lumma | 8bd9408e7452badf264cb58176b1c9df4eb358dfba783d2fd72955a38ae7a2a5

Analysis

max time kernel
347s
max time network
643s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
25-04-2023 01:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

config.exe
Size

63.9MB
MD5

c24a6b61340f71366439cb24ccd89ed1
SHA1

8c87a3280d9888712959a46524d92b43a98ce58d
SHA256

8bd9408e7452badf264cb58176b1c9df4eb358dfba783d2fd72955a38ae7a2a5
SHA512

d3731915b7de71f5f5eb337cd11c2bb21516764f2aa4b8f9fd0575324fb60d6e02c958e41f742ab118228116a263ce4bfac9b76f0ea6d71393b79ee3fbfd6f7b
SSDEEP

1572864:FjddrbW1laQ3/mx+LeHP79ZN7ER0H93h2XXo4oI:9fWWQ3K2wPJr6O5CXF7

Score

10^/10

lumma spyware stealer

Malware Config

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
Downloads MZ/PE file

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Control Panel\International\Geo\Nation	config.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Control Panel\International\Geo\Nation	config.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Control Panel\International\Geo\Nation	config.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Control Panel\International\Geo\Nation	config.exe

Drops startup file 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Updater.exe	config.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Updater.exe	config.exe

Executes dropped EXE 12 IoCs

pid	Process
3016	config.exe
4512	config.exe
3208	config.exe
4704	config.exe
4760	config.exe
2212	config.exe
4508	config.exe
1448	config.exe
3756	config.exe
4304	config.exe
4012	config.exe
4032	config.exe

Loads dropped DLL 37 IoCs

pid	Process
3816	config.exe
3816	config.exe
3816	config.exe
3016	config.exe
3016	config.exe
4512	config.exe
4512	config.exe
4512	config.exe
4512	config.exe
4512	config.exe
4512	config.exe
3208	config.exe
4704	config.exe
3016	config.exe
4760	config.exe
4760	config.exe
2212	config.exe
2212	config.exe
2212	config.exe
2212	config.exe
4508	config.exe
4508	config.exe
1448	config.exe
3756	config.exe
1448	config.exe
1448	config.exe
1448	config.exe
1448	config.exe
4304	config.exe
4012	config.exe
4012	config.exe
4012	config.exe
4012	config.exe
4012	config.exe
4032	config.exe
4032	config.exe
4508	config.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates processes with tasklist 1 TTPs 5 IoCs

Process Discovery

T1057

pid	Process
1412	tasklist.exe
2888	tasklist.exe
3748	tasklist.exe
2696	tasklist.exe
2196	tasklist.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Kills process with taskkill 2 IoCs

evasion

pid	Process
3440	taskkill.exe
2196	taskkill.exe

Modifies data under HKEY_USERS 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133268681459603641"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3324	chrome.exe
3324	chrome.exe
3016	config.exe
3016	config.exe
3016	config.exe
3016	config.exe
3016	config.exe
3016	config.exe
3208	config.exe
3208	config.exe
4704	config.exe
4704	config.exe
4928	chrome.exe
4928	chrome.exe
4760	config.exe
4760	config.exe
4760	config.exe
4760	config.exe
2788	powershell.exe
2788	powershell.exe
2788	powershell.exe
4604	powershell.exe
4604	powershell.exe
4604	powershell.exe
4100	powershell.exe
4100	powershell.exe
4100	powershell.exe
3824	powershell.exe
3824	powershell.exe
3824	powershell.exe
4340	powershell.exe
4340	powershell.exe
4340	powershell.exe
4268	powershell.exe
4268	powershell.exe
4268	powershell.exe
1820	powershell.exe
1820	powershell.exe
1820	powershell.exe
1768	powershell.exe
1768	powershell.exe
1768	powershell.exe
4876	powershell.exe
4700	chrome.exe
4700	chrome.exe
4876	powershell.exe
4876	powershell.exe
64	powershell.exe
64	powershell.exe
64	powershell.exe
948	powershell.exe
948	powershell.exe
948	powershell.exe
2232	powershell.exe
2232	powershell.exe
2232	powershell.exe
3144	cmd.exe
3144	cmd.exe
3144	cmd.exe
3892	powershell.exe
3892	powershell.exe
3892	powershell.exe
696	cmd.exe
696	cmd.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
608	Process not Found
608	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeSecurityPrivilege	3816	config.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3016	config.exe
Token: SeCreatePagefilePrivilege	3016	config.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3016	config.exe
Token: SeCreatePagefilePrivilege	3016	config.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3016	config.exe
Token: SeCreatePagefilePrivilege	3016	config.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3016	config.exe
Token: SeCreatePagefilePrivilege	3016	config.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3016	config.exe
Token: SeCreatePagefilePrivilege	3016	config.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3016	config.exe
Token: SeCreatePagefilePrivilege	3016	config.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3016	config.exe
Token: SeCreatePagefilePrivilege	3016	config.exe
Token: SeDebugPrivilege	1412	tasklist.exe
Token: SeDebugPrivilege	3440	taskkill.exe
Token: SeShutdownPrivilege	3016	config.exe
Token: SeCreatePagefilePrivilege	3016	config.exe
Token: SeShutdownPrivilege	3016	config.exe
Token: SeCreatePagefilePrivilege	3016	config.exe
Token: SeShutdownPrivilege	3016	config.exe
Token: SeCreatePagefilePrivilege	3016	config.exe
Token: SeDebugPrivilege	2888	tasklist.exe
Token: SeShutdownPrivilege	3016	config.exe
Token: SeCreatePagefilePrivilege	3016	config.exe
Token: SeShutdownPrivilege	3016	config.exe
Token: SeCreatePagefilePrivilege	3016	config.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3324 wrote to memory of 4180	3324	chrome.exe	67
PID 3324 wrote to memory of 4180	3324	chrome.exe	67
PID 3324 wrote to memory of 4696	3324	chrome.exe	72
PID 3324 wrote to memory of 4696	3324	chrome.exe	72
PID 3324 wrote to memory of 4696	3324	chrome.exe	72
PID 3324 wrote to memory of 4696	3324	chrome.exe	72
PID 3324 wrote to memory of 4696	3324	chrome.exe	72
PID 3324 wrote to memory of 4696	3324	chrome.exe	72
PID 3324 wrote to memory of 4696	3324	chrome.exe	72
PID 3324 wrote to memory of 4696	3324	chrome.exe	72
PID 3324 wrote to memory of 4696	3324	chrome.exe	72
PID 3324 wrote to memory of 4696	3324	chrome.exe	72
PID 3324 wrote to memory of 4696	3324	chrome.exe	72
PID 3324 wrote to memory of 4696	3324	chrome.exe	72
PID 3324 wrote to memory of 4696	3324	chrome.exe	72
PID 3324 wrote to memory of 4696	3324	chrome.exe	72
PID 3324 wrote to memory of 4696	3324	chrome.exe	72
PID 3324 wrote to memory of 4696	3324	chrome.exe	72
PID 3324 wrote to memory of 4696	3324	chrome.exe	72
PID 3324 wrote to memory of 4696	3324	chrome.exe	72
PID 3324 wrote to memory of 4696	3324	chrome.exe	72
PID 3324 wrote to memory of 4696	3324	chrome.exe	72
PID 3324 wrote to memory of 4696	3324	chrome.exe	72
PID 3324 wrote to memory of 4696	3324	chrome.exe	72
PID 3324 wrote to memory of 4696	3324	chrome.exe	72
PID 3324 wrote to memory of 4696	3324	chrome.exe	72
PID 3324 wrote to memory of 4696	3324	chrome.exe	72
PID 3324 wrote to memory of 4696	3324	chrome.exe	72
PID 3324 wrote to memory of 4696	3324	chrome.exe	72
PID 3324 wrote to memory of 4696	3324	chrome.exe	72
PID 3324 wrote to memory of 4696	3324	chrome.exe	72
PID 3324 wrote to memory of 4696	3324	chrome.exe	72
PID 3324 wrote to memory of 4696	3324	chrome.exe	72
PID 3324 wrote to memory of 4696	3324	chrome.exe	72
PID 3324 wrote to memory of 4696	3324	chrome.exe	72
PID 3324 wrote to memory of 4696	3324	chrome.exe	72
PID 3324 wrote to memory of 4696	3324	chrome.exe	72
PID 3324 wrote to memory of 4696	3324	chrome.exe	72
PID 3324 wrote to memory of 4696	3324	chrome.exe	72
PID 3324 wrote to memory of 4696	3324	chrome.exe	72
PID 3324 wrote to memory of 4552	3324	chrome.exe	70
PID 3324 wrote to memory of 4552	3324	chrome.exe	70
PID 3324 wrote to memory of 4396	3324	chrome.exe	71
PID 3324 wrote to memory of 4396	3324	chrome.exe	71
PID 3324 wrote to memory of 4396	3324	chrome.exe	71
PID 3324 wrote to memory of 4396	3324	chrome.exe	71
PID 3324 wrote to memory of 4396	3324	chrome.exe	71
PID 3324 wrote to memory of 4396	3324	chrome.exe	71
PID 3324 wrote to memory of 4396	3324	chrome.exe	71
PID 3324 wrote to memory of 4396	3324	chrome.exe	71
PID 3324 wrote to memory of 4396	3324	chrome.exe	71
PID 3324 wrote to memory of 4396	3324	chrome.exe	71
PID 3324 wrote to memory of 4396	3324	chrome.exe	71
PID 3324 wrote to memory of 4396	3324	chrome.exe	71
PID 3324 wrote to memory of 4396	3324	chrome.exe	71
PID 3324 wrote to memory of 4396	3324	chrome.exe	71
PID 3324 wrote to memory of 4396	3324	chrome.exe	71
PID 3324 wrote to memory of 4396	3324	chrome.exe	71
PID 3324 wrote to memory of 4396	3324	chrome.exe	71
PID 3324 wrote to memory of 4396	3324	chrome.exe	71
PID 3324 wrote to memory of 4396	3324	chrome.exe	71
PID 3324 wrote to memory of 4396	3324	chrome.exe	71
PID 3324 wrote to memory of 4396	3324	chrome.exe	71
PID 3324 wrote to memory of 4396	3324	chrome.exe	71

C:\Users\Admin\AppData\Local\Temp\config.exe
"C:\Users\Admin\AppData\Local\Temp\config.exe"
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:3816
- C:\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\config.exe
  C:\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\config.exe
  2⤵
  - Checks computer location settings
  - Drops startup file
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3016
- - C:\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\config.exe
    "C:\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\config.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\index" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1672,i,3456640316529300924,14275396604468980208,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4512
- - C:\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\config.exe
    "C:\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\config.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\index" --mojo-platform-channel-handle=2584 --field-trial-handle=1672,i,3456640316529300924,14275396604468980208,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:3208
- - C:\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\config.exe
    "C:\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\config.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\index" --app-path="C:\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2740 --field-trial-handle=1672,i,3456640316529300924,14275396604468980208,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:4704
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:4844
  - - C:\Windows\SysWOW64\tasklist.exe
      tasklist
      4⤵
      Enumerates processes with tasklist
      Suspicious use of AdjustPrivilegeToken
      PID:1412
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"
    3⤵
    PID:2364
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /IM chrome.exe /F
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:3440
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:3484
  - - C:\Windows\SysWOW64\tasklist.exe
      tasklist
      4⤵
      Enumerates processes with tasklist
      Suspicious use of AdjustPrivilegeToken
      PID:2888
- - C:\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\config.exe
    "C:\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\config.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --user-data-dir="C:\Users\Admin\AppData\Roaming\index" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1948 --field-trial-handle=1672,i,3456640316529300924,14275396604468980208,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:4760
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3440
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2788
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4836
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4604
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1132
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1484
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3824
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4780
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4340
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:2984
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4268
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5088
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1820
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:2056
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1768
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4912
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4876
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5004
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:64
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:960
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:948
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:2372
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2232
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3348
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3144
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1860
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3892
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:916
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:696
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4008
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:980
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4356
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3728
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4700
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1484
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1408
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:2612
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:2464
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1428
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:696
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3100
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:868
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:312
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4456
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:2984
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1428
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3884
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4544
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4816
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:340
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4284
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1336
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:2124
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:396
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4780
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3544
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4640
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4548
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1200
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4664
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4364
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4292
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1224
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:2720
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3048
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:648
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:2876
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:2064
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:1408
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4072
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4104
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3748
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4400
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3308
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:212
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:2696
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:2456
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3136
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1212
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:416
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4748
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4380
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:312
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4712
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:2056
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:2688
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3108
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3124
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1336
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4912
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:2956
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4984
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4972
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4880
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:844
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1012
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4820
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3020
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4284
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1320
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4248
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3200
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4684
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4376
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5036
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4840
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1044
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4916
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3604
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3980
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:60
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4272
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:2688
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4336
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:764
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4388
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1764
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:5080
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:2404
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:3136
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:760
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3356
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:416
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:2360
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1076
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:2148
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3924
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1764
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:2220
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3304
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4376
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1744
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4928
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3328
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4664
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:2092
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3812
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4740
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:2064
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:844
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3764
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:2404
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1044
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4720
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:2372
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:2732
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3628
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3172
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1188
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1272
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4916
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:2456
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4816
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3812
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:584
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:844
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:2360
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3820
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5028
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4944
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3452
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4184
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1744
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4840
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4084
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1272
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:2980
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3760
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1232
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3792
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4108
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:5048
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1860
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:4336
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3172
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1808
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4956
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4916
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4608
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:2040
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1768
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1796
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4108
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5044
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:2148
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3796
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:500
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4296
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4912
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1412
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:768
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3484
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1640
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:996
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1100
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1824
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4656
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4840
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:4720
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:2980
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:996
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4240
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1112
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3792
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3048
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1744
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:424
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3760
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3796
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:648
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3908
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:2064
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4072
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4212
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4840
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1064
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:424
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:2904
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:2364
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4408
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3792
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4880
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4984
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5076
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:2484
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1412
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1100
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3308
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3432
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:2576
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1200
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4264
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4820
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4656
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4972
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4764
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1184
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4740
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:424
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:2164
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3544
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4452
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1112
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1204
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3624
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:2984
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1412
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:2192
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3120
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1336
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:4916
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3000
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1064
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4608
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4380
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:64
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4840
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3344
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5044
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:2084
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1624
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4768
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:2712
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3136
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4972
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:2200
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5036
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:2164
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4108
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3328
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:2816
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1412
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:2200
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3344
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1816
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4368
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:2724
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3344
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:780
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:2712
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3812
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1504
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3968
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3632
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:2588
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4408
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3680
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3744
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1616
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4964
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3972
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1044
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4220
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3908
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4840
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:864
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1560
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4760
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3304
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1424
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:780
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:3172
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:2436
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5080
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1808
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1616
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3908
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3444
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4812
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4928
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1768
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:2984
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:5044
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:2456
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4964
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3364
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3768
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3180
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:976
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4764
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1224
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1736
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3796
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3748
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:2200
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4848
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3544
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3200
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4172
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1744
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3376
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1132
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3964
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4448
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3768
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:2200
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4548
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1560
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1640
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4812
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3068
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1308
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:2732
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1860
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:5080
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4748
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4276
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1424
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4452
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5012
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1064
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3180
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1316
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4916
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4092
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:2324
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3132
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:2980
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:864
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1736
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1864
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3628
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1616
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:500
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:2284
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1072
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1000
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5092
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:2984
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4108
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:2732
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:864
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4932
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1796
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:844
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:2052
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3048
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4448
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4764
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3544
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4368
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:2984
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3120
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4108
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:2664
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4152
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3304
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1260
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:5012
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4916
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3452
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4268
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3120
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1812
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3344
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1864
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:5080
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:808
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3748
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4292
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3632
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3172
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3792
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3812
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3452
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1044
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:2516
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:2040
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1132
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:2732
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3120
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1504
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1808
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4972
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5372
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:5424
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5876
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:5956
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5136
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:944
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5540
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:5324
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5984
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6048
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4456
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:5240
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5580
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:5844
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5792
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:5720
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5300
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:5812
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5776
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6040
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5336
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:5800
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5264
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:5820
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:2588
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:5332
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5036
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:5648
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5196
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:5732
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:2576
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:5504
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5512
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:5940
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5664

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffb3f6f9758,0x7ffb3f6f9768,0x7ffb3f6f9778
  2⤵
  PID:4180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1964 --field-trial-handle=1664,i,1208956239437250917,7514385846892159777,131072 /prefetch:8
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2092 --field-trial-handle=1664,i,1208956239437250917,7514385846892159777,131072 /prefetch:8
  2⤵
  PID:4396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1612 --field-trial-handle=1664,i,1208956239437250917,7514385846892159777,131072 /prefetch:2
  2⤵
  PID:4696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2984 --field-trial-handle=1664,i,1208956239437250917,7514385846892159777,131072 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2964 --field-trial-handle=1664,i,1208956239437250917,7514385846892159777,131072 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4376 --field-trial-handle=1664,i,1208956239437250917,7514385846892159777,131072 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4516 --field-trial-handle=1664,i,1208956239437250917,7514385846892159777,131072 /prefetch:8
  2⤵
  PID:4848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3600 --field-trial-handle=1664,i,1208956239437250917,7514385846892159777,131072 /prefetch:8
  2⤵
  PID:5080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4572 --field-trial-handle=1664,i,1208956239437250917,7514385846892159777,131072 /prefetch:8
  2⤵
  PID:1220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 --field-trial-handle=1664,i,1208956239437250917,7514385846892159777,131072 /prefetch:8
  2⤵
  PID:3484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 --field-trial-handle=1664,i,1208956239437250917,7514385846892159777,131072 /prefetch:8
  2⤵
  PID:2588

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4640

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffb3f6f9758,0x7ffb3f6f9768,0x7ffb3f6f9778
  2⤵
  PID:3308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1792 --field-trial-handle=1868,i,15811290502105183833,18183563208406267551,131072 /prefetch:8
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1544 --field-trial-handle=1868,i,15811290502105183833,18183563208406267551,131072 /prefetch:2
  2⤵
  PID:1284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2088 --field-trial-handle=1868,i,15811290502105183833,18183563208406267551,131072 /prefetch:8
  2⤵
  PID:4752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2876 --field-trial-handle=1868,i,15811290502105183833,18183563208406267551,131072 /prefetch:1
  2⤵
  PID:1096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2868 --field-trial-handle=1868,i,15811290502105183833,18183563208406267551,131072 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4360 --field-trial-handle=1868,i,15811290502105183833,18183563208406267551,131072 /prefetch:1
  2⤵
  PID:3680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4536 --field-trial-handle=1868,i,15811290502105183833,18183563208406267551,131072 /prefetch:8
  2⤵
  PID:1764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4712 --field-trial-handle=1868,i,15811290502105183833,18183563208406267551,131072 /prefetch:8
  2⤵
  PID:3824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4728 --field-trial-handle=1868,i,15811290502105183833,18183563208406267551,131072 /prefetch:8
  2⤵
  PID:4780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4932 --field-trial-handle=1868,i,15811290502105183833,18183563208406267551,131072 /prefetch:8
  2⤵
  PID:3640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 --field-trial-handle=1868,i,15811290502105183833,18183563208406267551,131072 /prefetch:8
  2⤵
  PID:3448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3760 --field-trial-handle=1868,i,15811290502105183833,18183563208406267551,131072 /prefetch:1
  2⤵
  PID:3284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4480 --field-trial-handle=1868,i,15811290502105183833,18183563208406267551,131072 /prefetch:8
  2⤵
  PID:4368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5216 --field-trial-handle=1868,i,15811290502105183833,18183563208406267551,131072 /prefetch:8
  2⤵
  PID:4388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=892 --field-trial-handle=1868,i,15811290502105183833,18183563208406267551,131072 /prefetch:8
  2⤵
  PID:1516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4492 --field-trial-handle=1868,i,15811290502105183833,18183563208406267551,131072 /prefetch:8
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4456 --field-trial-handle=1868,i,15811290502105183833,18183563208406267551,131072 /prefetch:8
  2⤵
  PID:3628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5060 --field-trial-handle=1868,i,15811290502105183833,18183563208406267551,131072 /prefetch:8
  2⤵
  PID:4508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5336 --field-trial-handle=1868,i,15811290502105183833,18183563208406267551,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4700
- C:\Users\Admin\Downloads\config.exe
  "C:\Users\Admin\Downloads\config.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2212
- - C:\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\config.exe
    C:\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\config.exe
    3⤵
    - Checks computer location settings
    - Drops startup file
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4508
  - - C:\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\config.exe
      "C:\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\config.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\index" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1660 --field-trial-handle=1664,i,8957791110408075466,6361114638450074348,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1448
  - - C:\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\config.exe
      "C:\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\config.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\index" --mojo-platform-channel-handle=2532 --field-trial-handle=1664,i,8957791110408075466,6361114638450074348,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3756
  - - C:\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\config.exe
      "C:\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\config.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\index" --app-path="C:\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2432 --field-trial-handle=1664,i,8957791110408075466,6361114638450074348,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:4304
  - - C:\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\config.exe
      "C:\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\config.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\index" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2628 --field-trial-handle=1664,i,8957791110408075466,6361114638450074348,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4012
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "tasklist"
      4⤵
      PID:2716
    - - C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        5⤵
        Enumerates processes with tasklist
        
        PID:3748
  - - C:\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\config.exe
      "C:\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\config.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\index" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=2392 --field-trial-handle=1664,i,8957791110408075466,6361114638450074348,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4032
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"
      4⤵
      PID:2736
    - - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /IM chrome.exe /F
        5⤵
        Kills process with taskkill
        
        PID:2196
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "tasklist"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3144
    - - C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        5⤵
        Enumerates processes with tasklist
        
        PID:2696
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:1232
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:4220
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:1096
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:2372
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:3740
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:3820
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:2084
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:1736
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:3000
    - - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        5⤵
        
        PID:2372
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:4152
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:4408
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:3440
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:3196
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:4220
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:976
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:4092
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:1872
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:4212
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:3884
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:4928
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:4816
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:3760
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:4448
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:3200
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:3328
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:2588
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:3000
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:3688
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:3936
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:2076
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:4564
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:1132
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:3792
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:2448
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:3624
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:1600
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:4220
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:1500
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:2216
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:3448
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:424
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:3308
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:5100
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:2164
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:2228
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:3500
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:5076
    - - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        5⤵
        
        PID:2360
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:3172
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:4680
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:648
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:1708
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:1208
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:1072
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:2980
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:1100
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:4768
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:1812
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:1528
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:4076
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:1008
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:1916
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:2104
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:4748
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:4984
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:1304
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:4764
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:3484
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:2456
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:1192
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:2104
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:1224
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:3624
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:3144
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:1204
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:3048
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:4820
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:3744
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:1008
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:2456
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:1392
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:1304
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:1808
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:1504
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:2068
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:1824
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:4544
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:1112
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:4448
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:4240
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:4768
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:4220
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:2984
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:416
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:4840
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:2904
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:500
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:3924
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:3544
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:4264
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:1260
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:2404
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:4964
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:1744
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:3328
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:4184
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:4816
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:844
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:3144
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:500
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:1208
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:3344
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:1820
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:2524
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:3924
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:2324
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:3792
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:3768
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:5076
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:1736
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:3760
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:1112
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:3744
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:1600
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:3376
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:868
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:764
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:1812
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:4064
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:4184
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:4388
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:5048
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:2712
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:3136
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:4316
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:860
    - - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        5⤵
        
        PID:3760
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:500
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:4108
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:5040
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:4152
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:4764
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:1476
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:2148
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:1336
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:844
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:4880
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:4448
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:4760
    - - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        5⤵
        
        PID:3820
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:3484
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:4268
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:2484
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:4928
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:4772
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:4408
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:1768
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:1956
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:3320
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:2732
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:2712
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:3308
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:2984
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:3908
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:4548
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:4768
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:944
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:3792
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:4248
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:2040
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:976
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:2196
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:5076
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:1640
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:4808
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:4336
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:3304
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:4764
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:4316
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:2148
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:780
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:4972
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:4840
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:1412
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:1500
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:2436
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:1284
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:3548
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:4816
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:3364
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:3360
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:4276
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:4452
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:3444
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:3748
      - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        6⤵
        
        PID:776
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:1864
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:4980
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:2052
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:4456
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:2360
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:500
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:4772
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:2456
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:4380
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:1476
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:4712
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:1640
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:3364
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:4012
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:1092
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:3132
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:4012
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:2720
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:2228
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:864
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:4928
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:1956
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:908
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:1860
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:2876
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:4380
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:4544
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:2104
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:5228
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:5280
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:5612
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:5720
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:2588
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:4336
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:1768
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:5264
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:5856
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:5596
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:1208
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:5980
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:5200
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:4152
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:5376
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:5940
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:5744
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:5340
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:4104
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:5900
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:3632
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:3144
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:3012
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:1476
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:3792
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:5848
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:5344
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:808
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:5916
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:5756
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
      4⤵
      PID:5228
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        
        PID:5244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 --field-trial-handle=1868,i,15811290502105183833,18183563208406267551,131072 /prefetch:8
  2⤵
  PID:1188

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:808

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:4100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:3272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffb3f6f9758,0x7ffb3f6f9768,0x7ffb3f6f9778
  2⤵
  PID:236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1824 --field-trial-handle=2064,i,10716330337091597877,260511181238052939,131072 /prefetch:8
  2⤵
  PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1800 --field-trial-handle=2064,i,10716330337091597877,260511181238052939,131072 /prefetch:8
  2⤵
  PID:3700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3004 --field-trial-handle=2064,i,10716330337091597877,260511181238052939,131072 /prefetch:1
  2⤵
  PID:2664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2972 --field-trial-handle=2064,i,10716330337091597877,260511181238052939,131072 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=2064,i,10716330337091597877,260511181238052939,131072 /prefetch:2
  2⤵
  PID:60
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3900 --field-trial-handle=2064,i,10716330337091597877,260511181238052939,131072 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4556 --field-trial-handle=2064,i,10716330337091597877,260511181238052939,131072 /prefetch:8
  2⤵
  PID:2052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4688 --field-trial-handle=2064,i,10716330337091597877,260511181238052939,131072 /prefetch:8
  2⤵
  PID:3964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4616 --field-trial-handle=2064,i,10716330337091597877,260511181238052939,131072 /prefetch:8
  2⤵
  PID:2720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5008 --field-trial-handle=2064,i,10716330337091597877,260511181238052939,131072 /prefetch:8
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4596 --field-trial-handle=2064,i,10716330337091597877,260511181238052939,131072 /prefetch:8
  2⤵
  PID:4296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2304 --field-trial-handle=2064,i,10716330337091597877,260511181238052939,131072 /prefetch:1
  2⤵
  PID:1232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1588 --field-trial-handle=2064,i,10716330337091597877,260511181238052939,131072 /prefetch:1
  2⤵
  PID:2692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3208 --field-trial-handle=2064,i,10716330337091597877,260511181238052939,131072 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3900 --field-trial-handle=2064,i,10716330337091597877,260511181238052939,131072 /prefetch:8
  2⤵
  PID:1224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5020 --field-trial-handle=2064,i,10716330337091597877,260511181238052939,131072 /prefetch:2
  2⤵
  PID:3068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5272 --field-trial-handle=2064,i,10716330337091597877,260511181238052939,131072 /prefetch:1
  2⤵
  PID:2436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4960 --field-trial-handle=2064,i,10716330337091597877,260511181238052939,131072 /prefetch:1
  2⤵
  PID:3688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5424 --field-trial-handle=2064,i,10716330337091597877,260511181238052939,131072 /prefetch:8
  2⤵
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5236 --field-trial-handle=2064,i,10716330337091597877,260511181238052939,131072 /prefetch:8
  2⤵
  PID:3628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5436 --field-trial-handle=2064,i,10716330337091597877,260511181238052939,131072 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3808 --field-trial-handle=2064,i,10716330337091597877,260511181238052939,131072 /prefetch:8
  2⤵
  PID:1820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=3096 --field-trial-handle=2064,i,10716330337091597877,260511181238052939,131072 /prefetch:1
  2⤵
  PID:4276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5356 --field-trial-handle=2064,i,10716330337091597877,260511181238052939,131072 /prefetch:8
  2⤵
  PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5376 --field-trial-handle=2064,i,10716330337091597877,260511181238052939,131072 /prefetch:8
  2⤵
  PID:4336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 --field-trial-handle=2064,i,10716330337091597877,260511181238052939,131072 /prefetch:8
  2⤵
  PID:2104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4816 --field-trial-handle=2064,i,10716330337091597877,260511181238052939,131072 /prefetch:8
  2⤵
  PID:1744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5576 --field-trial-handle=2064,i,10716330337091597877,260511181238052939,131072 /prefetch:8
  2⤵
  PID:4028
- C:\Users\Admin\Downloads\config (1).exe
  "C:\Users\Admin\Downloads\config (1).exe"
  2⤵
  PID:3512
- - C:\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\config.exe
    C:\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\config.exe
    3⤵
    PID:6024
  - - C:\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\config.exe
      "C:\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\config.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\index" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1872 --field-trial-handle=1876,i,16716489868431731473,1601263091718535062,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
      4⤵
      PID:2980
  - - C:\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\config.exe
      "C:\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\config.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\index" --mojo-platform-channel-handle=2492 --field-trial-handle=1876,i,16716489868431731473,1601263091718535062,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
      4⤵
      PID:2284
  - - C:\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\config.exe
      "C:\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\config.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\index" --app-path="C:\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2652 --field-trial-handle=1876,i,16716489868431731473,1601263091718535062,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
      4⤵
      PID:1860
  - - C:\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\config.exe
      "C:\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\config.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\index" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2668 --field-trial-handle=1876,i,16716489868431731473,1601263091718535062,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
      4⤵
      PID:4816
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "tasklist"
      4⤵
      PID:5564
    - - C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        5⤵
        Enumerates processes with tasklist
        
        PID:2196
  - - C:\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\config.exe
      "C:\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\config.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\index" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=2768 --field-trial-handle=1876,i,16716489868431731473,1601263091718535062,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
      4⤵
      PID:2516

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2216

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
1⤵
PID:2888

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
1⤵
PID:3884

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6044

C:\Users\Admin\Downloads\config (1).exe
"C:\Users\Admin\Downloads\config (1).exe"
1⤵
PID:5728
- C:\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\config.exe
  C:\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\config.exe
  2⤵
  PID:1308
- - C:\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\config.exe
    "C:\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\config.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\index" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1652,i,4485325528710430976,13994569804709016991,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:6064
- - C:\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\config.exe
    "C:\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\config.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\index" --mojo-platform-channel-handle=2480 --field-trial-handle=1652,i,4485325528710430976,13994569804709016991,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:1864
- - C:\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\config.exe
    "C:\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\config.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\index" --app-path="C:\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2560 --field-trial-handle=1652,i,4485325528710430976,13994569804709016991,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:4820

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
7c48dd2f4e33b67ffa3236b9ea4aaff2

SHA1
f66927a44e7de0c0038ce744d1d1d7251742702a

SHA256
b496c6028f1d5fe18f50705c8108ae84820748a3a2286cc9b56d2bb5a38aab02

SHA512
6ccba975ea123b1f59ddda5ec486be685df0ca1def0d34ccd160047a3fc9b126ec58092ed3f98b0cd6cf9df53a95083ddd979ed311d06fcc70eda216501dfa50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
7c48dd2f4e33b67ffa3236b9ea4aaff2

SHA1
f66927a44e7de0c0038ce744d1d1d7251742702a

SHA256
b496c6028f1d5fe18f50705c8108ae84820748a3a2286cc9b56d2bb5a38aab02

SHA512
6ccba975ea123b1f59ddda5ec486be685df0ca1def0d34ccd160047a3fc9b126ec58092ed3f98b0cd6cf9df53a95083ddd979ed311d06fcc70eda216501dfa50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\688837c1-ed67-435e-a8f8-532b78e508b0.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
163KB

MD5
109e1354dcad59ff8d3e589dcc09299a

SHA1
bc2cf564c7967a59936c2074b78e124e17439c3a

SHA256
a9f34a49984f7a94c7a522a6d171e470701d34a4b630dcb7ae673e6cfaf2e5ae

SHA512
4a85f37ac35db60a44e729a0ee842e45172657c17c71022dfa73aed445106b833cdceccf94b1735737d5b9c06da8db19a6799186bbf742544c943a4b8de737ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002e

Filesize
24KB

MD5
7dba59cab08774107643a47916343d06

SHA1
a4990b8f3fe0020d96c48e0a29671ee8b0dbade5

SHA256
147721d37828781ca06cd54422f00256ba083a76bdb68635c7d12a890b67de05

SHA512
b328937a06c18526f9f745eb574f516830b169173d8fb712fadae28372411e037fe1dc21712e93c0cb66162afd807cbf5dc81779d0fb0945635f65a3c1f201ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
6031a0bf76aaf8f89ffb4f53e679237c

SHA1
196e1e9809c87e4b7d50e72e82509b168201f074

SHA256
145fa169531b731c2d5cb7b604e7ce51df65ad942e6745c3c9beb297c71097fa

SHA512
69f34ee14ef2fc27eff0731c1d3be0860ae477f8ea18b875e22d667fb2c8d62a55e47dff3f9bcf07aef768f06104564f2bc1ef204b61230f961be9fc6a850f7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
20KB

MD5
628e5cd598c4e2de643db8f3cfbe6621

SHA1
014669052725fa90de46d93c9c11e8a633474adf

SHA256
47eeaa14c332b940bea239f754920c33f24402e6b2b08ddbd46b080979fc0e84

SHA512
22c6d255de350ade689743aa1010f9918d81462c0f03c46fd00a4da6a072df13c124f807d3b2b912ee7565225b00967dbbad20afa14bad706f292a69a750e089

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
927B

MD5
3f732b0257d85545b98f75e8a0138589

SHA1
5ad31760bb056df7c76d5b3656e286d96cb73cf7

SHA256
9fb5ad110d1bbd26a1f9dd32a1650818033d80c33f9f7d0835d1afd1060ca038

SHA512
750f2b72a7170a7435505ba821f36436d392c6bc869b716a3a413c473f991647241551eefad5d62b8fb9cbdc29c3f493df5dc6d1f30ecec9c1dcff02c335be8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
0454f7f2791663662f3c873fac066b93

SHA1
bc3523412f13753e272b487c9c04d6029aec53ef

SHA256
63c43c02ce8c5eb7b2a914c743538be0abd4ca1efea8b3f8108383af7f2193b8

SHA512
fe3493313aee3fc3381a303e42d47666b1c9d59c5adf03e3dd18fe51421e6f30e06c03007eb814bc46124aff9b2dff24f3f40f9fe18c66344567c1b69b226bab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
f5acfd9e4d059dcd8bb48f6373f9eb2b

SHA1
8a89102e6254551e36554a61d753ac1245124d9c

SHA256
21fb86c2bf5aa34af559cae47899bf233976a280d4835cd2bb3f7a9c1ad4f03a

SHA512
fd35c037e5e8da10113324ed1991e94edb4fdb036c0c7b89362f7828d0e17c098bb9d0d8b7c1f2521f4ffc4904b8a6347c4410b5750f0ed09a63b15b68947741

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
896B

MD5
af3537aff4f9653c6405da6436ec560a

SHA1
8822d8ff908f21f4a6782a087240d6d960de9668

SHA256
2029a3361326e986d92b7d55e663d4124226de08ffa1603637bbbd3395ca6f2c

SHA512
83a4fff052dfee52cf1e903646680bc48f05947f46d47f052136f7236962e5b611047c6c073ccdacf3f3d254f02aa092fb6607126a84c59d5d45b340f30a14ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
3828e92c6a62e5cc6d18d3cb5a6d5769

SHA1
32672b4051f977b9708a0134dc490f064016fe19

SHA256
172684f6e4d778a671cac7ad33c5e551a86f0d319eded8e95db8bb8877f30540

SHA512
0d3244a9bd38841a354f23585c8059b9b64a7da413bdd0f83e1b734b0e62dc7e43e28ff42bd4bd098abab14dba093d30f41696c95d3f096cbaca26d666553959

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
ee992b45208f1b261437755322ab4fbc

SHA1
b9c886212aaed6cb85b4f096c72c6b474bf4fc8f

SHA256
3dff16fdfd67643057831af3df678795246b6e6e5fd21a060f1f50676be20d78

SHA512
a1cfe75a0411b88efa7d95bfdeea9437c6436262ae950c9971af397433d041882794db69565c2d26b1d639d792e52036d9265aec9013250160999d158667ccd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
369B

MD5
e323a59befa54b8611aec2abf1112320

SHA1
7a08d07d44c2253e5a65d1e7aa1fa42e851436e4

SHA256
d585d224f84ebc3bb1b8dea8d45b20d40971d07e3bae9be09074bdd96ce7aefa

SHA512
779084ddf6be0e97b1172632071f818159dd7912a125445b4778d8330b8fcf38a5dd45ce56b7698628a36fccb743c146a20c9d54f05d872097a6d5785f37801b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
534B

MD5
0241d0bdde5b52145cc92e41b748a3a7

SHA1
84916980aedd2bc469366d75eba4dc81e9ed24d2

SHA256
b07b2f0ca572ffd26845e1880e75a3ecb0a5f453ffba416c339eb686ec5689d0

SHA512
4383f60d8da63c75b53b4765f5a6bac8f4751bb1533be13648b7e687d2a4ec8d0cb0b5265a2eec7edc0d640cec4cbe2081e79ff4020767f4106fa48dccc51cf2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
536B

MD5
6241d4487cecbc802fae323fe19a7447

SHA1
6bf3ff895f7fcd05ef3a8eb3fdf70de06a371089

SHA256
c749be08300a813a97caaf2b9f47b6583325c932eaedcd89574aeca119b3d27d

SHA512
b86c15cd67f4e4e6d94a9bd68e8c8161243a62cb89a88b6eaf5407efc250ff197929ce04431c410f6a8a5585440d1e14b77473f6ad70a940e9910a6cbdd74297

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
3b121780d31c03e47396405a5d9dd4b4

SHA1
77971aac9913d08414e6c8617a0e087dd220cbe9

SHA256
fd41138a681da535e4c605484e1775e977c368814a803e8e821019b0c5f1c2af

SHA512
5a236f22a734386cd8de1046ad2d0ca24c78ee7f27747d3b2aefdff8fea622e48613648ffbc1b0c2d9a38774dd4b0adb58e5e3f48d12a8027e7897a2089ec3b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
c14e3f31c875d5360e088aab9c490fdf

SHA1
dbbf16e351251778788ce6d5ca2b67154eae7a86

SHA256
d0771fc91ae56b7c68d6ae7a1e7651de272c76be10fcc9ea7fe63a1e3204abb4

SHA512
9aa8e35e490017df153fe907c7b636eb6a6b98e8cad383667fdc3c2d9479dbac5943c274542640c359dba843f64ebb4f330f28e575d8eba1f448b3f89e014e17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
162cf54e52e923539d17ec304e74fc35

SHA1
30d20d469e34a382040e0b3a77cf2fa0dba0eb5b

SHA256
936bd53994a5d5ea17625bcf388ba9e62393384bc95bdc1a83f836463a545bd5

SHA512
927f162de864b65785b938ca98616675923e47f8c10d903289c219b66b100d63b01d84f32387b91a9a29348bf075de9bfb3c0dc683d279678309d63dddbbdcdc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
195f7526da11b1468457f4fab48edd1a

SHA1
ba2671c5295bf92b8fd6c9b1fd62135fdfeb0bed

SHA256
f1ba8019a81d69fffc68565a6f6e3bee0f87c31027f273d273b630111f06fed4

SHA512
831f035598e6f1bfdee512317358583f0e5a81913f2239e04e4ae14743433b1de31273d828b1233be47a7545157414afb81093c20392642ab63d9eb863902845

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
195f7526da11b1468457f4fab48edd1a

SHA1
ba2671c5295bf92b8fd6c9b1fd62135fdfeb0bed

SHA256
f1ba8019a81d69fffc68565a6f6e3bee0f87c31027f273d273b630111f06fed4

SHA512
831f035598e6f1bfdee512317358583f0e5a81913f2239e04e4ae14743433b1de31273d828b1233be47a7545157414afb81093c20392642ab63d9eb863902845

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ebaaa5746e9d1cf6ce119d7281ba4486

SHA1
643c92ee846fe0676f4b56cf548774dfa2952233

SHA256
c0810a4d2d15cecdef68fe40c4a07ae18879bb484e8fcd7ba0c4b388788e5eed

SHA512
4dc37db206a066a9faa8365d92639af1533829253d9f9f7d4e58fee49f8da67db5ff9c6cb004cb0887ef9a7c4f8e0b7575c19ecc9e188a8e056eea8f6ef719c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
f432e22e113a01e300ce59b8b04d8d70

SHA1
1cf8ff6e61c06fa8cf91d6caaa8f0939d86b5f25

SHA256
3dc68ab2ba54654e15515e176e3dd081eb491c67e8cac405084d8d9c81dd442f

SHA512
5d6b7d68d64f2fda3e41d06cc8059512b1c1e7721de5a5a35c4f79a34a3c8d13ce23ab2c821c3b7a6860af65a1923b80eab5a649e2357ff7bbd32a03cbaebcac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
eabdf123f1f0fdb31316f4b7aca40cbd

SHA1
41b54061f79272f21f787a46f408a49fd4202eef

SHA256
f0134f2a9ace9ac1ec04476d6df7a1561ec86a1a9e507977eff47016e0272161

SHA512
5632378d4105b7214b5f382786683d04020046aaa816e59b1f19a111577c6300bdd43ddd03c1f1e6f12d5dcae33942c1838820e4dca03a1c56dc39efbece288e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
23e38025b908c54d52ab99e06d002f6c

SHA1
8d74cc95e72f0ca78ce570733e7d55a8a0896d00

SHA256
d314bea6673bb0fb581a86b57ba37c60b662f0cc5a23964304e10af174083381

SHA512
ab70819a09ab0e37455e5f4d7f8e9987c88e55aa1cc818484fea9d87464853dae62e4691704ee49b415a3e2e6f14d59f06ce2a99ebee609cdaab84de8bda63ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8034bcc6d2e0b380ea0374b808f16f88

SHA1
fd0e4f90b1fd9a121e7ba27d970996b46daba667

SHA256
12261f2996e813ae38a3a4ce6132d6ea761f6b2a1510b70f7467676cfc90fbc3

SHA512
dd7778e00848fd47896fb28e6883ac438ce037359569015811bf87d07264e977377b64ca18f0a965f54cee56f9224aec9476ea51e345cc05c0fb668394f8db66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c09de4ffd55735c15cb9bc9e0c9f33ba

SHA1
4f01dd4d45163ec4a0252acc39bbbe95f98e34bb

SHA256
365c8acbafc57571054b8e801e5b10cddabe4e6aeb91c8a34010593524cb84bb

SHA512
83150cc2ca645bd40db9f674bf1f43361fa3136a56f0a113b14609474a727adefb512971c650a9a370663ca7ab25dbc53758245896a136ebacbc4a01461baa89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
92943aefac7ffdc4c26ede8b8530acaf

SHA1
7afe19634b76b507f2977ffd2625fe99b80f7be4

SHA256
445c799fe553210cab64bdb3eb0d7a7aa4920373ff4607a07ae5578587299f9f

SHA512
21fac3caa17d38a4c62a6af5dde0e8df785f72eb229a5a9d33c7328da5acd1e06a5f4a5e5d2ef7ffd3043a326eb45047207d7c19770dfbd6099c0dfe4a7da82b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
f5333a0c705fc1c5c724e0a75e89977d

SHA1
33f7d18d6dcbaaad7ace571e3a8460504d6a7a71

SHA256
e852c391c0d13b1c5b486276f6b8ff92713b126696bc610740fec536375bb20b

SHA512
c0dc042e129a4b90cc1e19a4ac7e65af60e71abaa565718311ef1b24dfebff1c08874a16b4d4eea9f6cea61878fe764aeaf8ac0d5e1e70a63b227152b38ced1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
5d3f26e914ea3ff484e05db9c76096e1

SHA1
1e0a4aad851a0ef68f11ced8bb00da581dadbf9e

SHA256
66a36066eaeed46539d3e9ebd4a571e76a083d834c48ebc65884115647379424

SHA512
c81d6a76e6bbeeb770e2f2088950cab5bb125b5e010293655328e8dcb6b7db7f148945a676245fdbe2bd28b6f44e8bd24a5328face2a5ae9985eb0d8e6e9fcf9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
6f6105a105f58eaa06c85746d6873d84

SHA1
4f9eb84e16b61b40526665bd40aabb0f3dd6b168

SHA256
b09f62aa1f81687b534f66b1125e836df17ea4039fa7ca0543323c44ab6475d2

SHA512
fc5979faf0967a56d5060d8b92193867268c686be73b0cca8bbe653702328d3d3ac4f85feedea8837b2232039138c49bf0f3a047190ff7bb82d316041273fd5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
6f6105a105f58eaa06c85746d6873d84

SHA1
4f9eb84e16b61b40526665bd40aabb0f3dd6b168

SHA256
b09f62aa1f81687b534f66b1125e836df17ea4039fa7ca0543323c44ab6475d2

SHA512
fc5979faf0967a56d5060d8b92193867268c686be73b0cca8bbe653702328d3d3ac4f85feedea8837b2232039138c49bf0f3a047190ff7bb82d316041273fd5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
617a2b0c3c5702017f80367cef81d07b

SHA1
a21b58900664b19ec7cd511f099aeefb0436eca9

SHA256
1a331c9e926d6fd44d96731577ba294098a4ce47370788f0e37494672cf4fc6f

SHA512
657dec38ee1860600970a17254d38455ad9eeb6361f645f82611b54a7b060cef58124264f472953276abb67945545e9d7c11cf6a41c48cb5543cf220e1d9fce3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5dac40.TMP

Filesize
48B

MD5
e0f775925524b7c8dc2371aca637d101

SHA1
e287045c574263d365e5b6db61b405225d030e46

SHA256
b1cd252bc5e5cfd7aafe1e8ae3b5ae9ce3dd7c1ef875157f589ed34975223cd4

SHA512
52afab478650b23e2449b11ed5d9141f36c3446be2dcd4d870e42a13dc6dcc51fac9b0afcdc5ea52d5c44ea67264790bf9de93cc0e4a162fb28c472323a98c1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13326868144591846

Filesize
2KB

MD5
3d9458329e1dd08a5caa2010b21786d8

SHA1
fc28e4f16866c721ebc8f45447a03081187fc246

SHA256
b2dca2f48ed0c68603e723b1661ff871d82ff98b4268e4bda0a4a8c34a117d3d

SHA512
0b32ecf8a09bba76b28b86212af18e2399017fe7cb83aa8b186417136b1e101502c8da2203a6347cf32c988012d1abe93bd3e746a756f7f346a3c01a621348fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
1347fe8bb1b2d44fb6f17d2c3811bcaa

SHA1
a6e2552e630402ada7c33defa3b1c00b89fe61df

SHA256
bddccdeaac3229c4d8b273f99c1eb383c95d3cfeb35635a4f66b96918a4931c7

SHA512
8be0ead8a6faecb05b87426cb6d057c711e38f5fa6bb9ea11902ba32b2f8df2047836657146764f4dc45085b741f59750584380b1bfe192572a81faca6dc6407

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

Filesize
6KB

MD5
7470b8e02105aec32da04baa73d64b0d

SHA1
11b4e400095c81f4ad2d37cfad6d530c90649e3d

SHA256
3d519562d3af6661b3a5cbba55888068b84c758b74713572357b4f210a783ad7

SHA512
f066c395146b294bb851f7340cc4a63901c413b913d40334bb5a7baccb569c298c821f9e5bdacbd06bad2070ce5979f4a69973c560f51e127800f16273723507

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
c9076cfa51c2929cebbdde3402a98fe3

SHA1
a484cd10d526270ad65cfa3c306b09e030095bd0

SHA256
9bb30d031722e71a6f6afd57d54ad0aea12dff62cbeae27a00900223a4310302

SHA512
71cb24a986384baecefd6eaa8510f7216c6f04d0a6ecadbde88eb81c0e0ef6f6df60d718bc1d73856c722f1fc11d6df0253c3e86ae001cef81b5c5fe495bcc7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data.bby

Filesize
92KB

MD5
7b8fce002a4226440336bb820df16ce0

SHA1
2c01f79baedc0d595a7b614dd3e8856059a073c1

SHA256
38631485d25760a44d157bde164d0bd5785d37f183c62715960170df1f6a4066

SHA512
ac46dcefa71a43e059834963fc7bc8e58079d7eea69daf5f5ba8630fe07f0a10da9091126e91ea43d828a733039650dac17fb29398f1ab0adf70769093956ff3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
261KB

MD5
1b126e16047d773711744bc7b46fbfc9

SHA1
04afa5dfa9f45a56bbbf4e698d5388f9fe832406

SHA256
2d3c909867f8bb58d9c2ab25c25a31a611136d39744a4552f3b2c9216f6bb01a

SHA512
dd96063ec74dffe044fe82ff761e8c8680917ecd95196edcf18b43d04e99a5c57a275d82dce9e7b8b0ea4d90ec2dfd1d75ff61f109d0d0c343cefde3f9c0c5fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
261KB

MD5
3ace84aa762258b8963e3ddfe122f104

SHA1
6efdf170b6fed50df0e63067a4d79a95a45c03fc

SHA256
13a847350c70d35f89246b178c0f9fc7f0588e3d09829b92b35c4fe12856fbae

SHA512
6320cc3304d692f0d2664204c5e35fb2654f7381205d19d669768d621eee52de10abe94521340434bdcc758ffa6729c8f4ef4ae742af4741be5869f0aa99f7f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
b933a9e54c3bc1fedaf672098b27a86b

SHA1
ac5882970c77dcc200cd57e266e266e592d033d4

SHA256
dc05bb4d1037a82ea5c92a36cd044e3a193ed10be4fc38bf49f9c31d84934b44

SHA512
b99864c330cb1d3aa6745cde8e3ce39041ebf622bc18fb96592539c4296ef5636bd2da98765f4a7d58feb8474ab84c804433bf1c290e29d360b0a3772dc3e476

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
b933a9e54c3bc1fedaf672098b27a86b

SHA1
ac5882970c77dcc200cd57e266e266e592d033d4

SHA256
dc05bb4d1037a82ea5c92a36cd044e3a193ed10be4fc38bf49f9c31d84934b44

SHA512
b99864c330cb1d3aa6745cde8e3ce39041ebf622bc18fb96592539c4296ef5636bd2da98765f4a7d58feb8474ab84c804433bf1c290e29d360b0a3772dc3e476

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
132KB

MD5
0358dce8b674fd8da18fd8790f7fb0c3

SHA1
8acf3dbbac8649177de7119cba30e2bfd687b497

SHA256
2be0f9bbf84029bc3e2c7373b85780076a5cd63df4ec027e3461ef7258503e4d

SHA512
79010c36418927f004880856ddb0c75db22d00e376e7af0fca55694de901f8229d87dc53d864fcf36d9ec0916eccf8744573ab577ebf721db2b78137cb0c739d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
b79125efd7c5cb9e3b71cf1003fc3ffb

SHA1
0b42f980a47873ab04f0cea2863a90fcf21df979

SHA256
3c09e3a46c85134d7d958ad69bbda4eda44ca4dca7d87d766221fcc761e9817c

SHA512
4148e1adb51d5c6d1ebf92c4fff881d0d61478a1e95ca5d968e92d348be760729b73846b8e498a368e070d548d1421c2f8c72f0929eeb026c24594c9b0e2ddb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
107KB

MD5
e07c25355cc0af1767183d5d1f9a4303

SHA1
b9bbcf573bf1fb296fb8a559a675439bc6167288

SHA256
2e11b67aed6e3bdb08d327a61718df35c68e9d8ba36ac5aa60a60afe09135b91

SHA512
ebf0f3234eb9d59a8b852cd94905b74075f70ab095be0d24855c985660c1e83579624d5ef8d08a0f6271534818122b625aa4c587b342eafcd8f075659c30b208

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
93KB

MD5
690850237aabdb48341972da43956c87

SHA1
0b1c03a8efdb94a69c9e75cf98e475e14027c684

SHA256
acc2a036914a6d2f6977c9721acb7bc97588823343bd18aea3747a140be14d87

SHA512
b759a1b6b3f68e710481c54c4523a9149e68b508f2ea96ec670951b2cd406eab9f90fed9a652168341a97e90ff71572427a82d4e06f8f8f328b8444af807c01e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
f732dbed9289177d15e236d0f8f2ddd3

SHA1
53f822af51b014bc3d4b575865d9c3ef0e4debde

SHA256
2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93

SHA512
b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
14KB

MD5
8a79785ec68f55aafd01a3c2ddb6bd08

SHA1
a097b121f0e64d324a51fd2cfff42bb0374a42b8

SHA256
a95e785e287ebd7c64dabdeee9c70c217da3af35a8f66e3140f720708ef13f48

SHA512
a37302c005384d60146064ce39aadbbcc5738d634590bf9529a2ecdb205ba17b420d0eaa45e5806ab99369f35891c50514d00fcf69074297add486b897968807

Download Submit
C:\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\D3DCompiler_47.dll

Filesize
3.9MB

MD5
3b4647bcb9feb591c2c05d1a606ed988

SHA1
b42c59f96fb069fd49009dfd94550a7764e6c97c

SHA256
35773c397036b368c1e75d4e0d62c36d98139ebe74e42c1ff7be71c6b5a19fd7

SHA512
00cd443b36f53985212ac43b44f56c18bf70e25119bbf9c59d05e2358ff45254b957f1ec63fc70fb57b1726fd8f76ccfad8103c67454b817a4f183f9122e3f50

Download Submit
C:\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\chrome_100_percent.pak

Filesize
124KB

MD5
acd0fa0a90b43cd1c87a55a991b4fac3

SHA1
17b84e8d24da12501105b87452f86bfa5f9b1b3c

SHA256
ccbca246b9a93fa8d4f01a01345e7537511c590e4a8efd5777b1596d10923b4b

SHA512
3e4c4f31c6c7950d5b886f6a8768077331a8f880d70b905cf7f35f74be204c63200ff4a88fa236abccc72ec0fc102c14f50dd277a30f814f35adfe5a7ae3b774

Download Submit
C:\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\chrome_100_percent.pak

Filesize
124KB

MD5
acd0fa0a90b43cd1c87a55a991b4fac3

SHA1
17b84e8d24da12501105b87452f86bfa5f9b1b3c

SHA256
ccbca246b9a93fa8d4f01a01345e7537511c590e4a8efd5777b1596d10923b4b

SHA512
3e4c4f31c6c7950d5b886f6a8768077331a8f880d70b905cf7f35f74be204c63200ff4a88fa236abccc72ec0fc102c14f50dd277a30f814f35adfe5a7ae3b774

Download Submit
C:\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\chrome_200_percent.pak

Filesize
173KB

MD5
4610337e3332b7e65b73a6ea738b47df

SHA1
8d824c9cf0a84ab902e8069a4de9bf6c1a9aaf3b

SHA256
c91abf556e55c29d1ea9f560bb17cc3489cb67a5d0c7a22b58485f5f2fbcf25c

SHA512
039b50284d28dcd447e0a486a099fa99914d29b543093cccda77bbefdd61f7b7f05bb84b2708ae128c5f2d0c0ab19046d08796d1b5a1cff395a0689ab25ccb51

Download Submit
C:\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\config.exe

Filesize
132.4MB

MD5
8fd3f1b5f83f1cb12e86106ff776c5de

SHA1
4eb98419be6f12705f14d5ab4ebc67c3efbd6442

SHA256
29cb11dc00e7de1d75f562798ac73f4610e8966812645e2293d8d8ddc0bbd4ac

SHA512
efa6af1688b51d6bf79ab9acd94bd6552a05766c05c92ca63b3922229d24fb40791fb03e28db3fff63d82ce9eaf27e4bec5dad34ff113862e6e3dfe448a0b3bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\config.exe

Filesize
132.4MB

MD5
8fd3f1b5f83f1cb12e86106ff776c5de

SHA1
4eb98419be6f12705f14d5ab4ebc67c3efbd6442

SHA256
29cb11dc00e7de1d75f562798ac73f4610e8966812645e2293d8d8ddc0bbd4ac

SHA512
efa6af1688b51d6bf79ab9acd94bd6552a05766c05c92ca63b3922229d24fb40791fb03e28db3fff63d82ce9eaf27e4bec5dad34ff113862e6e3dfe448a0b3bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\config.exe

Filesize
132.4MB

MD5
8fd3f1b5f83f1cb12e86106ff776c5de

SHA1
4eb98419be6f12705f14d5ab4ebc67c3efbd6442

SHA256
29cb11dc00e7de1d75f562798ac73f4610e8966812645e2293d8d8ddc0bbd4ac

SHA512
efa6af1688b51d6bf79ab9acd94bd6552a05766c05c92ca63b3922229d24fb40791fb03e28db3fff63d82ce9eaf27e4bec5dad34ff113862e6e3dfe448a0b3bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\config.exe

Filesize
132.4MB

MD5
8fd3f1b5f83f1cb12e86106ff776c5de

SHA1
4eb98419be6f12705f14d5ab4ebc67c3efbd6442

SHA256
29cb11dc00e7de1d75f562798ac73f4610e8966812645e2293d8d8ddc0bbd4ac

SHA512
efa6af1688b51d6bf79ab9acd94bd6552a05766c05c92ca63b3922229d24fb40791fb03e28db3fff63d82ce9eaf27e4bec5dad34ff113862e6e3dfe448a0b3bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\config.exe

Filesize
132.4MB

MD5
8fd3f1b5f83f1cb12e86106ff776c5de

SHA1
4eb98419be6f12705f14d5ab4ebc67c3efbd6442

SHA256
29cb11dc00e7de1d75f562798ac73f4610e8966812645e2293d8d8ddc0bbd4ac

SHA512
efa6af1688b51d6bf79ab9acd94bd6552a05766c05c92ca63b3922229d24fb40791fb03e28db3fff63d82ce9eaf27e4bec5dad34ff113862e6e3dfe448a0b3bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\ffmpeg.dll

Filesize
2.5MB

MD5
94f687603aba179474517da648f436a5

SHA1
4de598064481401366fbfc81f0a365c13879035c

SHA256
96e7ed9463802023c86ba42f8045d5249baaca7f679ac76087d29ae33be1ede0

SHA512
f94694bed9b6f2c5365b12acad28dc49579c9fbbd7db46569d1fd919cc6973236cba8aa4dd0d8d1a3a9ddef81c285c5dbce47294259462272f84e41a23d9d1e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\icudtl.dat

Filesize
10.1MB

MD5
d89ce8c00659d8e5d408c696ee087ce3

SHA1
49fc8109960be3bb32c06c3d1256cb66dded19a8

SHA256
9dfbe0dad5c7021cfe8df7f52458c422cbc5be9e16ff33ec90665bb1e3f182de

SHA512
db097ce3eb9e132d0444df79b167a7dcb2df31effbbd3df72da3d24ae2230cc5213c6df5e575985a9918fbd0a6576e335b6ebc12b6258bc93fa205399de64c37

Download Submit
C:\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\libegl.dll

Filesize
371KB

MD5
fde9a02f00bc7b70d93b9e928945087a

SHA1
5136e3d0b681af624086c77cd67edcf537dd27e4

SHA256
d1f504b9136ee6a8955b045e8a94dcb75c5013e9e6896d889edba1491649bc9f

SHA512
7e65a884df7bd7fc74c717528bbd61e5c0671d208cf02849e357b6690f02477659b7c3de43193bb487a2624638fafbfdece88557c9ef1ad28c03f0a6253c57ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\libglesv2.dll

Filesize
6.4MB

MD5
ed58bd0690a86ac78764654edda50194

SHA1
f7973bdf9ad1c9e51350794c3d51459ba7a37f4e

SHA256
ff813885abdac4bc106bbf7d106325718f568756209b920ac2d83c3c9f9a2ce6

SHA512
955d442f1faf8e22c313c5feec1101444027b920d7fc8c171454c70edd3385f502ccc0a1f80d53bbaacf87517eabe51d74469a995ff7506917d3d2b205865040

Download Submit
C:\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\locales\en-US.pak

Filesize
338KB

MD5
5e3813e616a101e4a169b05f40879a62

SHA1
615e4d94f69625dda81dfaec7f14e9ee320a2884

SHA256
4d207c5c202c19c4daca3fddb2ae4f747f943a8faf86a947eef580e2f2aee687

SHA512
764a271a9cfb674cce41ee7aed0ad75f640ce869efd3c865d1b2d046c9638f4e8d9863a386eba098f5dcedd20ea98bad8bca158b68eb4bdd606d683f31227594

Download Submit
C:\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\resources.pak

Filesize
5.0MB

MD5
c2b9f8256a070f23a2bac3457198657b

SHA1
8a6c14bfe8149476baf407e3695a78863aa35fd9

SHA256
b5ab9cbb8b4f5fb9a3b2f15989a8522d3985c2b4260b1ace9b4edb5173f10deb

SHA512
37bf0e2f1b2bc700519ac7b4fa023611f88a8338d9b303988e1ba37345c1f2199750e60a9cc1e8b3f34c37b78ca5a9ca1f02086755d6fe3d6c5aafeae449c66e

Download Submit
C:\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\resources\app.asar

Filesize
50.8MB

MD5
dc78e9a5a61d899c814c83b8a685bb56

SHA1
59ca85063170fb273c0909e41eab8b67083955c8

SHA256
ded179cfe29db2b0bfeee5018b08b61fe03c2d728f82c74c8e3f4593d6475096

SHA512
2fedf4dbd8cf95695e19a1ce175f97745ecb57ddcc7bd14eeefe38a6e575d384dc7e76657e12a33488776d39a62d94e71b0de547186f95b5c38260951dc0c396

Download Submit
C:\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\v8_context_snapshot.bin

Filesize
511KB

MD5
4f4d00247758c684c295243ddedd2948

SHA1
f8e8fc6c22fde9df1d60c329e38b38a85f96bb69

SHA256
4ea84c4465eea20b46e6ded30f711f1e0d61e15574d861b0210819abd5e895e5

SHA512
2c335672979114bd68ff6f1b1b94235fbf072fe8642cad1f7d61855b92741f0633fa0ccb77cd520be560db2d3ac75f9be08e22806487bf5d3045781e3903ad45

Download Submit
C:\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\vk_swiftshader.dll

Filesize
4.5MB

MD5
824a833b74439461820a2e22f6bfcfe5

SHA1
a05d360fdb4688bc5cb462c6ec6fad40f64744e3

SHA256
b6816edfd0af362a1023c2616ab4d4bb0a1486f4d8ee665d5924f403da8a616a

SHA512
ea9d21f63858c326029b1ff50123ccc58b715f240bf3264f412541384573e0a6be3c2b47f1f187857f919328c915e9d1f09937dd8fb84b06ffc79e5289b1d29d

Download Submit
C:\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\vulkan-1.dll

Filesize
786KB

MD5
6704b30acda01af69502e04b57ad4195

SHA1
4d9f921bc4a3708dbe00df54f0706c05c744c58d

SHA256
a1b8bde50262cfcb258068f32832309521cdb4cbeb3694514168ef404252f840

SHA512
fcfcce5589da1114f9ea1b9062caca2afd86b9c8cd3d88542ef36d66c82d8628f9064482c17aa55dcabd9f6ba8b018eb4f0b0e23a68ba06e48cc2c3d12cc5155

Download Submit
C:\Users\Admin\AppData\Local\Temp\83a055bb-c8ed-422e-9600-6c94ded253ec.tmp.node

Filesize
1.4MB

MD5
bacb80cc32cd4df761f8d1f43a476da0

SHA1
bdc736e76b34258486aebfb5234ff5883c76cbe4

SHA256
df090c0b129ecbec001665a795d8856c84563c23fa20c04609df2b852a340db8

SHA512
45faa9fea7783a6d59c41c95627a4dbbdb0300800efeb06836a42c994ce02c536f63744ddd1c1d990d2f9f127b6edbb4706ffd744fa95b9e8cc0523dc59cfb4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_dzj22pc3.2um.ps1

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
C:\Users\Admin\AppData\Local\Temp\e593f908-5938-4901-b34f-97de9ba7c1bd.tmp.node

Filesize
120KB

MD5
42f6b4c7cfdc5b9cb9b8c5d7e91f126c

SHA1
d4019dbafd9af67e447424d7cd7ecc1b58082848

SHA256
0b8321a2754995ad5e41b5fbe6cbbfac8a12cf856bc767816dfffecff0d3a14f

SHA512
750f5863a5efc56f552e6c9baae7ec7b603eda68cd7d17fdb29e43598f81aa4b36241b3767b1e4808898567377772da35dc0e05db2787f0aabdda525c1db5101

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgC367.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgC367.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgC367.tmp\app-32.7z

Filesize
63.5MB

MD5
0f3d3f3e2deb6335bc1c72f501f2b6dd

SHA1
4df9c2d36d2cf0f2c357f78483f5a0d5471b219b

SHA256
5037b64ef405ed9bcd8689e5283808dab225bf5df826e08a6cf83de2afe0f16a

SHA512
cbf2d18f5428c2ba7e9ef17abe1892e1cb29f41ba8707bc0c7afb4598b2eed351088e3d9c80aaa9b417393b421efb1d415902f57463c622d6dcb5330f32c2658

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgC367.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\LICENSE.electron.txt

Filesize
1KB

MD5
4d42118d35941e0f664dddbd83f633c5

SHA1
2b21ec5f20fe961d15f2b58efb1368e66d202e5c

SHA256
5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d

SHA512
3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\LICENSES.chromium.html

Filesize
7.9MB

MD5
312446edf757f7e92aad311f625cef2a

SHA1
91102d30d5abcfa7b6ec732e3682fb9c77279ba3

SHA256
c2656201ac86438d062673771e33e44d6d5e97670c3160e0de1cb0bd5fbbae9b

SHA512
dce01f2448a49a0e6f08bbde6570f76a87dcc81179bb51d5e2642ad033ee81ae3996800363826a65485ab79085572bbace51409ae7102ed1a12df65018676333

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\chrome_200_percent.pak

Filesize
173KB

MD5
4610337e3332b7e65b73a6ea738b47df

SHA1
8d824c9cf0a84ab902e8069a4de9bf6c1a9aaf3b

SHA256
c91abf556e55c29d1ea9f560bb17cc3489cb67a5d0c7a22b58485f5f2fbcf25c

SHA512
039b50284d28dcd447e0a486a099fa99914d29b543093cccda77bbefdd61f7b7f05bb84b2708ae128c5f2d0c0ab19046d08796d1b5a1cff395a0689ab25ccb51

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\config.exe

Filesize
132.4MB

MD5
8fd3f1b5f83f1cb12e86106ff776c5de

SHA1
4eb98419be6f12705f14d5ab4ebc67c3efbd6442

SHA256
29cb11dc00e7de1d75f562798ac73f4610e8966812645e2293d8d8ddc0bbd4ac

SHA512
efa6af1688b51d6bf79ab9acd94bd6552a05766c05c92ca63b3922229d24fb40791fb03e28db3fff63d82ce9eaf27e4bec5dad34ff113862e6e3dfe448a0b3bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\d3dcompiler_47.dll

Filesize
3.9MB

MD5
3b4647bcb9feb591c2c05d1a606ed988

SHA1
b42c59f96fb069fd49009dfd94550a7764e6c97c

SHA256
35773c397036b368c1e75d4e0d62c36d98139ebe74e42c1ff7be71c6b5a19fd7

SHA512
00cd443b36f53985212ac43b44f56c18bf70e25119bbf9c59d05e2358ff45254b957f1ec63fc70fb57b1726fd8f76ccfad8103c67454b817a4f183f9122e3f50

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\ffmpeg.dll

Filesize
2.5MB

MD5
94f687603aba179474517da648f436a5

SHA1
4de598064481401366fbfc81f0a365c13879035c

SHA256
96e7ed9463802023c86ba42f8045d5249baaca7f679ac76087d29ae33be1ede0

SHA512
f94694bed9b6f2c5365b12acad28dc49579c9fbbd7db46569d1fd919cc6973236cba8aa4dd0d8d1a3a9ddef81c285c5dbce47294259462272f84e41a23d9d1e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\icudtl.dat

Filesize
10.1MB

MD5
d89ce8c00659d8e5d408c696ee087ce3

SHA1
49fc8109960be3bb32c06c3d1256cb66dded19a8

SHA256
9dfbe0dad5c7021cfe8df7f52458c422cbc5be9e16ff33ec90665bb1e3f182de

SHA512
db097ce3eb9e132d0444df79b167a7dcb2df31effbbd3df72da3d24ae2230cc5213c6df5e575985a9918fbd0a6576e335b6ebc12b6258bc93fa205399de64c37

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\libEGL.dll

Filesize
371KB

MD5
fde9a02f00bc7b70d93b9e928945087a

SHA1
5136e3d0b681af624086c77cd67edcf537dd27e4

SHA256
d1f504b9136ee6a8955b045e8a94dcb75c5013e9e6896d889edba1491649bc9f

SHA512
7e65a884df7bd7fc74c717528bbd61e5c0671d208cf02849e357b6690f02477659b7c3de43193bb487a2624638fafbfdece88557c9ef1ad28c03f0a6253c57ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\libGLESv2.dll

Filesize
6.4MB

MD5
ed58bd0690a86ac78764654edda50194

SHA1
f7973bdf9ad1c9e51350794c3d51459ba7a37f4e

SHA256
ff813885abdac4bc106bbf7d106325718f568756209b920ac2d83c3c9f9a2ce6

SHA512
955d442f1faf8e22c313c5feec1101444027b920d7fc8c171454c70edd3385f502ccc0a1f80d53bbaacf87517eabe51d74469a995ff7506917d3d2b205865040

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\locales\af.pak

Filesize
368KB

MD5
7e51349edc7e6aed122bfa00970fab80

SHA1
eb6df68501ecce2090e1af5837b5f15ac3a775eb

SHA256
f528e698b164283872f76df2233a47d7d41e1aba980ce39f6b078e577fd14c97

SHA512
69da19053eb95eef7ab2a2d3f52ca765777bdf976e5862e8cebbaa1d1ce84a7743f50695a3e82a296b2f610475abb256844b6b9eb7a23a60b4a9fc4eae40346d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\locales\am.pak

Filesize
599KB

MD5
2009647c3e7aed2c4c6577ee4c546e19

SHA1
e2bbacf95ec3695daae34835a8095f19a782cbcf

SHA256
6d61e5189438f3728f082ad6f694060d7ee8e571df71240dfd5b77045a62954e

SHA512
996474d73191f2d550c516ed7526c9e2828e2853fcfbe87ca69d8b1242eb0dedf04030bbca3e93236bbd967d39de7f9477c73753af263816faf7d4371f363ba3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\locales\ar.pak

Filesize
655KB

MD5
47a6d10b4112509852d4794229c0a03b

SHA1
2fb49a0b07fbdf8d4ce51a7b5a7f711f47a34951

SHA256
857fe3ab766b60a8d82b7b6043137e3a7d9f5cfb8ddd942316452838c67d0495

SHA512
5f5b280261195b8894efae9df2bece41c6c6a72199d65ba633c30d50a579f95fa04916a30db77831f517b22449196d364d6f70d10d6c5b435814184b3bcf1667

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\locales\bg.pak

Filesize
685KB

MD5
a19269683a6347e07c55325b9ecc03a4

SHA1
d42989daf1c11fcfff0978a4fb18f55ec71630ec

SHA256
ad65351a240205e881ef5c4cf30ad1bc6b6e04414343583597086b62d48d8a24

SHA512
1660e487df3f3f4ec1cea81c73dca0ab86aaf121252fbd54c7ac091a43d60e1afd08535b082efd7387c12616672e78aa52dddfca01f833abef244284482f2c76

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\locales\bn.pak

Filesize
883KB

MD5
5cdd07fa357c846771058c2db67eb13b

SHA1
deb87fc5c13da03be86f67526c44f144cc65f6f6

SHA256
01c830b0007b8ce6aca46e26d812947c3df818927b826f7d8c5ffd0008a32384

SHA512
2ac29a3aa3278bd9a8fe1ba28e87941f719b14fbf8b52e0b7dc9d66603c9c147b9496bf7be4d9e3aa0231c024694ef102dcc094c80c42be5d68d3894c488098c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\locales\ca.pak

Filesize
416KB

MD5
d259469e94f2adf54380195555154518

SHA1
d69060bbe8e765ca4dc1f7d7c04c3c53c44b8ab5

SHA256
f98b7442befc285398a5dd6a96740cba31d2f5aadadd4d5551a05712d693029b

SHA512
d0bd0201acf4f7daa84e89aa484a3dec7b6a942c3115486716593213be548657ad702ef2bc1d3d95a4a56b0f6e7c33d5375f41d6a863e4ce528f2bd6a318240e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\locales\cs.pak

Filesize
425KB

MD5
04a680847c4a66ad9f0a88fb9fb1fc7b

SHA1
2afcdf4234a9644fb128b70182f5a3df1ee05be1

SHA256
1cc44c5fbe1c0525df37c5b6267a677f79c9671f86eda75b6fc13abf5d5356eb

SHA512
3a8a409a3c34149a977dea8a4cb0e0822281aed2b0a75b02479c95109d7d51f6fb2c2772ccf1486ca4296a0ac2212094098f5ce6a1265fa6a7eb941c0cfef83e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\locales\da.pak

Filesize
386KB

MD5
1a53d374b9c37f795a462aac7a3f118f

SHA1
154be9cf05042eced098a20ff52fa174798e1fea

SHA256
d0c38eb889ee27d81183a0535762d8ef314f0fdeb90ccca9176a0ce9ab09b820

SHA512
395279c9246bd30a0e45d775d9f9c36353bd11d9463282661c2abd876bdb53be9c9b617bb0c2186592cd154e9353ea39e3feed6b21a07b6850ab8ecd57e1ed29

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\locales\de.pak

Filesize
414KB

MD5
8e6654b89ed4c1dc02e1e2d06764805a

SHA1
ff660bc85bb4a0fa3b2637050d2b2d1aecc37ad8

SHA256
61cbce9a31858ddf70cc9b0c05fb09ce7032bfb8368a77533521722465c57475

SHA512
5ac71eda16f07f3f2b939891eda2969c443440350fd88ab3a9b3180b8b1a3ecb11e79e752cf201f21b3dbfba00bcc2e4f796f347e6137a165c081e86d970ee61

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\locales\el.pak

Filesize
751KB

MD5
9528d21e8a3f5bad7ca273999012ebe8

SHA1
58cd673ce472f3f2f961cf8b69b0c8b8c01d457c

SHA256
e79c1e7a47250d88581e8e3baf78dcaf31fe660b74a1e015be0f4bafdfd63e12

SHA512
165822c49ce0bdb82f3c3221e6725dac70f53cfdad722407a508fa29605bc669fb5e5070f825f02d830e0487b28925644438305372a366a3d60b55da039633d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\locales\en-GB.pak

Filesize
336KB

MD5
d59e613e8f17bdafd00e0e31e1520d1f

SHA1
529017d57c4efed1d768ab52e5a2bc929fdfb97c

SHA256
90e585f101cf0bb77091a9a9a28812694cee708421ce4908302bbd1bc24ac6fd

SHA512
29ff3d42e5d0229f3f17bc0ed6576c147d5c61ce2bd9a2e658a222b75d993230de3ce35ca6b06f5afa9ea44cfc67817a30a87f4faf8dc3a5c883b6ee30f87210

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\locales\en-US.pak

Filesize
338KB

MD5
5e3813e616a101e4a169b05f40879a62

SHA1
615e4d94f69625dda81dfaec7f14e9ee320a2884

SHA256
4d207c5c202c19c4daca3fddb2ae4f747f943a8faf86a947eef580e2f2aee687

SHA512
764a271a9cfb674cce41ee7aed0ad75f640ce869efd3c865d1b2d046c9638f4e8d9863a386eba098f5dcedd20ea98bad8bca158b68eb4bdd606d683f31227594

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\locales\es-419.pak

Filesize
411KB

MD5
7f6696cc1e71f84d9ec24e9dc7bd6345

SHA1
36c1c44404ee48fc742b79173f2c7699e1e0301f

SHA256
d1f17508f3a0106848c48a240d49a943130b14bd0feb5ed7ae89605c7b7017d1

SHA512
b226f94f00978f87b7915004a13cdbd23de2401a8afaa2517498538967df89b735f8ecc46870c92e3022cac795218a60ad2b8fff1efad9feea4ec193704a568a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\locales\es.pak

Filesize
411KB

MD5
a36992d320a88002697da97cd6a4f251

SHA1
c1f88f391a40ccf2b8a7b5689320c63d6d42935f

SHA256
c5566b661675b613d69a507cbf98768bc6305b80e6893dc59651a4be4263f39d

SHA512
9719709229a4e8f63247b3efe004ecfeb5127f5a885234a5f78ee2b368f9e6c44eb68a071e26086e02aa0e61798b7e7b9311d35725d3409ffc0e740f3aa3b9b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\locales\et.pak

Filesize
371KB

MD5
a94e1775f91ea8622f82ae5ab5ba6765

SHA1
ff17accdd83ac7fcc630e9141e9114da7de16fdb

SHA256
1606b94aef97047863481928624214b7e0ec2f1e34ec48a117965b928e009163

SHA512
a2575d2bd50494310e8ef9c77d6c1749420dfbe17a91d724984df025c47601976af7d971ecae988c99723d53f240e1a6b3b7650a17f3b845e3daeefaaf9fe9b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\locales\fa.pak

Filesize
607KB

MD5
9d273af70eafd1b5d41f157dbfb94fdc

SHA1
da98bde34b59976d4514ff518bd977a713ea4f2e

SHA256
319d1e20150d4e3f496309ba82fce850e91378ee4b0c7119a003a510b14f878b

SHA512
0a892071bea92cc7f1a914654bc4f9da6b9c08e3cb29bb41e9094f6120ddc7a08a257c0d2b475c98e7cdcf604830e582cf2a538cc184056207f196ffc43f29ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\locales\fi.pak

Filesize
379KB

MD5
d4b776267efebdcb279162c213f3db22

SHA1
7236108af9e293c8341c17539aa3f0751000860a

SHA256
297e3647eaf9b3b95cf833d88239919e371e74cc345a2e48a5033ebe477cd54e

SHA512
1dc7d966d12e0104aacb300fd4e94a88587a347db35ad2327a046ef833fb354fd9cbe31720b6476db6c01cfcb90b4b98ce3cd995e816210b1438a13006624e8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\locales\fil.pak

Filesize
427KB

MD5
3165351c55e3408eaa7b661fa9dc8924

SHA1
181bee2a96d2f43d740b865f7e39a1ba06e2ca2b

SHA256
2630a9d5912c8ef023154c6a6fb5c56faf610e1e960af66abef533af19b90caa

SHA512
3b1944ea3cfcbe98d4ce390ea3a8ff1f6730eb8054e282869308efe91a9ddcd118290568c1fc83bd80e8951c4e70a451e984c27b400f2bde8053ea25b9620655

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\locales\fr.pak

Filesize
444KB

MD5
0bf28aff31e8887e27c4cd96d3069816

SHA1
b5313cf6b5fbce7e97e32727a3fae58b0f2f5e97

SHA256
2e1d413442def9cae2d93612e3fd04f3afaf3dd61e4ed7f86400d320af5500c2

SHA512
95172b3b1153b31fceb4b53681635a881457723cd1000562463d2f24712267b209b3588c085b89c985476c82d9c27319cb6378619889379da4fae1595cb11992

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\locales\gu.pak

Filesize
858KB

MD5
7b5f52f72d3a93f76337d5cf3168ebd1

SHA1
00d444b5a7f73f566e98abadf867e6bb27433091

SHA256
798ea5d88a57d1d78fa518bf35c5098cbeb1453d2cb02ef98cd26cf85d927707

SHA512
10c6f4faab8ccb930228c1d9302472d0752be19af068ec5917249675b40f22ab24c3e29ec3264062826113b966c401046cff70d91e7e05d8aadcc0b4e07fec9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\locales\he.pak

Filesize
531KB

MD5
6d787dc113adfb6a539674af7d6195db

SHA1
f966461049d54c61cdd1e48ef1ea0d3330177768

SHA256
a976fad1cc4eb29709018c5ffcc310793a7ceb2e69c806454717ccae9cbc4d21

SHA512
6748dad2813fc544b50ddea0481b5ace3eb5055fb2d985ca357403d3b799618d051051b560c4151492928d6d40fce9bb33b167217c020bdcc3ed4cae58f6b676

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\locales\hi.pak

Filesize
900KB

MD5
1766a05be4dc634b3321b5b8a142c671

SHA1
b959bcadc3724ae28b5fe141f3b497f51d1e28cf

SHA256
0eee8e751b5b0af1e226106beb09477634f9f80774ff30894c0f5a12b925ac35

SHA512
faec1d6166133674a56b5e38a68f9e235155cc910b5cceb3985981b123cc29eda4cd60b9313ab787ec0a8f73bf715299d9bf068e4d52b766a7ab8808bd146a39

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\locales\hr.pak

Filesize
413KB

MD5
8f9498d18d90477ad24ea01a97370b08

SHA1
3868791b549fc7369ab90cd27684f129ebd628be

SHA256
846943f77a425f3885689dcf12d62951c5b7646e68eadc533b8b5c2a1373f02e

SHA512
3c66a84592debe522f26c48b55c04198ad8a16c0dcfa05816825656c76c1c6cccf5767b009f20ecb77d5a589ee44b0a0011ec197fec720168a6c72c71ebf77fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\locales\hu.pak

Filesize
446KB

MD5
f5e1ca8a14c75c6f62d4bff34e27ddb5

SHA1
7aba6bff18bdc4c477da603184d74f054805c78f

SHA256
c0043d9fa0b841da00ec1672d60015804d882d4765a62b6483f2294c3c5b83e0

SHA512
1050f96f4f79f681b3eaf4012ec0e287c5067b75ba7a2cbe89d9b380c07698099b156a0eb2cbc5b8aa336d2daa98e457b089935b534c4d6636987e7e7e32b169

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\locales\id.pak

Filesize
365KB

MD5
7b39423028da71b4e776429bb4f27122

SHA1
cb052ab5f734d7a74a160594b25f8a71669c38f2

SHA256
3d95c5819f57a0ad06a118a07e0b5d821032edcf622df9b10a09da9aa974885f

SHA512
e40679b01ab14b6c8dfdce588f3b47bcaff55dbb1539b343f611b3fcbd1d0e7d8c347a2b928215a629f97e5f68d19c51af775ec27c6f906cac131beae646ce1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\locales\it.pak

Filesize
404KB

MD5
d58a43068bf847c7cd6284742c2f7823

SHA1
497389765143fac48af2bd7f9a309bfe65f59ed9

SHA256
265d8b1bc479ad64fa7a41424c446139205af8029a2469d558813edd10727f9c

SHA512
547a1581dda28c5c1a0231c736070d8a7b53a085a0ce643a4a1510c63a2d4670ff2632e9823cd25ae2c7cdc87fa65883e0a193853890d4415b38056cb730ab54

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\locales\ja.pak

Filesize
493KB

MD5
d10d536bcd183030ba07ff5c61bf5e3a

SHA1
44dd78dba9f098ac61222eb9647d111ad1608960

SHA256
2a3d3abc9f80bad52bd6da5769901e7b9e9f052b6a58a7cc95ce16c86a3aa85a

SHA512
c67aede9ded1100093253e350d6137ab8b2a852bd84b6c82ba1853f792e053cecd0ea0519319498aed5759bedc66d75516a4f2f7a07696a0cef24d5f34ef9dd2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\locales\kn.pak

Filesize
988KB

MD5
c548a5f1fb5753408e44f3f011588594

SHA1
e064ab403972036dad1b35abe9794e95dbe4cc00

SHA256
890f50a57b862f482d367713201e1e559ac778fc3a36322d1dfbbef2535dd9cb

SHA512
6975e4bb1a90e0906cf6266f79da6cc4ae32f72a6141943bcfcf9b33f791e9751a9aafde9ca537f33f6ba8e4d697125fbc2ec4ffd3bc35851f406567dae7e631

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\locales\ko.pak

Filesize
415KB

MD5
b4fbff56e4974a7283d564c6fc0365be

SHA1
de68bd097def66d63d5ff04046f3357b7b0e23ac

SHA256
8c9acde13edcd40d5b6eb38ad179cc27aa3677252a9cd47990eba38ad42833e5

SHA512
0698aa058561bb5a8fe565bb0bec21548e246dbb9d38f6010e9b0ad9de0f59bce9e98841033ad3122a163dd321ee4b11ed191277cdcb8e0b455d725593a88aa5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\locales\lt.pak

Filesize
446KB

MD5
980c27fd74cc3560b296fe8e7c77d51f

SHA1
f581efa1b15261f654588e53e709a2692d8bb8a3

SHA256
41e0f3619cda3b00abbbf07b9cd64ec7e4785ed4c8a784c928e582c3b6b8b7db

SHA512
51196f6f633667e849ef20532d57ec81c5f63bab46555cea8fab2963a078acdfa84843eded85c3b30f49ef3ceb8be9e4ef8237e214ef9ecff6373a84d395b407

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\locales\lv.pak

Filesize
445KB

MD5
e4f7d9e385cb525e762ece1aa243e818

SHA1
689d784379bac189742b74cd8700c687feeeded1

SHA256
523d141e59095da71a41c14aec8fe9ee667ae4b868e0477a46dd18a80b2007ef

SHA512
e4796134048cd12056d746f6b8f76d9ea743c61fee5993167f607959f11fd3b496429c3e61ed5464551fd1931de4878ab06f23a3788ee34bb56f53db25bcb6df

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\locales\ml.pak

Filesize
1.0MB

MD5
8b38c65fc30210c7af9b6fa0424266f4

SHA1
116413710ffcf94fbfa38cb97a47731e43a306f5

SHA256
e8df9a74417c5839c531d7ccab63884a80afb731cc62cbbb3fd141779086ac7d

SHA512
0fd349c644ac1a2e7ed0247e40900d3a9957f5bef1351b872710d02687c934a8e63d3a7585e91f7df78054aeff8f7abd8c93a94fcd20c799779a64278bab2097

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\locales\mr.pak

Filesize
843KB

MD5
c0ef1866167d926fb351e9f9bf13f067

SHA1
6092d04ef3ce62be44c29da5d0d3a04985e2bc04

SHA256
88df231cf2e506db3453f90a797194662a5f85e23bbac2ed3169d91a145d2091

SHA512
9e2b90f3ac1ae5744c22c2442fbcd86a8496afc2c58f6ca060d6dbb08af6f7411ef910a7c8ca5aedee99b5443d4dff709c7935e8322cb32f8b071ee59caee733

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\locales\ms.pak

Filesize
381KB

MD5
9b3e2f3c49897228d51a324ab625eb45

SHA1
8f3daec46e9a99c3b33e3d0e56c03402ccc52b9d

SHA256
61a3daae72558662851b49175c402e9fe6fd1b279e7b9028e49506d9444855c5

SHA512
409681829a861cd4e53069d54c80315e0c8b97e5db4cd74985d06238be434a0f0c387392e3f80916164898af247d17e8747c6538f08c0ef1c5e92a7d1b14f539

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\locales\nb.pak

Filesize
374KB

MD5
af0fd9179417ba1d7fcca3cc5bee1532

SHA1
f746077bbf6a73c6de272d5855d4f1ca5c3af086

SHA256
e900f6d0dd9d5a05b5297618f1fe1600c189313da931a9cb390ee42383eb070f

SHA512
c94791d6b84200b302073b09357abd2a1d7576b068bae01dccda7bc154a6487145c83c9133848ccf4cb9e6dc6c5a9d4be9d818e5a0c8f440a4e04ae8eabd4a29

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\locales\nl.pak

Filesize
385KB

MD5
181d2a0ece4b67281d9d2323e9b9824d

SHA1
e8bdc53757e96c12f3cd256c7812532dd524a0ea

SHA256
6629e68c457806621ed23aa53b3675336c3e643f911f8485118a412ef9ed14ce

SHA512
10d8cc9411ca475c9b659a2cc88d365e811217d957c82d9c144d94843bc7c7a254ee2451a6f485e92385a660fa01577cffa0d64b6e9e658a87bef8fccbbeaf7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\locales\pl.pak

Filesize
429KB

MD5
18d49d5376237bb8a25413b55751a833

SHA1
0b47a7381de61742ac2184850822c5fa2afa559e

SHA256
1729aa5c8a7e24a0db98febcc91df8b7b5c16f9b6bb13a2b0795038f2a14b981

SHA512
45344a533cc35c8ce05cf29b11da6c0f97d8854dae46cf45ef7d090558ef95c3bd5fdc284d9a7809f0b2bf30985002be2aa6a4749c0d9ae9bdff4ad13de4e570

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\locales\pt-BR.pak

Filesize
405KB

MD5
0d9dea9e24645c2a3f58e4511c564a36

SHA1
dcd2620a1935c667737eea46ca7bb2bdcb31f3a6

SHA256
ca7b880391fcd319e976fcc9b5780ea71de655492c4a52448c51ab2170eeef3b

SHA512
8fcf871f8be7727e2368df74c05ca927c5f0bc3484c4934f83c0abc98ecaf774ad7aba56e1bf17c92b1076c0b8eb9c076cc949cd5427efcade9ddf14f6b56bc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\locales\pt-PT.pak

Filesize
407KB

MD5
6a7232f316358d8376a1667426782796

SHA1
8b70fe0f3ab2d73428f19ecd376c5deba4a0bb6c

SHA256
6a526cd5268b80df24104a7f40f55e4f1068185febbbb5876ba2cb7f78410f84

SHA512
40d24b3d01e20ae150083b00bb6e10bca81737c48219bce22fa88faaad85bdc8c56ac9b1eb01854173b0ed792e34bdfbac26d3605b6a35c14cf2824c000d0da1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\locales\ro.pak

Filesize
420KB

MD5
99eaa3d101354088379771fd85159de1

SHA1
a32db810115d6dcf83a887e71d5b061b5eefe41f

SHA256
33f4c20f7910bc3e636bc3bec78f4807685153242dd4bc77648049772cf47423

SHA512
c6f87da1b5c156aa206dc21a9da3132cbfb0e12e10da7dc3b60363089de9e0124bbad00a233e61325348223fc5953d4f23e46fe47ec8e7ca07702ac73f3fd2e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\locales\ru.pak

Filesize
687KB

MD5
ab9902025dcf7d5408bf6377b046272b

SHA1
c9496e5af3e2a43377290a4883c0555e27b1f10f

SHA256
983b15dcc31d0e9a3da78cd6021e5add2a3c2247322aded9454a5d148d127aae

SHA512
d255d5f5b6b09af2cdec7b9c171eebb1de1094cc5b4ddf43a3d4310f8f5f223ac48b8da97a07764d1b44f1d4a14fe3a0c92a0ce6fe9a4ae9a6b4a342e038f842

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\locales\sk.pak

Filesize
432KB

MD5
c6c7396dbfb989f034d50bd053503366

SHA1
089f176b88235cce5bca7abfcc78254e93296d61

SHA256
439f7d6c23217c965179898754edcef8fd1248bdd9b436703bf1ff710701117a

SHA512
1476963f47b45d2d26536706b7eeba34cfae124a3087f7727c4efe0f19610f94393012cda462060b1a654827e41f463d7226afa977654dcd85b27b7f8d1528eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\locales\sl.pak

Filesize
417KB

MD5
d4bd9f20fd29519d6b017067e659442c

SHA1
782283b65102de4a0a61b901dea4e52ab6998f22

SHA256
f33afa6b8df235b09b84377fc3c90403c159c87edd8cd8004b7f6edd65c85ce6

SHA512
adf8d8ec17e8b05771f47b19e8027f88237ad61bca42995f424c1f5bd6efa92b23c69d363264714c1550b9cd0d03f66a7cfb792c3fbf9d5c173175b0a8c039dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\locales\sr.pak

Filesize
644KB

MD5
cbb817a58999d754f99582b72e1ae491

SHA1
6ec3fd06dee0b1fe5002cb0a4fe8ec533a51f9fd

SHA256
4bd7e466cb5f5b0a451e1192aa1abaaf9526855a86d655f94c9ce2183ec80c25

SHA512
efef29cedb7b08d37f9df1705d36613f423e994a041b137d5c94d2555319ffb068bb311884c9d4269b0066746dacd508a7d01df40a8561590461d5f02cb52f8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\locales\sv.pak

Filesize
376KB

MD5
502e4a8b3301253abe27c4fd790fbe90

SHA1
17abcd7a84da5f01d12697e0dffc753ffb49991a

SHA256
7d72e3adb35e13ec90f2f4271ad2a9b817a2734da423d972517f3cff299165fd

SHA512
bd270abaf9344c96b0f63fc8cec04f0d0ac9fc343ab5a80f5b47e4b13b8b1c0c4b68f19550573a1d965bb18a27edf29f5dd592944d754b80ea9684dbcedea822

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\locales\sw.pak

Filesize
394KB

MD5
39277ae2d91fdc1bd38bea892b388485

SHA1
ff787fb0156c40478d778b2a6856ad7b469bd7cb

SHA256
6d6d095a1b39c38c273be35cd09eb1914bd3a53f05180a3b3eb41a81ae31d5d3

SHA512
be2d8fbedaa957f0c0823e7beb80de570edd0b8e7599cf8f2991dc671bdcbbbe618c15b36705d83be7b6e9a0d32ec00f519fc8543b548422ca8dcf07c0548ab4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\locales\ta.pak

Filesize
1019KB

MD5
7006691481966109cce413f48a349ff2

SHA1
6bd243d753cf66074359abe28cfae75bcedd2d23

SHA256
24ea4028da66a293a43d27102012235198f42a1e271fe568c7fd78490a3ee647

SHA512
e12c0d1792a28bf4885e77185c2a0c5386438f142275b8f77317eb8a5cee994b3241bb264d9502d60bfbce9cf8b3b9f605c798d67819259f501719d054083bea

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\locales\te.pak

Filesize
942KB

MD5
f809bf5184935c74c8e7086d34ea306c

SHA1
709ab3decff033cf2fa433ecc5892a7ac2e3752e

SHA256
9bbfa7a9f2116281bf0af1e8ffb279d1aa97ac3ed9ebc80c3ade19e922d7e2d4

SHA512
de4b14dd6018fdbdf5033abda4da2cb9f5fcf26493788e35d88c07a538b84fdd663ee20255dfd9c1aac201f0cce846050d2925c55bf42d4029cb78b057930acd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\locales\th.pak

Filesize
792KB

MD5
2c41616dfe7fcdb4913cfafe5d097f95

SHA1
cf7d9e8ad3aa47d683e47f116528c0e4a9a159b0

SHA256
f11041c48831c93aa11bbf885d330739a33a42db211daccf80192668e2186ed3

SHA512
97329717e11bc63456c56022a7b7f5da730da133e3fc7b2cc660d63a955b1a639c556b857c039a004f92e5f35be61bf33c035155be0a361e3cd6d87b549df811

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\locales\tr.pak

Filesize
401KB

MD5
3a858619502c68d5f7de599060f96db9

SHA1
80a66d9b5f1e04cda19493ffc4a2f070200e0b62

SHA256
d81f28f69da0036f9d77242b2a58b4a76f0d5c54b3e26ee96872ac54d7abb841

SHA512
39a7ec0dfe62bcb3f69ce40100e952517b5123f70c70b77b4c9be3d98296772f10d3083276bc43e1db66ed4d9bfa385a458e829ca2a7d570825d7a69e8fbb5f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\locales\uk.pak

Filesize
688KB

MD5
ee70e9f3557b9c8c67bfb8dfcb51384d

SHA1
fc4dfc35cde1a00f97eefe5e0a2b9b9c0149751e

SHA256
54324671a161f6d67c790bfd29349db2e2d21f5012dc97e891f8f5268bdf7e22

SHA512
f4e1da71cb0485851e8ebcd5d5cf971961737ad238353453db938b4a82a68a6bbaf3de7553f0ff1f915a0e6640a3e54f5368d9154b0a4ad38e439f5808c05b9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\locales\ur.pak

Filesize
602KB

MD5
ff0a23974aef88afc86ecc806dbf1d60

SHA1
e7bae97cbb8692a0d106644dfaa9b7d7ea6fcef0

SHA256
f245ab242aafeef37db736c780476534fad0706aa66dcb8b6b8cd181b4778385

SHA512
aabe8160fac7e0eb8e8eb80963fe995fa4a802147d1b8f605bc0fe3f8e2474463c1d313471c11c85eb5578112232fdc8e89b8a6d43dbe38a328538ff30a78d08

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\locales\vi.pak

Filesize
476KB

MD5
3fe6f90f1f990aed508deda3810ce8c2

SHA1
3b86f00666d55e984b4aca1a5e8319ffa8f411ff

SHA256
5eebb23221aebcf0be01bfc2695f7dd35b17f6769be1e28e5610d35c9717854b

SHA512
9aa9d55f112c8b32aa636086cfd2161d97ea313cac1a44101014128124a03504c992ac8efd265aba4e91787aef7134a14507a600f5ec96ff82df950a8883828c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\locales\zh-CN.pak

Filesize
345KB

MD5
20f315d38e3b2edc5832931e7770b62a

SHA1
2390bd585dec1e884873454bb98b6f1467dcf7bb

SHA256
53a803724bbf2e7f40aab860325c348f786eeca1ea5ca39a76b4c4a616e3233f

SHA512
c338e241de3561707c7c275b7d6e0fb16185a8cd7112057c08b74ffce122148ef693fe310c839ff93f102726a78e61de3e68c8e324f445a07a98ee9c4fdd4e13

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\locales\zh-TW.pak

Filesize
341KB

MD5
524711882cbfb5b95a63ef48f884cff0

SHA1
1078037687cfc5d038eeb8b63d295239e0edc47a

SHA256
9e16499cd96a155d410c8df4c812c52ff2a750f8c4db87fd891c1e58c1428c78

SHA512
16d45a81f7f4606eda9d12a8b1da06e3c866b11bdc0c92a4022bfb8d02b885d8f028457cf23e3f7589dfd191ed7f7fbc68c81b6e1411834edfcbc9cc85e0dc4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\resources.pak

Filesize
5.0MB

MD5
c2b9f8256a070f23a2bac3457198657b

SHA1
8a6c14bfe8149476baf407e3695a78863aa35fd9

SHA256
b5ab9cbb8b4f5fb9a3b2f15989a8522d3985c2b4260b1ace9b4edb5173f10deb

SHA512
37bf0e2f1b2bc700519ac7b4fa023611f88a8338d9b303988e1ba37345c1f2199750e60a9cc1e8b3f34c37b78ca5a9ca1f02086755d6fe3d6c5aafeae449c66e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\resources\app.asar

Filesize
50.8MB

MD5
dc78e9a5a61d899c814c83b8a685bb56

SHA1
59ca85063170fb273c0909e41eab8b67083955c8

SHA256
ded179cfe29db2b0bfeee5018b08b61fe03c2d728f82c74c8e3f4593d6475096

SHA512
2fedf4dbd8cf95695e19a1ce175f97745ecb57ddcc7bd14eeefe38a6e575d384dc7e76657e12a33488776d39a62d94e71b0de547186f95b5c38260951dc0c396

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\resources\elevate.exe

Filesize
105KB

MD5
792b92c8ad13c46f27c7ced0810694df

SHA1
d8d449b92de20a57df722df46435ba4553ecc802

SHA256
9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37

SHA512
6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\snapshot_blob.bin

Filesize
214KB

MD5
916127734bc7c5b0db478191a37fc19a

SHA1
f9d868c2578f14513fcb95e109aec795c98dbba3

SHA256
e19ed7fb96e19bb5bfe791df03561d654ea5d52021c3403a2652f439a8d77801

SHA512
d291b26568572d5777b036577ddf30c1b6c6c41e9d53ef2d8af735db001ea5c568371f3907fbffc02feee628f0f29afb718ae5deb32ff245a37947a7b1b9c297

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\v8_context_snapshot.bin

Filesize
511KB

MD5
4f4d00247758c684c295243ddedd2948

SHA1
f8e8fc6c22fde9df1d60c329e38b38a85f96bb69

SHA256
4ea84c4465eea20b46e6ded30f711f1e0d61e15574d861b0210819abd5e895e5

SHA512
2c335672979114bd68ff6f1b1b94235fbf072fe8642cad1f7d61855b92741f0633fa0ccb77cd520be560db2d3ac75f9be08e22806487bf5d3045781e3903ad45

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\vk_swiftshader.dll

Filesize
4.5MB

MD5
824a833b74439461820a2e22f6bfcfe5

SHA1
a05d360fdb4688bc5cb462c6ec6fad40f64744e3

SHA256
b6816edfd0af362a1023c2616ab4d4bb0a1486f4d8ee665d5924f403da8a616a

SHA512
ea9d21f63858c326029b1ff50123ccc58b715f240bf3264f412541384573e0a6be3c2b47f1f187857f919328c915e9d1f09937dd8fb84b06ffc79e5289b1d29d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\7z-out\vulkan-1.dll

Filesize
786KB

MD5
6704b30acda01af69502e04b57ad4195

SHA1
4d9f921bc4a3708dbe00df54f0706c05c744c58d

SHA256
a1b8bde50262cfcb258068f32832309521cdb4cbeb3694514168ef404252f840

SHA512
fcfcce5589da1114f9ea1b9062caca2afd86b9c8cd3d88542ef36d66c82d8628f9064482c17aa55dcabd9f6ba8b018eb4f0b0e23a68ba06e48cc2c3d12cc5155

Download Submit
C:\Users\Admin\AppData\Roaming\index\Network\Network Persistent State

Filesize
390B

MD5
59906ccbcfc1af675997489445629acf

SHA1
0888fb6f7af34ac5a77e37d473070e7e1391a6e9

SHA256
d814cd9c67441140e5426d527a831f55e5e3d10f218752655d1f3324db8dad57

SHA512
abb5198a58724ff764a7d93934a1bbb6b43cccf241a4791e39f3c05d7794178883ed13e87d3f562fbb8d996c379179f576fb07d35d5c6dca14d3d551505b0e7c

Download Submit
C:\Users\Admin\AppData\Roaming\index\Network\Network Persistent State

Filesize
390B

MD5
6676b192477d4c4b4a4ddfa244fac2d5

SHA1
82e995f2bec445485deb5a39c83e95c23976508e

SHA256
557fcb35dfca90b5ee4d84c8dfdc8cc654f25fe9618059a77bda197beab95d6e

SHA512
85be29cd9719c58ec45b78cf46f7634f305187c03851abc7d9cfac62dce397f893a47f06a2e3b1483a0aba873dabd8005280f3b2472ee89b2e5973d48a4403b4

Download Submit
C:\Users\Admin\AppData\Roaming\index\Network\Network Persistent State~RFe588661.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\index\Network\TransportSecurity

Filesize
188B

MD5
1317513d8b46ff939d963f2d7791529a

SHA1
f1bf406f7c3230458fb100ee9fa8538a6ffd6095

SHA256
03872be850cf1ab3a1a7d52d8d63cd508ac75bbbb96b5045c23d9da4294d3922

SHA512
70b769c07e891e94124984c9f9d19fa23761c0a0e2791553061fb9791c1d7469fe8a8659f740f0f82f71c390fc83e965751603e01c84c04c30dd2e05bf06e9e1

Download Submit
C:\Users\Admin\AppData\Roaming\index\Network\TransportSecurity

Filesize
188B

MD5
acabfd3e35788e7c009104d45696e945

SHA1
e77f0c5027223ae3814faaa258298c1b713ed87f

SHA256
5b673371f817fa9b47530eea0b367fa60137e5212a1da87b2c0875d3f27450e2

SHA512
7c2ab40e2094144d237d29d4f7ba199ed7f92672bd5b4a3ca0f656e7304e15853f082ef86d381da1226d05ec3954a9296fcdba1cb0cee984b80ceaf9fb5f4a10

Download Submit
C:\Users\Admin\AppData\Roaming\index\Network\TransportSecurity~RFe57efbf.TMP

Filesize
188B

MD5
5645d6260e0f25edc8c62f262adcffc7

SHA1
1e31c21d49f08d93b1604bbe45dcb7f20151e3c9

SHA256
f1c03ff4884860ae53821ddd010438f710f00053a0fe7b90814cf063d288d794

SHA512
ea847036dcdbd4ee431d6ccfe9b8b150ec4f7729066d5fe3c47e63e0501956d84f95208fff0a1ae1a12a2cc2836410e891b3a87f7a6d1e080e90a1938ffb3843

Download Submit
C:\Users\Admin\AppData\Roaming\index\Preferences

Filesize
132B

MD5
3d77090f9a868258ff864e707491c02c

SHA1
91b849266b6fa7bd643ef25dabdb5ad375017544

SHA256
3b8c149b1ec3253c8e1060f91b0159c0f878a1569cbc009045671438f1475fd7

SHA512
5bdf1299337113ec258531c770dd42340a21801745600fa426aa034f2bf21cbde719fe394f224ca23e3eb7449959f30c947109f4130b07db448fec89f3e1f89d

Download Submit
C:\Users\Admin\AppData\Roaming\index\Preferences~RFe57eee4.TMP

Filesize
57B

MD5
58127c59cb9e1da127904c341d15372b

SHA1
62445484661d8036ce9788baeaba31d204e9a5fc

SHA256
be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de

SHA512
8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

Download Submit
C:\Users\Admin\Downloads\config.exe

Filesize
63.9MB

MD5
c24a6b61340f71366439cb24ccd89ed1

SHA1
8c87a3280d9888712959a46524d92b43a98ce58d

SHA256
8bd9408e7452badf264cb58176b1c9df4eb358dfba783d2fd72955a38ae7a2a5

SHA512
d3731915b7de71f5f5eb337cd11c2bb21516764f2aa4b8f9fd0575324fb60d6e02c958e41f742ab118228116a263ce4bfac9b76f0ea6d71393b79ee3fbfd6f7b

Download Submit
\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\d3dcompiler_47.dll

Filesize
3.9MB

MD5
3b4647bcb9feb591c2c05d1a606ed988

SHA1
b42c59f96fb069fd49009dfd94550a7764e6c97c

SHA256
35773c397036b368c1e75d4e0d62c36d98139ebe74e42c1ff7be71c6b5a19fd7

SHA512
00cd443b36f53985212ac43b44f56c18bf70e25119bbf9c59d05e2358ff45254b957f1ec63fc70fb57b1726fd8f76ccfad8103c67454b817a4f183f9122e3f50

Download Submit
\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\ffmpeg.dll

Filesize
2.5MB

MD5
94f687603aba179474517da648f436a5

SHA1
4de598064481401366fbfc81f0a365c13879035c

SHA256
96e7ed9463802023c86ba42f8045d5249baaca7f679ac76087d29ae33be1ede0

SHA512
f94694bed9b6f2c5365b12acad28dc49579c9fbbd7db46569d1fd919cc6973236cba8aa4dd0d8d1a3a9ddef81c285c5dbce47294259462272f84e41a23d9d1e0

Download Submit
\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\ffmpeg.dll

Filesize
2.5MB

MD5
94f687603aba179474517da648f436a5

SHA1
4de598064481401366fbfc81f0a365c13879035c

SHA256
96e7ed9463802023c86ba42f8045d5249baaca7f679ac76087d29ae33be1ede0

SHA512
f94694bed9b6f2c5365b12acad28dc49579c9fbbd7db46569d1fd919cc6973236cba8aa4dd0d8d1a3a9ddef81c285c5dbce47294259462272f84e41a23d9d1e0

Download Submit
\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\ffmpeg.dll

Filesize
2.5MB

MD5
94f687603aba179474517da648f436a5

SHA1
4de598064481401366fbfc81f0a365c13879035c

SHA256
96e7ed9463802023c86ba42f8045d5249baaca7f679ac76087d29ae33be1ede0

SHA512
f94694bed9b6f2c5365b12acad28dc49579c9fbbd7db46569d1fd919cc6973236cba8aa4dd0d8d1a3a9ddef81c285c5dbce47294259462272f84e41a23d9d1e0

Download Submit
\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\ffmpeg.dll

Filesize
2.5MB

MD5
94f687603aba179474517da648f436a5

SHA1
4de598064481401366fbfc81f0a365c13879035c

SHA256
96e7ed9463802023c86ba42f8045d5249baaca7f679ac76087d29ae33be1ede0

SHA512
f94694bed9b6f2c5365b12acad28dc49579c9fbbd7db46569d1fd919cc6973236cba8aa4dd0d8d1a3a9ddef81c285c5dbce47294259462272f84e41a23d9d1e0

Download Submit
\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\libEGL.dll

Filesize
371KB

MD5
fde9a02f00bc7b70d93b9e928945087a

SHA1
5136e3d0b681af624086c77cd67edcf537dd27e4

SHA256
d1f504b9136ee6a8955b045e8a94dcb75c5013e9e6896d889edba1491649bc9f

SHA512
7e65a884df7bd7fc74c717528bbd61e5c0671d208cf02849e357b6690f02477659b7c3de43193bb487a2624638fafbfdece88557c9ef1ad28c03f0a6253c57ed

Download Submit
\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\libGLESv2.dll

Filesize
6.4MB

MD5
ed58bd0690a86ac78764654edda50194

SHA1
f7973bdf9ad1c9e51350794c3d51459ba7a37f4e

SHA256
ff813885abdac4bc106bbf7d106325718f568756209b920ac2d83c3c9f9a2ce6

SHA512
955d442f1faf8e22c313c5feec1101444027b920d7fc8c171454c70edd3385f502ccc0a1f80d53bbaacf87517eabe51d74469a995ff7506917d3d2b205865040

Download Submit
\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\vk_swiftshader.dll

Filesize
4.5MB

MD5
824a833b74439461820a2e22f6bfcfe5

SHA1
a05d360fdb4688bc5cb462c6ec6fad40f64744e3

SHA256
b6816edfd0af362a1023c2616ab4d4bb0a1486f4d8ee665d5924f403da8a616a

SHA512
ea9d21f63858c326029b1ff50123ccc58b715f240bf3264f412541384573e0a6be3c2b47f1f187857f919328c915e9d1f09937dd8fb84b06ffc79e5289b1d29d

Download Submit
\Users\Admin\AppData\Local\Temp\2Otin5BzgfYYHu38NpN2xq62RhC\vulkan-1.dll

Filesize
786KB

MD5
6704b30acda01af69502e04b57ad4195

SHA1
4d9f921bc4a3708dbe00df54f0706c05c744c58d

SHA256
a1b8bde50262cfcb258068f32832309521cdb4cbeb3694514168ef404252f840

SHA512
fcfcce5589da1114f9ea1b9062caca2afd86b9c8cd3d88542ef36d66c82d8628f9064482c17aa55dcabd9f6ba8b018eb4f0b0e23a68ba06e48cc2c3d12cc5155

Download Submit
\Users\Admin\AppData\Local\Temp\543c4693-a9cd-40e3-9897-d7dfc5e81f86.tmp.node

Filesize
120KB

MD5
42f6b4c7cfdc5b9cb9b8c5d7e91f126c

SHA1
d4019dbafd9af67e447424d7cd7ecc1b58082848

SHA256
0b8321a2754995ad5e41b5fbe6cbbfac8a12cf856bc767816dfffecff0d3a14f

SHA512
750f5863a5efc56f552e6c9baae7ec7b603eda68cd7d17fdb29e43598f81aa4b36241b3767b1e4808898567377772da35dc0e05db2787f0aabdda525c1db5101

Download Submit
\Users\Admin\AppData\Local\Temp\f5f9e868-7efa-4828-a384-6bc3d24d9dd0.tmp.node

Filesize
1.4MB

MD5
bacb80cc32cd4df761f8d1f43a476da0

SHA1
bdc736e76b34258486aebfb5234ff5883c76cbe4

SHA256
df090c0b129ecbec001665a795d8856c84563c23fa20c04609df2b852a340db8

SHA512
45faa9fea7783a6d59c41c95627a4dbbdb0300800efeb06836a42c994ce02c536f63744ddd1c1d990d2f9f127b6edbb4706ffd744fa95b9e8cc0523dc59cfb4e

Download Submit
\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
\Users\Admin\AppData\Local\Temp\nso6BDF.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
memory/64-1170-0x0000000006E20000-0x0000000006E30000-memory.dmp

Filesize
64KB

Download
memory/64-1172-0x0000000006E20000-0x0000000006E30000-memory.dmp

Filesize
64KB

Download
memory/312-1740-0x00000000074F0000-0x0000000007840000-memory.dmp

Filesize
3.3MB

Download
memory/312-1739-0x00000000010B0000-0x00000000010C0000-memory.dmp

Filesize
64KB

Download
memory/312-1738-0x00000000010B0000-0x00000000010C0000-memory.dmp

Filesize
64KB

Download
memory/696-1403-0x0000000004920000-0x0000000004930000-memory.dmp

Filesize
64KB

Download
memory/696-1404-0x0000000004920000-0x0000000004930000-memory.dmp

Filesize
64KB

Download
memory/948-1182-0x00000000072D0000-0x00000000072E0000-memory.dmp

Filesize
64KB

Download
memory/948-1181-0x00000000072D0000-0x00000000072E0000-memory.dmp

Filesize
64KB

Download
memory/980-1424-0x0000000007160000-0x0000000007170000-memory.dmp

Filesize
64KB

Download
memory/980-1449-0x0000000007160000-0x0000000007170000-memory.dmp

Filesize
64KB

Download
memory/980-1423-0x0000000007160000-0x0000000007170000-memory.dmp

Filesize
64KB

Download
memory/1428-1536-0x00000000081E0000-0x000000000822B000-memory.dmp

Filesize
300KB

Download
memory/1428-1535-0x0000000004840000-0x0000000004850000-memory.dmp

Filesize
64KB

Download
memory/1428-1534-0x0000000004840000-0x0000000004850000-memory.dmp

Filesize
64KB

Download
memory/1484-1499-0x00000000070E0000-0x00000000070F0000-memory.dmp

Filesize
64KB

Download
memory/1484-1497-0x00000000070E0000-0x00000000070F0000-memory.dmp

Filesize
64KB

Download
memory/1768-1119-0x0000000000E90000-0x0000000000EA0000-memory.dmp

Filesize
64KB

Download
memory/1768-1120-0x0000000000E90000-0x0000000000EA0000-memory.dmp

Filesize
64KB

Download
memory/1820-1103-0x0000000006EE0000-0x0000000006EF0000-memory.dmp

Filesize
64KB

Download
memory/1820-1102-0x0000000006EE0000-0x0000000006EF0000-memory.dmp

Filesize
64KB

Download
memory/2232-1202-0x0000000004F90000-0x0000000004FA0000-memory.dmp

Filesize
64KB

Download
memory/2232-1201-0x0000000004F90000-0x0000000004FA0000-memory.dmp

Filesize
64KB

Download
memory/2612-1510-0x0000000007440000-0x0000000007450000-memory.dmp

Filesize
64KB

Download
memory/2612-1509-0x0000000007440000-0x0000000007450000-memory.dmp

Filesize
64KB

Download
memory/2724-5305-0x0000000002E20000-0x0000000002ECE000-memory.dmp

Filesize
696KB

Download
memory/2788-927-0x00000000081E0000-0x0000000008530000-memory.dmp

Filesize
3.3MB

Download
memory/2788-924-0x0000000007800000-0x0000000007822000-memory.dmp

Filesize
136KB

Download
memory/2788-957-0x0000000009F30000-0x000000000A42E000-memory.dmp

Filesize
5.0MB

Download
memory/2788-920-0x0000000004DC0000-0x0000000004DF6000-memory.dmp

Filesize
216KB

Download
memory/2788-921-0x0000000007920000-0x0000000007F48000-memory.dmp

Filesize
6.2MB

Download
memory/2788-922-0x00000000072E0000-0x00000000072F0000-memory.dmp

Filesize
64KB

Download
memory/2788-955-0x00000000096B0000-0x00000000096CA000-memory.dmp

Filesize
104KB

Download
memory/2788-956-0x0000000009710000-0x0000000009732000-memory.dmp

Filesize
136KB

Download
memory/2788-923-0x00000000072E0000-0x00000000072F0000-memory.dmp

Filesize
64KB

Download
memory/2788-958-0x0000000009AD0000-0x0000000009B62000-memory.dmp

Filesize
584KB

Download
memory/2788-954-0x0000000009990000-0x0000000009A24000-memory.dmp

Filesize
592KB

Download
memory/2788-925-0x00000000078A0000-0x0000000007906000-memory.dmp

Filesize
408KB

Download
memory/2788-926-0x00000000080C0000-0x0000000008126000-memory.dmp

Filesize
408KB

Download
memory/2788-928-0x0000000008150000-0x000000000816C000-memory.dmp

Filesize
112KB

Download
memory/2788-929-0x00000000085F0000-0x000000000863B000-memory.dmp

Filesize
300KB

Download
memory/2788-930-0x00000000088E0000-0x0000000008956000-memory.dmp

Filesize
472KB

Download
memory/2984-1773-0x0000000001210000-0x0000000001220000-memory.dmp

Filesize
64KB

Download
memory/2984-1771-0x0000000001210000-0x0000000001220000-memory.dmp

Filesize
64KB

Download
memory/3100-1576-0x0000000004F20000-0x0000000004F30000-memory.dmp

Filesize
64KB

Download
memory/3100-1578-0x0000000004F20000-0x0000000004F30000-memory.dmp

Filesize
64KB

Download
memory/3144-1222-0x0000000001170000-0x0000000001180000-memory.dmp

Filesize
64KB

Download
memory/3144-1221-0x0000000001170000-0x0000000001180000-memory.dmp

Filesize
64KB

Download
memory/3728-1473-0x0000000004E50000-0x0000000004E60000-memory.dmp

Filesize
64KB

Download
memory/3728-1472-0x0000000004E50000-0x0000000004E60000-memory.dmp

Filesize
64KB

Download
memory/3824-1020-0x0000000004F80000-0x0000000004F90000-memory.dmp

Filesize
64KB

Download
memory/3824-1021-0x0000000004F80000-0x0000000004F90000-memory.dmp

Filesize
64KB

Download
memory/3892-1253-0x0000000006DA0000-0x0000000006DB0000-memory.dmp

Filesize
64KB

Download
memory/3892-1252-0x0000000006DA0000-0x0000000006DB0000-memory.dmp

Filesize
64KB

Download
memory/3892-1251-0x00000000084B0000-0x00000000084FB000-memory.dmp

Filesize
300KB

Download
memory/4100-992-0x0000000001000000-0x0000000001010000-memory.dmp

Filesize
64KB

Download
memory/4100-991-0x0000000001000000-0x0000000001010000-memory.dmp

Filesize
64KB

Download
memory/4268-1070-0x00000000071E0000-0x00000000071F0000-memory.dmp

Filesize
64KB

Download
memory/4268-1071-0x00000000071E0000-0x00000000071F0000-memory.dmp

Filesize
64KB

Download
memory/4340-1059-0x0000000006F70000-0x0000000006F80000-memory.dmp

Filesize
64KB

Download
memory/4340-1050-0x0000000006F70000-0x0000000006F80000-memory.dmp

Filesize
64KB

Download
memory/4604-965-0x0000000004870000-0x0000000004880000-memory.dmp

Filesize
64KB

Download
memory/4604-964-0x0000000004870000-0x0000000004880000-memory.dmp

Filesize
64KB

Download
memory/4876-1140-0x0000000006BD0000-0x0000000006BE0000-memory.dmp

Filesize
64KB

Download
memory/4876-1139-0x0000000006BD0000-0x0000000006BE0000-memory.dmp

Filesize
64KB

Download