bb504b1990d75b6c00d55907f8b25ee8aefbe35fbcd3966dd5de8d69351c83bc725ff554416b7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 780682a03f79a631b2730a416a3b0f46
SHA1 730ee18c293d0e3714414434126ae32e95915318
SHA256 a7c4de462231b3d330f4ca5bacc9b967b4d31b3e3ed76782f2b37e336abede0e
SHA512 9dd55fb7ae90c7abc7ebf0a823a1525caeeadc57133d062494de4d86ef7fabe6db2225f3148e6c0dd7d72835fddee009047deb62b90adf2792322b63b9078290

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 15a92207084e0a9f0a0ac6789b411789
SHA1 213fefcafe2ba3a43802bf44b2c7d59a715124cf
SHA256 8814c0cf9481203e955b136dc6e972bbae7b92665a449ef6ceef272c8f7409bd
SHA512 cc217141ba38203743f8b1b70e9bdd80dfcd026303187d23d54611b95ec38f9c4c94474184d1a118eadbed8baf13fbf6cb5e3c8a3a1b66fb1edd4dd827a48fc4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 40c4fe8adf7e930f8fd7f15c7c7b7126
SHA1 b1927ef111dedc4b5cb9643955c8ab2f64c992f2
SHA256 5e37489adf4b32b55bf95498a62660cb4a2698e88a273966251c76448a3cac50
SHA512 ecf163054f6942b79c0b01b4da62ff52296b14d8a0c31e5656083f8549b979294483e132b35f2cd2e0288518af538709b1fa1717f6c2f09da14a389efc60444e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 56ea84b3d96b34cdc7c2324eb6523ad6
SHA1 7d2cd76b4db9c13feba1abe76385434d089460a7
SHA256 2e2b4df43fcb5843e4e44f7a572c0404140163718682f458202604578df04cb8
SHA512 7e56e966f0e4cbfba1e7a9e3adce0942b85e309c6152f05b8fd046982d15b2bd576eea4f0cd20505772235896552f613b00a0838156cff088cf3dc514db4447f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f09283a29dc235267f279d154305d67d
SHA1 1f251f30c0105a27bf215bd855f33c0f5f9993c7
SHA256 505ce2e745cba1604201c185e7126dff2945399719e99b009e2a6b9a9ade8528
SHA512 cd1cfaee7ec0acde9f3029bf555bc0d6bb0fbef1a7f01ae8de2e363b66b4aa955d581c724eaf9eb334de74c1585908c5c40085205e3eea3b5fa4007d961acf05

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 68d54f4b6936cae4c1b3df51b58fd6ee
SHA1 a25114f60ab0a7e5c09ad4d7d58f18278897a524
SHA256 927805449f71d46152c16c4404278b3f98d3319d5fb71fc391fe79b3a7e0a035
SHA512 51e1f65a6cae05ea0a94dcf3fa6ccfce36e3ba900e66282ca1e7e0c90bbe94a8a95819f56a01a3b3a04751f7d89b1a6702894c4367cc47831464de042e6cfbc1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000003.log

MD5 84ae84764f0e611cc58ae5f5b1da9de3
SHA1 25a4c17c6fa4a0db5e8fa5bf839908c1debf3276
SHA256 15a393fb28bf1185c18688a3a50aa311d61a3c3e7af05d3e8fe8cdb618483adb
SHA512 2eeaa8e0df66654a0067b953d7541ad19892f659645035d94ac0b138c97a99bea408633b3edf6afbec1d9f43b0a6418f0cd00c775a46b8111d744f7c979a3fc5

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\XBVZS24H\en.softonic[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9eeea8701cb06777d968f394f15537c9
SHA1 91c264307bcd87da41aeab0788750eb1f107c8d5
SHA256 cd2682692286a49e4007de7b57a2f71efcce111aff88aeef999af7596029d4f5
SHA512 299242a144dd1e44c84d04becdfc4cca7141b42655f080d7df9dbe716bdc05bdd69938960e6ed2dcd2b6110cd93526e14386b9c3c8bafb8283bc86c5eaa0218e

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\CWYI0L0M\js[2].js

MD5 6bf6f97060dfb77c766ac73a4e811808
SHA1 f6f268417732bd560308cb362e418257304dd6d0
SHA256 cf9a8e9f4b4e3875792f3ed17af8d0b8eccee3525cf605f32ad47efc0e092a37
SHA512 ddf2394af8e8a607cceebad0a7e21ec3342a0c906ba863e6cdcbb06eed9eb65c9d74d7e78f51ec6fb895e4e207207f48ba3e94754b62c4843e3e17627ded7528

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\JT6UB71Z\c6a73-91dde[1].png

MD5 91dde5a34a64a36d8de82112d86249b7
SHA1 a62281335242dee49863f3d2ab7bdce82453dd32
SHA256 673b00e2d93145a1a38ba186d0d5035f3539c0a91b83518624501acb5d41d229
SHA512 3efd740b9c2d05c3ebbd51c000c3271a2f634d39e1bca60871fc31fd49b702e57395d8dd32792786813c9c254152524c692a026d5dc82c8a17a896aa69f12751

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\158114f9d1ce4e0c_0

MD5 a6e02fa887514688e539b8810387dbf4
SHA1 bcf876afb75c0b14e19a804ef8ee426e7c21cc54
SHA256 cd48961e4cbcef80b14794385c0312c7962403fef4258480501fe06ac2d6ed3c
SHA512 be8ea5b81756d0b6a38abc210762b55bbede29a89618f47d4ba69639be69d548f876a74f84b7b7fdd905279a10f5fd0dc646abba9bfe313ca5f1dfbcf66f27c8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1ce78c4ae943e04f_0

MD5 26fc32febdcf08bf31e4e1f4892105c6
SHA1 09fd84deb86540cba61e92e34658a85a37b10b79
SHA256 0356fa16e82c1868ef1b35d3ab035613188f493c588c944558fd0cb732301987
SHA512 6b00b78f54a7a0f7f027953cf10c82b6bc247080674e1b6fd501e791a2cdd9c217ac9a13d2ac01195780bff2a25307cbf0cd4bc47ffbfb6383b1cfb30391e869

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e5e96ea3c49e140a_0

MD5 b15675e474306903313d83e0a258c364
SHA1 2dc05d17e085508e1cc3b381307dad50228f993f
SHA256 26528a0dc5d236a69259a4b32e96dfe802ca61798fc959ed9c27361e2b44d73a
SHA512 25649b3dd1607dc2b041c831bcb2f3d490761fc0908785dd547819281bdc99f4fa940b563bb41b1991d0b30d56ee91c6ebf30e70212750d506faf9d383a5944a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\bed326134b7faaec_0

MD5 f858b8f416f8cd6924684ac508667afb
SHA1 7bdea99cd3bef3cdda8177b5fa0f0eea7bd9911a
SHA256 fc3c2b58e061cd68e871e593cb3be2a01105dff332594ce9016560c8fd8e1e42
SHA512 f05f3f0e6d4a3c4ad73e9429970171605bb2090d7ac6eeef1b5ce155299f6450d5fd5a12a0bfd9b5a61975f6a1a525aa9bd3af116f582c6884be80de2aab9054

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 09e343514165c2a9887d724cba08a178
SHA1 ec3d6c01f0a9c7a04b8a6f7fd0b193f18f4c8542
SHA256 9501e29c50f0a84a82dbb69ef752551383ab0d103040937d8ab03abec836bc6f
SHA512 2672cea7b0e09761adb28ce922f7b7a0842201c51e69cbcdd69c36911e082f2280fedd72513c3cb893e19aac28d101bd0176b4fb8dd6564242afdfb03f087c28

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 30d00708718378c3be77271e10e5fd12
SHA1 83b083c4b97583e97cae402e7209950d6e0e0618
SHA256 12c900770d40abc1e7284e419e4dd0ace0390b9ff12fd677e96f743e8bb1ba15
SHA512 c27f61f67b3d22b2cda7bfa2004b50553a4016976b7f02e940a7da6d7131dc8edbd4d88c85bbfa7f0336b0e779e9968b45492c59051003f16907a608dc8e0f37

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 dfa6f284e64ecb2c19c7b2a7cec08c42
SHA1 e12f8acab3046965c742fbb014f122ecd86b89d1
SHA256 bd4c00eb98001e05a622ffed4f553bdecd7d98f19a706f82d7c74526bd976c59
SHA512 97abb7d68777fa209cb8e5a61e734e06e36108e6895e8b58c59cde4101c719a303299bb877db33855773345659a972b6b23acee389d04517c445b07f920a5d46

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 da659d3aafcaa5edddd01644516d93cd
SHA1 39cc3e14b71fb98b61271da545ca88044f881da7
SHA256 7fb0b7055b011445ed55bcd8fa4a761316f889de36ac9c43c4bbc5f68d2a1611
SHA512 b0cf6baf190d905104050cc685ab2803735f6985d0ca7b3b97abacd4e84a61841ea50f41d03c4acc63de31b2e5205a0be27999c6605d44a051d98951e27ee1cc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ee162afa2305b738b230240df95a41df
SHA1 5d8df980dd0f29698994b17e78059844bd64baff
SHA256 3d1cec4126be1562976cf5a715444c39d982d2c66518626c4d0990d799d77ba8
SHA512 a196ee3bbf5672a388beb9101525577236b69e25dd1d47dbfbd356b7000ae1cecf4dd6804a913d9131aa3a1d5af37bbf82b979c9109cf5de18c3cc1236b44605

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 91d81c54de67b6b8574fb59e789e8147
SHA1 b44d6d9ef858a99be150c5af7af021bd55ab52f6
SHA256 c70fffb2751576706b3485a4459e319abc6670e76c913258d4eb80cd86980d9d
SHA512 14446a87c49572d7a8153effbd8ad56bf0d0de7272eb8945aec1ba3a6d8f6128459445621f35cb32e3c8555a4213b3d4a6e6ee2b136349c5dfd09a8ecea32ced

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ed65b39bf4c5fcfef700089a8baf7d14
SHA1 16b0714670ad9fe223df8b6abcab0d7b6ce5b27f
SHA256 bc4cdadd01bf6c8a575c426edc6caa5763d71fee184807e36453e03f7fa82607
SHA512 264d36aec503552c7aacfe16524e83db21b97388c040b34a4b2753c33dca7424550e0a2d5d990d18df5181a050612ab253fd8c53562ab165781cc2da66819e88

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 fdf31b987d1031b2843876267ed1589e
SHA1 1c11ee98eb9440a78d52b072183d9b7ba315e98c
SHA256 bfe3e4755216ecfe54607091951febf5e9a3e1208f0e928d2c0a2ded08ad7a2e
SHA512 37f27c194285127189ebe1fb9550e37987995567a9ff3d3c15fe127e45e38e79f74074e377f6b1f9194fd20f692ce533947c22eec38396372cda8e352a9a1d9b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b4f1d90b1dc3dd16326b3d4dcad30168
SHA1 4067199b47a9a6e565fbee7ae3fc38ae5967b169
SHA256 d0cc5c5c143d83fe6c367de04050c1f47722701f5b8f1feec89f6c3991c17b03
SHA512 736a1db6f199df6c7b9e57a346df9b0ebee99331171fb43e0196cea17ead9be94ab26e07e66bbe573b4f108ca08c9f384bdc4135d55b1c590440aca1ea85b9fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3ed26ddb87d9be27f544537a16d43528
SHA1 e005e6a90fd0741377743e3337913a5d7debc4af
SHA256 6447d46b0fe146396d59294835eadd140d05f6e8868f0c5bd59f572fb0d72355
SHA512 f56ff3201cefa26ff729c2d15d10172b138e5b9dab8fba274ea6743c7309c39ef77080fadf65079aad1c98217b61654420d4dbfc1a8a9b2bd03b767136336588

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 fdbdf2f621550bfd7a0494ab32923858
SHA1 03bd1cfa42e318580a608edb7287352e1931a02f
SHA256 8df11f0bf5a6d195c87d78f18dba35c2b5d4a2fcb9d14398e13fc94639a9d666
SHA512 6eeb354e4fb85790f1ec326dd8065d192e3301c74750db9bd3de0b6a1a21f162757528c84bdbce8f627412b830a1e709d66cb91f77c5247546000d2f499fa446

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0a6f76f299af3d8c05fa971d20565d7e
SHA1 f7575356dc9062a1b6a852006de318bca789f819
SHA256 be2c9c9cb3561c64443362bdba0a0c64822fa5f8fab3b2f10d8da27480ec9200
SHA512 37dc3ef0ff7f112d88ad9bcfb2858e8890fce8e37e203b97c42e74e3a343d9c82ddf578afcf27ab5205b5cf3e3bd7c377a247e0766f22a8087bde5866b3ef9ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\cd584ae6ca54020f_0

MD5 022988fe6ac88448476b1cde17393267
SHA1 ee18bf300012cc5d9d36b403899785deeae69b97
SHA256 0ff02dca8bc524963ca91d2385739bf9720eea490eff99c1522b75e3c859dc2c
SHA512 91454d8a03223345c4cfa79317e374c937a329e4c7c8c8bd97b1c653dee78a4776f6fd23eb4abf5929d27813de0418253735ec9169359f5cc8ba09da8aa2abb0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d25634bfa63deac3_0

MD5 58bb7d53b3dfab657a6fb79534555096
SHA1 b31d8b246055bf997c7db0621ade86aa4f3b2106
SHA256 6e284f09af08e2683cf7dec8c540c0d95b169b5567864e147dc33b012495da0d
SHA512 bbd448fb5198042ece861528a1d69931d60553691c8fc174fa0697d8891b98ad7fbbd27d2bd62ea9fc09bcd4fca4593536a08a98e77f73e9c2badc9915ab02fc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\515e294342bfd543_0

MD5 52a5d815a23361f7e5c34ee5a77137ca
SHA1 28a51f034692a4ea682f370e312c7bf9051d8783
SHA256 4481cc8efb236272417840499802da35417f9d33f3d105ca2c63a1059c096b46
SHA512 352b4e0f2e623d2fdbb34a842b8af7d6dd42b8eaa6623bb07ab52e379e38a7592020d3f21dbf7d6958f0bd8f4dcd7c43db1f60b34d250e2cfd09031774f8188f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4f23f123be0d5010f3d7dcb0af3f7b56
SHA1 ba08ea9985f1f88c6430e6e55260e6e8c04c7b63
SHA256 d6191581caf6c89102f1e4f8549f38a0105bb656c91462e5663c8a5c2510e087
SHA512 581267614e4507fe7b882b09db0c8846bed6d05adc2e40bcb8549012412e3134d3951d3e8d1a6f7f103e4b6a4eb6e37aa6fb90bdff39514743bda0ed7c4cac53

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old

MD5 d3b0f9b595c0b0b9dced4ce70180ef4d
SHA1 a4ff4ee910e3736d34e6ecc301476ddfcf0914fb
SHA256 908043118405be84a3b2c9aaa6d405f34bbc65aea7f8e01142efe0d631c4c715
SHA512 6e30c7c656f9339e04930412ff6528392858f51f2fbd95bd69ec120ae388ac00b4a6e1628d401ef0aafc7f519e0e11c5a8f30688f55bb39af1d87522351bb3ce

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 d9f80d91ee1367b5f6dee2d8f1e60617
SHA1 d72b86ac2cbf8e24b5b1380ecf159528a9002774
SHA256 597523385997131baccd12e3bce7e7d732c190eb85ec50519f4635093b1f0545
SHA512 72ffcd639d09d089e9927cca79a67107975d44fa51a17c7c194808db790a31db50a3ba0444628bf82a47884564f4ad00f66f4a53a11c642c899d726773b2f884

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 8d20fae2c24010c9e64b9b9d43110f91
SHA1 96f988750d702b3acc76e8834a91a865a4bebb1f
SHA256 e7a794d8cfbf79e1f64aefdc5e6db29cf265ae468f008f37fb99eb58e0fbc61d
SHA512 7a7b21cb94e71693d887b8a9a8a515d315863b0c9726f657b36b0f666d07eaf75b4c928bde1ea6f6e0829a50a3eec9d16578d1bf270980aa8f973e79a7c3490a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\00ef36e8-ebce-4d26-a2e2-b7da5e072faa\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 dd0c58125f79919c6732749fdb6eb372
SHA1 1f792d4ef677ab5c842c886d27f63c43a6f8295b
SHA256 7705a99ee80a84da17a98c18e0d97940810ce945e18a238276929eacf4ad3580
SHA512 c13acc75c106543dd03c5400a25113a7a91ab2fbfa972540577c32eb306d42bf6ee5bc83718fc0bf1d8dfc3ad833f8709367f8cdb5fa35b5c48d7b534c9e6594

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0dc9f0c170992680fdf19f88ace5c0f0
SHA1 c99af60a7e7545a0aedfa4e830edc5ba02459018
SHA256 a0c2b1905c246b4c2f35e304bea2e32e0d03b161f80e4360adccb23bfddf3335
SHA512 653f1a9e2f1c280ef80cb98ddcab981328d79773be81b2bba10dccf35aaea47e923694f8bd94d7bd4c009154c05deec7df65a39f9e3e05bc590c119b6823543d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 f0c06ed35a4668fc7734361be6921826
SHA1 6ab629d69e5d91f0090ea6aa926ba44e0f9f3b5f
SHA256 5196475d27d4f52b2d12305841d8aa9696bb78139bb905cafb9b9fff5e98bbd3
SHA512 da0db6008ec8b10f3281593ec9c281336a6727c713bce65ab059748b4c5ef6eae8565794fc42f2425212a7014983ca4e65dba26bc0cbbbe344d594a8e8b4c4c8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cb1e8160e6be0ea79f8f3429661086e5
SHA1 cdb889ad66acb78945aed07e3c067cf0c05a46dc
SHA256 713aa9c3d3d766ac3f2440b2bfb3f41e870ddef3374e05017c13d1aeeae6524b
SHA512 9c5c6a84f46d588a587167215a35977adcbb12785bc7c9b534f5c4d2c9293d093b4f9a98a20e311ec589d81fcf6bb8592937d0367b71c0f61fe828b6eb3a5061

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6FGHNCOX\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 e7cf576c4d856d9fd2abfbe550be38fb
SHA1 126721c2a913ad361442b0a1c88e0da0e2b7c286
SHA256 1282c84d0de6f39e588a8d7a44096436f4f6f2ec187d8d20083ddd4638a12310
SHA512 a5c6d2ed9107fcef31d01a78d441da5a984d44eb0d1160b659e4dfd65ca6b1a222944459e57d638c707cff7c298b816ed87fa479083cf535861bc711667651c0

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

MD5 03367e347ccce0a47f075d604f57661e
SHA1 9dc562d4b55d64817109fb93abc9edc448962bcb
SHA256 381e23e80f00bc844e44f53c2a88fd0039ce9e2ee8edee357cdc4de6890af94e
SHA512 a8fbdb8545d0fd0d6b594e4f3f31f10e24713182f735aeee5b87e147dbbf8322c24f5e6b39449f6093bd539d11d94501d605ec82c0a1ad1f7b71f01c0beb1231

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

MD5 ccc8e24ca3e52af407d98bd3de95e7c8
SHA1 6b77deda9d6c7fcbfae054448d6a327929c1902f
SHA256 d53f89ee462d0f7679664191403d8715ba7358bffe711de87e83257810bd5fb8
SHA512 88aee8daa4fbddfa3a7aaff3bce49dcac2b80ba7a7bc1c0eef7b008175d14c0e380f7e6fbe8d1398d08933de27ff52e57853a244cbce063cb245b233c7dbc7b6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5a0cefa8e467ba3dc46795d95d44f60c
SHA1 23f1540a754c0851020bb83edb5df0dd3d1f5951
SHA256 8e6f56a8f2ce6e50cb128045423551835c5766a35df7aa4c1c76199e45bec8fd
SHA512 818e8a8fa6eaad81dc2006a85c526c195b8ff073a82e8364ff676087534be9db30b679fdc6ab5392c98ad2625b4329a286d981dcb8cfd67884f97ec9a745f9ec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cdd15872ee2d5eefbcf02829ef4428e9
SHA1 f50bbfe34c1e77ac352dcfdf56384d87f8914798
SHA256 bf4cff94a561830df9493c07c1412d34fb88736c49ff3f7bd1ccd407f967123b
SHA512 00e7f5bfdf795a11b23ba8382bf10b9df3f7adb618b419732df2ab02a677f7a745d45f0a7e92dc8661dbf3616d584d6b0cc22387b116debc8fcdb70c07edcb38

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7ea028f02cd0e22d05b17421103aca9c
SHA1 3e84758d0e91b97135d6edfa84815ee7ae091881
SHA256 30da578b2f3bcf0eadfea1aba637d650dab8c14c9145d7de4f5e5fa5af82e7d5
SHA512 a9f8587d6366e5ae8dfc67616b55d8545262913fd1561e8781f8d30714576ec7c7ff29951c62b7f2cc7f9139fed711f3ab7942c6f715c3dfb555746433874480

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\B1655L9N\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c8ba58b3ee9d50564f7cf3d1bd3cf01b
SHA1 ed6f2fe4c4ce2f29d61074fcc881995e7ef582ba
SHA256 8081b0bb4ce2b8cbea3516442c28edc3539a43795966bb9d0736cbf42784187b
SHA512 2d01b384fb81b0cb21b6291eca49e0b50a2d2b2c1b91ac3024876ec66987e41070a4f80c8866c45ceab3f9fb2174d11212bf218d5de6b6cdfa9a11f3ee7fc18b

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\L7V276SL\www.vice[1].xml

MD5 7725ea6cd44d2909d60df5612f858c8f
SHA1 8c6dec17ce24326b15141c318dbeb133b755c981
SHA256 3f3b2a1d3b56cee6ff5313784006fa33f0d8623adef642f3d709bc04d6deeac6
SHA512 55529de9399819cc1aded5ab4e47a5b3373cc1b68c344cdf3ea3ba44da0f60d63ef8d32af30a3bfe54d0f6dd24137096d29792385c1bcb32fcef030921f4f0c9

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\JT6UB71Z\coast-228x228[1].png

MD5 b17926bfca4f7d534be63b7b48aa8d44
SHA1 baa8dbac0587dccdd18516fa7ed789f886c42114
SHA256 885cf4c748081f6e569c4c5432249084eded544d55f7c85cf47ec1aebe6bdcd6
SHA512 a99269cc3c0af6a291e5373c4e488eaa3900e66bc3342933da3a18caff5401a4408aa1cb4463fac649c3cc5d88773f789fb120e292ed956188f1f5eda8ca7633

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8GX1FX0U\f[1].txt

MD5 af94232d501a9f66882966bfcca63e97
SHA1 d89265fd538e7a6c86515b40439ed2a604480558
SHA256 55220495fd8098bc63335cabf84f98d9a6da0e18722362a34e36f9be0096e4ca
SHA512 e2c5db65955456833bdc53653b03533d00edf55e98ba89e90c1cd93d0f406197d7127d066692fd2a5da3869c0659810c71ade2a104cd1961e1fede4c98d0069e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 eedeed9876a9eeaadb9b8ba626ab0015
SHA1 978776738b56ad01b84233c16626260c950cb212
SHA256 7734302e804cc9b485f45f7ddc98b31711d27ea33f6422ad6a9f98547d53a979
SHA512 fcbac95f2883dac93de6a24e29212bd4797dfc6765026d7bf59c0a136a1dc759e498ee748a8128d6231403a6fe04cd1df00620d596fd7a9a782f1b752811bef6

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8GX1FX0U\embed[1].js

MD5 2d7da02c551158ff6f91de3289efad7f
SHA1 c2a0c8415c36a2e71f80a0eb2f4aac83908e261b
SHA256 9e89a92b0ee6959fc76460b414049e3bd12fbe00b119e5a6bdc51faf9f37a9cc
SHA512 b40671fa1e2486539f6846384a5361e83c466ca9b59d0d331fd546ffd224acbe045baed07b0a61e5096e42e98464e35e1b34f62720e3a6f3e8587fe4a811e880

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\QVYJTL8Z\channels[1].js

MD5 78bb8775868abec561b1a3f18d682f65
SHA1 96be69af2a2189e70bc49636e34e4babff3ea016
SHA256 5e4fe417a7f4ec6f7d890d8858d170f05955cb4df3d5128a62610eace99451a6
SHA512 846be49a0f8053b0ee5ec1c1cdd50a344a07fc778caa6a0bc610239775a678ff981293da00eddd72a1f89b6e24154874f44d6a99dffaff3d0919d5967d3f796a

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VQQO0343\scevent.min[1].js

MD5 23ee68cb3f8beba5b89757bd62e74ecd
SHA1 e26d77a70bdc288d95ab5c58d9b4a61ccd99ec95
SHA256 808dd8595893da8dbd66a3357ae3a86a33a927e0ce91703b9d2260272e95e0f5
SHA512 26050304d04eeee8e74f1ad708a737cc83234130e310486b55fc9869a288944b7a4afb4ee85b7dfab927805d1183613b72c863ef13d6e600354a11ab0a65bb02

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\0FQZCJPO\tr.snapchat[1].xml

MD5 70a51c07be85861e8bbfee311f6aaa05
SHA1 c9652e21b7a0f2049cb407795cc3f0936028c5d5
SHA256 711aa80178697f5f2bdd8006b40cdde48150863f34e8f178b0737da0e545eb1a
SHA512 035390076c890de4b446499caf167bb9eb6826802ca86e39cddd115938232ab834f7ec16a2e0a4c19ac1672144cd8b12df7043efb94ed8894678262fc68e695b

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\QVYJTL8Z\cx[1].js

MD5 5fcc59137a3ad79ece3b8d70155be895
SHA1 a302ed4aac376c99d09ffff29a8343d693266d37
SHA256 a800fde51ec9a5181e3171e21f3fc5d30dcd5c7498391f4250a3b3ca6dc29fe6
SHA512 da4e28c471975794836f70e2c27685ccc885d2af611714b3cae2642f74f8c7e508495d2331f2e3f0793748c32b2a41cfa6231e3b7154fb36bb564944c367d7aa

Analysis: behavioral2

Detonation Overview

Submitted

2023-04-11 14:43

Reported

2023-04-11 15:14

Platform

win7-20230220-en

Max time kernel

1187s

Max time network

1729s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\.js

Signatures

Downloads MZ/PE file

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\NRVP.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Windows\CurrentVersion\Run C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Legitimate hosting services abused for malware hosting/C2

Enumerates physical storage devices

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\Downloads\NRVP.exe

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3F4F8D51-D88A-11ED-8645-C29C0423A1DF} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SysWOW64\mshta.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\MINIE C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 668 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 2016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 2016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 2016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 2016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 2016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 2016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 2016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 2016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 2016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 2016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 2016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 2016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 2016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 2016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 2016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 2016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 2016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 2016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 2016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\.js

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fefaef9758,0x7fefaef9768,0x7fefaef9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1288,i,11834396318156004596,6016270183588041901,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1436 --field-trial-handle=1288,i,11834396318156004596,6016270183588041901,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1616 --field-trial-handle=1288,i,11834396318156004596,6016270183588041901,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2212 --field-trial-handle=1288,i,11834396318156004596,6016270183588041901,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2188 --field-trial-handle=1288,i,11834396318156004596,6016270183588041901,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1464 --field-trial-handle=1288,i,11834396318156004596,6016270183588041901,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2440 --field-trial-handle=1288,i,11834396318156004596,6016270183588041901,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3872 --field-trial-handle=1288,i,11834396318156004596,6016270183588041901,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3756 --field-trial-handle=1288,i,11834396318156004596,6016270183588041901,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3972 --field-trial-handle=1288,i,11834396318156004596,6016270183588041901,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2808 --field-trial-handle=1288,i,11834396318156004596,6016270183588041901,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=984 --field-trial-handle=1288,i,11834396318156004596,6016270183588041901,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3552 --field-trial-handle=1288,i,11834396318156004596,6016270183588041901,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3368 --field-trial-handle=1288,i,11834396318156004596,6016270183588041901,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4768 --field-trial-handle=1288,i,11834396318156004596,6016270183588041901,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3608 --field-trial-handle=1288,i,11834396318156004596,6016270183588041901,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3972 --field-trial-handle=1288,i,11834396318156004596,6016270183588041901,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4152 --field-trial-handle=1288,i,11834396318156004596,6016270183588041901,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4224 --field-trial-handle=1288,i,11834396318156004596,6016270183588041901,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4816 --field-trial-handle=1288,i,11834396318156004596,6016270183588041901,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3972 --field-trial-handle=1288,i,11834396318156004596,6016270183588041901,131072 /prefetch:8

C:\Users\Admin\Downloads\NRVP.exe

"C:\Users\Admin\Downloads\NRVP.exe"

C:\Windows\SysWOW64\mshta.exe

"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Local\Temp\NRVP865\.hta"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 1176 -s 956

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4384 --field-trial-handle=1288,i,11834396318156004596,6016270183588041901,131072 /prefetch:8

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2268 CREDAT:275457 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fefaef9758,0x7fefaef9768,0x7fefaef9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1168 --field-trial-handle=1392,i,1634934403325074245,2631222419506230176,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1600 --field-trial-handle=1392,i,1634934403325074245,2631222419506230176,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1536 --field-trial-handle=1392,i,1634934403325074245,2631222419506230176,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2264 --field-trial-handle=1392,i,1634934403325074245,2631222419506230176,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2276 --field-trial-handle=1392,i,1634934403325074245,2631222419506230176,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1500 --field-trial-handle=1392,i,1634934403325074245,2631222419506230176,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2476 --field-trial-handle=1392,i,1634934403325074245,2631222419506230176,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3824 --field-trial-handle=1392,i,1634934403325074245,2631222419506230176,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3848 --field-trial-handle=1392,i,1634934403325074245,2631222419506230176,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4036 --field-trial-handle=1392,i,1634934403325074245,2631222419506230176,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4020 --field-trial-handle=1392,i,1634934403325074245,2631222419506230176,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=904 --field-trial-handle=1392,i,1634934403325074245,2631222419506230176,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3488 --field-trial-handle=1392,i,1634934403325074245,2631222419506230176,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1308 --field-trial-handle=1392,i,1634934403325074245,2631222419506230176,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3388 --field-trial-handle=1392,i,1634934403325074245,2631222419506230176,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3996 --field-trial-handle=1392,i,1634934403325074245,2631222419506230176,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4232 --field-trial-handle=1392,i,1634934403325074245,2631222419506230176,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 apis.google.com udp
NL 172.217.168.206:443 apis.google.com tcp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.250.179.214:443 i.ytimg.com tcp
NL 142.250.179.214:443 i.ytimg.com tcp
NL 142.250.179.214:443 i.ytimg.com tcp
NL 172.217.168.206:443 apis.google.com udp
US 8.8.8.8:53 play.google.com udp
NL 142.250.179.206:443 play.google.com tcp
NL 142.250.179.206:443 play.google.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.208.98:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
NL 142.250.179.198:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
NL 216.58.214.10:443 jnn-pa.googleapis.com tcp
NL 216.58.214.10:443 jnn-pa.googleapis.com udp
GB 216.58.208.98:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com tcp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com tcp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com tcp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com tcp
US 8.8.8.8:53 github.com udp
IN 20.207.73.82:443 github.com tcp
IN 20.207.73.82:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 185.199.108.133:443 camo.githubusercontent.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
NL 142.251.36.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 collector.github.com udp
US 185.199.111.154:443 github.githubassets.com tcp
US 140.82.113.22:443 collector.github.com tcp
US 8.8.8.8:53 api.github.com udp
IN 20.207.73.85:443 api.github.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 id.google.com udp
NL 172.217.168.227:443 id.google.com tcp
NL 142.250.179.214:443 i.ytimg.com udp
GB 216.58.208.98:443 googleads.g.doubleclick.net udp
NL 142.250.179.198:443 static.doubleclick.net udp
NL 216.58.214.10:443 jnn-pa.googleapis.com udp
NL 142.251.36.10:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 216.58.214.3:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 drive.google.com udp
NL 142.251.36.46:443 drive.google.com tcp
NL 142.251.36.46:443 drive.google.com tcp
NL 216.58.214.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 8.8.8.8:53 api.bing.com udp
US 8.8.8.8:53 github.com udp
IN 20.207.73.82:443 github.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.108.133:443 objects.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.114.21:443 collector.github.com tcp
US 8.8.8.8:53 api.github.com udp
IN 20.207.73.85:443 api.github.com tcp
NL 216.58.214.3:443 beacons.gcp.gvt2.com udp
NL 216.58.214.3:443 beacons.gcp.gvt2.com tcp
NL 142.251.36.46:443 drive.google.com tcp
US 8.8.8.8:53 doc-0c-b8-docs.googleusercontent.com udp
NL 142.250.179.193:443 doc-0c-b8-docs.googleusercontent.com tcp
NL 142.251.36.46:443 drive.google.com udp
NL 142.250.179.193:443 doc-0c-b8-docs.googleusercontent.com udp
NL 216.58.214.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 216.58.214.3:443 beacons.gcp.gvt2.com udp
NL 216.58.214.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
GB 216.58.208.99:443 beacons3.gvt2.com tcp
GB 216.58.208.99:443 beacons3.gvt2.com udp
NL 216.58.214.3:443 beacons.gcp.gvt2.com udp

Files

\??\pipe\crashpad_668_IXPRJPAQRXPMDCHB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000004.dbtmp

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RF790f7c.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 61ca6e097d4216c1bab56f0673b24464
SHA1 038502b03e4fe78f7249cb3e76b54acb0d8fd745
SHA256 5d3f4b20aa1c95b464e30cfbbc5a3ff58365971ebfdded45f6759e30ae1799a8
SHA512 e024617d9763a99e22a07cef9db5e6371a1a83cffaad69e4bae363e6a41a67163e48ce5c04cd42ccae0b48fa185c7e28f2af911da6017f85e3d2b1f6144b5557

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 aecdd3eb267167ee2ac608364d092c82
SHA1 8b78c5ea14614c94f88e4ca456ffe6f2b3878c73
SHA256 141ffd10cc970336e695e974f15050e4b96187b4fb51fb208779fdf8461f915b
SHA512 a6c10ebcabefb0cad1661c29307d54852aa98446996a71fe7cdcced54b8d9d4edc697dbb0e1f5b491e0f75eaaeb65c1a940b0ae67648805b837b4490982afad6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5cc3a39163cbc232f6abd08d5c1a9ace
SHA1 b074c54022c276ebcecd6046e6e5163adacccf31
SHA256 d9cf829aceb1e3a58c4843642b6b1f6c07bd318d6890f3cd8d0de946e1b41817
SHA512 a550b871d6f4aa3898749a7df5362a7d193773b718023330d68183db6491d11810698c14912a968bf2561176b721ea0ad93b437138321eafac5c032101701acc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 275c64a0d937a65775de17ec3d64d374
SHA1 2ef583a9cd02c3a6e2d006f1f3e42cea40245999
SHA256 42b2396c6eb7657c90836e38d021ae2fd46d4af8a52ff92881778062ba9d8af1
SHA512 350d7f4b76bd8a922a23fbde376da8ccd3c88bc9279989d4214e1e4b688fa566f43e77663d29deaecbee78034c1afc802b04f49ffa412e17d54f21580650c992

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

MD5 47ae9b25af86702d77c7895ac6f6b57c
SHA1 f56f78729b99247a975620a1103cac3ee9f313a5
SHA256 9bde79a1b0866f68d6baa43f920e971b5feb35a8e0af7ffadc114366f8538224
SHA512 72b5296e3dd1c5b4c42d8c3e4a56693819779167b9f02bc2d5f5a626b519a9cf10bee59846d614c929c42094b65d13039f6024f6cb1c023e740969aaefd060c4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f037678e6a1472a3ef35ad011d4cb3c8
SHA1 e1c20965124c1c1be1dcf471c6b56ea7a4ae9d7c
SHA256 b5cebb7e39c5fdb4f4850b6bb4d4e26801d564c4d6b9d46e1b4ce00d5382e866
SHA512 dff6545b8b4b2560471db65eea2e3feca4f3c61929472b4405af5ce99f6b83cca0e484ecf0b7826269c005478c31ebdf21762f2652f16085742d42a00087e663

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 ae1bccd6831ebfe5ad03b482ee266e4f
SHA1 01f4179f48f1af383b275d7ee338dd160b6f558a
SHA256 1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649
SHA512 baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 f53b1405efcf3065803cc32e592132b0
SHA1 edbeb78ab2d9ae333270f51f5ec45b2f1de14f10
SHA256 c46b8db21f73e123f070c49c40fbad61ddb968ed76dae1bd239f0f1ad4641289
SHA512 2175ce30fdaa8ff885c06c8d3f64e9d4bcf19bff9a8c867e17b1995d520b7fa7620f753be1ff95aa36b583ed903075eab6dffb67ed431c8693e978221f3fe0a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4448cb0bfbbe1369979c7e37c970a1c5
SHA1 40e60e1d5ed4f701c22d0a4064dffd131fa34287
SHA256 b2b34fa4a310469131fd6ea71e59aa7fc704f0a3e187c0662096afc3c88979b5
SHA512 5a5709d0ab0f99be4ce224d161f9180232a58b8c7be36bdde76b2e51e7d2083271ca67d8a121745868cbe322618cfae2fb39a2fcbb877df52966ec9a0389d0e3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 934074d20fca79670b1dd0c25fbf2cf4
SHA1 829084cee7f5b445b7ef2d9182f483f72ece86e1
SHA256 b1ba41d4f715684c35da757dd5335e385b591463490642c4dad188b247e78dbb
SHA512 6685709df8b57a7ebcc330c40d7c72d24d1a1330db05bb85db86c6d4b2446b4c9758863b23e57153a0c1b7f1028751ee9a7b50871f6ae40f6288ef3511c0cc0f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d5419d43c210fca6a3850e75a1150c12
SHA1 211d60d523bdcfe164d4cacaeb9784a1cae27cbf
SHA256 41e4bfc3be2c0b90e1d4c6ac04e19f7bdbecce8ada74f32449596c2ecca6d433
SHA512 fc7896b4e1f88054d64a35ea6f312f9d45971ada29bab3dc9f6de8632c9e7abda54e263f732b70b44d72c3dbaf348645aca4e05333665c4bf5172f85bca54140

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2c6ff625744c9384dc1bfa3a522c7015
SHA1 c92040dad14e02bb2eb9cbc4c711e27d8ca16419
SHA256 981e58c082c8d1cd837fb4b4b3a3e49255c6187f532a25b491b37eedb6a4aad2
SHA512 b53800024ccf965d2bc26383ae781ed95eec6942d4574f0f9668212a300084d29af1592bd15f23637822563cda9feb02da313f6e6f05427bcc7bab5bc6739302

C:\Users\Admin\Downloads\NRVP.exe

MD5 707d5ee2926ad6b66269939998b97bdc
SHA1 7d782e13e7c692b35b67e3a2f819ec3fa7e8de5c
SHA256 9f16bde693d793d6285d03f61639d336d1cc24073350f3ba1a3be9e3579f41be
SHA512 84cc41e8e33237d12de0752257bd59ca1209f17d8c0b6a27a0462ecddf26c988f36d741ab4515029d0b3698eedf453c0eea2e85bb1076703f9f579a41b1f82fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 73129432491b254238f06615fe1f7d7c
SHA1 334cdd805c9c76d8d485303beddb42914ca5bec1
SHA256 224d854a109e7a21aad273437440040b25995db220080fd8aab53d2f9282574e
SHA512 00ede4f1205c7dbfae9f21460412cc38c9c99cfbfca2f96122888cf3d9f6a37a1a6dd77dab3d59372bc426bfbe4013a840224209ad05ceac61d077ebc5c08aed

C:\Users\Admin\Downloads\NRVP.exe

MD5 707d5ee2926ad6b66269939998b97bdc
SHA1 7d782e13e7c692b35b67e3a2f819ec3fa7e8de5c
SHA256 9f16bde693d793d6285d03f61639d336d1cc24073350f3ba1a3be9e3579f41be
SHA512 84cc41e8e33237d12de0752257bd59ca1209f17d8c0b6a27a0462ecddf26c988f36d741ab4515029d0b3698eedf453c0eea2e85bb1076703f9f579a41b1f82fd

C:\Users\Admin\Downloads\NRVP.exe

MD5 707d5ee2926ad6b66269939998b97bdc
SHA1 7d782e13e7c692b35b67e3a2f819ec3fa7e8de5c
SHA256 9f16bde693d793d6285d03f61639d336d1cc24073350f3ba1a3be9e3579f41be
SHA512 84cc41e8e33237d12de0752257bd59ca1209f17d8c0b6a27a0462ecddf26c988f36d741ab4515029d0b3698eedf453c0eea2e85bb1076703f9f579a41b1f82fd

memory/1176-700-0x0000000000820000-0x0000000000828000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\NRVP865\.hta

MD5 43e1cb7107abfae94fb28b43ed40d589
SHA1 0fc1d8b4d89b0bd9d6f924892f1df63e191d3d74
SHA256 f18a7f7bee15560e5ed5fad44c2304151d30207a2d33206ad3bc2484662cfcf5
SHA512 ed4e3a007b69c0801da5fcf249d786f7d27fcf8958b388a4a775f48d7578b47f78c947092a2df2cd0f9f406e7b7299fbc7867b4cf4d8c9065359319f69721282

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6f095cd631b7eaae5e8ccb93c3c04d41
SHA1 b6dd1b5375fbcf03d26209f7d7d1c23c75cede46
SHA256 4ef86e22f22887e7ceb45f31f102b6f7cece3725942d010d088b6883d64ae8d5
SHA512 f302c9954a03603ebd670394f1621652c47f9aac247d7d71979822657be3270fabf896ad6fecb4d8d1f29f2088ce3c39069c20e440a812a4636523099c94b658

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 26b4da99272e324ef9c0ce31b9d972bb
SHA1 7d2b5c83da2111340f3bdfd05e7aa086ce609bc5
SHA256 33433a21fe533607db30dd3cae5a85cc80bcb4fabb5a93802d073136c5a7dc3b
SHA512 2683b0b930dbf789f7d80055bcc40d50cbea98067094e44be8fb8d5a56185469f2a4cd9eb697ce7b091fd3f2526c5a840851df75292821af699524017e0c42d1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 86c3adc8f9ce5df1a50abd0bdc51c8ab
SHA1 13c22a2d3f154f5eac95fe0b2b2292dae009f943
SHA256 0975372de7ab19f6f18f5f92e93be086795131036d7cb2ccee48b8076df7e210
SHA512 49eedbbb1547d8742505476d970570381b7ea12a5c5b3f84fb264b594ac306d3a1abf0c8d62682a1be10178c7957d63b1bddf19d0b1e07024bfd763902c3bd4e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f0011a1de7a9f816467f9f91efda2e3c
SHA1 ea58f233fcfc22e042a653f6dad875183320c3d6
SHA256 1dbc87a821c5c4d7aee8305feaf7482d21704e05f76673fb75899a947deed7ba
SHA512 ceb18285a79112d9bfbaeeec72952ae0d9a813998acca48429ddbf91cbdf72d7f56952e719f9fbb33d81ea900a58af7425494e16022bc0052e3583ee0224d7a1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\0dd9af71-378a-4abe-82c0-bee18b079807.tmp

MD5 e3372f07cd26a430564d7cbc979a1e0e
SHA1 a50545a17b86a2d90256f8979f4bfd34436c1490
SHA256 d0417e0e73033fa48e5c771fc9917dd2113e826eb706eda257358d8d96754d1f
SHA512 9e5efde58339f5169bec530df2f1020a1121add65e4341c7112908f29081328d361fd40bb27ed61c3f57d2e484af78fb5854dd2644579e4ee0ada23d3c4492f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 d2c1ec647bb857e04d91379f88157863
SHA1 3a849c0c7507898e82218787b9d533d669e79aec
SHA256 d7f29032ea65486f02cb46e1e780b7affcd1f2b90c31246d7f76366c3ba4bcfe
SHA512 e17f453f3b805bdeafe8da755c7ec73b682682f82a0999d83c221d7094d7c556d4b13d36bff2a2e139fb322fa161f6180c06217a09cbb5a224109bb60e461d43

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 85de7a51972c4035482715cccd0233ab
SHA1 9ac4c7bb67cc384a82c2c642da3bf16728eb9ba4
SHA256 a8af00d09d305408ad464dec1ac4bda04c27c0ca91ba63c8ecb5e7ce98260fbb
SHA512 03669af7db3ec4ddd1f9604a371a4b46b5d97d74c6d1956f943ef4d6e4e508d5289a4c3d00e76ce66b205d6b366bf07b9c85cf9c8a4d945fc7039e4aacb6765b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 ce02c3a1c2e2258c20b1dd34b4a59138
SHA1 90b58959a14186809ae02b948820e46c5725bc13
SHA256 9a2beec3fa05d9df01bdc7e7fadf883071062497bfeae892ab0337f263813d12
SHA512 f23196fa06d28b33455db7be66cca56ea5fcd110c4344725a19a7625ade33b39df1fee7150aa977f6e6ec08c8f5fc8cbff1772b2cb4e43737b6fbf74b964358d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 ce02c3a1c2e2258c20b1dd34b4a59138
SHA1 90b58959a14186809ae02b948820e46c5725bc13
SHA256 9a2beec3fa05d9df01bdc7e7fadf883071062497bfeae892ab0337f263813d12
SHA512 f23196fa06d28b33455db7be66cca56ea5fcd110c4344725a19a7625ade33b39df1fee7150aa977f6e6ec08c8f5fc8cbff1772b2cb4e43737b6fbf74b964358d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 e3372f07cd26a430564d7cbc979a1e0e
SHA1 a50545a17b86a2d90256f8979f4bfd34436c1490
SHA256 d0417e0e73033fa48e5c771fc9917dd2113e826eb706eda257358d8d96754d1f
SHA512 9e5efde58339f5169bec530df2f1020a1121add65e4341c7112908f29081328d361fd40bb27ed61c3f57d2e484af78fb5854dd2644579e4ee0ada23d3c4492f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 961e3604f228b0d10541ebf921500c86
SHA1 6e00570d9f78d9cfebe67d4da5efe546543949a7
SHA256 f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed
SHA512 535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 a22ea05b852ec4dd28fbe472fa0ac9ba
SHA1 4a25c2dbe61140ed07c107bea2fd7adee9d9117e
SHA256 7d5ad036b236dc3a75ca764bbd456648fc34bc03aa9743b941fde6e4ab1004bf
SHA512 f26ce60276a70cc914788da43fa560539b217b176df4f8a36b915376dafd756262c73481be4c92fbe643077a0ec49276a769b9c6f8cbe497064b36f05ac41eef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7e209a018d856c6df42d526f6ba8f56b
SHA1 976d63d24082898dd778f625d82fcc84c4e1dc1b
SHA256 1593e78a19e882b58a9200d2e6c1fed899ec884f70df0cdec005efa29eead620
SHA512 520ec4a8e9e48c45c8156d09f2bd57aa201e1f2860b1de4a6d461bb7b68bb39f410efeafa0300c0ae8cba33ce65c5608fe440d35d8f00c1608e2715c1be2a8f9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

MD5 cf0d2cd114d283f53f66adc2d432692c
SHA1 bb46261419dfd72b7a7db4f7597e53754ec3a704
SHA256 07d2ece92db9f030986eabb0bd965cf6cb0b5eab1a3df0bd6c2f5a6abd6573e4
SHA512 a46acf6af88aa1a109b7aba3018a0d97927e30a129f8c100ed0d227e3a67752a86148ee0109f1db1d96e0868e98a8d5d2f061a1fa8615d320ef42387efe4ed89

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

MD5 eb4805dafab2cbd7b5719ddeb5c54745
SHA1 ac92246b6f5dde4b53f78f144cbdfee328c9b0d9
SHA256 17e3ba073a9a7cfdae3a53abec6f10ab7de2f5e0812e3d82d470ec4e6c0cd65e
SHA512 80308113831c74252139796909b7c7abe3973b3add4a6340fc7c827b7163276ba58eecb9925c3dd2b7b940abedfa7e5f6e06b5000648fc4aeb41f092bb0d628a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

MD5 9eae63c7a967fc314dd311d9f46a45b7
SHA1 caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf
SHA256 4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d
SHA512 bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

\??\pipe\crashpad_1744_ZMQSPUMWYUZACTUR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 87a6e0df6e7691d2ffd08bd087209db8
SHA1 256803e8e7c7679d16674baa5ebed4b521c4ae64
SHA256 3ec6a236d2f1b675d76d7395de28d740f641457b80e694f3dfcbb9107593562d
SHA512 8ed1a03837c573772f8239677ec6b992e3bb6405f9a540a633e754f0bbb229a16cfb63a4543fb9f49c5b3140a338108b215ee9045f3e68889817fe7de86cfac9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

MD5 b7cc678973c9f56ef316f54f354f34ac
SHA1 1a5c26f87472385310f54eb86277dd8a6bf0a8a2
SHA256 2bd8bd2d3c71911ea98a643399b084af2dfe092a20e7bf8dfd838ed2bae5bf2a
SHA512 d8662ff47daa08602b3007d2cfabe948a2a642291c4b64ec9352ce3d75c52910472ccff4b1ebc10d12b8a9151c941e9d1295a775dc9ffce20249c68eddf16cb6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

MD5 6801e9b829592ab0f760220a4822e491
SHA1 2520742b432121ba6422285a9b5a244f34e847f2
SHA256 af504462f020aff63c0e95f8920ca0da968a5595f28f253a204d452eb9931939
SHA512 0f3711c7733a5ace2c7085d0fdc7d4e4bec2dd58c8be003297295094ece2be19b8981ea2d3ccb46e418474117341800f668d198ccd973b30be1fbb05b635f3e7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13325705976274400

MD5 87b5690e0a2f3951271480f71a92a3a6
SHA1 dcc332d6bb25eea441d2cc85dca8c8320dfa5707
SHA256 857521d29d2001f2d776f2680e3c08af993988a246df9fa188f50c9799834ff0
SHA512 7cd442a219aeb35ec99aa1effd6be5df2998d1f320f4b2ef90c040fed3cea1124a9eb18c1e880059899be848c06b0a376b38f32b336e86c64b668606900e1c68

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000004

MD5 63d832bd47d6e550eaef754596d8fdaa
SHA1 3b11fd4048f84fe5143057e7e90a42c4220e1807
SHA256 4dd9ab33b9f8a5aa6b190ee3a88133be4d10b5dfdeff0c3ca060b825ff6420dd
SHA512 586287b26249591e5ae5ba0847bfcb3c3c4bbfb0cef433ecfb2052bbf0f37527bb72ddc57447c37c6879f50a28c96575b911fd121c3f145a061ff57ccacf479c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

MD5 4b25cdc9ef1fafdf0ebdcc7c933271d9
SHA1 ad93e5afe1445d7cf73bd24ac71d9a07e68b065b
SHA256 75f670a6c3441a4d79285cbb422c51c18497e4d5a26b97da40613ae262c794ae
SHA512 67e2045de7d07679d80f547435c6d86a796e7735caa93df294c4a416d1d380dba3dfb4e2932b40e3abb52a84a7d34026ca0936733244854063ea81ce8b2c2f5d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\MANIFEST-000004

MD5 f3a604cc1687a04eaabc91b49ed90eac
SHA1 507d0c1334e11f23da43bb9c8702652511893d03
SHA256 628a12f2ebfd6d19731a8a362956c95803f1d909293f6936542fb458d8be1a39
SHA512 a49c1632af45f2a938c2752aeb67e254e92a04bff91affe95952ba7960a60ec143639565790898d55a5ac4d5eb34c2dab1b93e295840d4e30cf3b16d913a7806

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000006.log

MD5 0ef5856e088c86185689e72d5b753891
SHA1 91d1707366150d8ac09ac36b2ca51273852d1fb8
SHA256 b66747ededda687302c0a14667be75a4e65334b793e3efc35263dd042c17fe06
SHA512 d4057b8618e7f3d4a6d8f6180da5d6440cbdb529a28b6b5062b3beac202b46d57ef4587e658f6f84aab4dee2e9bfd7101c36bc2cf210034be5f2685cc8e2ed7e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data

MD5 e3f8eacbe446cd3867ef59e29d5b99d5
SHA1 275d77cf4986fe6d2487c6127b829240450e3638
SHA256 6392fa8eb1c58d6b4211ab34d2d6e96b77533eb3ea9127de55e0f308e3273621
SHA512 4334ab3237f2de0f4fd139b728466b0aeb6e4881183da35ab6834272de90924e761cde4406bd893eee98104b9fafa69bfd8dfdf5a878bddec7224a143b734afe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000005.ldb

MD5 fe382e791274914bee5950777e4f1fd3
SHA1 53b523b5fc87e66f2520a0b5f9ea080072668f4d
SHA256 935d36c021d0e08a5648c622f3f6fde376e3310013680ae598c0e22dc943d132
SHA512 a5f608fb4f0a1dbc4c5d1b739b1a5b6f50cac1d6a61312b19abf9f601882a291d73524ac55bbe183e4e64db8dcc203d4bf3cedc734fd04bd448cb825d98d1e67

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000005.ldb

MD5 0d30bb8b60f3c477b7f5bee76de87a5e
SHA1 754db054cc38503c0a7b261489b25208749dce50
SHA256 7d66803b525484d42d0699ed1a2370028b7aa21ce173ea3cb9331cb80d01b695
SHA512 fb43e45b6676ea12643127731a1d3fcd783c16b4b6aba0d31ea93af19020248d766ea877a7abfdfe484e70bd4c2ed8d66f44ac2c3da38885b3edbad41ef68c43

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 a8195b966ce09a0663f296ec80a80f4f
SHA1 8b7b2e8ced1f95228cfe2d35964c1d7c0a493376
SHA256 a868906ce582994c5c4e956154a3ce4da0d1b8b7eaaac68686aaa334a7df67e0
SHA512 82168a47087daaaa784733ccc7ae0d10bce438356da7a9dd46296a60b91edecb979c551bcd90ce5ff21ee92fec3d09544d81635307697a847faa47d73b76795b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

MD5 a8195b966ce09a0663f296ec80a80f4f
SHA1 8b7b2e8ced1f95228cfe2d35964c1d7c0a493376
SHA256 a868906ce582994c5c4e956154a3ce4da0d1b8b7eaaac68686aaa334a7df67e0
SHA512 82168a47087daaaa784733ccc7ae0d10bce438356da7a9dd46296a60b91edecb979c551bcd90ce5ff21ee92fec3d09544d81635307697a847faa47d73b76795b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\MANIFEST-000004

MD5 494e626a5079642efed0f0c7f38bd4ef
SHA1 0cbead74a33ad551eae3b25c213d3b080535589b
SHA256 9ce8bd68fe0b86c0bf2067d549e7b93bc1c24f12bdfd227aba521e9d7e704436
SHA512 659bc9699799757dec5b257d78949d378caf03001890f7ae24d28055cff7175d85f8ea14393048aab1c0ba460082f568e5f4bfacdb8921f006f98989293fe78d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

MD5 c193c89004caefaa9f692ade5cf79669
SHA1 d4325bd5838a15a22a8913e7f5c50bdace9371db
SHA256 d0fb7b962090651cdd3c02e077d30d3d1509972ba932e4b3ff5e5f2d13605406
SHA512 70aac6d5c01c6781329558567842f0bae47f0e16bf7e42a02bb10db69c4070f3b6c108de34c276c78c3bf07ae58e8ac3d328f64ab10b969d8f1e0c1b07fcc40e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-000004

MD5 494e626a5079642efed0f0c7f38bd4ef
SHA1 0cbead74a33ad551eae3b25c213d3b080535589b
SHA256 9ce8bd68fe0b86c0bf2067d549e7b93bc1c24f12bdfd227aba521e9d7e704436
SHA512 659bc9699799757dec5b257d78949d378caf03001890f7ae24d28055cff7175d85f8ea14393048aab1c0ba460082f568e5f4bfacdb8921f006f98989293fe78d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

MD5 f7eb49dfdf4de91cce870951148b6d05
SHA1 67960d711b385a0fa02e736e62f5cf9b72fe926d
SHA256 135174a000c2bd536e2acb564ad9e30e214f793592d28d6d40c099c0cc01110e
SHA512 6142f84ab2ae992966c80902b1ea542436bf11bfbcdb6042cf1b40def61ca2f7d5f0274558f21971d1f042db2f5e9c55a3fb41886caae1078c5db51f9b13cdc4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000006.log

MD5 abc68088260f9653781970b93fd215e5
SHA1 4b5927ce79726f93af8008cde41c28c3ce9c3f27
SHA256 0b3bc95ecea894463c0be1a1954c0ec2e6f6b327c3706f0c33df542f5b3e3909
SHA512 ecf7ba72bd70ecf8e33978b1596e612a95440a0dc303604e8bb9688c3481865a27700679d42ce5a3150ac8cc0b4941b5eff91b76b14e97b5f3a20a2b22eb223a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\MANIFEST-000004

MD5 be2a12b06745bb5de6254b2592d8ab20
SHA1 19a3dc035140689628e54095af6c4b4dae44b55d
SHA256 29e140732c7fc2d81fb1f506cc94386ce55f27446f9277e66236080cdf6f5944
SHA512 fad84027f46c0d4e4fb0357c15d77f7a86c941042ce538e0e89e5b8c477ed3cb46e262e3a3da186eadbb266c9288965c7299b4dc2a7ae1b346230dc48a7ecdba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

MD5 6656eb0953fb6201ca32840d3bafd834
SHA1 aa833368375bee824c4d98ae60149822a62e1a33
SHA256 b1f46cd4d5ee6a01b8c6bdc56634950e48976293f9ec9f9d24304b53770a9544
SHA512 6195bf58a6336469575a325e8014f8c5ebf9ac598bfab8984c6b8935a1e7f50b408d3e00a97087cf07024f792c89ea686c56bf00cb73c32e49652fd00caf3841

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\9995baa7-161c-4e02-bacd-115c42c6b269.tmp

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\316aff10-20f1-45c0-93a1-f69f7dc496fb.tmp

MD5 415a4d23a6978b339a2cd97dbe71681d
SHA1 49469f9c724b42948645ffcbc3abe22aa49b7c3a
SHA256 ba0adfd5a725fc4c7b2e9b1cac5b15dbfea51307db88650004d1a4cc62fc69ff
SHA512 7f619510276cd184cf88436e8366570682317170502526ee6d3c4689626ecb9258709aa98287652afc8ed4640a435ccc916aacb94faea65762d0d6a9af80a168

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 cad631520208bb7e57c3733266c54ff7
SHA1 b28855b330c04c0970858fddfc1ea6e123e8a14e
SHA256 6464d82abef2fca4611a1ff7789b07ee892bfdce9c62e72962a4c42cec99e23f
SHA512 4291d0d2b5adebe523c8d47df04364a26f140b7815cfd27bf8df097a56f4412a75cee828409b9c9395c02bf87a893630670fc899855fcef2c8838226e1c3dd18

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f6647636c68f9fad6bc9111f3bc47f45
SHA1 61ea9204e29ffaef366de9fa1c014464d55a0da0
SHA256 385e7035240f92894a7ec8a38b2e5dda451a894822109ce9f452c8fa033ab8a9
SHA512 71bf5e52910ce6d169d0d8b69fa886a90296762f2f76a651c9d5f9e87a391adf50529a34f1c71fd34a245ebd40b547082e8ec3ac6c791d21eb2d2a0973d2695d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 569893fa85a19baf39077d444af504db
SHA1 ee627814ee049e4a4fff547cb622e4855ec18ad6
SHA256 37cbfc27c7593ffb4a2218f7f332d69c2121c486fb8a4be2d064f91bdec9d77e
SHA512 753b6ec900a12f04b743b52a5c5715cab5ec9cc4c4b4257bef65428535da6972fd3c2fd7f24678765bd643b26c38d4f6d431856fa9c5963abac10d7d5883903f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b5b079a5-d8ac-4bb9-998a-14ecd622802f.tmp

MD5 b4c8a47ce1600709ec054ac1b1ee246d
SHA1 e7b7d6005791c4d26ddbc297f80da5a77d96cbf8
SHA256 45e440c8988408190affd1d088646d98663a383fbb569cb54d4cbb34afdcba00
SHA512 13c9af99a38f152e605e0014be6635a5c8b9f116ffc4f28cf62cafd818ec90bcf4e7abd0a7f5171af08c8baf05caf260b16a23593ffd9af7245165b7386ff2fa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 cbb4115576324cadd72aeca410ae4550
SHA1 84a746466683431784588992e1599c84d702e8b6
SHA256 8782b3b539c8f4669bc37930acf79f0eaab61503277c5a8c8c6945fb250efa8b
SHA512 a79014d74fbbf842fb9d1cbca39335445101f3ea31f2612265850eac4dd1d3e7b286a89eb9763db781a947aaa2a91f4d03ebd1ef36120c59c4377749440f1c73

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c907a40a633bc169a50607ed0b8a056a
SHA1 60f227ec4a1e4ec76786bd47ac7708b837c8a8c9
SHA256 7ba9bc014a32d4352635f978882cc25f3b3a8604d0932f208aaaf93cd52ef475
SHA512 5b6f5339546d17d49eecd5f11d5d4bd15f6ad7245cf8eb33c5ba55436f01a9af041f26e87714926097c9ca4f65abf212fa19e6c27a1a94afe3963ff6645445e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 becad68ad3185d34062becea8aad57e9
SHA1 849151351ce0da594de802008c979262aeae5bf3
SHA256 e215ca362b8c5dc0877a022a3789f93f16f4619de7bd55504c3fb7a4192ea6e0
SHA512 c38d1995aa9e5fee2b90486b54e20fecf0677c57059a33d5107fafb2158c1a0bf28d0fad3872857137a099443ad472545c053b2a852c3cda95b0d872506c3121

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 637beaf4cc43923e347f5516da7e7143
SHA1 245ebe8cb765552285f464f9ac626a172547133f
SHA256 e40276343c135e6fb31218ef56177bda1809ebde0084c6770df7c4750e0081ad
SHA512 d3c389272aa5bbcb5ff346a00ae249ae7c5f28ea3f022589a2a4abc6efa79bc68944140c1a04c9be8172596962ad2a2db8a52273b9c89d55a9cddb74fa83bf14

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\453be044-f923-4ea8-a8a4-39f129acf4bc.tmp

MD5 129d1119b461f8f062e981bad5445893
SHA1 b6e2d0099a95b5de21f33020ea145f3bd121cf95
SHA256 a69ab2c0aded70ecd767440f32a53c580d6aa3bde9f12ce1d7f6aa4c837105c4
SHA512 7a7e9c25b6cc674227c033ef0e1c16b5833151febe727d02803242ed4af70f101fe17bebe32dd7ae3b784669138600b7aa10ce9e54b6f151af5c837128d3d439

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 eeff53718579d8c991482cec46180512
SHA1 05849edc56375b78342a7869dd11c46ae8a8d2f2
SHA256 54031023201514750facb9d51a1afe46fbfa98aafad1c065be58883f89019a7c
SHA512 e996ea98bbde034ee77cfe01c14b1c45410b6cf48ef00edc1568264d8106c47feda52fc61bd5910001b4f893c4f40a9bebe839642f90dbb1a666d2f67847dfba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 4871df2ff0ae92dd64e9bd7774d6e587
SHA1 5e0a2745bec62978901dda63effdaeae320b299b
SHA256 f62e03e4c2826ba4771986d6f17fe182aaa2269fd9958fba0aafeb6613af7da3
SHA512 cf327e492f7070dfc4e31e5173e79db109cc62d1796e45e9e5bc9053d0db79558285581825c6dac12a4ecea04569fb03abc8d8a0c6d73143ef5e78b346e6aeb0

Analysis: behavioral3

Detonation Overview

Submitted

2023-04-11 14:43

Reported

2023-04-11 14:57

Platform

win10v2004-20230220-en

Max time kernel

730s

Max time network

804s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\.js

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, wscript.exe \"C:\\bug32\\runner.vbs\"" C:\Windows\System32\wscript.exe N/A

UAC bypass

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Windows\system32\wscript.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Windows\system32\wscript.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Consentpromptbehavioradmin = "0" C:\Windows\system32\wscript.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Windows\System32\wscript.exe N/A

Disables RegEdit via registry modification

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistrytools = "1" C:\Windows\System32\wscript.exe N/A

Disables Task Manager via registry modification

evasion

Downloads MZ/PE file

Modifies extensions of user files

ransomware
Description Indicator Process Target
File opened for modification C:\Users\Admin\Pictures\RestartEnter.tiff C:\Windows\System32\wscript.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation C:\Windows\system32\wscript.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\MrsMajor 3.0.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation C:\Windows\system32\wscript.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation C:\Windows\System32\wscript.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation C:\Windows\System32\cmd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\NRVP.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\MrsMajor 3.0.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation C:\Windows\system32\wscript.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\BUG32.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation C:\Windows\System32\wscript.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation C:\Windows\System32\cmd.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\DDDB.tmp\eulascr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4A8F.tmp\eulascr.exe N/A

Modifies system executable filetype association

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon C:\Windows\System32\wscript.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon\ = "C:\\Bug32\\icon.ico" C:\Windows\System32\wscript.exe N/A

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Windows\CurrentVersion\Run C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Drops desktop.ini file(s)

Description Indicator Process Target
File created C:\Users\Admin\Downloads\desktop.ini C:\Windows\System32\wscript.exe N/A
File created C:\Users\Admin\Favorites\desktop.ini C:\Windows\System32\wscript.exe N/A
File created C:\Users\Admin\Links\desktop.ini C:\Windows\System32\wscript.exe N/A
File created C:\Users\Admin\Music\desktop.ini C:\Windows\System32\wscript.exe N/A
File created C:\Users\Admin\Pictures\desktop.ini C:\Windows\System32\wscript.exe N/A
File created C:\Users\Admin\Videos\desktop.ini C:\Windows\System32\wscript.exe N/A
File created C:\Users\Admin\Desktop\desktop.ini C:\Windows\System32\wscript.exe N/A
File created C:\Users\Admin\Documents\desktop.ini C:\Windows\System32\wscript.exe N/A
File created C:\Users\Admin\OneDrive\desktop.ini C:\Windows\System32\wscript.exe N/A
File created C:\Users\Admin\Saved Games\desktop.ini C:\Windows\System32\wscript.exe N/A
File created C:\Users\Admin\Searches\desktop.ini C:\Windows\System32\wscript.exe N/A
File created C:\Users\Admin\3D Objects\desktop.ini C:\Windows\System32\wscript.exe N/A
File created C:\Users\Admin\Contacts\desktop.ini C:\Windows\System32\wscript.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\G: C:\Windows\System32\cmd.exe N/A
File opened (read-only) \??\H: C:\Windows\System32\cmd.exe N/A
File opened (read-only) \??\J: C:\Windows\System32\cmd.exe N/A
File opened (read-only) \??\K: C:\Windows\System32\cmd.exe N/A
File opened (read-only) \??\L: C:\Windows\System32\cmd.exe N/A
File opened (read-only) \??\N: C:\Windows\System32\cmd.exe N/A
File opened (read-only) \??\X: C:\Windows\System32\cmd.exe N/A
File opened (read-only) \??\F: C:\Windows\System32\cmd.exe N/A
File opened (read-only) \??\E: C:\Windows\System32\cmd.exe N/A
File opened (read-only) \??\I: C:\Windows\System32\cmd.exe N/A
File opened (read-only) \??\P: C:\Windows\System32\cmd.exe N/A
File opened (read-only) \??\Q: C:\Windows\System32\cmd.exe N/A
File opened (read-only) \??\S: C:\Windows\System32\cmd.exe N/A
File opened (read-only) \??\U: C:\Windows\System32\cmd.exe N/A
File opened (read-only) \??\Z: C:\Windows\System32\cmd.exe N/A
File opened (read-only) \??\A: C:\Windows\System32\cmd.exe N/A
File opened (read-only) \??\M: C:\Windows\System32\cmd.exe N/A
File opened (read-only) \??\O: C:\Windows\System32\cmd.exe N/A
File opened (read-only) \??\R: C:\Windows\System32\cmd.exe N/A
File opened (read-only) \??\T: C:\Windows\System32\cmd.exe N/A
File opened (read-only) \??\V: C:\Windows\System32\cmd.exe N/A
File opened (read-only) \??\W: C:\Windows\System32\cmd.exe N/A
File opened (read-only) \??\Y: C:\Windows\System32\cmd.exe N/A
File opened (read-only) \??\B: C:\Windows\System32\cmd.exe N/A

Legitimate hosting services abused for malware hosting/C2

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Control Panel

evasion
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\Cursors\AppStarting = "C:\\bug32\\bx.cur" C:\Windows\System32\wscript.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\Cursors\Hand = "C:\\bug32\\bx.cur" C:\Windows\System32\wscript.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\Cursors C:\Windows\System32\wscript.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\Cursors\Arrow = "C:\\bug32\\bx.cur" C:\Windows\System32\wscript.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133257055086847963" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon C:\Windows\System32\wscript.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon\ = "C:\\Bug32\\icon.ico" C:\Windows\System32\wscript.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1675742406-747946869-1029867430-1000\{FFEDD439-3C59-4C39-B5A0-EC9968813E47} C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings C:\Users\Admin\Downloads\NRVP.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\System32\wscript.exe N/A

Suspicious behavior: RenamesItself

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\MrsMajor 3.0.exe N/A
N/A N/A C:\Users\Admin\Downloads\MrsMajor 3.0.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 64 wrote to memory of 3628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 64 wrote to memory of 3628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 64 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 64 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 64 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 64 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 64 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 64 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 64 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 64 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 64 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 64 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 64 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 64 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 64 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 64 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 64 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 64 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 64 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 64 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 64 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 64 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 64 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 64 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 64 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 64 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 64 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 64 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 64 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 64 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 64 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 64 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 64 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 64 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 64 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 64 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 64 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 64 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 64 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 64 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 64 wrote to memory of 968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 64 wrote to memory of 968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 64 wrote to memory of 376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 64 wrote to memory of 376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 64 wrote to memory of 376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 64 wrote to memory of 376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 64 wrote to memory of 376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 64 wrote to memory of 376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 64 wrote to memory of 376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 64 wrote to memory of 376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 64 wrote to memory of 376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 64 wrote to memory of 376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 64 wrote to memory of 376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 64 wrote to memory of 376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 64 wrote to memory of 376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 64 wrote to memory of 376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 64 wrote to memory of 376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 64 wrote to memory of 376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 64 wrote to memory of 376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 64 wrote to memory of 376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 64 wrote to memory of 376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 64 wrote to memory of 376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 64 wrote to memory of 376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 64 wrote to memory of 376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

System policy modification

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Windows\system32\wscript.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Windows\system32\wscript.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Consentpromptbehavioradmin = "0" C:\Windows\system32\wscript.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Windows\System32\wscript.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Windows\System32\wscript.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System C:\Windows\system32\wscript.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Windows\system32\wscript.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System C:\Windows\system32\wscript.exe N/A

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A N/A N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\.js

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe83da9758,0x7ffe83da9768,0x7ffe83da9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1804 --field-trial-handle=1872,i,13080886905307636739,16230541509137878953,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=1872,i,13080886905307636739,16230541509137878953,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1444 --field-trial-handle=1872,i,13080886905307636739,16230541509137878953,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3204 --field-trial-handle=1872,i,13080886905307636739,16230541509137878953,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3328 --field-trial-handle=1872,i,13080886905307636739,16230541509137878953,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4440 --field-trial-handle=1872,i,13080886905307636739,16230541509137878953,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4632 --field-trial-handle=1872,i,13080886905307636739,16230541509137878953,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4620 --field-trial-handle=1872,i,13080886905307636739,16230541509137878953,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5032 --field-trial-handle=1872,i,13080886905307636739,16230541509137878953,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5060 --field-trial-handle=1872,i,13080886905307636739,16230541509137878953,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 --field-trial-handle=1872,i,13080886905307636739,16230541509137878953,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5212 --field-trial-handle=1872,i,13080886905307636739,16230541509137878953,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5268 --field-trial-handle=1872,i,13080886905307636739,16230541509137878953,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3200 --field-trial-handle=1872,i,13080886905307636739,16230541509137878953,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3896 --field-trial-handle=1872,i,13080886905307636739,16230541509137878953,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3400 --field-trial-handle=1872,i,13080886905307636739,16230541509137878953,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5460 --field-trial-handle=1872,i,13080886905307636739,16230541509137878953,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5664 --field-trial-handle=1872,i,13080886905307636739,16230541509137878953,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3440 --field-trial-handle=1872,i,13080886905307636739,16230541509137878953,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5152 --field-trial-handle=1872,i,13080886905307636739,16230541509137878953,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5092 --field-trial-handle=1872,i,13080886905307636739,16230541509137878953,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 --field-trial-handle=1872,i,13080886905307636739,16230541509137878953,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 --field-trial-handle=1872,i,13080886905307636739,16230541509137878953,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4860 --field-trial-handle=1872,i,13080886905307636739,16230541509137878953,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5996 --field-trial-handle=1872,i,13080886905307636739,16230541509137878953,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=3340 --field-trial-handle=1872,i,13080886905307636739,16230541509137878953,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6000 --field-trial-handle=1872,i,13080886905307636739,16230541509137878953,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5968 --field-trial-handle=1872,i,13080886905307636739,16230541509137878953,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5364 --field-trial-handle=1872,i,13080886905307636739,16230541509137878953,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6024 --field-trial-handle=1872,i,13080886905307636739,16230541509137878953,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6072 --field-trial-handle=1872,i,13080886905307636739,16230541509137878953,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5984 --field-trial-handle=1872,i,13080886905307636739,16230541509137878953,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6048 --field-trial-handle=1872,i,13080886905307636739,16230541509137878953,131072 /prefetch:8

C:\Users\Admin\Downloads\NRVP.exe

"C:\Users\Admin\Downloads\NRVP.exe"

C:\Windows\SysWOW64\mshta.exe

"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Local\Temp\NRVP590\.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap6349:84:7zEvent8362

C:\Users\Admin\Downloads\MrsMajor 3.0.exe

"C:\Users\Admin\Downloads\MrsMajor 3.0.exe"

C:\Windows\system32\wscript.exe

"C:\Windows\system32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\DDDB.tmp\DDDC.tmp\DDDD.vbs //Nologo

C:\Users\Admin\AppData\Local\Temp\DDDB.tmp\eulascr.exe

"C:\Users\Admin\AppData\Local\Temp\DDDB.tmp\eulascr.exe"

C:\Users\Admin\Downloads\MrsMajor 3.0.exe

"C:\Users\Admin\Downloads\MrsMajor 3.0.exe"

C:\Windows\system32\wscript.exe

"C:\Windows\system32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\4A8F.tmp\4A90.tmp\4A91.vbs //Nologo

C:\Users\Admin\AppData\Local\Temp\4A8F.tmp\eulascr.exe

"C:\Users\Admin\AppData\Local\Temp\4A8F.tmp\eulascr.exe"

C:\Windows\system32\notepad.exe

"C:\Windows\system32\notepad.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe83da9758,0x7ffe83da9768,0x7ffe83da9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 --field-trial-handle=1900,i,9361332766506345887,3249965216884118541,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1900,i,9361332766506345887,3249965216884118541,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2188 --field-trial-handle=1900,i,9361332766506345887,3249965216884118541,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3112 --field-trial-handle=1900,i,9361332766506345887,3249965216884118541,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3120 --field-trial-handle=1900,i,9361332766506345887,3249965216884118541,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4552 --field-trial-handle=1900,i,9361332766506345887,3249965216884118541,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4516 --field-trial-handle=1900,i,9361332766506345887,3249965216884118541,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4896 --field-trial-handle=1900,i,9361332766506345887,3249965216884118541,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4796 --field-trial-handle=1900,i,9361332766506345887,3249965216884118541,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5136 --field-trial-handle=1900,i,9361332766506345887,3249965216884118541,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3420 --field-trial-handle=1900,i,9361332766506345887,3249965216884118541,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3388 --field-trial-handle=1900,i,9361332766506345887,3249965216884118541,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3384 --field-trial-handle=1900,i,9361332766506345887,3249965216884118541,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1720 --field-trial-handle=1900,i,9361332766506345887,3249965216884118541,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3408 --field-trial-handle=1900,i,9361332766506345887,3249965216884118541,131072 /prefetch:8

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap21188:72:7zEvent20262

C:\Users\Admin\Downloads\BUG32.exe

"C:\Users\Admin\Downloads\BUG32.exe"

C:\Windows\system32\wscript.exe

"C:\Windows\sysnative\wscript.exe" C:\Users\Admin\AppData\Local\Temp\5D23.tmp\5D24.vbs

C:\Windows\System32\wscript.exe

"C:\Windows\System32\wscript.exe" "C:\BUG32\admin.vbs"

C:\Windows\System32\wscript.exe

"C:\Windows\System32\wscript.exe" "C:\bug32\jaq.vbs" RunAsAdministrator

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

"C:\Program Files (x86)\Windows Media Player\wmplayer.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c dir "C:\Users\Admin\" /s/b/o:n/a:d > "C:\BUG32\list.lnk" & echo :ok:>>"C:\bug32\list.lnk"

C:\Program Files (x86)\Windows Media Player\setup_wm.exe

"C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe"

C:\Windows\SysWOW64\unregmp2.exe

"C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon

C:\Windows\system32\unregmp2.exe

"C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\.oracle_jre_usage\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\3D Objects\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\Application Data\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\Contacts\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\Cookies\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\Desktop\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\Documents\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\Downloads\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\Favorites\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\Links\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\Local Settings\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\Music\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\My Documents\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\NetHood\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\OneDrive\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\Pictures\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\PrintHood\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\Recent\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\Saved Games\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\Searches\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\SendTo\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\Start Menu\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\Templates\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\Videos\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\LocalLow\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Roaming\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Adobe\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Application Data\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Comms\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\ConnectedDevicesPlatform\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\History\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Mozilla\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\PeerDistRepub\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\PlaceholderTileLogoFolder\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Publishers\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Temp\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Temporary Internet Files\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Adobe\Acrobat\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Adobe\Color\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\Cache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\ToolsSearchCacheRdr\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Adobe\Color\Profiles\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Comms\Unistore\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Comms\UnistoreDB\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Comms\Unistore\data\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Comms\Unistore\data\temp\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\ConnectedDevicesPlatform\L.Admin\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\AutofillStates\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\CertificateRevocation\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ClientSidePhishing\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\CommerceHeuristics\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crowd Deny\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\DesktopSharingHub\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\FileTypePolicies\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\FirstPartySetsPreloaded\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\hyphen-data\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\MEIPreload\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\OnDeviceHeadSuggestModel\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\OptimizationHints\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\OriginTrials\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\pnacl\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\PKIMetadata\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\RecoveryImproved\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SafetyTips\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SSLErrorAssistant\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Subresource Filter\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ThirdPartyModuleList64\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\UrlParamClassifications\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\WidevineCdm\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ZxcvbnData\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\attachments\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\reports\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\coupon_db\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\databases\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_store\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Safe Browsing Network\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage\5023649e-3474-497a-93ff-f7b353cf8eca\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\*.*" "*.exe"

C:\Windows\SysWOW64\unregmp2.exe

C:\Windows\system32\unregmp2.exe /ShowWMP /SetShowState /CreateMediaLibrary

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dir\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files\*.*" "*.exe"

C:\Windows\system32\unregmp2.exe

"C:\Windows\SysNative\unregmp2.exe" /ShowWMP /SetShowState /CreateMediaLibrary /REENTRANT

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\*.*" "*.exe"

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Relaunch

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_metadata\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\af\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\am\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\ar\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\az\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\be\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\bg\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\bn\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\ca\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\cs\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\cy\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\da\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\de\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\el\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\en\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\en_CA\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\en_GB\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\en_US\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\es\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\es_419\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\et\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\eu\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\fa\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\fi\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\fil\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\fr\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\fr_CA\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\gl\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\gu\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\hi\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\hr\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\hu\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\hy\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\id\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\is\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\it\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\iw\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\ja\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\ka\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\kk\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\km\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\kn\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\ko\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\lo\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\lt\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\lv\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\ml\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\mn\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\mr\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\ms\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\my\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\ne\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\nl\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\no\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\pa\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\pl\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\pt_BR\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\pt_PT\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\ro\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\ru\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\si\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\sk\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\sl\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\sr\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\sv\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\sw\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\ta\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\te\*.*" "*.exe"

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\th\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\tr\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\uk\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\ur\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\vi\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\zh_CN\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\zh_HK\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\zh_TW\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\zu\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ca\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\cs\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\da\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\de\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\el\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\en\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\en_GB\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\es\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\es_419\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\et\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\fi\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\fil\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\fr\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\hi\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\hr\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\hu\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\id\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\it\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ja\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ko\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\lt\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\lv\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\nb\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\nl\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\pl\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\pt_BR\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\pt_PT\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ro\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ru\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\sk\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\sl\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\sr\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\sv\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\th\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\tr\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\uk\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\vi\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\zh_CN\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\zh_TW\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDB\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDB\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_Data\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dir\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dir\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons Maskable\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons Monochrome\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons Maskable\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons Monochrome\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons Maskable\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons Monochrome\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons Maskable\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons Monochrome\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons Maskable\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons Monochrome\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons Maskable\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Subresource Filter\Unindexed Rules\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons Monochrome\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Credentials\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Feeds\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\GameDVR\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\InputPersonalization\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Media Player\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Office\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneNote\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\PenWorkspace\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\PlayReady\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Vault\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows Sidebar\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\WindowsApps\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Safe Browsing\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\af-ZA\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ar-AE\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ar-BH\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ar-DZ\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ar-EG\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ar-IQ\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ar-JO\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ar-KW\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ar-LB\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ar-LY\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ar-MA\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ar-OM\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ar-QA\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ar-SA\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ar-SY\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ar-TN\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ar-YE\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\az-Latn-AZ\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\bg-BG\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\bn-BD\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ca-ES\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\cs-CZ\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\da-DK\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\de-AT\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\de-CH\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\de-DE\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\de-LI\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\de-LU\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\el-GR\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\en-AU\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\en-029\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\en-BZ\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\en-CA\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\en-GB\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\en-HK\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\en-ID\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\en-IE\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\en-IN\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\en-JM\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\en-MY\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\en-NZ\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\en-SG\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\en-TT\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\en-ZA\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\en-ZW\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\es-419\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\es-AR\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\es-BO\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\es-CL\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\es-CO\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\es-DO\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\es-CR\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\es-EC\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\es-ES\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\es-GT\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\es-HN\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\es-MX\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\es-NI\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\es-PA\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\es-PE\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\es-PR\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\es-PY\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\es-SV\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\es-US\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\es-UY\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\es-VE\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\et-EE\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\eu-ES\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\fa-IR\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\fi-FI\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\fr-029\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\fr-BE\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\fr-CA\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\fr-CD\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\fr-CH\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\fr-CI\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\fr-CM\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\fr-FR\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\fr-HT\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\fr-LU\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\fr-MA\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\fr-MC\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\fr-ML\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\fr-RE\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\fr-SN\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\gl-ES\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ha-Latn-NG\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\he-IL\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\hi-IN\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\hr-BA\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\hr-HR\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\hu-HU\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\hy-AM\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\id-ID\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\it-CH\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\it-IT\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ka-GE\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\kk-KZ\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\lt-LT\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\lv-LV\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\mk-MK\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ms-BN\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ms-MY\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\nb-NO\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\nl-BE\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\nl-NL\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\pl-PL\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\pt-BR\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\pt-PT\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ro-MD\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ro-RO\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ru-RU\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\sk-SK\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\sl-SI\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\sq-AL\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\sr-Cyrl-BA\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\sr-Cyrl-ME\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\sr-Cyrl-RS\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\sr-Latn-BA\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\sr-Latn-ME\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\sr-Latn-RS\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\sv-FI\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\sv-SE\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\tr-TR\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\uk-UA\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\uz-Latn-UZ\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\InputPersonalization\TrainedDataStore\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\CacheStorage\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\EmieSiteList\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\EmieUserList\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\IECompatData\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\TabRoaming\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Tracking Protection\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\12x02cr\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\osplltc\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Media Player\Sync Playlists\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\000183B2\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Office\DLP\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Office\Licenses\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Office\Licenses\5\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\setup\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\adm\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\af\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\amd64\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\am-ET\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ar\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\arm64\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\as-IN\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\az-Latn-AZ\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\be\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\bg\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\bn-BD\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\bn-IN\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\bs-Latn-BA\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ca\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ca-Es-VALENCIA\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\cs\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\cy-GB\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\da\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\de\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\el\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\en\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\en-GB\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\en-US\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\es\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\et\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\eu\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\fa\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\fi\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\fil-PH\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\fr\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ga-IE\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\gd\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\gl\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\gu\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ha-Latn-NG\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\he\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\hi\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\hr\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\hu\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\hy\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\id\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\imageformats\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ig-NG\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\images\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\IRMProtectors\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\is\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\it\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ja\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ka\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\kk\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\km-KH\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\kn\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ko\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\kok\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ku-Arab\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ky\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\lb-LU\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\lt\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\lv\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\mi-NZ\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\mk\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ml-IN\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\mn\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\mr\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ms\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\mt-MT\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\nb-NO\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ne-NP\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\nl\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\nn-NO\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\nso-ZA\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\or-IN\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\pa\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\pa-Arab-PK\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\pl\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\platforms\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\prs-AF\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\pt-BR\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\pt-PT\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\qml\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\quc\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\quz-PE\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ro\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ru\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\rw\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\sd-Arab-PK\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\si-LK\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\sk\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\sl\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\sq\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\sr-Cyrl-BA\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\sr-Cyrl-RS\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\sr-Latn-RS\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\sv\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\sw\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ta\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\te\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\tg\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\th\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ti\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\tk-TM\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\tn-ZA\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\tr\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\tt\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ug\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\uk\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ur\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\uz-Latn-UZ\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\vi\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\wo\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\xh-ZA\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\yo-NG\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\zh-CN\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\zh-TW\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\zu-ZA\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\adm\de\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\adm\es\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\adm\fr\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\adm\hu\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\adm\it\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\adm\ja\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\adm\ko\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\adm\nl\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\adm\pl\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\adm\pt-BR\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\adm\pt-PT\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\adm\ru\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\adm\sv\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\adm\tr\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\adm\zh-CN\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\adm\zh-TW\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\qml\QtQuick\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\qml\QtQuick.2\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\qml\QtQuick\Controls\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\qml\QtQuick\Controls.2\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\qml\QtQuick\Extras\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\qml\QtQuick\Layouts\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\qml\QtQuick\Templates.2\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\qml\QtQuick\Window.2\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\qml\QtQuick\Controls\Styles\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\qml\QtQuick\Controls\Styles\Flat\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\setup\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\setup\logs\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\Backup\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\PlayReady\Internet Explorer\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\PlayReady\Internet Explorer\Desktop\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\PlayReady\Internet Explorer\InPrivate\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\PlayReady\Internet Explorer\InPrivate\Desktop\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Vault\UserProfileRoaming\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\0\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\1033\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\AppCache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\Application Shortcuts\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\Caches\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\CloudStore\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\GameExplorer\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\History\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\IECompatCache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\IECompatUaCache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\IEDownloadHistory\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\Notifications\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\Ringtones\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\RoamingTiles\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\SettingSync\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\Shell\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\*.*" "*.exe"

C:\Users\Admin\Downloads\MrsMajor 3.0.exe

"C:\Users\Admin\Downloads\MrsMajor 3.0.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\AppCache\R8RIK1HY\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn1\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn2\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\NotifyIcon\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\History\History.IE5\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\History\Low\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012023022020230221\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\IECompatCache\Low\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\IECompatUaCache\Low\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.IE5\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.Word\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Low\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Virtualized\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1IYUAPIF\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S1Q31HZS\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\TUIJN6ZA\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\YYL8D8JJ\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\DNTException\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\ESE\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\Low\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\PrivacIE\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\DNTException\Low\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\PrivacIE\Low\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\Notifications\wpnidm\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group1\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group2\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group3\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows Sidebar\Gadgets\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\WindowsApps\Backup\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\WindowsApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Mozilla\Firefox\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.Admin\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\safebrowsing\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\settings\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\startupCache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\thumbnails\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\doomed\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\entries\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\settings\main\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\settings\main\ms-language-packs\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\settings\main\ms-language-packs\browser\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\settings\main\ms-language-packs\browser\newtab\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\ActiveSync\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.Win32WebViewHost_cw5n1h2txyewy\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.NarratorQuickStart_8wekyb3d8bbwe\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\windows_ie_ac_001\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\AC\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\AppData\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\LocalCache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\LocalState\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\RoamingState\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\Settings\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\SystemAppData\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\TempState\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\AC\INetCache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\AC\INetCookies\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\AC\INetHistory\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\AC\Temp\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\ActiveSync\LocalState\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\AC\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\AppData\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\LocalCache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\LocalState\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\RoamingState\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\Settings\*.*" "*.exe"

C:\Users\Admin\Downloads\MrsMajor 3.0.exe

"C:\Users\Admin\Downloads\MrsMajor 3.0.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\SystemAppData\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\TempState\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\AC\INetCache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\AC\INetCookies\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\AC\INetHistory\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\AC\Temp\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\AC\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\AppData\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\LocalCache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\LocalState\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\RoamingState\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\Settings\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\SystemAppData\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\TempState\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\AC\INetCache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\AC\INetCookies\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\AC\INetHistory\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\AC\Temp\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\AC\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\AppData\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\LocalCache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\LocalState\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\RoamingState\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\Settings\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\SystemAppData\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\TempState\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\AC\INetCache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\AC\INetCookies\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\AC\INetHistory\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\AC\Temp\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AC\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AppData\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\LocalCache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\LocalState\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\RoamingState\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\SystemAppData\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\TempState\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AC\INetCache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AC\INetCookies\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AC\INetHistory\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AC\Temp\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\AC\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\AppData\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\LocalCache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\LocalState\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\RoamingState\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\SystemAppData\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\TempState\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\AC\INetCache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\AC\INetCookies\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\AC\INetHistory\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\AC\Temp\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\AC\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\AppData\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\LocalCache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\LocalState\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\RoamingState\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\Settings\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\SystemAppData\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\TempState\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\AC\INetCache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\AC\INetCookies\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\AC\INetHistory\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\AC\Temp\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\AC\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\AppData\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\LocalCache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\LocalState\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\RoamingState\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\SystemAppData\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\TempState\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\AC\INetCache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\AC\INetCookies\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\AC\INetHistory\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\AC\Temp\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\AC\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\AppData\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\LocalCache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\LocalState\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\RoamingState\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\Settings\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\SystemAppData\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\TempState\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\AC\INetCache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\AC\INetCookies\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\AC\INetHistory\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\AC\Temp\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\AC\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\AppData\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\LocalCache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\LocalState\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\RoamingState\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\Settings\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\SystemAppData\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\TempState\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\AC\INetCache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\AC\INetCookies\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\AC\INetHistory\*.*" "*.exe"

C:\Users\Admin\Desktop\WriteConvertTo.exe

"C:\Users\Admin\Desktop\WriteConvertTo.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\AC\Temp\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\AC\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\AppData\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\LocalCache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\LocalState\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\RoamingState\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\SystemAppData\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\TempState\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\AC\INetCache\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\AC\INetCookies\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\AC\INetHistory\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\AC\Temp\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\AC\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\AppData\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\LocalCache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\LocalState\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\RoamingState\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\Settings\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\SystemAppData\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\TempState\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\AC\INetCache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\AC\INetCookies\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\AC\INetHistory\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\AC\Temp\*.*" "*.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 52.194.44.20.in-addr.arpa udp
US 93.184.221.240:80 tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.209.218.23.in-addr.arpa udp
US 8.8.8.8:53 84.150.43.20.in-addr.arpa udp
US 8.8.8.8:53 64.13.109.52.in-addr.arpa udp
US 93.184.221.240:80 tcp
US 8.8.8.8:53 6.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 assets.msn.com udp
DE 2.16.241.76:443 assets.msn.com tcp
US 8.8.8.8:53 76.241.16.2.in-addr.arpa udp
US 8.8.8.8:53 250.255.255.239.in-addr.arpa udp
US 8.8.8.8:53 163.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 100.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
NL 172.217.168.206:443 apis.google.com tcp
US 8.8.8.8:53 206.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
NL 142.251.36.46:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 46.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 mail.google.com udp
NL 172.217.168.197:443 mail.google.com tcp
NL 172.217.168.197:443 mail.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 197.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
NL 142.250.179.206:443 play.google.com tcp
US 8.8.8.8:53 csp.withgoogle.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
NL 142.250.179.145:443 csp.withgoogle.com tcp
NL 142.250.179.193:443 lh3.googleusercontent.com tcp
NL 142.250.179.193:443 lh3.googleusercontent.com udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 206.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 145.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 200.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 193.179.250.142.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
NL 142.250.179.138:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
NL 142.250.179.206:443 accounts.youtube.com udp
US 8.8.8.8:53 138.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 id.google.com udp
NL 142.251.36.3:443 id.google.com tcp
US 8.8.8.8:53 3.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.250.179.214:443 i.ytimg.com tcp
NL 172.217.168.206:443 apis.google.com udp
NL 142.250.179.206:443 accounts.youtube.com udp
US 8.8.8.8:53 214.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
NL 142.250.179.198:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
NL 172.217.168.202:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 lens.google.com udp
NL 142.251.39.110:443 lens.google.com tcp
US 8.8.8.8:53 198.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 202.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 110.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 226.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
IN 20.207.73.82:443 github.com tcp
IN 20.207.73.82:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 8.8.8.8:53 82.73.207.20.in-addr.arpa udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.114.21:443 collector.github.com tcp
US 140.82.114.21:443 collector.github.com tcp
IN 20.207.73.85:443 api.github.com tcp
US 8.8.8.8:53 21.114.82.140.in-addr.arpa udp
US 8.8.8.8:53 85.73.207.20.in-addr.arpa udp
US 8.8.8.8:53 drive.google.com udp
US 8.8.8.8:53 doc-0o-6c-docs.googleusercontent.com udp
NL 142.250.179.193:443 doc-0o-6c-docs.googleusercontent.com udp
NL 142.251.36.46:443 drive.google.com udp
US 8.8.8.8:53 objects.githubusercontent.com udp
NL 142.251.36.46:443 drive.google.com udp
US 8.8.8.8:53 github.com udp
IN 20.207.73.82:443 github.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.133:443 objects.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 185.199.108.133:443 objects.githubusercontent.com tcp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 api.github.com udp
US 140.82.113.21:443 collector.github.com tcp
IN 20.207.73.85:443 api.github.com tcp
US 8.8.8.8:53 21.113.82.140.in-addr.arpa udp
US 185.199.108.154:443 github.githubassets.com tcp
NL 142.250.179.138:443 jnn-pa.googleapis.com udp
NL 142.250.179.138:443 jnn-pa.googleapis.com tcp
NL 142.251.36.46:443 drive.google.com udp
NL 142.251.36.46:443 drive.google.com tcp
US 8.8.8.8:53 doc-0c-6c-docs.googleusercontent.com udp
NL 142.250.179.193:443 doc-0c-6c-docs.googleusercontent.com udp
US 8.8.8.8:53 wmploc.dll udp
US 8.8.8.8:53 c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 216.58.214.3:443 beacons.gcp.gvt2.com tcp
NL 216.58.214.3:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 3.214.58.216.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 2f16dc1c0011a2495076e341841dd656
SHA1 6bc25595527e5f27c893f2f140fcd9591e3daa14
SHA256 6185971cce6829fb948a30d0d3406db1d389715886083de1d4a14b9f792aea5b
SHA512 12809c2bc1c0e13cff57aea4c09d51796aa5303857298830b91aeaff3e9384905b8ce3596456c44e9506f088f845e73f952620bb896b1196e86c2d18eb257839

\??\pipe\crashpad_64_TIBMDFQLAEFNQJKF

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 06d23f5ba3426bdecff461da739919bd
SHA1 303fe3bc76c7253e2add5aecc6c6b1c324d287b2
SHA256 213691c7ffdff4a620253d06b6277dbd672af29a4b446c5d0af57f806b3dcf64
SHA512 c9cf689f552003cdb5b8bb27620aaed1cc4fa520d0b97763dfb17dc8f295b6a5d08c1f8492fef6250473cf62e30dec14dbe87474b6349e9a16bb46ddf03a9fdb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 342137e140a8f04da6b3f12b8f73318f
SHA1 51b39501d37292eed15ec4de3c1cfaf492663d3a
SHA256 e75412b0ee4c39b44f18c741f56eefc67d195df4ee3f965075630303fa5d3c11
SHA512 70b53e7a04c26dfdf12054652e9287978680b809356cf7accbed6b84bb298adc7c89435a9980bcd09469d787ff5c2e30a83d572b29171c24ac0cacfdbefecff3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 4ebc570ee8f5fdc195ec374e88e8f746
SHA1 4d2c35a7cfd60c0735e3ae3fcb538f93eff2cedd
SHA256 49daddb76d41fa560b745938f815071dce4ad957072b8feba22aa12263dedad9
SHA512 ff5d930200d8b4a1e41fd1eebab3a191ea472c2475ac5ad655343649d62661478cfa9e8ae2ae9b81dab66b2cd058906ae54d904ed67138ba3c8d29d89270508f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 031da7c233e03e94f8786809d9f75546
SHA1 7da427103006412e1a1a32a1e6bb8c725607d1af
SHA256 0a90b263813ae49127da9cbddf364ee86d74a8274c2e26ca6ce31ef696a7fdd9
SHA512 689570358397eab9d28eae08147258d90691d7f822fe16e1fef52ffd4272a2278fe6ecae9c9976560b3730c6978a7636d74a9fd89d5dea41f907f6de34757b0e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7b773e037b4d78549aa8a664299b5d4e
SHA1 bea3b5058280406e0184d41fbc3b176e17e68a5b
SHA256 aab44a12d04bf176bc6330b3f15857973d43338a11e5f9b81690c6884450d1d7
SHA512 006c0b5afc3225167b51ddfc94f6cac3ddb787126798d9d95cc2a8430578bf35f4b4d0b361ec08d371d83fa9b1b2d613d900ae09c93751a33dffa70c39221e91

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c86672ad3135f1ce063985e81927bc27
SHA1 ba861940dd17ce01e9a04327bb5ee5bdea4dd6b6
SHA256 add3e9c745db58e4e55e6300e90942e750a208d7f1e76e1d10443b9632356e0e
SHA512 4a8f09875ff1b8ca346ac9c6f553f412adfa366ec8fd4139bd5745d3b91e45fae734042654da507d4e924ae8ae4b70202d9fe01580145029c84ec28becbb876b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f4b62794f97ad2db8046c09fc8b611bf
SHA1 5e8f1f835f1195d5d0c790205ddbc8fcc886444e
SHA256 bbbb8cf2138462227ddda66ffebfa181dc9a8647d61f7b196caf3154ed7ac20b
SHA512 5d612d366888e7267538d98b0e64ab33673d7048d164b1dfb3a930f7a51cd28367d4a30859c306438ab760ea2e098160211f1bee7df476c31c989bac5e67caaa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

MD5 47ae9b25af86702d77c7895ac6f6b57c
SHA1 f56f78729b99247a975620a1103cac3ee9f313a5
SHA256 9bde79a1b0866f68d6baa43f920e971b5feb35a8e0af7ffadc114366f8538224
SHA512 72b5296e3dd1c5b4c42d8c3e4a56693819779167b9f02bc2d5f5a626b519a9cf10bee59846d614c929c42094b65d13039f6024f6cb1c023e740969aaefd060c4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 ae1bccd6831ebfe5ad03b482ee266e4f
SHA1 01f4179f48f1af383b275d7ee338dd160b6f558a
SHA256 1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649
SHA512 baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5df31d.TMP

MD5 13436f3855223bb7c97364f8b0d9d7cc
SHA1 3fca53c17c1998774ddc41cc740ade7b5490fe1a
SHA256 372fd89a50418036479564586877e2b719d13a78e1d8b8d5f36c2af43bb5cdcf
SHA512 3e00a49042dd12dcdc735736ed4090e665164e2b46201d79af0875ec7c88714a711705a0745da7cc0a9966efe327de1fa62e3dd9ee7ae30568bf35ab8fe4a1be

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 94050452d9308b20ee91495458370271
SHA1 9960ff65ad36218f78081db9e149db5074920d58
SHA256 e6fa901a3efdfd3b8a8010033c96e940ec99677fc2dba78f1c4842031f144f36
SHA512 327c510a451d6052271570d1e36a60ecac352395789137be7aea9ca8c27be117db53c135c59a17a6863c9866529693db902fd3e4f0186fe2c5724237882fd870

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2689c24157c58c7e38e3f7e50d634325
SHA1 5ea6980f842deac939b4e2fe14ed4aac9b48c27a
SHA256 4099ca61feca43c2e408410dc310ca2942ae7e6fc5fb62dbb0c8be872b2ef999
SHA512 04f258aa36bc23b2b1e2186f569900df0106222d423a2d686843c8825e7e2f2bbef8254cdcd8837d0e2dc109d8ce64be29e5e11bf80b9734cbd6ef0cfed88c08

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 ec6002f2e685b87f6e70c7b433cd90c0
SHA1 c989f60449ca6246d9b8c43425ff8a61e6f51517
SHA256 6cc8f6950565efa8a341ef4fdb20b0a1331d0673861dde3a6c0c035875e05986
SHA512 1b0312610057a46fbff58f5497f81e9d10cb85176b8472548be4759aed318fd445f8837f691587aff2e15ec7f7a851485d9785c80f6442354b4e3363ed17eca4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5e19df.TMP

MD5 8abba822d100688b33825a7e33b18d93
SHA1 d09eb411e75caf9060d299544928a912b2c61ce6
SHA256 82b1ef3b74fa36a9d14a18bbd08d0b31fdf65f350627bd58d1c67859896fe167
SHA512 c4b95986ae749ebc58423dcdf1ea247b55211255f8b216740e0d6bd9e2e4fbd4b9356f85fb97b8cd8fb1a1696f495142afcb66868295a2ab892a3099ef53b110

C:\Users\Admin\Downloads\MrsMajor 3.0.7z.crdownload

MD5 fedb45ddbd72fc70a81c789763038d81
SHA1 f1ed20c626d0a7ca2808ed768e7d7b319bc4c84a
SHA256 eacd5ed86a8ddd368a1089c7b97b791258e3eeb89c76c6da829b58d469f654b2
SHA512 813c0367f3aeceea9be02ffad4bfa8092ea44b428e68db8f3f33e45e4e5e53599d985fa79a708679b6957cbd04d9b9d67b288137fa71ac5a59e917b8792c8298

C:\Users\Admin\Downloads\NRVP.exe

MD5 707d5ee2926ad6b66269939998b97bdc
SHA1 7d782e13e7c692b35b67e3a2f819ec3fa7e8de5c
SHA256 9f16bde693d793d6285d03f61639d336d1cc24073350f3ba1a3be9e3579f41be
SHA512 84cc41e8e33237d12de0752257bd59ca1209f17d8c0b6a27a0462ecddf26c988f36d741ab4515029d0b3698eedf453c0eea2e85bb1076703f9f579a41b1f82fd

C:\Users\Admin\Downloads\NRVP.exe

MD5 707d5ee2926ad6b66269939998b97bdc
SHA1 7d782e13e7c692b35b67e3a2f819ec3fa7e8de5c
SHA256 9f16bde693d793d6285d03f61639d336d1cc24073350f3ba1a3be9e3579f41be
SHA512 84cc41e8e33237d12de0752257bd59ca1209f17d8c0b6a27a0462ecddf26c988f36d741ab4515029d0b3698eedf453c0eea2e85bb1076703f9f579a41b1f82fd

C:\Users\Admin\Downloads\NRVP.exe

MD5 707d5ee2926ad6b66269939998b97bdc
SHA1 7d782e13e7c692b35b67e3a2f819ec3fa7e8de5c
SHA256 9f16bde693d793d6285d03f61639d336d1cc24073350f3ba1a3be9e3579f41be
SHA512 84cc41e8e33237d12de0752257bd59ca1209f17d8c0b6a27a0462ecddf26c988f36d741ab4515029d0b3698eedf453c0eea2e85bb1076703f9f579a41b1f82fd

memory/1336-529-0x00000000007A0000-0x00000000007A8000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9c253443a23c8c6eb22748ed3f30dab3
SHA1 acae3fe615a4966aa9824930de6c86fe200b0f31
SHA256 b84edf3cc1a34743512e465a19ee9de18f8eb3d5ae7eaf61676d4072997911a5
SHA512 5684846d9fcb13b6d7bb064fd6563aab13e4be4b874b00f1e68d62139aef46d460dcd87e01c4792e886f6930db4ebccd36a7193e1aee808facc55ee2aeea04cf

C:\Users\Admin\AppData\Local\Temp\NRVP590\.hta

MD5 43e1cb7107abfae94fb28b43ed40d589
SHA1 0fc1d8b4d89b0bd9d6f924892f1df63e191d3d74
SHA256 f18a7f7bee15560e5ed5fad44c2304151d30207a2d33206ad3bc2484662cfcf5
SHA512 ed4e3a007b69c0801da5fcf249d786f7d27fcf8958b388a4a775f48d7578b47f78c947092a2df2cd0f9f406e7b7299fbc7867b4cf4d8c9065359319f69721282

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ac73c66084883c0e707dd0d98ade36e4
SHA1 68737d5c816e5fa543eb7ffd8509f7667cc2f683
SHA256 9dd45f7d366d62c19f6ce5022a6065169d6ee56d55ac875f55c0aa1ffe8207b9
SHA512 5644022f194c87c61df24b8e4c6f00aff6d9483d6a01c167edf59c02b9e8ac764df62b32e56c7d28520b1ba48b83d8a465a895f1390aed34e9cb3d81434b6660

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ae0a8f76eedf6761a9c199bea72320b5
SHA1 924154fa8e0d7810c39ff634f46972ae18b80f25
SHA256 c676be0fe6596b9d62acefe3a0f80be670db6c82fe42a44e7ee9ba2c6803eada
SHA512 2babbdef196245576f5705ece219a22b9c3921017574f9e5e2b34487e4f3b32b87747ae2dc6eb038af31d287d9994bbc126169d2ca44f5dae11e788cde91db9d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 b5310f6197aa055a2d500b60502bc7b5
SHA1 40c42b6900dd02d0ce7b69530958436b6d1d2bc5
SHA256 8fb51f83702020ffac031cebd0d2453d7fedd900541e931769b007497bd20382
SHA512 0f5fc0cf686e8cdff1a94d4e4d0f14b17645bca423f9dcaac0868e6270141c4f5754372bda2ab7506c0a6291d22dc6936c612f52232e932854c8ca5d814a2fe3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 a9bf92c67bceae6993e72185fcf1b273
SHA1 cbbeb21163b1e36f54c1d3b89fff318d25b95006
SHA256 a88e405f3c486ec92abe6994df02591346a7d090ebdbd26c807ee44499119801
SHA512 52b9642d4ab14403aa7a113ede2a2d85bf15603f5d36139673a77279d9de53a593176ae5c3c614eaf81bbf3d2229d1a3a772eb9286050eb2eb23d96ff5cbba21

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 2b150a1917912a92a50a911fc016686d
SHA1 339e7e48796f583e452af675e3e52c7456a3b198
SHA256 a12f06f5da67e439be5fb8b50c5e42638695a063d1890087a6739f9992ad8714
SHA512 16feb113f4b034feaac9c35d6020eed34b8541b787f53251f9dfa7e94f6858fa1e91e428be45681320f4c86581f5bf716600ffdb45dcd7e449908eed20bded8b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c3070def907702e814377ffa8079b8f9
SHA1 c686308db2c2ee6401d6b97db17745c15e39ded9
SHA256 695824558a027eaefc38914e35cdaebfcfe328ca8025118766ca434aef765084
SHA512 3554206091c841812edcaee234771df819729e49cfc67370b45083f32b22b9ac8d9294ac4abdea1ca81db5bc34108e8758aac4a68c1210565dd48b3b012afba3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fc0d8a1fd1bb352afea82308c8529257
SHA1 6b5e4c9c04b9bbe1c2634c38a4ce40563c7d430a
SHA256 f655355f86c935299e2163e06224a9f751d5dfbd55649f12950a5208b391fc46
SHA512 f4dea400db00d353c15f822a86880ab381017a8e7f2b18b397f28ee08cd92b846d2599f243b4899fdad36ec2b26015c9dd64ac6db1b2f4ab1b523a80273df552

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 5771c9b9f6e9e6c30c96fd388a7a12e0
SHA1 d481c86bc8fbab5197bf6162edb40eb07ff4428f
SHA256 da12c4cc1ebd71b196fa55f9c350843c411ab1808fd7cd21df9dcb15933e8826
SHA512 1380014db39d64d7bef9494a5f1152df5839f957150e4c7920c8eebfe8ae93770a8187713595268d9d2fd44435124b32188e04af57c9745137174caf7f6d2d0b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

MD5 5aefc5f9e62acd9c55678544618242e9
SHA1 c04f4c1146ddaeb510d531574e5b80deaa05b7f1
SHA256 310f7e79218d112bf01d986091e9b1aeab7d6ac99643ae69ce6b04706eaf2706
SHA512 00a524ad13d52e508e7014e8101c126f62f532adf0f007748306e0ee6c4fecac9a6d68b2d17fd134fa224419dd150349d7e436edd56612f20fc17aa1f97ffdf5

C:\Users\Admin\Downloads\MrsMajor 3.0.7z

MD5 fedb45ddbd72fc70a81c789763038d81
SHA1 f1ed20c626d0a7ca2808ed768e7d7b319bc4c84a
SHA256 eacd5ed86a8ddd368a1089c7b97b791258e3eeb89c76c6da829b58d469f654b2
SHA512 813c0367f3aeceea9be02ffad4bfa8092ea44b428e68db8f3f33e45e4e5e53599d985fa79a708679b6957cbd04d9b9d67b288137fa71ac5a59e917b8792c8298

C:\Users\Admin\Downloads\MrsMajor 3.0.exe

MD5 35a27d088cd5be278629fae37d464182
SHA1 d5a291fadead1f2a0cf35082012fe6f4bf22a3ab
SHA256 4a75f2db1dbd3c1218bb9994b7e1c690c4edd4e0c1a675de8d2a127611173e69
SHA512 eb0be3026321864bd5bcf53b88dc951711d8c0b4bcbd46800b90ca5116a56dba22452530e29f3ccbbcc43d943bdefc8ed8ca2d31ba2e7e5f0e594f74adba4ab5

C:\Users\Admin\Downloads\MrsMajor 3.0.exe

MD5 35a27d088cd5be278629fae37d464182
SHA1 d5a291fadead1f2a0cf35082012fe6f4bf22a3ab
SHA256 4a75f2db1dbd3c1218bb9994b7e1c690c4edd4e0c1a675de8d2a127611173e69
SHA512 eb0be3026321864bd5bcf53b88dc951711d8c0b4bcbd46800b90ca5116a56dba22452530e29f3ccbbcc43d943bdefc8ed8ca2d31ba2e7e5f0e594f74adba4ab5

C:\Users\Admin\AppData\Local\Temp\DDDB.tmp\DDDC.tmp\DDDD.vbs

MD5 3b8696ecbb737aad2a763c4eaf62c247
SHA1 4a2d7a2d61d3f4c414b4e5d2933cd404b8f126e5
SHA256 ce95f7eea8b303bc23cfd6e41748ad4e7b5e0f0f1d3bdf390eadb1e354915569
SHA512 713d9697b892b9dd892537e8a01eab8d0265ebf64867c8beecf7a744321257c2a5c11d4de18fcb486bb69f199422ce3cab8b6afdbe880481c47b06ba8f335beb

C:\Users\Admin\AppData\Local\Temp\DDDB.tmp\eulascr.exe

MD5 8b1c352450e480d9320fce5e6f2c8713
SHA1 d6bd88bf33de7c5d4e68b233c37cc1540c97bd3a
SHA256 2c343174231b55e463ca044d19d47bd5842793c15954583eb340bfd95628516e
SHA512 2d8e43b1021da08ed1bf5aff110159e6bc10478102c024371302ccfce595e77fd76794658617b5b52f9a50190db250c1ba486d247d9cd69e4732a768edbb4cbc

C:\Users\Admin\AppData\Local\Temp\DDDB.tmp\eulascr.exe

MD5 8b1c352450e480d9320fce5e6f2c8713
SHA1 d6bd88bf33de7c5d4e68b233c37cc1540c97bd3a
SHA256 2c343174231b55e463ca044d19d47bd5842793c15954583eb340bfd95628516e
SHA512 2d8e43b1021da08ed1bf5aff110159e6bc10478102c024371302ccfce595e77fd76794658617b5b52f9a50190db250c1ba486d247d9cd69e4732a768edbb4cbc

memory/3668-706-0x00000000004E0000-0x000000000050A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\5a530dfd-bc51-4992-a05d-f09d41a331d4\AgileDotNetRT64.dll

MD5 42b2c266e49a3acd346b91e3b0e638c0
SHA1 2bc52134f03fcc51cb4e0f6c7cf70646b4df7dd1
SHA256 adeed015f06efa363d504a18acb671b1db4b20b23664a55c9bc28aef3283ca29
SHA512 770822fd681a1d98afe03f6fbe5f116321b54c8e2989fb07491811fd29fca5b666f1adf4c6900823af1271e342cacc9293e9db307c4eef852d1a253b00347a81

C:\Users\Admin\AppData\Local\Temp\5a530dfd-bc51-4992-a05d-f09d41a331d4\AgileDotNetRT64.dll

MD5 42b2c266e49a3acd346b91e3b0e638c0
SHA1 2bc52134f03fcc51cb4e0f6c7cf70646b4df7dd1
SHA256 adeed015f06efa363d504a18acb671b1db4b20b23664a55c9bc28aef3283ca29
SHA512 770822fd681a1d98afe03f6fbe5f116321b54c8e2989fb07491811fd29fca5b666f1adf4c6900823af1271e342cacc9293e9db307c4eef852d1a253b00347a81

memory/3668-713-0x00007FFE71D20000-0x00007FFE71E6E000-memory.dmp

memory/3668-714-0x000000001B310000-0x000000001B320000-memory.dmp

memory/3668-715-0x000000001D720000-0x000000001D8E2000-memory.dmp

memory/3668-716-0x000000001DE20000-0x000000001E348000-memory.dmp

memory/3668-717-0x000000001B310000-0x000000001B320000-memory.dmp

memory/3668-718-0x000000001B310000-0x000000001B320000-memory.dmp

C:\Users\Admin\Downloads\MrsMajor 3.0.exe

MD5 35a27d088cd5be278629fae37d464182
SHA1 d5a291fadead1f2a0cf35082012fe6f4bf22a3ab
SHA256 4a75f2db1dbd3c1218bb9994b7e1c690c4edd4e0c1a675de8d2a127611173e69
SHA512 eb0be3026321864bd5bcf53b88dc951711d8c0b4bcbd46800b90ca5116a56dba22452530e29f3ccbbcc43d943bdefc8ed8ca2d31ba2e7e5f0e594f74adba4ab5

C:\Users\Admin\AppData\Local\Temp\4A8F.tmp\4A90.tmp\4A91.vbs

MD5 3b8696ecbb737aad2a763c4eaf62c247
SHA1 4a2d7a2d61d3f4c414b4e5d2933cd404b8f126e5
SHA256 ce95f7eea8b303bc23cfd6e41748ad4e7b5e0f0f1d3bdf390eadb1e354915569
SHA512 713d9697b892b9dd892537e8a01eab8d0265ebf64867c8beecf7a744321257c2a5c11d4de18fcb486bb69f199422ce3cab8b6afdbe880481c47b06ba8f335beb

C:\Users\Admin\AppData\Local\Temp\4A8F.tmp\eulascr.exe

MD5 8b1c352450e480d9320fce5e6f2c8713
SHA1 d6bd88bf33de7c5d4e68b233c37cc1540c97bd3a
SHA256 2c343174231b55e463ca044d19d47bd5842793c15954583eb340bfd95628516e
SHA512 2d8e43b1021da08ed1bf5aff110159e6bc10478102c024371302ccfce595e77fd76794658617b5b52f9a50190db250c1ba486d247d9cd69e4732a768edbb4cbc

C:\Users\Admin\AppData\Local\Temp\4A8F.tmp\eulascr.exe

MD5 8b1c352450e480d9320fce5e6f2c8713
SHA1 d6bd88bf33de7c5d4e68b233c37cc1540c97bd3a
SHA256 2c343174231b55e463ca044d19d47bd5842793c15954583eb340bfd95628516e
SHA512 2d8e43b1021da08ed1bf5aff110159e6bc10478102c024371302ccfce595e77fd76794658617b5b52f9a50190db250c1ba486d247d9cd69e4732a768edbb4cbc

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\eulascr.exe.log

MD5 8b325485d0cc4762f87c0857e27c0e35
SHA1 1514778327d7c7b705dbf14f22ff9d8bdfdca581
SHA256 c18709d3ab63bebbbeba0791cd188db4121be8007c896a655d7f68535026cadf
SHA512 9bf9da14e50301d68246dc9f3a21319a8fbfc866d5b57ee44cd9ed96c1a6dfecabcec06b66be5ec5625ff708d460e23d00849c581957ab84c4f2941cee07ff33

C:\Users\Admin\AppData\Local\Temp\5a530dfd-bc51-4992-a05d-f09d41a331d4\AgileDotNetRT64.dll

MD5 42b2c266e49a3acd346b91e3b0e638c0
SHA1 2bc52134f03fcc51cb4e0f6c7cf70646b4df7dd1
SHA256 adeed015f06efa363d504a18acb671b1db4b20b23664a55c9bc28aef3283ca29
SHA512 770822fd681a1d98afe03f6fbe5f116321b54c8e2989fb07491811fd29fca5b666f1adf4c6900823af1271e342cacc9293e9db307c4eef852d1a253b00347a81

C:\Users\Admin\AppData\Local\Temp\5a530dfd-bc51-4992-a05d-f09d41a331d4\AgileDotNetRT64.dll

MD5 42b2c266e49a3acd346b91e3b0e638c0
SHA1 2bc52134f03fcc51cb4e0f6c7cf70646b4df7dd1
SHA256 adeed015f06efa363d504a18acb671b1db4b20b23664a55c9bc28aef3283ca29
SHA512 770822fd681a1d98afe03f6fbe5f116321b54c8e2989fb07491811fd29fca5b666f1adf4c6900823af1271e342cacc9293e9db307c4eef852d1a253b00347a81

memory/3160-732-0x00007FFE71C70000-0x00007FFE71DBE000-memory.dmp

memory/3160-733-0x0000000002660000-0x0000000002670000-memory.dmp

memory/3160-734-0x0000000002660000-0x0000000002670000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma

MD5 d9a49a7d6d5ca840cf0f0e937007e278
SHA1 90197e483cc1bf8970cb6012997b1968f43d8e78
SHA256 183acf4a52e283da352ac2e3d51d43dbdd1534325f4585b6763a4ef38151b876
SHA512 142acbf150500db5f703b3e56c42895cb4374927f6e26adb02f090cf18e9797b8f4e34b7e621de6daf03093cc0a7df73cb4328525ac7a1a4f36e2b61dfde0642

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 d5aa436f438bef1f8801fe7aea488da4
SHA1 fe3fccaeaee75c2addcb31ddb74a609fa9e47873
SHA256 53e51ffd114b6690845f9206d0584783c37637db83a91286d25703a725d25200
SHA512 f4d08c551c6ff43c7136199806da7d6db8d3aed894d81f60123ac9021cad165d03052ac5f5b6b1feb92f67f590d06e40ba9871daabeacc80c3be392992c4f1ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 d5aa436f438bef1f8801fe7aea488da4
SHA1 fe3fccaeaee75c2addcb31ddb74a609fa9e47873
SHA256 53e51ffd114b6690845f9206d0584783c37637db83a91286d25703a725d25200
SHA512 f4d08c551c6ff43c7136199806da7d6db8d3aed894d81f60123ac9021cad165d03052ac5f5b6b1feb92f67f590d06e40ba9871daabeacc80c3be392992c4f1ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c3070def907702e814377ffa8079b8f9
SHA1 c686308db2c2ee6401d6b97db17745c15e39ded9
SHA256 695824558a027eaefc38914e35cdaebfcfe328ca8025118766ca434aef765084
SHA512 3554206091c841812edcaee234771df819729e49cfc67370b45083f32b22b9ac8d9294ac4abdea1ca81db5bc34108e8758aac4a68c1210565dd48b3b012afba3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 bc6142469cd7dadf107be9ad87ea4753
SHA1 72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c
SHA256 b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557
SHA512 47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

MD5 9eae63c7a967fc314dd311d9f46a45b7
SHA1 caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf
SHA256 4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d
SHA512 bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 875cc6f9141a5c93476be6970db1ab5f
SHA1 a546544c034c5d063391aaafed2365ee9f6cac3d
SHA256 89c0f9c432dd8f3e9f568c90626c804bd7ab76b557992c2b8048a569911abf67
SHA512 4ac3f06a79b7d6be3e76fb177582fc52af0fad234610103a926a26fb076e1f60f91f752c6952b8539eac1303d43700705f001aa2df48ed67ceab72d9f9eabeb9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 4ebc570ee8f5fdc195ec374e88e8f746
SHA1 4d2c35a7cfd60c0735e3ae3fcb538f93eff2cedd
SHA256 49daddb76d41fa560b745938f815071dce4ad957072b8feba22aa12263dedad9
SHA512 ff5d930200d8b4a1e41fd1eebab3a191ea472c2475ac5ad655343649d62661478cfa9e8ae2ae9b81dab66b2cd058906ae54d904ed67138ba3c8d29d89270508f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

MD5 34fc63e87d0eb536e1d98399b0e951d9
SHA1 9c20789c089323aae67f302855c9320c72ded26d
SHA256 a49813cfbb7a625261c2401f800f718c6691bc9cdc78a102549c6e493c1cf8aa
SHA512 7a67305eab34c0bf44700276113a78589760fee33c7b8834286e4708c93fb79f3dc25c962b1d41e96dd200fce0c039f6948a88efcad9a9c9a31a4a855010d2fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

MD5 d2177ccae16d86bb77798b7de90441cd
SHA1 f366fd3de8d0667e6e46bf556c60806c20f4b241
SHA256 f7d2f6c909c0fa7cc8c00016c5ec47bd5334c49edbe0c71bd1d90dd33de44fe5
SHA512 dbbe6ccd25f944d13380d07d78773a0d59113b11d67529f8b92a7e85cf99f4f4e6289e5e90809153fa5aff27457a5f30f1f227147733977fc6601dc5a52b201c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

MD5 d78d86a3b7ebf4589ebc8ebce2f32af0
SHA1 4fca3c641ded3984b8fd81f7f22971e62d0f1210
SHA256 26d3440123fe211f1c4278f98df2e4d20b74c6a3e7f6f9856d018d151bf68902
SHA512 a68d4934c06c4a60ecbe87697305b4fbc444aa25a3d58e90963f90d195c1006aa153cd811c06889e9450ef2bfc3d283d597ebbed78741a15b4867716f75f2840

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

MD5 db23ffbd0c8d44c34799b9e133500dc0
SHA1 75f42977a7b18e3301f43ff0e5f1a8c1e2753d5e
SHA256 5e5c6d1b385fcca93de194412675fde8b3a9c82bfbce97b1945118e1a7c9ba2e
SHA512 990b24ef507370c3020296bc82cef235a175b9a462aadaebb887924ea3ad353411f808cf08480131b4407560853c3c4a788a0df56bb44e86c962b62da4872779

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fc0d8a1fd1bb352afea82308c8529257
SHA1 6b5e4c9c04b9bbe1c2634c38a4ce40563c7d430a
SHA256 f655355f86c935299e2163e06224a9f751d5dfbd55649f12950a5208b391fc46
SHA512 f4dea400db00d353c15f822a86880ab381017a8e7f2b18b397f28ee08cd92b846d2599f243b4899fdad36ec2b26015c9dd64ac6db1b2f4ab1b523a80273df552

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

MD5 c8f387482617c676695a4821766d57f8
SHA1 e385122678cddfce76e508367954d9ed52e399d2
SHA256 952eda94609f26071c4d2993b459e9e35917d5a5efbbdeb78f5588cdc9494264
SHA512 fe8a7858f53252672c2f86317002c7310d1d25332cfa05ef1d23f155c3489da0381d32f8dabae84d04a3d9a99dc8ca6a9b1637ae5538271b9f5df0a5fa1b909e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

MD5 69c2c4a48b61c17a03b63da5a71703f3
SHA1 05c2a44bcaa745decf5601d7c4f9ef10f02dca87
SHA256 cc3c36efcadec41f027010fdd901669b1d1aaea93d1be744521d13776d418347
SHA512 61f8bee269d0ad14c9354ec450e64c8d7c5dedbda333a64293a2bcd1e308693925c66bc5ced96914d2883def160ad26bab613e1d899378d9595e8b8a451e499c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 9fe1421bde419322bd1a45b6abfb92fa
SHA1 840b54b380afc116fad8ff76741b37288d71e291
SHA256 9e5fc06f0851c31973f53eccbbc1436f2cdb3ecea1c8b78b5d3a69754a3a0399
SHA512 177766eadd9e0df42c0c5d12b09789a83b363d4b2ec0f675f7ebcc6f74248e8d4c89368f7c4c52aaccc4d03c9bc06dda9dd84460111288e7f48c420efa0ce0b5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e14a020e961a1a5348a10aa9dfc68475
SHA1 705bcd488c3b7995154f882625bf611506675b3a
SHA256 dd6d34c3dfa8742c6ab6671350142376c6fe689096ab0e605a31e18fab09c694
SHA512 14a7313ecb26631112573712a91ae34c7d48288aa9374dcae0b3ef75c8e5b9fa9838f3c62caf04184a97aa61b4735d3a71e90bdc7f8b377ac2e44b2c9a2fd532

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c02f37403b57b3ea50e382e27ae3f595
SHA1 3b2c268ec39b6c3619e16338a46a0b6490fb1080
SHA256 84fbd31bf5f72be00b2f8e02ab6b8eb2e92051063024bee28fd118866ff05788
SHA512 d0d568a8a3e0e3ef78a7f114b160285d3143ca47258768c23396992258ee720530b1bc22d180eb33a186c3074c3f693f17803c22004219a782578191fe80a33a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 39884eccfc1ce4fdc1b1b59b5d124a8f
SHA1 ebaefe1b04f321d4fbdda274e779a389fcdf578c
SHA256 a418a9260b609359988b26fc5669b18f7e40167e2976d70896b2101c5f61b1c7
SHA512 86394a12300f65b05f8063e3b23733a351f532b06d9634321a9426c644ab9d398ac77244e32d9b432cb30dabcd936d17cd9a9f03028c32f9c13ece5bef4825b1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0577d44d5d75ae49e0d6259a9dcd2fc5
SHA1 dd2cd2902d5b2cec74f7243f71585ccbf683ecc6
SHA256 1ecbdc1dd3553613f558341c89b7a51ecaeeedb92b875da2039fa25deb2a77d0
SHA512 f94f3668b5e4e280c09766c059644da598430377e96bd3c1a757216ec4106e9bcf42fe5fcf098a4c0cc9443d3daf2fb60c2b1e33417f2a52c60e90073a9eee81

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 313aaa42b3a144fe99371b810b4e6923
SHA1 06e104dce81deb6338cd03970d6f85d47c221a85
SHA256 be70718f1321f089d5fe77ce9ca9c2f72e79f19f1288a1a2e27f6e8e071e9b06
SHA512 deaffcb94b96de03d2bed8967bb291dadd170d9948a7b800a26d22ec0cca720a6975af741fabad7212ddf8949e9aaa6c283d086aae9c2d75013a4649dc7d4a68

C:\Users\Admin\Downloads\BUG32.rar.crdownload

MD5 bb3451472e92540643074f3046a58288
SHA1 709f6cf0c6504dd2052ab7fc7f67e0230f77a203
SHA256 0b1d32d337881347c6451823ac5469568e8ed4f46692f50b52d70391ebfb672e
SHA512 a4a3035c21bb1eabc71ace4b67b015d15f839168fb8bca1b9528a35b2effc0c95b78b31edc2c54ceb52a3a3d8cf3797280c556ebe6912b7805d77dcf1eb8592c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9d06bbfcacd95d5991953c58052a1108
SHA1 8a4c2b959e061ae357fcad619e6282e3f049f083
SHA256 77235537281ceae3457c7ee6cafa12e10e73d46bce8635b4cb7d5fe3da7f9619
SHA512 4ad91ea4f2db54e0d36c7399d17ebc797a42233db19443886357655636659e9967ebb989f94b8553c4469f5f5fb4995e7839c09a86ff7737d6e04f68c2b985e5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d4a999a228121b26fc26c4746a6803ed
SHA1 e85dbab65504bd74235840b9db0328a6c724cc4f
SHA256 ffce09ae4ec47767ff28f8a54c2e51cbb79e8f6deb69c9b452e577c659915499
SHA512 4dbea5e57fc352156f8b600742e328a58376c298a0570e7ce24edcd13377ecc447545be27c10a8587b30cf260f51b489421dcec821ef31ed609b16c4b66c9fe4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3a477be0a0cd460c97b06d048cc8b05e
SHA1 dc47301b54ecc0ad428ef1ae4e3f3cca740dc7ec
SHA256 a6305a8960f6e907fa4244fccca8d3b43ea74809f546026bd025e223c5491fcd
SHA512 e8b3c51f21c5c87a9c42ca59cc1e01f3b25451132e6cc9d6d2e9c9ce7830e86cd6530efba84a104808708176028b32606537094468014ae47e5776d699f082ba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 661027bf6657eb01e6cb0d4e5e57d598
SHA1 8928d1ad32ef570a8b012ac8a919562865713cbf
SHA256 1846eb6cf85b32061ca241d6b13ca753a1c15b1835c771f0cb2de30b909c2ce8
SHA512 5352aaf445d6a2c6d53b8616a521bd72523ba000aa81522f83257e41533eff54ee42fcff4539f1b091ec4e521a0fe9c8800313f7291815c99aa24293dbd5fa31

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c30aa7241bcad12d9e2a2571d81038b8
SHA1 5d615acfdcc85ae6f401a4098fc6784d413e1c8e
SHA256 9c712407c2e5ca99a1ac6479182c82212deebf229f78d4dce26a8ddaf23afea5
SHA512 46eef6322aafe63c6bbd91e88276d995cc45d5b4e8a474b492bfc652ad89375d108356b62d47f24f52420be242c82d3560ff6d9579417f18c283864f726f93f2

C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

MD5 7050d5ae8acfbe560fa11073fef8185d
SHA1 5bc38e77ff06785fe0aec5a345c4ccd15752560e
SHA256 cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b
SHA512 a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

MD5 d6759da50ee5a07863cda56cb089face
SHA1 88c02af048af957cd671c401db5eaf916cb39788
SHA256 044c3178c09fbfd71707924d6971edb048ae8b62d6811ae4283cb20f102bca69
SHA512 fadf5cb9b31b65b9f307ff4c438778f9f5ce9b0a9430a2a8f3151eaa874d738263b0579d0b816a53617bda688993526b12dd452be330d891f93fbea9b32e1a84

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 d27a8e07948d43aa50822a386264940c
SHA1 cb81478ae2035291c3dc210feb0f7baa47ab522f
SHA256 c182f1e9260c3977555924064e5b13017ff47a9f2f1e07df50c0ba9b6a3c604e
SHA512 f312824b50dd7ed77ee5e5ca8dea98f9911b3ea56d35778e3d4e76a8e3918e740ae0e61f816b9be55f188a3c67bdaab916b9efb39df2107d501de24bc0c30a4b

C:\Users\Admin\Desktop\AddOptimize.mpe

MD5 7999f942ff7190cb7c9f0e04d6dc3d41
SHA1 66c3743d7a3d0885a624600abd71486c63a52904
SHA256 8c52ba6df441fea41e87285a7a79e790773407b4d377730b4f834b067d355776
SHA512 9ea2f9e0e81b69895023da6a5e6f4850bdfb0e37d847a6086afaa3debb928673276fa149b2e8df154f6b0498191e5e7ab29c22bc415a761038435abcc4607cee

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\74d7f43c1561fc1e.customDestinations-ms

MD5 b2bdf8031844b625175d226a29bcd6fd
SHA1 d85f7289bb339d5f7c2c1154c3df4bf3228e6af7
SHA256 3b8557067bff49e82e5b0c2771d26ad6db041a120f8573b5defdc2e1338c4eb7
SHA512 9a41d45ad0e27a632ac19c7f8952b1ad41497c6a668be17ad3dd49e9b0e607c54cdf2d4788307244d8a8ef013a43d6b4a4d030dafea163cbfcc63364701e7d9b

memory/112-2371-0x0000000000040000-0x000000000004C000-memory.dmp

memory/112-2372-0x0000000004F40000-0x00000000054E4000-memory.dmp

memory/112-2373-0x0000000004A30000-0x0000000004AC2000-memory.dmp

memory/112-2380-0x0000000004A00000-0x0000000004A0A000-memory.dmp

memory/112-2400-0x0000000004BE0000-0x0000000004BF0000-memory.dmp

memory/1320-2512-0x0000000005350000-0x0000000005360000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003e

MD5 66d514f7a4e15967dd615da85477a4fc
SHA1 c5a54d294d0e31d2af5f0aee49e2b762d343899b
SHA256 862beacad0e0cf5c98ac73d8125cefbad0612fe5cd62afd431879347f8b51a4a
SHA512 ac67c6e691a33997cb6c118ccef1f68418b2b18dcb2c31220cb73692f1c7119865c2fb337b2a7c266426d40f8c0d472413ab7996b8a8444e1b300282b4a49569

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d738a61dc061250e61d917a454c18127
SHA1 1ec869bfc61753b3f3b93b966f80ddac8ac59f70
SHA256 5174aff609f711a0d29d4bf9555c73b2519b541e4479ee1193f0b0835b52ed39
SHA512 350c7235bff95be388a169f0bbad6329b71a6e24b1b19db944255347f49216fc8f8d0e5dc7a19007b3e85c115adb8a61329f30663a040b10fbe8cbdd05816e41

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RFe628651.TMP

MD5 c7299e90f4b030b36a20e9c58729b798
SHA1 09aaf935cb62b44a23077895273e3e5eed3b117a
SHA256 c55efd0a30e19132f365b3713f5325f368fd577fddeef6cf1f294110b715e72d
SHA512 a848e14a2da41e66112750880dfba89aef98cde74bcb8292a480281dbc3338aa2c3bc8d9a0f9a3fb73de06fe3abfab56b78b284486c265f962ff35fff1d9ea19

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 9c220c57d0452aaefd4a3c87f57c242b
SHA1 9a965f56cecb4efe83db4a2eb6a395b752d212c9
SHA256 ee5ca3ad0b05d9764007be8dfb2741db19649f7d3c25ffa260c28199063894d3
SHA512 ec629a480546e5075cdba46bff712828b05f9a1676bb9590ad828991d923f13ad286481e37fb81510420f8b47205b7da280d0acf8bea65c6dffbda749edbc503

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State~RFe628651.TMP

MD5 b375c5336eb6980ec24ff04fc952ce4f
SHA1 266ada9db41b353e49f2db65e13d824ab5f1839e
SHA256 587931e6576fda385d42927e5b5d2406da8d490ad22f2009c9707d3508fc5826
SHA512 326868565f1beb222918032dfbd5c334ba64222993265f16fc315f34c4510e6740d1c51f18869ed139c58f5c555182352c9a9a00798e609f4e01f3ea383db968