Malware Analysis Report

2025-08-06 00:52

Sample ID 230429-3h37jsce39
Target VoidOfSpace_Stable.2.3.exe
SHA256 0c08154214f59cafd969694ccf112f76865edbfd15f15d086a8ce8ad121cc3a9
Tags
lumma redline infostealer stealer spyware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

0c08154214f59cafd969694ccf112f76865edbfd15f15d086a8ce8ad121cc3a9

Threat Level: Known bad

The file VoidOfSpace_Stable.2.3.exe was found to be: Known bad.

Malicious Activity Summary

lumma redline infostealer stealer spyware

Lumma Stealer

Detects Redline Stealer samples

RedLine

Checks computer location settings

Drops startup file

Reads user/profile data of web browsers

Loads dropped DLL

Executes dropped EXE

Looks up external IP address via web service

Legitimate hosting services abused for malware hosting/C2

Enumerates physical storage devices

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Gathers network information

Suspicious behavior: EnumeratesProcesses

Enumerates processes with tasklist

Runs ping.exe

Suspicious use of WriteProcessMemory

Checks processor information in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-04-29 23:31

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2023-04-29 23:31

Reported

2023-04-30 00:02

Platform

win7-20230220-en

Max time kernel

1607s

Max time network

1613s

Command Line

"C:\Users\Admin\AppData\Local\Temp\VoidOfSpace_Stable.2.3.exe"

Signatures

Detects Redline Stealer samples

stealer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Lumma Stealer

stealer lumma

RedLine

infostealer redline

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\VoidOfSpace_Stable.2.3.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\VoidOfSpace_Stable.2.3.exe

"C:\Users\Admin\AppData\Local\Temp\VoidOfSpace_Stable.2.3.exe"

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe

"C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe"

Network

N/A

Files

\Users\Admin\AppData\Local\Temp\nsd2712.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

\Users\Admin\AppData\Local\Temp\nsd2712.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\chrome_100_percent.pak

MD5 acd0fa0a90b43cd1c87a55a991b4fac3
SHA1 17b84e8d24da12501105b87452f86bfa5f9b1b3c
SHA256 ccbca246b9a93fa8d4f01a01345e7537511c590e4a8efd5777b1596d10923b4b
SHA512 3e4c4f31c6c7950d5b886f6a8768077331a8f880d70b905cf7f35f74be204c63200ff4a88fa236abccc72ec0fc102c14f50dd277a30f814f35adfe5a7ae3b774

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\chrome_200_percent.pak

MD5 4610337e3332b7e65b73a6ea738b47df
SHA1 8d824c9cf0a84ab902e8069a4de9bf6c1a9aaf3b
SHA256 c91abf556e55c29d1ea9f560bb17cc3489cb67a5d0c7a22b58485f5f2fbcf25c
SHA512 039b50284d28dcd447e0a486a099fa99914d29b543093cccda77bbefdd61f7b7f05bb84b2708ae128c5f2d0c0ab19046d08796d1b5a1cff395a0689ab25ccb51

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\d3dcompiler_47.dll

MD5 3b4647bcb9feb591c2c05d1a606ed988
SHA1 b42c59f96fb069fd49009dfd94550a7764e6c97c
SHA256 35773c397036b368c1e75d4e0d62c36d98139ebe74e42c1ff7be71c6b5a19fd7
SHA512 00cd443b36f53985212ac43b44f56c18bf70e25119bbf9c59d05e2358ff45254b957f1ec63fc70fb57b1726fd8f76ccfad8103c67454b817a4f183f9122e3f50

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\ffmpeg.dll

MD5 1bb0e1140ef08440ad47d80b70dbf742
SHA1 c2e4243bad76b465b5ab39865ac023db1632d6b0
SHA256 c0d9edde3864d9450744f4bc526a98608b629aeed01c6647f600802e1b1cf671
SHA512 29d71e3bd7df7014a03e26ca6ee5b59ff6e3d06096742fae5dec6282abd1f0d2f24c886a503e3a691d38cc68e0da504a7f657dcec4758b640a1a523d3eeaa57a

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\icudtl.dat

MD5 d89ce8c00659d8e5d408c696ee087ce3
SHA1 49fc8109960be3bb32c06c3d1256cb66dded19a8
SHA256 9dfbe0dad5c7021cfe8df7f52458c422cbc5be9e16ff33ec90665bb1e3f182de
SHA512 db097ce3eb9e132d0444df79b167a7dcb2df31effbbd3df72da3d24ae2230cc5213c6df5e575985a9918fbd0a6576e335b6ebc12b6258bc93fa205399de64c37

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\libEGL.dll

MD5 e0a5d1a5d55dffb55513acb736cef1c1
SHA1 307fc023790af5bf3d45678de985e8e9f34896f7
SHA256 aa5da4005c76cfe5195b69282b2ad249d7dc2300bbc979592bd67315fc30c669
SHA512 094e23869fd42c60f83e0f4d1a2cd1a29d2efd805ac02a01ce9700b8e7b0e39e52fe86503264a0298c85f0d02b38620f1e773f2ea981f3049aeba3104b04253f

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\libGLESv2.dll

MD5 44f7c21b6010048e0dcdc43d83ebd357
SHA1 d0a4dfd8dbae1a8421c3043315d78ecd84502b16
SHA256 f6259a9b9c284ee5916447dd9d0ba051c2908c9d3662d42d8bbe6ce6d65a37de
SHA512 7e03538dd8e798d0e808a8fc6e149e83de9f8404e839900f6c9535da6aac8ef4d5c31044e547dde34dcece1255fab9a9255fa069a99fcb08e49785d812b3887c

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\LICENSE.electron.txt

MD5 4d42118d35941e0f664dddbd83f633c5
SHA1 2b21ec5f20fe961d15f2b58efb1368e66d202e5c
SHA256 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
SHA512 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\LICENSES.chromium.html

MD5 312446edf757f7e92aad311f625cef2a
SHA1 91102d30d5abcfa7b6ec732e3682fb9c77279ba3
SHA256 c2656201ac86438d062673771e33e44d6d5e97670c3160e0de1cb0bd5fbbae9b
SHA512 dce01f2448a49a0e6f08bbde6570f76a87dcc81179bb51d5e2642ad033ee81ae3996800363826a65485ab79085572bbace51409ae7102ed1a12df65018676333

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\resources.pak

MD5 7d5065ecba284ed704040fca1c821922
SHA1 095fcc890154a52ad1998b4b1e318f99b3e5d6b8
SHA256 a10c3d236246e001cb9d434a65fc3e8aa7acddddd9608008db5c5c73dee0ba1f
SHA512 521b2266e3257adaa775014f77b0d512ff91b087c2572359d68ffe633b57a423227e3d5af8ee4494538f1d09aa45ffa1fe8e979814178512c37f7088ddd7995d

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\Runtime Broker.exe

MD5 62e24a1f94bd66049b54ff28834e153e
SHA1 26a54a44b6bb6b5ba4962a661b8ebceef255a4b5
SHA256 3801d4a82ed4da1ee834966e6c7eef02ea71fbab88fb76a5e2d2383aba8570f2
SHA512 9f30c7b4dda5f1c845b71c68b3d2e83897d10e15cef970c5e9ecfa4939fb74e7c5bfee647ca8f409d714fc08d14f2efb7067a7ce4a64e68658dfaefa93117fa4

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\snapshot_blob.bin

MD5 916127734bc7c5b0db478191a37fc19a
SHA1 f9d868c2578f14513fcb95e109aec795c98dbba3
SHA256 e19ed7fb96e19bb5bfe791df03561d654ea5d52021c3403a2652f439a8d77801
SHA512 d291b26568572d5777b036577ddf30c1b6c6c41e9d53ef2d8af735db001ea5c568371f3907fbffc02feee628f0f29afb718ae5deb32ff245a37947a7b1b9c297

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\v8_context_snapshot.bin

MD5 4f4d00247758c684c295243ddedd2948
SHA1 f8e8fc6c22fde9df1d60c329e38b38a85f96bb69
SHA256 4ea84c4465eea20b46e6ded30f711f1e0d61e15574d861b0210819abd5e895e5
SHA512 2c335672979114bd68ff6f1b1b94235fbf072fe8642cad1f7d61855b92741f0633fa0ccb77cd520be560db2d3ac75f9be08e22806487bf5d3045781e3903ad45

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\vk_swiftshader.dll

MD5 65a5705d95a0820740b3396851ff1751
SHA1 a692a80bafc41ba1b29ef19890f8465b3fb20dcb
SHA256 4c4b935cbb320033f504a89b1eb0a4bcb176bbd46a5981153cb1f54deb146a1c
SHA512 0c5df23b96eaf952c4a498ff6d854df2b62e7631b16c2855ed37ddbadffba3dd52e7450f2e06cf094bec2e0d70d14c87a652150766d90ec8662e03123df5942d

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\vulkan-1.dll

MD5 a947c5d8fec95a0f24b4143ced301209
SHA1 ebf3089985377a58b8431a14e22a814857287aaf
SHA256 29cb256921a1b0f222c82650469d534ccdf038d1f395b3aaa9f1086918f5d3fa
SHA512 75f5e055f4422b5558fc1cb3ea84fb7cbeaae6f71c786cc06c295d4ab51c0b1c84e28a7c89fe544f007dbe8e612bed4059139f1575934fe4bac8e538c674ebd3

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\locales\af.pak

MD5 7e51349edc7e6aed122bfa00970fab80
SHA1 eb6df68501ecce2090e1af5837b5f15ac3a775eb
SHA256 f528e698b164283872f76df2233a47d7d41e1aba980ce39f6b078e577fd14c97
SHA512 69da19053eb95eef7ab2a2d3f52ca765777bdf976e5862e8cebbaa1d1ce84a7743f50695a3e82a296b2f610475abb256844b6b9eb7a23a60b4a9fc4eae40346d

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\locales\am.pak

MD5 2009647c3e7aed2c4c6577ee4c546e19
SHA1 e2bbacf95ec3695daae34835a8095f19a782cbcf
SHA256 6d61e5189438f3728f082ad6f694060d7ee8e571df71240dfd5b77045a62954e
SHA512 996474d73191f2d550c516ed7526c9e2828e2853fcfbe87ca69d8b1242eb0dedf04030bbca3e93236bbd967d39de7f9477c73753af263816faf7d4371f363ba3

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\locales\bg.pak

MD5 a19269683a6347e07c55325b9ecc03a4
SHA1 d42989daf1c11fcfff0978a4fb18f55ec71630ec
SHA256 ad65351a240205e881ef5c4cf30ad1bc6b6e04414343583597086b62d48d8a24
SHA512 1660e487df3f3f4ec1cea81c73dca0ab86aaf121252fbd54c7ac091a43d60e1afd08535b082efd7387c12616672e78aa52dddfca01f833abef244284482f2c76

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\locales\ca.pak

MD5 d259469e94f2adf54380195555154518
SHA1 d69060bbe8e765ca4dc1f7d7c04c3c53c44b8ab5
SHA256 f98b7442befc285398a5dd6a96740cba31d2f5aadadd4d5551a05712d693029b
SHA512 d0bd0201acf4f7daa84e89aa484a3dec7b6a942c3115486716593213be548657ad702ef2bc1d3d95a4a56b0f6e7c33d5375f41d6a863e4ce528f2bd6a318240e

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\locales\cs.pak

MD5 04a680847c4a66ad9f0a88fb9fb1fc7b
SHA1 2afcdf4234a9644fb128b70182f5a3df1ee05be1
SHA256 1cc44c5fbe1c0525df37c5b6267a677f79c9671f86eda75b6fc13abf5d5356eb
SHA512 3a8a409a3c34149a977dea8a4cb0e0822281aed2b0a75b02479c95109d7d51f6fb2c2772ccf1486ca4296a0ac2212094098f5ce6a1265fa6a7eb941c0cfef83e

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\locales\el.pak

MD5 9528d21e8a3f5bad7ca273999012ebe8
SHA1 58cd673ce472f3f2f961cf8b69b0c8b8c01d457c
SHA256 e79c1e7a47250d88581e8e3baf78dcaf31fe660b74a1e015be0f4bafdfd63e12
SHA512 165822c49ce0bdb82f3c3221e6725dac70f53cfdad722407a508fa29605bc669fb5e5070f825f02d830e0487b28925644438305372a366a3d60b55da039633d7

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\locales\en-US.pak

MD5 5e3813e616a101e4a169b05f40879a62
SHA1 615e4d94f69625dda81dfaec7f14e9ee320a2884
SHA256 4d207c5c202c19c4daca3fddb2ae4f747f943a8faf86a947eef580e2f2aee687
SHA512 764a271a9cfb674cce41ee7aed0ad75f640ce869efd3c865d1b2d046c9638f4e8d9863a386eba098f5dcedd20ea98bad8bca158b68eb4bdd606d683f31227594

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\locales\fa.pak

MD5 9d273af70eafd1b5d41f157dbfb94fdc
SHA1 da98bde34b59976d4514ff518bd977a713ea4f2e
SHA256 319d1e20150d4e3f496309ba82fce850e91378ee4b0c7119a003a510b14f878b
SHA512 0a892071bea92cc7f1a914654bc4f9da6b9c08e3cb29bb41e9094f6120ddc7a08a257c0d2b475c98e7cdcf604830e582cf2a538cc184056207f196ffc43f29ad

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\locales\he.pak

MD5 6d787dc113adfb6a539674af7d6195db
SHA1 f966461049d54c61cdd1e48ef1ea0d3330177768
SHA256 a976fad1cc4eb29709018c5ffcc310793a7ceb2e69c806454717ccae9cbc4d21
SHA512 6748dad2813fc544b50ddea0481b5ace3eb5055fb2d985ca357403d3b799618d051051b560c4151492928d6d40fce9bb33b167217c020bdcc3ed4cae58f6b676

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\locales\ja.pak

MD5 d10d536bcd183030ba07ff5c61bf5e3a
SHA1 44dd78dba9f098ac61222eb9647d111ad1608960
SHA256 2a3d3abc9f80bad52bd6da5769901e7b9e9f052b6a58a7cc95ce16c86a3aa85a
SHA512 c67aede9ded1100093253e350d6137ab8b2a852bd84b6c82ba1853f792e053cecd0ea0519319498aed5759bedc66d75516a4f2f7a07696a0cef24d5f34ef9dd2

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\locales\nb.pak

MD5 af0fd9179417ba1d7fcca3cc5bee1532
SHA1 f746077bbf6a73c6de272d5855d4f1ca5c3af086
SHA256 e900f6d0dd9d5a05b5297618f1fe1600c189313da931a9cb390ee42383eb070f
SHA512 c94791d6b84200b302073b09357abd2a1d7576b068bae01dccda7bc154a6487145c83c9133848ccf4cb9e6dc6c5a9d4be9d818e5a0c8f440a4e04ae8eabd4a29

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\locales\sl.pak

MD5 d4bd9f20fd29519d6b017067e659442c
SHA1 782283b65102de4a0a61b901dea4e52ab6998f22
SHA256 f33afa6b8df235b09b84377fc3c90403c159c87edd8cd8004b7f6edd65c85ce6
SHA512 adf8d8ec17e8b05771f47b19e8027f88237ad61bca42995f424c1f5bd6efa92b23c69d363264714c1550b9cd0d03f66a7cfb792c3fbf9d5c173175b0a8c039dc

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\locales\sk.pak

MD5 c6c7396dbfb989f034d50bd053503366
SHA1 089f176b88235cce5bca7abfcc78254e93296d61
SHA256 439f7d6c23217c965179898754edcef8fd1248bdd9b436703bf1ff710701117a
SHA512 1476963f47b45d2d26536706b7eeba34cfae124a3087f7727c4efe0f19610f94393012cda462060b1a654827e41f463d7226afa977654dcd85b27b7f8d1528eb

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\locales\uk.pak

MD5 ee70e9f3557b9c8c67bfb8dfcb51384d
SHA1 fc4dfc35cde1a00f97eefe5e0a2b9b9c0149751e
SHA256 54324671a161f6d67c790bfd29349db2e2d21f5012dc97e891f8f5268bdf7e22
SHA512 f4e1da71cb0485851e8ebcd5d5cf971961737ad238353453db938b4a82a68a6bbaf3de7553f0ff1f915a0e6640a3e54f5368d9154b0a4ad38e439f5808c05b9f

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\locales\zh-TW.pak

MD5 524711882cbfb5b95a63ef48f884cff0
SHA1 1078037687cfc5d038eeb8b63d295239e0edc47a
SHA256 9e16499cd96a155d410c8df4c812c52ff2a750f8c4db87fd891c1e58c1428c78
SHA512 16d45a81f7f4606eda9d12a8b1da06e3c866b11bdc0c92a4022bfb8d02b885d8f028457cf23e3f7589dfd191ed7f7fbc68c81b6e1411834edfcbc9cc85e0dc4d

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\resources\app.asar

MD5 a42dd0974f64631df98a8915d61df624
SHA1 ba29b4c0bc6f7355c25dd250eb9d7b6c25b67628
SHA256 823398a4ee59260c3b5d0b7c951483fbca2d0891ac8e6dcada74dc359528b87e
SHA512 27189bff087b4c546a2e7f7f7cd6651f004538205196863a7261e1c2c7573cb5714ddd284445e1aec0f33f720de01d687e8408b90bf57670bea314ccfef2d8bf

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\locales\zh-CN.pak

MD5 20f315d38e3b2edc5832931e7770b62a
SHA1 2390bd585dec1e884873454bb98b6f1467dcf7bb
SHA256 53a803724bbf2e7f40aab860325c348f786eeca1ea5ca39a76b4c4a616e3233f
SHA512 c338e241de3561707c7c275b7d6e0fb16185a8cd7112057c08b74ffce122148ef693fe310c839ff93f102726a78e61de3e68c8e324f445a07a98ee9c4fdd4e13

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\locales\vi.pak

MD5 3fe6f90f1f990aed508deda3810ce8c2
SHA1 3b86f00666d55e984b4aca1a5e8319ffa8f411ff
SHA256 5eebb23221aebcf0be01bfc2695f7dd35b17f6769be1e28e5610d35c9717854b
SHA512 9aa9d55f112c8b32aa636086cfd2161d97ea313cac1a44101014128124a03504c992ac8efd265aba4e91787aef7134a14507a600f5ec96ff82df950a8883828c

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\locales\ur.pak

MD5 ff0a23974aef88afc86ecc806dbf1d60
SHA1 e7bae97cbb8692a0d106644dfaa9b7d7ea6fcef0
SHA256 f245ab242aafeef37db736c780476534fad0706aa66dcb8b6b8cd181b4778385
SHA512 aabe8160fac7e0eb8e8eb80963fe995fa4a802147d1b8f605bc0fe3f8e2474463c1d313471c11c85eb5578112232fdc8e89b8a6d43dbe38a328538ff30a78d08

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\ffmpeg.dll

MD5 1bb0e1140ef08440ad47d80b70dbf742
SHA1 c2e4243bad76b465b5ab39865ac023db1632d6b0
SHA256 c0d9edde3864d9450744f4bc526a98608b629aeed01c6647f600802e1b1cf671
SHA512 29d71e3bd7df7014a03e26ca6ee5b59ff6e3d06096742fae5dec6282abd1f0d2f24c886a503e3a691d38cc68e0da504a7f657dcec4758b640a1a523d3eeaa57a

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\ffmpeg.dll

MD5 1bb0e1140ef08440ad47d80b70dbf742
SHA1 c2e4243bad76b465b5ab39865ac023db1632d6b0
SHA256 c0d9edde3864d9450744f4bc526a98608b629aeed01c6647f600802e1b1cf671
SHA512 29d71e3bd7df7014a03e26ca6ee5b59ff6e3d06096742fae5dec6282abd1f0d2f24c886a503e3a691d38cc68e0da504a7f657dcec4758b640a1a523d3eeaa57a

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe

MD5 62e24a1f94bd66049b54ff28834e153e
SHA1 26a54a44b6bb6b5ba4962a661b8ebceef255a4b5
SHA256 3801d4a82ed4da1ee834966e6c7eef02ea71fbab88fb76a5e2d2383aba8570f2
SHA512 9f30c7b4dda5f1c845b71c68b3d2e83897d10e15cef970c5e9ecfa4939fb74e7c5bfee647ca8f409d714fc08d14f2efb7067a7ce4a64e68658dfaefa93117fa4

\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe

MD5 62e24a1f94bd66049b54ff28834e153e
SHA1 26a54a44b6bb6b5ba4962a661b8ebceef255a4b5
SHA256 3801d4a82ed4da1ee834966e6c7eef02ea71fbab88fb76a5e2d2383aba8570f2
SHA512 9f30c7b4dda5f1c845b71c68b3d2e83897d10e15cef970c5e9ecfa4939fb74e7c5bfee647ca8f409d714fc08d14f2efb7067a7ce4a64e68658dfaefa93117fa4

\Users\Admin\AppData\Local\Temp\nsd2712.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\resources\elevate.exe

MD5 792b92c8ad13c46f27c7ced0810694df
SHA1 d8d449b92de20a57df722df46435ba4553ecc802
SHA256 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
SHA512 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\locales\tr.pak

MD5 3a858619502c68d5f7de599060f96db9
SHA1 80a66d9b5f1e04cda19493ffc4a2f070200e0b62
SHA256 d81f28f69da0036f9d77242b2a58b4a76f0d5c54b3e26ee96872ac54d7abb841
SHA512 39a7ec0dfe62bcb3f69ce40100e952517b5123f70c70b77b4c9be3d98296772f10d3083276bc43e1db66ed4d9bfa385a458e829ca2a7d570825d7a69e8fbb5f4

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\locales\th.pak

MD5 2c41616dfe7fcdb4913cfafe5d097f95
SHA1 cf7d9e8ad3aa47d683e47f116528c0e4a9a159b0
SHA256 f11041c48831c93aa11bbf885d330739a33a42db211daccf80192668e2186ed3
SHA512 97329717e11bc63456c56022a7b7f5da730da133e3fc7b2cc660d63a955b1a639c556b857c039a004f92e5f35be61bf33c035155be0a361e3cd6d87b549df811

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\locales\te.pak

MD5 f809bf5184935c74c8e7086d34ea306c
SHA1 709ab3decff033cf2fa433ecc5892a7ac2e3752e
SHA256 9bbfa7a9f2116281bf0af1e8ffb279d1aa97ac3ed9ebc80c3ade19e922d7e2d4
SHA512 de4b14dd6018fdbdf5033abda4da2cb9f5fcf26493788e35d88c07a538b84fdd663ee20255dfd9c1aac201f0cce846050d2925c55bf42d4029cb78b057930acd

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\locales\ta.pak

MD5 7006691481966109cce413f48a349ff2
SHA1 6bd243d753cf66074359abe28cfae75bcedd2d23
SHA256 24ea4028da66a293a43d27102012235198f42a1e271fe568c7fd78490a3ee647
SHA512 e12c0d1792a28bf4885e77185c2a0c5386438f142275b8f77317eb8a5cee994b3241bb264d9502d60bfbce9cf8b3b9f605c798d67819259f501719d054083bea

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\locales\sw.pak

MD5 39277ae2d91fdc1bd38bea892b388485
SHA1 ff787fb0156c40478d778b2a6856ad7b469bd7cb
SHA256 6d6d095a1b39c38c273be35cd09eb1914bd3a53f05180a3b3eb41a81ae31d5d3
SHA512 be2d8fbedaa957f0c0823e7beb80de570edd0b8e7599cf8f2991dc671bdcbbbe618c15b36705d83be7b6e9a0d32ec00f519fc8543b548422ca8dcf07c0548ab4

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\locales\sv.pak

MD5 502e4a8b3301253abe27c4fd790fbe90
SHA1 17abcd7a84da5f01d12697e0dffc753ffb49991a
SHA256 7d72e3adb35e13ec90f2f4271ad2a9b817a2734da423d972517f3cff299165fd
SHA512 bd270abaf9344c96b0f63fc8cec04f0d0ac9fc343ab5a80f5b47e4b13b8b1c0c4b68f19550573a1d965bb18a27edf29f5dd592944d754b80ea9684dbcedea822

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\locales\sr.pak

MD5 cbb817a58999d754f99582b72e1ae491
SHA1 6ec3fd06dee0b1fe5002cb0a4fe8ec533a51f9fd
SHA256 4bd7e466cb5f5b0a451e1192aa1abaaf9526855a86d655f94c9ce2183ec80c25
SHA512 efef29cedb7b08d37f9df1705d36613f423e994a041b137d5c94d2555319ffb068bb311884c9d4269b0066746dacd508a7d01df40a8561590461d5f02cb52f8b

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\locales\ru.pak

MD5 ab9902025dcf7d5408bf6377b046272b
SHA1 c9496e5af3e2a43377290a4883c0555e27b1f10f
SHA256 983b15dcc31d0e9a3da78cd6021e5add2a3c2247322aded9454a5d148d127aae
SHA512 d255d5f5b6b09af2cdec7b9c171eebb1de1094cc5b4ddf43a3d4310f8f5f223ac48b8da97a07764d1b44f1d4a14fe3a0c92a0ce6fe9a4ae9a6b4a342e038f842

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\locales\ro.pak

MD5 99eaa3d101354088379771fd85159de1
SHA1 a32db810115d6dcf83a887e71d5b061b5eefe41f
SHA256 33f4c20f7910bc3e636bc3bec78f4807685153242dd4bc77648049772cf47423
SHA512 c6f87da1b5c156aa206dc21a9da3132cbfb0e12e10da7dc3b60363089de9e0124bbad00a233e61325348223fc5953d4f23e46fe47ec8e7ca07702ac73f3fd2e9

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\locales\pt-PT.pak

MD5 6a7232f316358d8376a1667426782796
SHA1 8b70fe0f3ab2d73428f19ecd376c5deba4a0bb6c
SHA256 6a526cd5268b80df24104a7f40f55e4f1068185febbbb5876ba2cb7f78410f84
SHA512 40d24b3d01e20ae150083b00bb6e10bca81737c48219bce22fa88faaad85bdc8c56ac9b1eb01854173b0ed792e34bdfbac26d3605b6a35c14cf2824c000d0da1

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\locales\pt-BR.pak

MD5 0d9dea9e24645c2a3f58e4511c564a36
SHA1 dcd2620a1935c667737eea46ca7bb2bdcb31f3a6
SHA256 ca7b880391fcd319e976fcc9b5780ea71de655492c4a52448c51ab2170eeef3b
SHA512 8fcf871f8be7727e2368df74c05ca927c5f0bc3484c4934f83c0abc98ecaf774ad7aba56e1bf17c92b1076c0b8eb9c076cc949cd5427efcade9ddf14f6b56bc5

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\locales\pl.pak

MD5 18d49d5376237bb8a25413b55751a833
SHA1 0b47a7381de61742ac2184850822c5fa2afa559e
SHA256 1729aa5c8a7e24a0db98febcc91df8b7b5c16f9b6bb13a2b0795038f2a14b981
SHA512 45344a533cc35c8ce05cf29b11da6c0f97d8854dae46cf45ef7d090558ef95c3bd5fdc284d9a7809f0b2bf30985002be2aa6a4749c0d9ae9bdff4ad13de4e570

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\locales\nl.pak

MD5 181d2a0ece4b67281d9d2323e9b9824d
SHA1 e8bdc53757e96c12f3cd256c7812532dd524a0ea
SHA256 6629e68c457806621ed23aa53b3675336c3e643f911f8485118a412ef9ed14ce
SHA512 10d8cc9411ca475c9b659a2cc88d365e811217d957c82d9c144d94843bc7c7a254ee2451a6f485e92385a660fa01577cffa0d64b6e9e658a87bef8fccbbeaf7e

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\locales\ms.pak

MD5 9b3e2f3c49897228d51a324ab625eb45
SHA1 8f3daec46e9a99c3b33e3d0e56c03402ccc52b9d
SHA256 61a3daae72558662851b49175c402e9fe6fd1b279e7b9028e49506d9444855c5
SHA512 409681829a861cd4e53069d54c80315e0c8b97e5db4cd74985d06238be434a0f0c387392e3f80916164898af247d17e8747c6538f08c0ef1c5e92a7d1b14f539

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\locales\mr.pak

MD5 c0ef1866167d926fb351e9f9bf13f067
SHA1 6092d04ef3ce62be44c29da5d0d3a04985e2bc04
SHA256 88df231cf2e506db3453f90a797194662a5f85e23bbac2ed3169d91a145d2091
SHA512 9e2b90f3ac1ae5744c22c2442fbcd86a8496afc2c58f6ca060d6dbb08af6f7411ef910a7c8ca5aedee99b5443d4dff709c7935e8322cb32f8b071ee59caee733

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\locales\ml.pak

MD5 8b38c65fc30210c7af9b6fa0424266f4
SHA1 116413710ffcf94fbfa38cb97a47731e43a306f5
SHA256 e8df9a74417c5839c531d7ccab63884a80afb731cc62cbbb3fd141779086ac7d
SHA512 0fd349c644ac1a2e7ed0247e40900d3a9957f5bef1351b872710d02687c934a8e63d3a7585e91f7df78054aeff8f7abd8c93a94fcd20c799779a64278bab2097

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\locales\lv.pak

MD5 e4f7d9e385cb525e762ece1aa243e818
SHA1 689d784379bac189742b74cd8700c687feeeded1
SHA256 523d141e59095da71a41c14aec8fe9ee667ae4b868e0477a46dd18a80b2007ef
SHA512 e4796134048cd12056d746f6b8f76d9ea743c61fee5993167f607959f11fd3b496429c3e61ed5464551fd1931de4878ab06f23a3788ee34bb56f53db25bcb6df

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\locales\lt.pak

MD5 980c27fd74cc3560b296fe8e7c77d51f
SHA1 f581efa1b15261f654588e53e709a2692d8bb8a3
SHA256 41e0f3619cda3b00abbbf07b9cd64ec7e4785ed4c8a784c928e582c3b6b8b7db
SHA512 51196f6f633667e849ef20532d57ec81c5f63bab46555cea8fab2963a078acdfa84843eded85c3b30f49ef3ceb8be9e4ef8237e214ef9ecff6373a84d395b407

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\locales\ko.pak

MD5 b4fbff56e4974a7283d564c6fc0365be
SHA1 de68bd097def66d63d5ff04046f3357b7b0e23ac
SHA256 8c9acde13edcd40d5b6eb38ad179cc27aa3677252a9cd47990eba38ad42833e5
SHA512 0698aa058561bb5a8fe565bb0bec21548e246dbb9d38f6010e9b0ad9de0f59bce9e98841033ad3122a163dd321ee4b11ed191277cdcb8e0b455d725593a88aa5

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\locales\kn.pak

MD5 c548a5f1fb5753408e44f3f011588594
SHA1 e064ab403972036dad1b35abe9794e95dbe4cc00
SHA256 890f50a57b862f482d367713201e1e559ac778fc3a36322d1dfbbef2535dd9cb
SHA512 6975e4bb1a90e0906cf6266f79da6cc4ae32f72a6141943bcfcf9b33f791e9751a9aafde9ca537f33f6ba8e4d697125fbc2ec4ffd3bc35851f406567dae7e631

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\locales\it.pak

MD5 d58a43068bf847c7cd6284742c2f7823
SHA1 497389765143fac48af2bd7f9a309bfe65f59ed9
SHA256 265d8b1bc479ad64fa7a41424c446139205af8029a2469d558813edd10727f9c
SHA512 547a1581dda28c5c1a0231c736070d8a7b53a085a0ce643a4a1510c63a2d4670ff2632e9823cd25ae2c7cdc87fa65883e0a193853890d4415b38056cb730ab54

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\locales\id.pak

MD5 7b39423028da71b4e776429bb4f27122
SHA1 cb052ab5f734d7a74a160594b25f8a71669c38f2
SHA256 3d95c5819f57a0ad06a118a07e0b5d821032edcf622df9b10a09da9aa974885f
SHA512 e40679b01ab14b6c8dfdce588f3b47bcaff55dbb1539b343f611b3fcbd1d0e7d8c347a2b928215a629f97e5f68d19c51af775ec27c6f906cac131beae646ce1a

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\locales\hu.pak

MD5 f5e1ca8a14c75c6f62d4bff34e27ddb5
SHA1 7aba6bff18bdc4c477da603184d74f054805c78f
SHA256 c0043d9fa0b841da00ec1672d60015804d882d4765a62b6483f2294c3c5b83e0
SHA512 1050f96f4f79f681b3eaf4012ec0e287c5067b75ba7a2cbe89d9b380c07698099b156a0eb2cbc5b8aa336d2daa98e457b089935b534c4d6636987e7e7e32b169

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\locales\hr.pak

MD5 8f9498d18d90477ad24ea01a97370b08
SHA1 3868791b549fc7369ab90cd27684f129ebd628be
SHA256 846943f77a425f3885689dcf12d62951c5b7646e68eadc533b8b5c2a1373f02e
SHA512 3c66a84592debe522f26c48b55c04198ad8a16c0dcfa05816825656c76c1c6cccf5767b009f20ecb77d5a589ee44b0a0011ec197fec720168a6c72c71ebf77fd

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\locales\hi.pak

MD5 1766a05be4dc634b3321b5b8a142c671
SHA1 b959bcadc3724ae28b5fe141f3b497f51d1e28cf
SHA256 0eee8e751b5b0af1e226106beb09477634f9f80774ff30894c0f5a12b925ac35
SHA512 faec1d6166133674a56b5e38a68f9e235155cc910b5cceb3985981b123cc29eda4cd60b9313ab787ec0a8f73bf715299d9bf068e4d52b766a7ab8808bd146a39

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\locales\gu.pak

MD5 7b5f52f72d3a93f76337d5cf3168ebd1
SHA1 00d444b5a7f73f566e98abadf867e6bb27433091
SHA256 798ea5d88a57d1d78fa518bf35c5098cbeb1453d2cb02ef98cd26cf85d927707
SHA512 10c6f4faab8ccb930228c1d9302472d0752be19af068ec5917249675b40f22ab24c3e29ec3264062826113b966c401046cff70d91e7e05d8aadcc0b4e07fec9b

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\locales\fr.pak

MD5 0bf28aff31e8887e27c4cd96d3069816
SHA1 b5313cf6b5fbce7e97e32727a3fae58b0f2f5e97
SHA256 2e1d413442def9cae2d93612e3fd04f3afaf3dd61e4ed7f86400d320af5500c2
SHA512 95172b3b1153b31fceb4b53681635a881457723cd1000562463d2f24712267b209b3588c085b89c985476c82d9c27319cb6378619889379da4fae1595cb11992

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\locales\fil.pak

MD5 3165351c55e3408eaa7b661fa9dc8924
SHA1 181bee2a96d2f43d740b865f7e39a1ba06e2ca2b
SHA256 2630a9d5912c8ef023154c6a6fb5c56faf610e1e960af66abef533af19b90caa
SHA512 3b1944ea3cfcbe98d4ce390ea3a8ff1f6730eb8054e282869308efe91a9ddcd118290568c1fc83bd80e8951c4e70a451e984c27b400f2bde8053ea25b9620655

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\locales\fi.pak

MD5 d4b776267efebdcb279162c213f3db22
SHA1 7236108af9e293c8341c17539aa3f0751000860a
SHA256 297e3647eaf9b3b95cf833d88239919e371e74cc345a2e48a5033ebe477cd54e
SHA512 1dc7d966d12e0104aacb300fd4e94a88587a347db35ad2327a046ef833fb354fd9cbe31720b6476db6c01cfcb90b4b98ce3cd995e816210b1438a13006624e8f

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\locales\et.pak

MD5 a94e1775f91ea8622f82ae5ab5ba6765
SHA1 ff17accdd83ac7fcc630e9141e9114da7de16fdb
SHA256 1606b94aef97047863481928624214b7e0ec2f1e34ec48a117965b928e009163
SHA512 a2575d2bd50494310e8ef9c77d6c1749420dfbe17a91d724984df025c47601976af7d971ecae988c99723d53f240e1a6b3b7650a17f3b845e3daeefaaf9fe9b9

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\locales\es.pak

MD5 a36992d320a88002697da97cd6a4f251
SHA1 c1f88f391a40ccf2b8a7b5689320c63d6d42935f
SHA256 c5566b661675b613d69a507cbf98768bc6305b80e6893dc59651a4be4263f39d
SHA512 9719709229a4e8f63247b3efe004ecfeb5127f5a885234a5f78ee2b368f9e6c44eb68a071e26086e02aa0e61798b7e7b9311d35725d3409ffc0e740f3aa3b9b5

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\locales\es-419.pak

MD5 7f6696cc1e71f84d9ec24e9dc7bd6345
SHA1 36c1c44404ee48fc742b79173f2c7699e1e0301f
SHA256 d1f17508f3a0106848c48a240d49a943130b14bd0feb5ed7ae89605c7b7017d1
SHA512 b226f94f00978f87b7915004a13cdbd23de2401a8afaa2517498538967df89b735f8ecc46870c92e3022cac795218a60ad2b8fff1efad9feea4ec193704a568a

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\locales\en-GB.pak

MD5 d59e613e8f17bdafd00e0e31e1520d1f
SHA1 529017d57c4efed1d768ab52e5a2bc929fdfb97c
SHA256 90e585f101cf0bb77091a9a9a28812694cee708421ce4908302bbd1bc24ac6fd
SHA512 29ff3d42e5d0229f3f17bc0ed6576c147d5c61ce2bd9a2e658a222b75d993230de3ce35ca6b06f5afa9ea44cfc67817a30a87f4faf8dc3a5c883b6ee30f87210

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\locales\de.pak

MD5 8e6654b89ed4c1dc02e1e2d06764805a
SHA1 ff660bc85bb4a0fa3b2637050d2b2d1aecc37ad8
SHA256 61cbce9a31858ddf70cc9b0c05fb09ce7032bfb8368a77533521722465c57475
SHA512 5ac71eda16f07f3f2b939891eda2969c443440350fd88ab3a9b3180b8b1a3ecb11e79e752cf201f21b3dbfba00bcc2e4f796f347e6137a165c081e86d970ee61

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\locales\da.pak

MD5 1a53d374b9c37f795a462aac7a3f118f
SHA1 154be9cf05042eced098a20ff52fa174798e1fea
SHA256 d0c38eb889ee27d81183a0535762d8ef314f0fdeb90ccca9176a0ce9ab09b820
SHA512 395279c9246bd30a0e45d775d9f9c36353bd11d9463282661c2abd876bdb53be9c9b617bb0c2186592cd154e9353ea39e3feed6b21a07b6850ab8ecd57e1ed29

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\locales\bn.pak

MD5 5cdd07fa357c846771058c2db67eb13b
SHA1 deb87fc5c13da03be86f67526c44f144cc65f6f6
SHA256 01c830b0007b8ce6aca46e26d812947c3df818927b826f7d8c5ffd0008a32384
SHA512 2ac29a3aa3278bd9a8fe1ba28e87941f719b14fbf8b52e0b7dc9d66603c9c147b9496bf7be4d9e3aa0231c024694ef102dcc094c80c42be5d68d3894c488098c

C:\Users\Admin\AppData\Local\Temp\nsd2712.tmp\7z-out\locales\ar.pak

MD5 47a6d10b4112509852d4794229c0a03b
SHA1 2fb49a0b07fbdf8d4ce51a7b5a7f711f47a34951
SHA256 857fe3ab766b60a8d82b7b6043137e3a7d9f5cfb8ddd942316452838c67d0495
SHA512 5f5b280261195b8894efae9df2bece41c6c6a72199d65ba633c30d50a579f95fa04916a30db77831f517b22449196d364d6f70d10d6c5b435814184b3bcf1667

Analysis: behavioral3

Detonation Overview

Submitted

2023-04-29 23:31

Reported

2023-04-30 00:02

Platform

win10v2004-20230221-en

Max time kernel

1810s

Max time network

1221s

Command Line

"C:\Users\Admin\AppData\Local\Temp\VoidOfSpace_Stable.2.3.exe"

Signatures

Detects Redline Stealer samples

stealer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Lumma Stealer

stealer lumma

RedLine

infostealer redline

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Updater.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A

Reads user/profile data of web browsers

spyware stealer

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A

Gathers network information

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\NETSTAT.EXE N/A
N/A N/A C:\Windows\SysWOW64\NETSTAT.EXE N/A
N/A N/A C:\Windows\SysWOW64\NETSTAT.EXE N/A
N/A N/A C:\Windows\SysWOW64\ipconfig.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\ping.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\Conhost.exe N/A
N/A N/A C:\Windows\System32\Conhost.exe N/A
N/A N/A C:\Windows\System32\Conhost.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\VoidOfSpace_Stable.2.3.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\NETSTAT.EXE N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1352 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\VoidOfSpace_Stable.2.3.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 1352 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\VoidOfSpace_Stable.2.3.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 1352 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\VoidOfSpace_Stable.2.3.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 1908 wrote to memory of 3128 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Windows\SysWOW64\cmd.exe
PID 1908 wrote to memory of 3128 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Windows\SysWOW64\cmd.exe
PID 1908 wrote to memory of 3128 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Windows\SysWOW64\cmd.exe
PID 3128 wrote to memory of 4964 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\chcp.com
PID 3128 wrote to memory of 4964 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\chcp.com
PID 3128 wrote to memory of 4964 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\chcp.com
PID 1908 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 1908 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 1908 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 1908 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 1908 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 1908 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 1908 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 1908 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 1908 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 1908 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 1908 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 1908 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 1908 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 1908 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 1908 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 1908 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 1908 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 1908 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 1908 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 1908 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 1908 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 1908 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 1908 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 1908 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 1908 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 1908 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 1908 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 1908 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 1908 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 1908 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 1908 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 1908 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 1908 wrote to memory of 3316 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 1908 wrote to memory of 3316 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 1908 wrote to memory of 3316 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 1908 wrote to memory of 4420 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Windows\SysWOW64\cmd.exe
PID 1908 wrote to memory of 4420 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Windows\SysWOW64\cmd.exe
PID 1908 wrote to memory of 4420 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Windows\SysWOW64\cmd.exe
PID 4420 wrote to memory of 1632 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 4420 wrote to memory of 1632 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 4420 wrote to memory of 1632 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 1908 wrote to memory of 4668 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Windows\SysWOW64\cmd.exe
PID 1908 wrote to memory of 4668 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Windows\SysWOW64\cmd.exe
PID 1908 wrote to memory of 4668 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Windows\SysWOW64\cmd.exe
PID 4668 wrote to memory of 2800 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 4668 wrote to memory of 2800 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 4668 wrote to memory of 2800 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 1908 wrote to memory of 3788 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Windows\SysWOW64\cmd.exe
PID 1908 wrote to memory of 3788 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Windows\SysWOW64\cmd.exe
PID 1908 wrote to memory of 3788 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Windows\SysWOW64\cmd.exe
PID 3788 wrote to memory of 3548 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\NETSTAT.EXE
PID 3788 wrote to memory of 3548 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\NETSTAT.EXE
PID 3788 wrote to memory of 3548 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\NETSTAT.EXE
PID 3548 wrote to memory of 1768 N/A C:\Windows\SysWOW64\NETSTAT.EXE C:\Windows\SysWOW64\cmd.exe
PID 3548 wrote to memory of 1768 N/A C:\Windows\SysWOW64\NETSTAT.EXE C:\Windows\SysWOW64\cmd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\VoidOfSpace_Stable.2.3.exe

"C:\Users\Admin\AppData\Local\Temp\VoidOfSpace_Stable.2.3.exe"

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe

"C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "chcp"

C:\Windows\SysWOW64\chcp.com

chcp

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe

"C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xidxaxbnnenmrnel" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1916 --field-trial-handle=1920,i,9284064693362485227,4934177729043100948,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe

"C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\xidxaxbnnenmrnel" --mojo-platform-channel-handle=1736 --field-trial-handle=1920,i,9284064693362485227,4934177729043100948,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "netstat -r"

C:\Windows\SysWOW64\NETSTAT.EXE

netstat -r

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Windows\system32\route.exe" print

C:\Windows\SysWOW64\ROUTE.EXE

C:\Windows\system32\route.exe print

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "netstat -nao"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\SysWOW64\ping.exe

ping 8.8.8.8 -n 1

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\NETSTAT.EXE

netstat -nao

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\netsh.exe

"C:\Windows\system32\netsh.exe" wlan show networks mode=Bssid

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "netstat -r"

C:\Windows\SysWOW64\NETSTAT.EXE

netstat -r

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Windows\system32\route.exe" print

C:\Windows\SysWOW64\ROUTE.EXE

C:\Windows\system32\route.exe print

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "netsh lan show profiles"

C:\Windows\SysWOW64\netsh.exe

netsh lan show profiles

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "ipconfig /all"

C:\Windows\SysWOW64\ipconfig.exe

ipconfig /all

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe

"C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\xidxaxbnnenmrnel" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 --field-trial-handle=1920,i,9284064693362485227,4934177729043100948,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

Network

Country Destination Domain Proto
US 40.125.122.176:443 tcp
US 8.8.8.8:53 176.122.125.40.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 40.125.122.176:443 tcp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 20.189.173.4:443 tcp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 40.125.122.176:443 tcp
US 8.8.8.8:53 47.125.24.20.in-addr.arpa udp
US 8.8.8.8:53 196.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 doenerium.kqnfkpoccicxiudstqonfotuwsrhuxkwhqjjfsbjhonoubrccy.nl udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 188.114.97.0:443 doenerium.kqnfkpoccicxiudstqonfotuwsrhuxkwhqjjfsbjhonoubrccy.nl tcp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 0.97.114.188.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 40.125.122.176:443 tcp
US 93.184.221.240:80 tcp
US 93.184.221.240:80 tcp
US 8.8.8.8:53 8.3.197.209.in-addr.arpa udp
NL 173.223.113.164:443 tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 40.125.122.176:443 tcp
US 8.8.8.8:53 250.255.255.239.in-addr.arpa udp
US 8.8.8.8:53 134.121.24.20.in-addr.arpa udp
US 8.8.8.8:53 58.104.205.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 canary.discord.com udp
US 8.8.8.8:53 doenerium.bbynetwork.nl udp
US 8.8.8.8:53 113.238.32.23.in-addr.arpa udp
US 162.159.137.232:443 canary.discord.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 104.21.60.146:443 doenerium.bbynetwork.nl tcp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.59.81:443 ipinfo.io tcp
US 8.8.8.8:53 232.137.159.162.in-addr.arpa udp
US 8.8.8.8:53 146.60.21.104.in-addr.arpa udp
US 40.125.122.176:443 tcp
US 8.8.8.8:53 81.59.117.34.in-addr.arpa udp
US 8.8.8.8:53 apiv2.gofile.io udp
FR 151.80.29.83:443 apiv2.gofile.io tcp
US 8.8.8.8:53 store3.gofile.io udp
FR 31.14.70.244:443 store3.gofile.io tcp
US 162.159.137.232:443 canary.discord.com tcp
US 104.21.60.146:443 doenerium.bbynetwork.nl tcp
US 8.8.8.8:53 83.29.80.151.in-addr.arpa udp
US 8.8.8.8:53 244.70.14.31.in-addr.arpa udp
US 40.125.122.176:443 tcp
US 40.125.122.176:443 tcp
US 40.125.122.176:443 tcp
US 40.125.122.176:443 tcp
US 40.125.122.176:443 tcp
US 162.159.137.232:443 canary.discord.com tcp
US 104.21.60.146:443 doenerium.bbynetwork.nl tcp
US 40.125.122.176:443 tcp
US 40.125.122.176:443 tcp
US 40.125.122.176:443 tcp
US 8.8.8.8:53 210.143.182.52.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 138.238.32.23.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\chrome_100_percent.pak

MD5 acd0fa0a90b43cd1c87a55a991b4fac3
SHA1 17b84e8d24da12501105b87452f86bfa5f9b1b3c
SHA256 ccbca246b9a93fa8d4f01a01345e7537511c590e4a8efd5777b1596d10923b4b
SHA512 3e4c4f31c6c7950d5b886f6a8768077331a8f880d70b905cf7f35f74be204c63200ff4a88fa236abccc72ec0fc102c14f50dd277a30f814f35adfe5a7ae3b774

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\chrome_200_percent.pak

MD5 4610337e3332b7e65b73a6ea738b47df
SHA1 8d824c9cf0a84ab902e8069a4de9bf6c1a9aaf3b
SHA256 c91abf556e55c29d1ea9f560bb17cc3489cb67a5d0c7a22b58485f5f2fbcf25c
SHA512 039b50284d28dcd447e0a486a099fa99914d29b543093cccda77bbefdd61f7b7f05bb84b2708ae128c5f2d0c0ab19046d08796d1b5a1cff395a0689ab25ccb51

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\d3dcompiler_47.dll

MD5 3b4647bcb9feb591c2c05d1a606ed988
SHA1 b42c59f96fb069fd49009dfd94550a7764e6c97c
SHA256 35773c397036b368c1e75d4e0d62c36d98139ebe74e42c1ff7be71c6b5a19fd7
SHA512 00cd443b36f53985212ac43b44f56c18bf70e25119bbf9c59d05e2358ff45254b957f1ec63fc70fb57b1726fd8f76ccfad8103c67454b817a4f183f9122e3f50

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\ffmpeg.dll

MD5 1bb0e1140ef08440ad47d80b70dbf742
SHA1 c2e4243bad76b465b5ab39865ac023db1632d6b0
SHA256 c0d9edde3864d9450744f4bc526a98608b629aeed01c6647f600802e1b1cf671
SHA512 29d71e3bd7df7014a03e26ca6ee5b59ff6e3d06096742fae5dec6282abd1f0d2f24c886a503e3a691d38cc68e0da504a7f657dcec4758b640a1a523d3eeaa57a

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\libEGL.dll

MD5 e0a5d1a5d55dffb55513acb736cef1c1
SHA1 307fc023790af5bf3d45678de985e8e9f34896f7
SHA256 aa5da4005c76cfe5195b69282b2ad249d7dc2300bbc979592bd67315fc30c669
SHA512 094e23869fd42c60f83e0f4d1a2cd1a29d2efd805ac02a01ce9700b8e7b0e39e52fe86503264a0298c85f0d02b38620f1e773f2ea981f3049aeba3104b04253f

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\icudtl.dat

MD5 d89ce8c00659d8e5d408c696ee087ce3
SHA1 49fc8109960be3bb32c06c3d1256cb66dded19a8
SHA256 9dfbe0dad5c7021cfe8df7f52458c422cbc5be9e16ff33ec90665bb1e3f182de
SHA512 db097ce3eb9e132d0444df79b167a7dcb2df31effbbd3df72da3d24ae2230cc5213c6df5e575985a9918fbd0a6576e335b6ebc12b6258bc93fa205399de64c37

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\resources.pak

MD5 7d5065ecba284ed704040fca1c821922
SHA1 095fcc890154a52ad1998b4b1e318f99b3e5d6b8
SHA256 a10c3d236246e001cb9d434a65fc3e8aa7acddddd9608008db5c5c73dee0ba1f
SHA512 521b2266e3257adaa775014f77b0d512ff91b087c2572359d68ffe633b57a423227e3d5af8ee4494538f1d09aa45ffa1fe8e979814178512c37f7088ddd7995d

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\LICENSES.chromium.html

MD5 312446edf757f7e92aad311f625cef2a
SHA1 91102d30d5abcfa7b6ec732e3682fb9c77279ba3
SHA256 c2656201ac86438d062673771e33e44d6d5e97670c3160e0de1cb0bd5fbbae9b
SHA512 dce01f2448a49a0e6f08bbde6570f76a87dcc81179bb51d5e2642ad033ee81ae3996800363826a65485ab79085572bbace51409ae7102ed1a12df65018676333

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\LICENSE.electron.txt

MD5 4d42118d35941e0f664dddbd83f633c5
SHA1 2b21ec5f20fe961d15f2b58efb1368e66d202e5c
SHA256 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
SHA512 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\libGLESv2.dll

MD5 44f7c21b6010048e0dcdc43d83ebd357
SHA1 d0a4dfd8dbae1a8421c3043315d78ecd84502b16
SHA256 f6259a9b9c284ee5916447dd9d0ba051c2908c9d3662d42d8bbe6ce6d65a37de
SHA512 7e03538dd8e798d0e808a8fc6e149e83de9f8404e839900f6c9535da6aac8ef4d5c31044e547dde34dcece1255fab9a9255fa069a99fcb08e49785d812b3887c

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\Runtime Broker.exe

MD5 62e24a1f94bd66049b54ff28834e153e
SHA1 26a54a44b6bb6b5ba4962a661b8ebceef255a4b5
SHA256 3801d4a82ed4da1ee834966e6c7eef02ea71fbab88fb76a5e2d2383aba8570f2
SHA512 9f30c7b4dda5f1c845b71c68b3d2e83897d10e15cef970c5e9ecfa4939fb74e7c5bfee647ca8f409d714fc08d14f2efb7067a7ce4a64e68658dfaefa93117fa4

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\snapshot_blob.bin

MD5 916127734bc7c5b0db478191a37fc19a
SHA1 f9d868c2578f14513fcb95e109aec795c98dbba3
SHA256 e19ed7fb96e19bb5bfe791df03561d654ea5d52021c3403a2652f439a8d77801
SHA512 d291b26568572d5777b036577ddf30c1b6c6c41e9d53ef2d8af735db001ea5c568371f3907fbffc02feee628f0f29afb718ae5deb32ff245a37947a7b1b9c297

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\v8_context_snapshot.bin

MD5 4f4d00247758c684c295243ddedd2948
SHA1 f8e8fc6c22fde9df1d60c329e38b38a85f96bb69
SHA256 4ea84c4465eea20b46e6ded30f711f1e0d61e15574d861b0210819abd5e895e5
SHA512 2c335672979114bd68ff6f1b1b94235fbf072fe8642cad1f7d61855b92741f0633fa0ccb77cd520be560db2d3ac75f9be08e22806487bf5d3045781e3903ad45

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\vulkan-1.dll

MD5 a947c5d8fec95a0f24b4143ced301209
SHA1 ebf3089985377a58b8431a14e22a814857287aaf
SHA256 29cb256921a1b0f222c82650469d534ccdf038d1f395b3aaa9f1086918f5d3fa
SHA512 75f5e055f4422b5558fc1cb3ea84fb7cbeaae6f71c786cc06c295d4ab51c0b1c84e28a7c89fe544f007dbe8e612bed4059139f1575934fe4bac8e538c674ebd3

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\vk_swiftshader.dll

MD5 65a5705d95a0820740b3396851ff1751
SHA1 a692a80bafc41ba1b29ef19890f8465b3fb20dcb
SHA256 4c4b935cbb320033f504a89b1eb0a4bcb176bbd46a5981153cb1f54deb146a1c
SHA512 0c5df23b96eaf952c4a498ff6d854df2b62e7631b16c2855ed37ddbadffba3dd52e7450f2e06cf094bec2e0d70d14c87a652150766d90ec8662e03123df5942d

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\locales\am.pak

MD5 2009647c3e7aed2c4c6577ee4c546e19
SHA1 e2bbacf95ec3695daae34835a8095f19a782cbcf
SHA256 6d61e5189438f3728f082ad6f694060d7ee8e571df71240dfd5b77045a62954e
SHA512 996474d73191f2d550c516ed7526c9e2828e2853fcfbe87ca69d8b1242eb0dedf04030bbca3e93236bbd967d39de7f9477c73753af263816faf7d4371f363ba3

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\locales\af.pak

MD5 7e51349edc7e6aed122bfa00970fab80
SHA1 eb6df68501ecce2090e1af5837b5f15ac3a775eb
SHA256 f528e698b164283872f76df2233a47d7d41e1aba980ce39f6b078e577fd14c97
SHA512 69da19053eb95eef7ab2a2d3f52ca765777bdf976e5862e8cebbaa1d1ce84a7743f50695a3e82a296b2f610475abb256844b6b9eb7a23a60b4a9fc4eae40346d

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\locales\ar.pak

MD5 47a6d10b4112509852d4794229c0a03b
SHA1 2fb49a0b07fbdf8d4ce51a7b5a7f711f47a34951
SHA256 857fe3ab766b60a8d82b7b6043137e3a7d9f5cfb8ddd942316452838c67d0495
SHA512 5f5b280261195b8894efae9df2bece41c6c6a72199d65ba633c30d50a579f95fa04916a30db77831f517b22449196d364d6f70d10d6c5b435814184b3bcf1667

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\locales\ca.pak

MD5 d259469e94f2adf54380195555154518
SHA1 d69060bbe8e765ca4dc1f7d7c04c3c53c44b8ab5
SHA256 f98b7442befc285398a5dd6a96740cba31d2f5aadadd4d5551a05712d693029b
SHA512 d0bd0201acf4f7daa84e89aa484a3dec7b6a942c3115486716593213be548657ad702ef2bc1d3d95a4a56b0f6e7c33d5375f41d6a863e4ce528f2bd6a318240e

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\locales\bn.pak

MD5 5cdd07fa357c846771058c2db67eb13b
SHA1 deb87fc5c13da03be86f67526c44f144cc65f6f6
SHA256 01c830b0007b8ce6aca46e26d812947c3df818927b826f7d8c5ffd0008a32384
SHA512 2ac29a3aa3278bd9a8fe1ba28e87941f719b14fbf8b52e0b7dc9d66603c9c147b9496bf7be4d9e3aa0231c024694ef102dcc094c80c42be5d68d3894c488098c

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\locales\bg.pak

MD5 a19269683a6347e07c55325b9ecc03a4
SHA1 d42989daf1c11fcfff0978a4fb18f55ec71630ec
SHA256 ad65351a240205e881ef5c4cf30ad1bc6b6e04414343583597086b62d48d8a24
SHA512 1660e487df3f3f4ec1cea81c73dca0ab86aaf121252fbd54c7ac091a43d60e1afd08535b082efd7387c12616672e78aa52dddfca01f833abef244284482f2c76

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\locales\el.pak

MD5 9528d21e8a3f5bad7ca273999012ebe8
SHA1 58cd673ce472f3f2f961cf8b69b0c8b8c01d457c
SHA256 e79c1e7a47250d88581e8e3baf78dcaf31fe660b74a1e015be0f4bafdfd63e12
SHA512 165822c49ce0bdb82f3c3221e6725dac70f53cfdad722407a508fa29605bc669fb5e5070f825f02d830e0487b28925644438305372a366a3d60b55da039633d7

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\locales\de.pak

MD5 8e6654b89ed4c1dc02e1e2d06764805a
SHA1 ff660bc85bb4a0fa3b2637050d2b2d1aecc37ad8
SHA256 61cbce9a31858ddf70cc9b0c05fb09ce7032bfb8368a77533521722465c57475
SHA512 5ac71eda16f07f3f2b939891eda2969c443440350fd88ab3a9b3180b8b1a3ecb11e79e752cf201f21b3dbfba00bcc2e4f796f347e6137a165c081e86d970ee61

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\locales\da.pak

MD5 1a53d374b9c37f795a462aac7a3f118f
SHA1 154be9cf05042eced098a20ff52fa174798e1fea
SHA256 d0c38eb889ee27d81183a0535762d8ef314f0fdeb90ccca9176a0ce9ab09b820
SHA512 395279c9246bd30a0e45d775d9f9c36353bd11d9463282661c2abd876bdb53be9c9b617bb0c2186592cd154e9353ea39e3feed6b21a07b6850ab8ecd57e1ed29

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\locales\cs.pak

MD5 04a680847c4a66ad9f0a88fb9fb1fc7b
SHA1 2afcdf4234a9644fb128b70182f5a3df1ee05be1
SHA256 1cc44c5fbe1c0525df37c5b6267a677f79c9671f86eda75b6fc13abf5d5356eb
SHA512 3a8a409a3c34149a977dea8a4cb0e0822281aed2b0a75b02479c95109d7d51f6fb2c2772ccf1486ca4296a0ac2212094098f5ce6a1265fa6a7eb941c0cfef83e

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\locales\en-GB.pak

MD5 d59e613e8f17bdafd00e0e31e1520d1f
SHA1 529017d57c4efed1d768ab52e5a2bc929fdfb97c
SHA256 90e585f101cf0bb77091a9a9a28812694cee708421ce4908302bbd1bc24ac6fd
SHA512 29ff3d42e5d0229f3f17bc0ed6576c147d5c61ce2bd9a2e658a222b75d993230de3ce35ca6b06f5afa9ea44cfc67817a30a87f4faf8dc3a5c883b6ee30f87210

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\locales\es-419.pak

MD5 7f6696cc1e71f84d9ec24e9dc7bd6345
SHA1 36c1c44404ee48fc742b79173f2c7699e1e0301f
SHA256 d1f17508f3a0106848c48a240d49a943130b14bd0feb5ed7ae89605c7b7017d1
SHA512 b226f94f00978f87b7915004a13cdbd23de2401a8afaa2517498538967df89b735f8ecc46870c92e3022cac795218a60ad2b8fff1efad9feea4ec193704a568a

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\locales\en-US.pak

MD5 5e3813e616a101e4a169b05f40879a62
SHA1 615e4d94f69625dda81dfaec7f14e9ee320a2884
SHA256 4d207c5c202c19c4daca3fddb2ae4f747f943a8faf86a947eef580e2f2aee687
SHA512 764a271a9cfb674cce41ee7aed0ad75f640ce869efd3c865d1b2d046c9638f4e8d9863a386eba098f5dcedd20ea98bad8bca158b68eb4bdd606d683f31227594

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\locales\es.pak

MD5 a36992d320a88002697da97cd6a4f251
SHA1 c1f88f391a40ccf2b8a7b5689320c63d6d42935f
SHA256 c5566b661675b613d69a507cbf98768bc6305b80e6893dc59651a4be4263f39d
SHA512 9719709229a4e8f63247b3efe004ecfeb5127f5a885234a5f78ee2b368f9e6c44eb68a071e26086e02aa0e61798b7e7b9311d35725d3409ffc0e740f3aa3b9b5

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\locales\et.pak

MD5 a94e1775f91ea8622f82ae5ab5ba6765
SHA1 ff17accdd83ac7fcc630e9141e9114da7de16fdb
SHA256 1606b94aef97047863481928624214b7e0ec2f1e34ec48a117965b928e009163
SHA512 a2575d2bd50494310e8ef9c77d6c1749420dfbe17a91d724984df025c47601976af7d971ecae988c99723d53f240e1a6b3b7650a17f3b845e3daeefaaf9fe9b9

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\locales\fa.pak

MD5 9d273af70eafd1b5d41f157dbfb94fdc
SHA1 da98bde34b59976d4514ff518bd977a713ea4f2e
SHA256 319d1e20150d4e3f496309ba82fce850e91378ee4b0c7119a003a510b14f878b
SHA512 0a892071bea92cc7f1a914654bc4f9da6b9c08e3cb29bb41e9094f6120ddc7a08a257c0d2b475c98e7cdcf604830e582cf2a538cc184056207f196ffc43f29ad

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\locales\fi.pak

MD5 d4b776267efebdcb279162c213f3db22
SHA1 7236108af9e293c8341c17539aa3f0751000860a
SHA256 297e3647eaf9b3b95cf833d88239919e371e74cc345a2e48a5033ebe477cd54e
SHA512 1dc7d966d12e0104aacb300fd4e94a88587a347db35ad2327a046ef833fb354fd9cbe31720b6476db6c01cfcb90b4b98ce3cd995e816210b1438a13006624e8f

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\locales\fil.pak

MD5 3165351c55e3408eaa7b661fa9dc8924
SHA1 181bee2a96d2f43d740b865f7e39a1ba06e2ca2b
SHA256 2630a9d5912c8ef023154c6a6fb5c56faf610e1e960af66abef533af19b90caa
SHA512 3b1944ea3cfcbe98d4ce390ea3a8ff1f6730eb8054e282869308efe91a9ddcd118290568c1fc83bd80e8951c4e70a451e984c27b400f2bde8053ea25b9620655

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\locales\fr.pak

MD5 0bf28aff31e8887e27c4cd96d3069816
SHA1 b5313cf6b5fbce7e97e32727a3fae58b0f2f5e97
SHA256 2e1d413442def9cae2d93612e3fd04f3afaf3dd61e4ed7f86400d320af5500c2
SHA512 95172b3b1153b31fceb4b53681635a881457723cd1000562463d2f24712267b209b3588c085b89c985476c82d9c27319cb6378619889379da4fae1595cb11992

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\locales\he.pak

MD5 6d787dc113adfb6a539674af7d6195db
SHA1 f966461049d54c61cdd1e48ef1ea0d3330177768
SHA256 a976fad1cc4eb29709018c5ffcc310793a7ceb2e69c806454717ccae9cbc4d21
SHA512 6748dad2813fc544b50ddea0481b5ace3eb5055fb2d985ca357403d3b799618d051051b560c4151492928d6d40fce9bb33b167217c020bdcc3ed4cae58f6b676

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\locales\gu.pak

MD5 7b5f52f72d3a93f76337d5cf3168ebd1
SHA1 00d444b5a7f73f566e98abadf867e6bb27433091
SHA256 798ea5d88a57d1d78fa518bf35c5098cbeb1453d2cb02ef98cd26cf85d927707
SHA512 10c6f4faab8ccb930228c1d9302472d0752be19af068ec5917249675b40f22ab24c3e29ec3264062826113b966c401046cff70d91e7e05d8aadcc0b4e07fec9b

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\locales\hr.pak

MD5 8f9498d18d90477ad24ea01a97370b08
SHA1 3868791b549fc7369ab90cd27684f129ebd628be
SHA256 846943f77a425f3885689dcf12d62951c5b7646e68eadc533b8b5c2a1373f02e
SHA512 3c66a84592debe522f26c48b55c04198ad8a16c0dcfa05816825656c76c1c6cccf5767b009f20ecb77d5a589ee44b0a0011ec197fec720168a6c72c71ebf77fd

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\locales\hu.pak

MD5 f5e1ca8a14c75c6f62d4bff34e27ddb5
SHA1 7aba6bff18bdc4c477da603184d74f054805c78f
SHA256 c0043d9fa0b841da00ec1672d60015804d882d4765a62b6483f2294c3c5b83e0
SHA512 1050f96f4f79f681b3eaf4012ec0e287c5067b75ba7a2cbe89d9b380c07698099b156a0eb2cbc5b8aa336d2daa98e457b089935b534c4d6636987e7e7e32b169

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\locales\hi.pak

MD5 1766a05be4dc634b3321b5b8a142c671
SHA1 b959bcadc3724ae28b5fe141f3b497f51d1e28cf
SHA256 0eee8e751b5b0af1e226106beb09477634f9f80774ff30894c0f5a12b925ac35
SHA512 faec1d6166133674a56b5e38a68f9e235155cc910b5cceb3985981b123cc29eda4cd60b9313ab787ec0a8f73bf715299d9bf068e4d52b766a7ab8808bd146a39

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\locales\id.pak

MD5 7b39423028da71b4e776429bb4f27122
SHA1 cb052ab5f734d7a74a160594b25f8a71669c38f2
SHA256 3d95c5819f57a0ad06a118a07e0b5d821032edcf622df9b10a09da9aa974885f
SHA512 e40679b01ab14b6c8dfdce588f3b47bcaff55dbb1539b343f611b3fcbd1d0e7d8c347a2b928215a629f97e5f68d19c51af775ec27c6f906cac131beae646ce1a

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\locales\kn.pak

MD5 c548a5f1fb5753408e44f3f011588594
SHA1 e064ab403972036dad1b35abe9794e95dbe4cc00
SHA256 890f50a57b862f482d367713201e1e559ac778fc3a36322d1dfbbef2535dd9cb
SHA512 6975e4bb1a90e0906cf6266f79da6cc4ae32f72a6141943bcfcf9b33f791e9751a9aafde9ca537f33f6ba8e4d697125fbc2ec4ffd3bc35851f406567dae7e631

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\locales\it.pak

MD5 d58a43068bf847c7cd6284742c2f7823
SHA1 497389765143fac48af2bd7f9a309bfe65f59ed9
SHA256 265d8b1bc479ad64fa7a41424c446139205af8029a2469d558813edd10727f9c
SHA512 547a1581dda28c5c1a0231c736070d8a7b53a085a0ce643a4a1510c63a2d4670ff2632e9823cd25ae2c7cdc87fa65883e0a193853890d4415b38056cb730ab54

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\locales\lt.pak

MD5 980c27fd74cc3560b296fe8e7c77d51f
SHA1 f581efa1b15261f654588e53e709a2692d8bb8a3
SHA256 41e0f3619cda3b00abbbf07b9cd64ec7e4785ed4c8a784c928e582c3b6b8b7db
SHA512 51196f6f633667e849ef20532d57ec81c5f63bab46555cea8fab2963a078acdfa84843eded85c3b30f49ef3ceb8be9e4ef8237e214ef9ecff6373a84d395b407

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\locales\ml.pak

MD5 8b38c65fc30210c7af9b6fa0424266f4
SHA1 116413710ffcf94fbfa38cb97a47731e43a306f5
SHA256 e8df9a74417c5839c531d7ccab63884a80afb731cc62cbbb3fd141779086ac7d
SHA512 0fd349c644ac1a2e7ed0247e40900d3a9957f5bef1351b872710d02687c934a8e63d3a7585e91f7df78054aeff8f7abd8c93a94fcd20c799779a64278bab2097

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\locales\lv.pak

MD5 e4f7d9e385cb525e762ece1aa243e818
SHA1 689d784379bac189742b74cd8700c687feeeded1
SHA256 523d141e59095da71a41c14aec8fe9ee667ae4b868e0477a46dd18a80b2007ef
SHA512 e4796134048cd12056d746f6b8f76d9ea743c61fee5993167f607959f11fd3b496429c3e61ed5464551fd1931de4878ab06f23a3788ee34bb56f53db25bcb6df

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\locales\ko.pak

MD5 b4fbff56e4974a7283d564c6fc0365be
SHA1 de68bd097def66d63d5ff04046f3357b7b0e23ac
SHA256 8c9acde13edcd40d5b6eb38ad179cc27aa3677252a9cd47990eba38ad42833e5
SHA512 0698aa058561bb5a8fe565bb0bec21548e246dbb9d38f6010e9b0ad9de0f59bce9e98841033ad3122a163dd321ee4b11ed191277cdcb8e0b455d725593a88aa5

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\locales\ja.pak

MD5 d10d536bcd183030ba07ff5c61bf5e3a
SHA1 44dd78dba9f098ac61222eb9647d111ad1608960
SHA256 2a3d3abc9f80bad52bd6da5769901e7b9e9f052b6a58a7cc95ce16c86a3aa85a
SHA512 c67aede9ded1100093253e350d6137ab8b2a852bd84b6c82ba1853f792e053cecd0ea0519319498aed5759bedc66d75516a4f2f7a07696a0cef24d5f34ef9dd2

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\locales\nl.pak

MD5 181d2a0ece4b67281d9d2323e9b9824d
SHA1 e8bdc53757e96c12f3cd256c7812532dd524a0ea
SHA256 6629e68c457806621ed23aa53b3675336c3e643f911f8485118a412ef9ed14ce
SHA512 10d8cc9411ca475c9b659a2cc88d365e811217d957c82d9c144d94843bc7c7a254ee2451a6f485e92385a660fa01577cffa0d64b6e9e658a87bef8fccbbeaf7e

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\locales\pt-BR.pak

MD5 0d9dea9e24645c2a3f58e4511c564a36
SHA1 dcd2620a1935c667737eea46ca7bb2bdcb31f3a6
SHA256 ca7b880391fcd319e976fcc9b5780ea71de655492c4a52448c51ab2170eeef3b
SHA512 8fcf871f8be7727e2368df74c05ca927c5f0bc3484c4934f83c0abc98ecaf774ad7aba56e1bf17c92b1076c0b8eb9c076cc949cd5427efcade9ddf14f6b56bc5

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\locales\ta.pak

MD5 7006691481966109cce413f48a349ff2
SHA1 6bd243d753cf66074359abe28cfae75bcedd2d23
SHA256 24ea4028da66a293a43d27102012235198f42a1e271fe568c7fd78490a3ee647
SHA512 e12c0d1792a28bf4885e77185c2a0c5386438f142275b8f77317eb8a5cee994b3241bb264d9502d60bfbce9cf8b3b9f605c798d67819259f501719d054083bea

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\locales\tr.pak

MD5 3a858619502c68d5f7de599060f96db9
SHA1 80a66d9b5f1e04cda19493ffc4a2f070200e0b62
SHA256 d81f28f69da0036f9d77242b2a58b4a76f0d5c54b3e26ee96872ac54d7abb841
SHA512 39a7ec0dfe62bcb3f69ce40100e952517b5123f70c70b77b4c9be3d98296772f10d3083276bc43e1db66ed4d9bfa385a458e829ca2a7d570825d7a69e8fbb5f4

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\locales\th.pak

MD5 2c41616dfe7fcdb4913cfafe5d097f95
SHA1 cf7d9e8ad3aa47d683e47f116528c0e4a9a159b0
SHA256 f11041c48831c93aa11bbf885d330739a33a42db211daccf80192668e2186ed3
SHA512 97329717e11bc63456c56022a7b7f5da730da133e3fc7b2cc660d63a955b1a639c556b857c039a004f92e5f35be61bf33c035155be0a361e3cd6d87b549df811

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\locales\te.pak

MD5 f809bf5184935c74c8e7086d34ea306c
SHA1 709ab3decff033cf2fa433ecc5892a7ac2e3752e
SHA256 9bbfa7a9f2116281bf0af1e8ffb279d1aa97ac3ed9ebc80c3ade19e922d7e2d4
SHA512 de4b14dd6018fdbdf5033abda4da2cb9f5fcf26493788e35d88c07a538b84fdd663ee20255dfd9c1aac201f0cce846050d2925c55bf42d4029cb78b057930acd

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\locales\sw.pak

MD5 39277ae2d91fdc1bd38bea892b388485
SHA1 ff787fb0156c40478d778b2a6856ad7b469bd7cb
SHA256 6d6d095a1b39c38c273be35cd09eb1914bd3a53f05180a3b3eb41a81ae31d5d3
SHA512 be2d8fbedaa957f0c0823e7beb80de570edd0b8e7599cf8f2991dc671bdcbbbe618c15b36705d83be7b6e9a0d32ec00f519fc8543b548422ca8dcf07c0548ab4

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\locales\zh-TW.pak

MD5 524711882cbfb5b95a63ef48f884cff0
SHA1 1078037687cfc5d038eeb8b63d295239e0edc47a
SHA256 9e16499cd96a155d410c8df4c812c52ff2a750f8c4db87fd891c1e58c1428c78
SHA512 16d45a81f7f4606eda9d12a8b1da06e3c866b11bdc0c92a4022bfb8d02b885d8f028457cf23e3f7589dfd191ed7f7fbc68c81b6e1411834edfcbc9cc85e0dc4d

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\locales\zh-CN.pak

MD5 20f315d38e3b2edc5832931e7770b62a
SHA1 2390bd585dec1e884873454bb98b6f1467dcf7bb
SHA256 53a803724bbf2e7f40aab860325c348f786eeca1ea5ca39a76b4c4a616e3233f
SHA512 c338e241de3561707c7c275b7d6e0fb16185a8cd7112057c08b74ffce122148ef693fe310c839ff93f102726a78e61de3e68c8e324f445a07a98ee9c4fdd4e13

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\resources\elevate.exe

MD5 792b92c8ad13c46f27c7ced0810694df
SHA1 d8d449b92de20a57df722df46435ba4553ecc802
SHA256 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
SHA512 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\resources\app.asar

MD5 a42dd0974f64631df98a8915d61df624
SHA1 ba29b4c0bc6f7355c25dd250eb9d7b6c25b67628
SHA256 823398a4ee59260c3b5d0b7c951483fbca2d0891ac8e6dcada74dc359528b87e
SHA512 27189bff087b4c546a2e7f7f7cd6651f004538205196863a7261e1c2c7573cb5714ddd284445e1aec0f33f720de01d687e8408b90bf57670bea314ccfef2d8bf

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\locales\vi.pak

MD5 3fe6f90f1f990aed508deda3810ce8c2
SHA1 3b86f00666d55e984b4aca1a5e8319ffa8f411ff
SHA256 5eebb23221aebcf0be01bfc2695f7dd35b17f6769be1e28e5610d35c9717854b
SHA512 9aa9d55f112c8b32aa636086cfd2161d97ea313cac1a44101014128124a03504c992ac8efd265aba4e91787aef7134a14507a600f5ec96ff82df950a8883828c

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\locales\ur.pak

MD5 ff0a23974aef88afc86ecc806dbf1d60
SHA1 e7bae97cbb8692a0d106644dfaa9b7d7ea6fcef0
SHA256 f245ab242aafeef37db736c780476534fad0706aa66dcb8b6b8cd181b4778385
SHA512 aabe8160fac7e0eb8e8eb80963fe995fa4a802147d1b8f605bc0fe3f8e2474463c1d313471c11c85eb5578112232fdc8e89b8a6d43dbe38a328538ff30a78d08

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\locales\uk.pak

MD5 ee70e9f3557b9c8c67bfb8dfcb51384d
SHA1 fc4dfc35cde1a00f97eefe5e0a2b9b9c0149751e
SHA256 54324671a161f6d67c790bfd29349db2e2d21f5012dc97e891f8f5268bdf7e22
SHA512 f4e1da71cb0485851e8ebcd5d5cf971961737ad238353453db938b4a82a68a6bbaf3de7553f0ff1f915a0e6640a3e54f5368d9154b0a4ad38e439f5808c05b9f

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\locales\sv.pak

MD5 502e4a8b3301253abe27c4fd790fbe90
SHA1 17abcd7a84da5f01d12697e0dffc753ffb49991a
SHA256 7d72e3adb35e13ec90f2f4271ad2a9b817a2734da423d972517f3cff299165fd
SHA512 bd270abaf9344c96b0f63fc8cec04f0d0ac9fc343ab5a80f5b47e4b13b8b1c0c4b68f19550573a1d965bb18a27edf29f5dd592944d754b80ea9684dbcedea822

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\locales\sr.pak

MD5 cbb817a58999d754f99582b72e1ae491
SHA1 6ec3fd06dee0b1fe5002cb0a4fe8ec533a51f9fd
SHA256 4bd7e466cb5f5b0a451e1192aa1abaaf9526855a86d655f94c9ce2183ec80c25
SHA512 efef29cedb7b08d37f9df1705d36613f423e994a041b137d5c94d2555319ffb068bb311884c9d4269b0066746dacd508a7d01df40a8561590461d5f02cb52f8b

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\locales\sl.pak

MD5 d4bd9f20fd29519d6b017067e659442c
SHA1 782283b65102de4a0a61b901dea4e52ab6998f22
SHA256 f33afa6b8df235b09b84377fc3c90403c159c87edd8cd8004b7f6edd65c85ce6
SHA512 adf8d8ec17e8b05771f47b19e8027f88237ad61bca42995f424c1f5bd6efa92b23c69d363264714c1550b9cd0d03f66a7cfb792c3fbf9d5c173175b0a8c039dc

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\locales\sk.pak

MD5 c6c7396dbfb989f034d50bd053503366
SHA1 089f176b88235cce5bca7abfcc78254e93296d61
SHA256 439f7d6c23217c965179898754edcef8fd1248bdd9b436703bf1ff710701117a
SHA512 1476963f47b45d2d26536706b7eeba34cfae124a3087f7727c4efe0f19610f94393012cda462060b1a654827e41f463d7226afa977654dcd85b27b7f8d1528eb

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\locales\ru.pak

MD5 ab9902025dcf7d5408bf6377b046272b
SHA1 c9496e5af3e2a43377290a4883c0555e27b1f10f
SHA256 983b15dcc31d0e9a3da78cd6021e5add2a3c2247322aded9454a5d148d127aae
SHA512 d255d5f5b6b09af2cdec7b9c171eebb1de1094cc5b4ddf43a3d4310f8f5f223ac48b8da97a07764d1b44f1d4a14fe3a0c92a0ce6fe9a4ae9a6b4a342e038f842

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\locales\ro.pak

MD5 99eaa3d101354088379771fd85159de1
SHA1 a32db810115d6dcf83a887e71d5b061b5eefe41f
SHA256 33f4c20f7910bc3e636bc3bec78f4807685153242dd4bc77648049772cf47423
SHA512 c6f87da1b5c156aa206dc21a9da3132cbfb0e12e10da7dc3b60363089de9e0124bbad00a233e61325348223fc5953d4f23e46fe47ec8e7ca07702ac73f3fd2e9

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\locales\pt-PT.pak

MD5 6a7232f316358d8376a1667426782796
SHA1 8b70fe0f3ab2d73428f19ecd376c5deba4a0bb6c
SHA256 6a526cd5268b80df24104a7f40f55e4f1068185febbbb5876ba2cb7f78410f84
SHA512 40d24b3d01e20ae150083b00bb6e10bca81737c48219bce22fa88faaad85bdc8c56ac9b1eb01854173b0ed792e34bdfbac26d3605b6a35c14cf2824c000d0da1

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\locales\pl.pak

MD5 18d49d5376237bb8a25413b55751a833
SHA1 0b47a7381de61742ac2184850822c5fa2afa559e
SHA256 1729aa5c8a7e24a0db98febcc91df8b7b5c16f9b6bb13a2b0795038f2a14b981
SHA512 45344a533cc35c8ce05cf29b11da6c0f97d8854dae46cf45ef7d090558ef95c3bd5fdc284d9a7809f0b2bf30985002be2aa6a4749c0d9ae9bdff4ad13de4e570

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\locales\nb.pak

MD5 af0fd9179417ba1d7fcca3cc5bee1532
SHA1 f746077bbf6a73c6de272d5855d4f1ca5c3af086
SHA256 e900f6d0dd9d5a05b5297618f1fe1600c189313da931a9cb390ee42383eb070f
SHA512 c94791d6b84200b302073b09357abd2a1d7576b068bae01dccda7bc154a6487145c83c9133848ccf4cb9e6dc6c5a9d4be9d818e5a0c8f440a4e04ae8eabd4a29

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\locales\ms.pak

MD5 9b3e2f3c49897228d51a324ab625eb45
SHA1 8f3daec46e9a99c3b33e3d0e56c03402ccc52b9d
SHA256 61a3daae72558662851b49175c402e9fe6fd1b279e7b9028e49506d9444855c5
SHA512 409681829a861cd4e53069d54c80315e0c8b97e5db4cd74985d06238be434a0f0c387392e3f80916164898af247d17e8747c6538f08c0ef1c5e92a7d1b14f539

C:\Users\Admin\AppData\Local\Temp\nsvBD5A.tmp\7z-out\locales\mr.pak

MD5 c0ef1866167d926fb351e9f9bf13f067
SHA1 6092d04ef3ce62be44c29da5d0d3a04985e2bc04
SHA256 88df231cf2e506db3453f90a797194662a5f85e23bbac2ed3169d91a145d2091
SHA512 9e2b90f3ac1ae5744c22c2442fbcd86a8496afc2c58f6ca060d6dbb08af6f7411ef910a7c8ca5aedee99b5443d4dff709c7935e8322cb32f8b071ee59caee733

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe

MD5 62e24a1f94bd66049b54ff28834e153e
SHA1 26a54a44b6bb6b5ba4962a661b8ebceef255a4b5
SHA256 3801d4a82ed4da1ee834966e6c7eef02ea71fbab88fb76a5e2d2383aba8570f2
SHA512 9f30c7b4dda5f1c845b71c68b3d2e83897d10e15cef970c5e9ecfa4939fb74e7c5bfee647ca8f409d714fc08d14f2efb7067a7ce4a64e68658dfaefa93117fa4

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\ffmpeg.dll

MD5 1bb0e1140ef08440ad47d80b70dbf742
SHA1 c2e4243bad76b465b5ab39865ac023db1632d6b0
SHA256 c0d9edde3864d9450744f4bc526a98608b629aeed01c6647f600802e1b1cf671
SHA512 29d71e3bd7df7014a03e26ca6ee5b59ff6e3d06096742fae5dec6282abd1f0d2f24c886a503e3a691d38cc68e0da504a7f657dcec4758b640a1a523d3eeaa57a

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\ffmpeg.dll

MD5 1bb0e1140ef08440ad47d80b70dbf742
SHA1 c2e4243bad76b465b5ab39865ac023db1632d6b0
SHA256 c0d9edde3864d9450744f4bc526a98608b629aeed01c6647f600802e1b1cf671
SHA512 29d71e3bd7df7014a03e26ca6ee5b59ff6e3d06096742fae5dec6282abd1f0d2f24c886a503e3a691d38cc68e0da504a7f657dcec4758b640a1a523d3eeaa57a

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\v8_context_snapshot.bin

MD5 4f4d00247758c684c295243ddedd2948
SHA1 f8e8fc6c22fde9df1d60c329e38b38a85f96bb69
SHA256 4ea84c4465eea20b46e6ded30f711f1e0d61e15574d861b0210819abd5e895e5
SHA512 2c335672979114bd68ff6f1b1b94235fbf072fe8642cad1f7d61855b92741f0633fa0ccb77cd520be560db2d3ac75f9be08e22806487bf5d3045781e3903ad45

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\icudtl.dat

MD5 d89ce8c00659d8e5d408c696ee087ce3
SHA1 49fc8109960be3bb32c06c3d1256cb66dded19a8
SHA256 9dfbe0dad5c7021cfe8df7f52458c422cbc5be9e16ff33ec90665bb1e3f182de
SHA512 db097ce3eb9e132d0444df79b167a7dcb2df31effbbd3df72da3d24ae2230cc5213c6df5e575985a9918fbd0a6576e335b6ebc12b6258bc93fa205399de64c37

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\resources\app.asar

MD5 a42dd0974f64631df98a8915d61df624
SHA1 ba29b4c0bc6f7355c25dd250eb9d7b6c25b67628
SHA256 823398a4ee59260c3b5d0b7c951483fbca2d0891ac8e6dcada74dc359528b87e
SHA512 27189bff087b4c546a2e7f7f7cd6651f004538205196863a7261e1c2c7573cb5714ddd284445e1aec0f33f720de01d687e8408b90bf57670bea314ccfef2d8bf

C:\Users\Admin\AppData\Local\Temp\f72eac43-a735-4252-89f7-6024c7b02fd0.tmp.node

MD5 e218cb94b794e60c15f6657ee71f7a53
SHA1 06ccfe40133736d73cc4a8aa5eaf2eabc227afee
SHA256 4b1552f36d3253b98c2d2b3da3f03d080c419ceb3996b22c04c6fb92bba90293
SHA512 59d5700cd55b28df224cfd5ff67dc84efb0f709c19a60c29031d4748b9cc8d034fc4466af62aec4878f21caeff6cd3b7858676759823cd16a6b43b8ea602258e

C:\Users\Admin\AppData\Local\Temp\bb3fe1dc-b596-46c0-887e-e3b231dd4587.tmp.node

MD5 c09b7e30167c35d52f41ecee2954d3ef
SHA1 cecaa1fd65aefe9be4de23dfe10ca37b6737a0d5
SHA256 decc233a25e7c862c9880826096a854fde6d5b1789c20040964957f574988ce7
SHA512 1bfb05c6af6a4b1dbf25685e3ea1e974206c0698176cc34c5723caa57f2db8f72510e75f5ea19700c40c5963cb4f8458a7b61f78347fd89cfcea766f2cc8a321

C:\Users\Admin\AppData\Local\Temp\e284d53c-8fdd-4f2f-8161-98797b8160df.tmp.node

MD5 e8f61500827abc8226e623ae3d10b1ca
SHA1 8caea1db03c3f7d70ed30982835db0c22acfb723
SHA256 63e1d531c5f01947cc62c66cddbceedf36fe8aafd5cd9a10e4e17cfc3f6786e1
SHA512 5ca0590c2c98a69505f04a0d487bcd08c92bd8ab35473ddc90ecff5b7a0c425a9941b5d81d6e0b17f470278deff69fc1ad2ac04eacdc0bfe94ddc986e00f8cf1

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\chrome_100_percent.pak

MD5 acd0fa0a90b43cd1c87a55a991b4fac3
SHA1 17b84e8d24da12501105b87452f86bfa5f9b1b3c
SHA256 ccbca246b9a93fa8d4f01a01345e7537511c590e4a8efd5777b1596d10923b4b
SHA512 3e4c4f31c6c7950d5b886f6a8768077331a8f880d70b905cf7f35f74be204c63200ff4a88fa236abccc72ec0fc102c14f50dd277a30f814f35adfe5a7ae3b774

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\resources.pak

MD5 7d5065ecba284ed704040fca1c821922
SHA1 095fcc890154a52ad1998b4b1e318f99b3e5d6b8
SHA256 a10c3d236246e001cb9d434a65fc3e8aa7acddddd9608008db5c5c73dee0ba1f
SHA512 521b2266e3257adaa775014f77b0d512ff91b087c2572359d68ffe633b57a423227e3d5af8ee4494538f1d09aa45ffa1fe8e979814178512c37f7088ddd7995d

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\locales\en-US.pak

MD5 5e3813e616a101e4a169b05f40879a62
SHA1 615e4d94f69625dda81dfaec7f14e9ee320a2884
SHA256 4d207c5c202c19c4daca3fddb2ae4f747f943a8faf86a947eef580e2f2aee687
SHA512 764a271a9cfb674cce41ee7aed0ad75f640ce869efd3c865d1b2d046c9638f4e8d9863a386eba098f5dcedd20ea98bad8bca158b68eb4bdd606d683f31227594

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\chrome_200_percent.pak

MD5 4610337e3332b7e65b73a6ea738b47df
SHA1 8d824c9cf0a84ab902e8069a4de9bf6c1a9aaf3b
SHA256 c91abf556e55c29d1ea9f560bb17cc3489cb67a5d0c7a22b58485f5f2fbcf25c
SHA512 039b50284d28dcd447e0a486a099fa99914d29b543093cccda77bbefdd61f7b7f05bb84b2708ae128c5f2d0c0ab19046d08796d1b5a1cff395a0689ab25ccb51

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe

MD5 62e24a1f94bd66049b54ff28834e153e
SHA1 26a54a44b6bb6b5ba4962a661b8ebceef255a4b5
SHA256 3801d4a82ed4da1ee834966e6c7eef02ea71fbab88fb76a5e2d2383aba8570f2
SHA512 9f30c7b4dda5f1c845b71c68b3d2e83897d10e15cef970c5e9ecfa4939fb74e7c5bfee647ca8f409d714fc08d14f2efb7067a7ce4a64e68658dfaefa93117fa4

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\ffmpeg.dll

MD5 1bb0e1140ef08440ad47d80b70dbf742
SHA1 c2e4243bad76b465b5ab39865ac023db1632d6b0
SHA256 c0d9edde3864d9450744f4bc526a98608b629aeed01c6647f600802e1b1cf671
SHA512 29d71e3bd7df7014a03e26ca6ee5b59ff6e3d06096742fae5dec6282abd1f0d2f24c886a503e3a691d38cc68e0da504a7f657dcec4758b640a1a523d3eeaa57a

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe

MD5 62e24a1f94bd66049b54ff28834e153e
SHA1 26a54a44b6bb6b5ba4962a661b8ebceef255a4b5
SHA256 3801d4a82ed4da1ee834966e6c7eef02ea71fbab88fb76a5e2d2383aba8570f2
SHA512 9f30c7b4dda5f1c845b71c68b3d2e83897d10e15cef970c5e9ecfa4939fb74e7c5bfee647ca8f409d714fc08d14f2efb7067a7ce4a64e68658dfaefa93117fa4

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\libglesv2.dll

MD5 44f7c21b6010048e0dcdc43d83ebd357
SHA1 d0a4dfd8dbae1a8421c3043315d78ecd84502b16
SHA256 f6259a9b9c284ee5916447dd9d0ba051c2908c9d3662d42d8bbe6ce6d65a37de
SHA512 7e03538dd8e798d0e808a8fc6e149e83de9f8404e839900f6c9535da6aac8ef4d5c31044e547dde34dcece1255fab9a9255fa069a99fcb08e49785d812b3887c

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\vulkan-1.dll

MD5 a947c5d8fec95a0f24b4143ced301209
SHA1 ebf3089985377a58b8431a14e22a814857287aaf
SHA256 29cb256921a1b0f222c82650469d534ccdf038d1f395b3aaa9f1086918f5d3fa
SHA512 75f5e055f4422b5558fc1cb3ea84fb7cbeaae6f71c786cc06c295d4ab51c0b1c84e28a7c89fe544f007dbe8e612bed4059139f1575934fe4bac8e538c674ebd3

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\vulkan-1.dll

MD5 a947c5d8fec95a0f24b4143ced301209
SHA1 ebf3089985377a58b8431a14e22a814857287aaf
SHA256 29cb256921a1b0f222c82650469d534ccdf038d1f395b3aaa9f1086918f5d3fa
SHA512 75f5e055f4422b5558fc1cb3ea84fb7cbeaae6f71c786cc06c295d4ab51c0b1c84e28a7c89fe544f007dbe8e612bed4059139f1575934fe4bac8e538c674ebd3

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\libEGL.dll

MD5 e0a5d1a5d55dffb55513acb736cef1c1
SHA1 307fc023790af5bf3d45678de985e8e9f34896f7
SHA256 aa5da4005c76cfe5195b69282b2ad249d7dc2300bbc979592bd67315fc30c669
SHA512 094e23869fd42c60f83e0f4d1a2cd1a29d2efd805ac02a01ce9700b8e7b0e39e52fe86503264a0298c85f0d02b38620f1e773f2ea981f3049aeba3104b04253f

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\libegl.dll

MD5 e0a5d1a5d55dffb55513acb736cef1c1
SHA1 307fc023790af5bf3d45678de985e8e9f34896f7
SHA256 aa5da4005c76cfe5195b69282b2ad249d7dc2300bbc979592bd67315fc30c669
SHA512 094e23869fd42c60f83e0f4d1a2cd1a29d2efd805ac02a01ce9700b8e7b0e39e52fe86503264a0298c85f0d02b38620f1e773f2ea981f3049aeba3104b04253f

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\vk_swiftshader.dll

MD5 65a5705d95a0820740b3396851ff1751
SHA1 a692a80bafc41ba1b29ef19890f8465b3fb20dcb
SHA256 4c4b935cbb320033f504a89b1eb0a4bcb176bbd46a5981153cb1f54deb146a1c
SHA512 0c5df23b96eaf952c4a498ff6d854df2b62e7631b16c2855ed37ddbadffba3dd52e7450f2e06cf094bec2e0d70d14c87a652150766d90ec8662e03123df5942d

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\vk_swiftshader.dll

MD5 65a5705d95a0820740b3396851ff1751
SHA1 a692a80bafc41ba1b29ef19890f8465b3fb20dcb
SHA256 4c4b935cbb320033f504a89b1eb0a4bcb176bbd46a5981153cb1f54deb146a1c
SHA512 0c5df23b96eaf952c4a498ff6d854df2b62e7631b16c2855ed37ddbadffba3dd52e7450f2e06cf094bec2e0d70d14c87a652150766d90ec8662e03123df5942d

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\libGLESv2.dll

MD5 44f7c21b6010048e0dcdc43d83ebd357
SHA1 d0a4dfd8dbae1a8421c3043315d78ecd84502b16
SHA256 f6259a9b9c284ee5916447dd9d0ba051c2908c9d3662d42d8bbe6ce6d65a37de
SHA512 7e03538dd8e798d0e808a8fc6e149e83de9f8404e839900f6c9535da6aac8ef4d5c31044e547dde34dcece1255fab9a9255fa069a99fcb08e49785d812b3887c

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\d3dcompiler_47.dll

MD5 3b4647bcb9feb591c2c05d1a606ed988
SHA1 b42c59f96fb069fd49009dfd94550a7764e6c97c
SHA256 35773c397036b368c1e75d4e0d62c36d98139ebe74e42c1ff7be71c6b5a19fd7
SHA512 00cd443b36f53985212ac43b44f56c18bf70e25119bbf9c59d05e2358ff45254b957f1ec63fc70fb57b1726fd8f76ccfad8103c67454b817a4f183f9122e3f50

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\D3DCompiler_47.dll

MD5 3b4647bcb9feb591c2c05d1a606ed988
SHA1 b42c59f96fb069fd49009dfd94550a7764e6c97c
SHA256 35773c397036b368c1e75d4e0d62c36d98139ebe74e42c1ff7be71c6b5a19fd7
SHA512 00cd443b36f53985212ac43b44f56c18bf70e25119bbf9c59d05e2358ff45254b957f1ec63fc70fb57b1726fd8f76ccfad8103c67454b817a4f183f9122e3f50

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\ffmpeg.dll

MD5 1bb0e1140ef08440ad47d80b70dbf742
SHA1 c2e4243bad76b465b5ab39865ac023db1632d6b0
SHA256 c0d9edde3864d9450744f4bc526a98608b629aeed01c6647f600802e1b1cf671
SHA512 29d71e3bd7df7014a03e26ca6ee5b59ff6e3d06096742fae5dec6282abd1f0d2f24c886a503e3a691d38cc68e0da504a7f657dcec4758b640a1a523d3eeaa57a

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe

MD5 62e24a1f94bd66049b54ff28834e153e
SHA1 26a54a44b6bb6b5ba4962a661b8ebceef255a4b5
SHA256 3801d4a82ed4da1ee834966e6c7eef02ea71fbab88fb76a5e2d2383aba8570f2
SHA512 9f30c7b4dda5f1c845b71c68b3d2e83897d10e15cef970c5e9ecfa4939fb74e7c5bfee647ca8f409d714fc08d14f2efb7067a7ce4a64e68658dfaefa93117fa4

memory/2800-707-0x00000000023E0000-0x0000000002416000-memory.dmp

memory/2800-708-0x0000000002460000-0x0000000002470000-memory.dmp

memory/2800-709-0x0000000002460000-0x0000000002470000-memory.dmp

memory/2800-710-0x0000000004EF0000-0x0000000005518000-memory.dmp

memory/2800-711-0x0000000004D30000-0x0000000004D52000-memory.dmp

memory/2800-712-0x0000000005620000-0x0000000005686000-memory.dmp

memory/2800-715-0x0000000005690000-0x00000000056F6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_orh04dpb.3qt.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/2800-723-0x0000000005CD0000-0x0000000005CEE000-memory.dmp

memory/2800-724-0x0000000006C80000-0x0000000006D16000-memory.dmp

memory/2800-725-0x00000000061C0000-0x00000000061DA000-memory.dmp

memory/2800-726-0x0000000006210000-0x0000000006232000-memory.dmp

memory/2800-727-0x00000000072D0000-0x0000000007874000-memory.dmp

memory/2800-728-0x0000000006DC0000-0x0000000006E52000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log

MD5 eedc851ccfb2e8281babb78c2f244c68
SHA1 4df05baf7c1b4f14aad3244aa30e95f234504eaf
SHA256 f8bb083f4072511a1b6c0c2e571a376fb678719fc20890ec96be851d25eaa790
SHA512 643d95f22f271d585f33609fefe30fd17b5b0380613553a86d1e94d5fb602660f2d4b7196915ac5e00f1d17702bbbecf9f4274f5dbb18820745a215b91cbc7ba

memory/3540-736-0x0000000003230000-0x0000000003240000-memory.dmp

memory/4344-737-0x0000000002820000-0x0000000002830000-memory.dmp

memory/620-738-0x0000000005300000-0x0000000005310000-memory.dmp

memory/620-739-0x0000000005300000-0x0000000005310000-memory.dmp

memory/3916-740-0x0000000000A80000-0x0000000000A90000-memory.dmp

memory/3916-741-0x0000000000A80000-0x0000000000A90000-memory.dmp

memory/1744-742-0x0000000002690000-0x00000000026A0000-memory.dmp

memory/1744-743-0x0000000002690000-0x00000000026A0000-memory.dmp

memory/1092-745-0x0000000005010000-0x0000000005020000-memory.dmp

memory/2544-744-0x00000000050C0000-0x00000000050D0000-memory.dmp

memory/3128-828-0x0000000004930000-0x0000000004940000-memory.dmp

memory/1092-837-0x0000000005010000-0x0000000005020000-memory.dmp

memory/3340-838-0x0000000004EE0000-0x0000000004EF0000-memory.dmp

memory/3796-848-0x0000000005590000-0x00000000055A0000-memory.dmp

memory/4772-849-0x0000000002D20000-0x0000000002D30000-memory.dmp

memory/4772-850-0x0000000002D20000-0x0000000002D30000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 0afc0e766b5fe17d3585e069c2ae7b6f
SHA1 27e1708c1133d3fca3582c30b90a1642a4f5b433
SHA256 86e338602a9f1b376b30d401e4925a45faa508e35351b4c289b7dfd9d17932b8
SHA512 d7b67179db1fce52fe69dfd924fbfd1229e0cfb775a496993d47a809a94d42dafa8babd43c38b4182f641c21b8b94687d410a7f9360ea201678070bfaab09772

memory/620-852-0x0000000007680000-0x00000000076C4000-memory.dmp

memory/4344-853-0x0000000006EF0000-0x0000000006F66000-memory.dmp

memory/620-856-0x0000000005300000-0x0000000005310000-memory.dmp

memory/620-858-0x0000000008140000-0x00000000087BA000-memory.dmp

memory/2544-857-0x00000000050C0000-0x00000000050D0000-memory.dmp

memory/3540-860-0x0000000003230000-0x0000000003240000-memory.dmp

memory/3796-859-0x0000000005590000-0x00000000055A0000-memory.dmp

memory/3916-855-0x0000000000A80000-0x0000000000A90000-memory.dmp

memory/620-864-0x0000000007CD0000-0x0000000007D02000-memory.dmp

memory/620-865-0x000000006C980000-0x000000006C9CC000-memory.dmp

memory/3916-869-0x000000006C980000-0x000000006C9CC000-memory.dmp

memory/3128-889-0x000000006C980000-0x000000006C9CC000-memory.dmp

memory/620-879-0x0000000007CB0000-0x0000000007CCE000-memory.dmp

memory/2544-867-0x000000006C980000-0x000000006C9CC000-memory.dmp

memory/4344-866-0x000000006C980000-0x000000006C9CC000-memory.dmp

memory/3796-868-0x000000006C980000-0x000000006C9CC000-memory.dmp

memory/620-927-0x000000007F370000-0x000000007F380000-memory.dmp

memory/3540-930-0x000000006C980000-0x000000006C9CC000-memory.dmp

memory/4344-929-0x00000000074C0000-0x00000000074CA000-memory.dmp

memory/5804-959-0x0000000004A90000-0x0000000004AA0000-memory.dmp

memory/1092-926-0x000000006C980000-0x000000006C9CC000-memory.dmp

memory/4344-961-0x000000007F810000-0x000000007F820000-memory.dmp

memory/3916-960-0x00000000073E0000-0x000000000740A000-memory.dmp

memory/2544-963-0x000000007F5C0000-0x000000007F5D0000-memory.dmp

memory/3916-964-0x000000007EED0000-0x000000007EEE0000-memory.dmp

memory/2544-971-0x000000006CEF0000-0x000000006D244000-memory.dmp

memory/3796-970-0x000000006CEF0000-0x000000006D244000-memory.dmp

memory/3916-969-0x000000006CEF0000-0x000000006D244000-memory.dmp

memory/620-966-0x000000006CEF0000-0x000000006D244000-memory.dmp

memory/4344-965-0x000000006CEF0000-0x000000006D244000-memory.dmp

memory/3128-968-0x000000006CEF0000-0x000000006D244000-memory.dmp

memory/3796-967-0x000000007F920000-0x000000007F930000-memory.dmp

memory/620-962-0x0000000007E80000-0x0000000007EA4000-memory.dmp

memory/5804-932-0x0000000004A90000-0x0000000004AA0000-memory.dmp

memory/1744-928-0x000000006C980000-0x000000006C9CC000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 4e78fb143a795705db1f1bbaf7d2f1ec
SHA1 1989165d2f41ceae3fb46ac3e2130072aef2bd83
SHA256 b706e71c81cbadc4e313c368bfc2d5acd33c931092b6be982318a1b36831c8dc
SHA512 49db98fb8eb777ea4e2f62083990a85bd2867e6a714c43f1b047e39ec769daaf118a2bc514e589ed8fee1f4cfc77f8cfc3f79e922977194bbc713787caca3dae

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

MD5 8c3626f2d74dcd7f07e9a9d89bb7acde
SHA1 757c4f08ffa7e2ceb7f44599e7d5c01ca36c0fba
SHA256 8747d0d35e214d0aff5a8789c0dc7336f7d684265008a48388ee4f1598941c0a
SHA512 8537c94b50f67e96369c8ac815aabdec9a65436ccb740f36c5329b8691045a855da4fbed3f4762c04827ced9bdd49d9ae9da0bc7434c96715df1405e7f471623

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

MD5 c58f4b17135696ff83c24437261ed991
SHA1 8a7babc594d3925439699236f01dd67700e12295
SHA256 344f4fd67ec4c33492caec5ba6bc8c707853cf373457e24720475d0d1e8b19ff
SHA512 1efd1b3e0a6dd93503d4db9510432dd1e03b476b689a4573b96aa25773f35f48ef35bc825762ce0228ae260cd51ede03af29ccf7652de99dbe34b6cbddb0cdc0

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

MD5 4777f5ceb93f46a8ede410d7c6dc1a2f
SHA1 46f4529e9e19c5d92e466ba224a2ee14027ca153
SHA256 b24fad939b85c68d085eb5f47a074e34001e54235e9c18cdede3d5128eaa8868
SHA512 9840dc0f7052f7aab996de940157a85be28d1765971e0a2bde4a1ec18d69eaec5345c7093f8d046e43ded0d6cb8f4c664279dab3a0c3dc2e8db3396d989eb59a

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

MD5 6dca9ac314bbb90e959a3a026ad8ac4c
SHA1 089d35c6340e182a56ba12fa147ace9dbba98079
SHA256 a3fe522268c8e694ce514278a1d97dc6e5dff7171a924563e33d618069f3d1dd
SHA512 0008675db9e8a91ae0ca9536a9cfd8b97d839e7464b689b701c0bf572c5b380ec6e5c85d5586279d6cb899c4299898fe6a1d7a5de074c9e65c7ef1f013fe9f79

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 d0631d485c8ebe573df48736b301ff4e
SHA1 46392cb3e638daeba157aaf7e83d855d6c04e104
SHA256 1ab27db83bdd600362984bbe07e9c7005569c86c39a4483cd222a2032b4c8ab4
SHA512 f3c6248374dc782f71761eaf14ac8117874b71a21ae3369c9cf12a7ae74d2c9f0f4966ecda8e10834e1e5c3ed6221a90f67cd5e07e1c999f8526b5398a2f3209

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

MD5 8b50d518a3cdba02e88009e1afebe57d
SHA1 86f4b7e78ef549564339c6f6560326ac8749d9b3
SHA256 991d935763cb11e812fc0e154e0badfb8d9ce0fe5d135d3954f64cb847229066
SHA512 2cc809402c9dea45e2caa1b9e457e6d79df90b0a23275209273c5e427d56690b70e9155842c2ea943f2a3a164e51d608c1c6328794ea137a2eed161f030d3ed6

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

MD5 1bd7b4877d5da5fed66d8ed83e4ab3d1
SHA1 6d4060927647f3cb9d903effd1667cb08e758d4d
SHA256 82d8f1c0a555fa6febcd8d50fa774ed83ba9b9df60ca741c8ce673ea461687fd
SHA512 e58a5d078ef82a892be958dabcf6d6731bf50d58c9def834b7c6dce8d7f6b0aa7a67c98e25517ecf7407b4a3d9d42f500d63c267c990cf53f7be2290332568dd

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 ce8fb137d56a126ef55a4c5ffd259b9c
SHA1 5c1530accd269b7a40516923a91280da7e91fc5c
SHA256 8dc818db1a3e7d6bcf5b718671c10365541c1ee399ef0589336fbf236c2a48b5
SHA512 cf80ae356d2cbcc58c5189e2c6923b88a5fd42d799a124acfc3dc49843d7f273218b6d1abfcf6b4d07cdce776101905832368dd3822bb1889c1c1706626da212

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 820283876d5f4c355ea451a695fadd2c
SHA1 f3f3dda83c5fec793e0ac149ebd68e3e9e949476
SHA256 f62c230c9fcb2d9f6eb0545f31ce0e77a703031b62d5036b20fe1cf409f44215
SHA512 aa9295358e10128b5161c521ec93c4462a2ac4b42cdf068436060037bb126cbcb4dc1bea7013438e1e5abce97cd2a119ac8f915c19ecb2a2f4be687c8294464e

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

MD5 60e8d990347b84e35a849688d263c880
SHA1 e2b7e51aaa08260fab4e7eed0e661d8c46b7d1b2
SHA256 fcad7314d91be00b108fa8667fb438845d47862fd50949f49bac1a4b0968f9de
SHA512 9ee5d2130566295c81bb8d08d9364ea80014a687ed0a48fcde3e8b35ca12a47799f47abc45bfcefbdc04446241f8023c0203ea6f831f9c18100bf32b43f1832b

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

MD5 60e8d990347b84e35a849688d263c880
SHA1 e2b7e51aaa08260fab4e7eed0e661d8c46b7d1b2
SHA256 fcad7314d91be00b108fa8667fb438845d47862fd50949f49bac1a4b0968f9de
SHA512 9ee5d2130566295c81bb8d08d9364ea80014a687ed0a48fcde3e8b35ca12a47799f47abc45bfcefbdc04446241f8023c0203ea6f831f9c18100bf32b43f1832b

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 21b0a7564799aa64d67228e7eeba42ce
SHA1 f3138cceb716d0b9a51f905cf01a7333e5d56e19
SHA256 e55f3d782a8072d0a2035bad266cad6071a5cce12c00c0f465f38e162558d4a6
SHA512 e461960d6eb697759dc2e6534557759d8a9acbafc0e3ba75b56d8b34a20fda7366ea354af88a3524808a5591bb971d13dea2a4f052adb513056dc468b7b337cd

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

MD5 abb45709aaa5bfd6178b909954deb917
SHA1 f7a95fc7fc55c8431e4ac3907deb4a877ee0db08
SHA256 75a7f49bc75c4696aab8cad1217e931c29a25a81765a5cab5a370266bca60166
SHA512 07dd9899df0ded3851ca1e0748f1d2fcf3df7bc798fae662b415d9b6b36f17bec61c9ac2b0f50ad2de26079f8e3f13b00f4bb0a6c07f5ac268adcd7b84325b78

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 49073a5b678d72ae0e20a091b04b2d1a
SHA1 fce0ee30e3cea4e2652b05f26d0ff6f8ef14a940
SHA256 b91f212acfec351ffd2683d4fb5dcde6e68585e19c1856530ae7def8995acde1
SHA512 cc3ae40b8359dbc278b1dcb0b4b0a477bd8976f21a7ceabece5272cb68cbf199c41f32cd426c6c259a8e059c1089805942466d0bc935f36c69547f0952d6b498

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 ed0c2fb9f46a25e13dbf942bd20886f2
SHA1 16b56a867e977482c78dec4040bf1085eca732b5
SHA256 b36f613a3d78c6c004d1f35cb3c31a5305c8bd1796989760a9c471b0252e5616
SHA512 2705cfc8316ec4276e79ad1cab87f256df26c6f37bffa734973470ff22d492bcc1eadc62618f32afec711f7ba8fbc82bcad8930f90eff34eed798d8933dac09e

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 cc3963919d3537be35187f45cdec17a1
SHA1 b6885b843967daeaeca77a81f5316ccf0fc4d835
SHA256 992b7c8490338d3783247a994016630ffc429057ef6a72c6aa680147e0611b2f
SHA512 beec04bfaa44db954b53f2582c27fc7c75b8e8806aa81fa64d3a46fb182b77b7c8c46615f721312be6841175ac0c39c7789f9a12343038020b26175a5ae6e20d

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 a0a3efaf87407178ffb66d71ba9d6896
SHA1 ff64f1cda22f880bfd555d0dadbeb0d8ff2dc7b4
SHA256 f50e02f0cf8878306f50e80376b35c1adccf43cb8e69059aa3df6ee6a38c53c5
SHA512 b6a9a60a3566876e9b702bb333ac71b4d918fcb26725f536b57a4ac067a658be7f872b64257bd0a150df59e35b6e0166e46b9b5879219d1288f582a3ff95e3d2

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 4d33b13dbf7804f05464385f2dbff8f5
SHA1 5cf6d94cd06f4d3a1cc67b513d0ad7ddeaaf9eb1
SHA256 df7ee819f07e564a63fc9e4b0330064032ffee905f8b9a20cdb40cf6fd9a11ed
SHA512 357886e27c37cd23edb3eb68151bf6f696f3c686e86e1aec7d7e9339778584f36f4ff9f58d6a698097ac78ee0954055b41d59f732b1eff883f05d2b935dcb9b9

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 40310206af59586c992eb2fa4d406f77
SHA1 923b2e74bb8a14d6d23bf9c94e207e9c56dbe3c4
SHA256 16ccc775b486f1dec06afe92025ceb18f570e068e78a50e9fa10109ad1266023
SHA512 ebc5206f999050f22343cab9ab83bf4bd72a512b85f6bc7c287f91f2d7f70428756b89ce07266edcb6b58a396f6ebdf9520833d32b0c17d848ee9804d202fd2c

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 eac62dfddbb0ede17895d48a12d0ab9d
SHA1 572424ed0771194d81383ee1c3424cdffec05f6c
SHA256 8f735305cb38eeb1dedc704bbc08dcac4111225ed58dd7ab56f4001bc5ec90a9
SHA512 fe89a422a71d4048b35fec61c0bfbf52c700322a4a9af15c93dfa74b53072f47db8dc0837089c1b320c7036c6375ae394013891c540df5ba6066ccb737fdbe4b

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 f949dd3f231bc00d52562191c045d7c5
SHA1 ad101904b96f85823cc10c4de19bad4e1c221fbe
SHA256 8638c24dc4c9f39f7cab32b11d1cf65fc8ad7609b50fbed9b6cc0b5be9d20aea
SHA512 bf58861f20bd6c36c8a8f33726c7746c3f3cefc1b5c41b384bfa8f0a0dc77548a3e6db8fa125d4313cca91b4ad55290be7b1f420e078395faaf4998ff596da56

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 9a696880f3e5c982429529d9c1df3adf
SHA1 20cb6eb0a14aaa5518d974b0d715c9a28d38020c
SHA256 bd7fdc067f2c1b60252fcc1987b47d4350e1feb842c2bd61141a3c5335bedd4f
SHA512 404b3fbf638babac00e417e3e0779a3c210e98f4a6116e3bc73f5c5fdbe3d789ddd08c9c49d2e8a593198f3122770b61e31171d42835db38154a6d6a2cb05527

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 343a473e776d92538a729a96d1c03a9a
SHA1 2072be7a54030b21216c57929b148b84f7d5376e
SHA256 9fc3c86a00a8f3523bf4c91bea44eae47d90a13b5e5b84668e5662babcccdaa3
SHA512 543c6d98a1c89f15f78c1193a088971e4c56bab89ac8dd82e95b805350afc798b4c97bfdbc4856c433b503ca87d4e6ec582a2d186abaa7f2b71de57d6537ea16

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 6c415a0bda3a354e88188f3cd5d57faf
SHA1 133d56166dff96216fd9ba4e8d9cf673037aa44a
SHA256 e90a161190b362d0544f1f5e254af5f95c4819ab27a5232780370d1b5aba1b33
SHA512 3ccf87ca3cedb45390696cd16ce5dc0c95d61351faeab2ed43024b31129f50face3c0c68554ef8aa1e3f25495a8fc3339c41e48ba234e869d925c1c3f51fc9fe

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 10b1e29d3eb3ecf5c946c73c415d4160
SHA1 b4a5dd5f1e0b58c6cd282701b8eb0ed6df5bff19
SHA256 28ab12de65c2cff5cf52e09359690e8a32827a7c1b2bab132f4f061e7046df4a
SHA512 fb3ca45910668e3dde4bd3708ee689ab66a1a6f43b34ab8ed71bad9008e5bd480a64b5abe721b0f5b3cbc4aa13ee578bcef2c9f0ba915e1fff855ff6b97659bf

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 693b0b4a614cdcf7f4c63faa52a624bc
SHA1 834375c31ee96cc01042041921df70508137e080
SHA256 acbe27fccdc02d2bf727a9917e0486828254a535f5b9e5bdeac3f8276b8696f8
SHA512 7a31446462df4df10932863135037575a54b9fbee4f6ee1257eacd3916d70f806a2d22604626126ae8dafbd95a1a6a567365c379eed2dbb7295b5c277866849f

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 d5237cfc688f3eaf92971ed61d523cc8
SHA1 ce10d9f3b913bf258806322c11fa4270eb32459c
SHA256 dde0202b501020b9ef49c3c912862df09e50cf8ea14c8e19c7b4c31018d4fbdf
SHA512 5e4c56067ca0eff642441cce80c17dd685702e45b55e23e158a24d49bf81d341d043b39c184fa48dce1570715a60d62f8407402a4fd079e897481f1453eec3b6

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 9a05dfd0536f0e146671bfebfe94211e
SHA1 d2398d0b763500f7aacd9d3f0cda10f9cb7285dd
SHA256 9aae55bf07eaa945e01bf9e962a84f88cc3d284b2fbcde59ac05274d551ea692
SHA512 f758befc6f17935f32c45ace05d6d78a0ed09a5090e2a9c5119f57cb238c0f70f198e73c7332aea94a0afb88eee5e9989b78d69fb43b4f46e4af31385ba55223

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 2f277d08aeebdfa26cff5d0a71ab539b
SHA1 c9d181e67585c55fe0cff884b8e6d33b5afaf726
SHA256 3311d577734fee11d9e2a8a4d410ff1e7a7e9d3cc7700f4ae1f06db3a99748e3
SHA512 888022ecbbbc6ccd19f69b971e329ca1c89c4c143eda647cce4c4cf606301481a401c807fd95f1612102e74e6f086f4da27c36b8d4cc8b7b8cbe61530edf1ab8

memory/6044-1432-0x000000000E760000-0x000000000E761000-memory.dmp

memory/6044-1433-0x000000000E760000-0x000000000E761000-memory.dmp

memory/6044-1434-0x000000000E760000-0x000000000E761000-memory.dmp

memory/6044-1439-0x000000000E760000-0x000000000E761000-memory.dmp

memory/6044-1438-0x000000000E760000-0x000000000E761000-memory.dmp

memory/6044-1441-0x000000000E760000-0x000000000E761000-memory.dmp

memory/6044-1440-0x000000000E760000-0x000000000E761000-memory.dmp

memory/6044-1443-0x000000000E760000-0x000000000E761000-memory.dmp

memory/6044-1442-0x000000000E760000-0x000000000E761000-memory.dmp

memory/6044-1444-0x000000000E760000-0x000000000E761000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2023-04-29 23:31

Reported

2023-04-30 00:02

Platform

win10-20230220-en

Max time kernel

1620s

Max time network

1592s

Command Line

"C:\Users\Admin\AppData\Local\Temp\VoidOfSpace_Stable.2.3.exe"

Signatures

Detects Redline Stealer samples

stealer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Lumma Stealer

stealer lumma

RedLine

infostealer redline

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Updater.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A

Reads user/profile data of web browsers

spyware stealer

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A

Gathers network information

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\NETSTAT.EXE N/A
N/A N/A C:\Windows\SysWOW64\ipconfig.exe N/A
N/A N/A C:\Windows\SysWOW64\NETSTAT.EXE N/A
N/A N/A C:\Windows\SysWOW64\NETSTAT.EXE N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\ping.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\VoidOfSpace_Stable.2.3.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2192 wrote to memory of 4724 N/A C:\Users\Admin\AppData\Local\Temp\VoidOfSpace_Stable.2.3.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 2192 wrote to memory of 4724 N/A C:\Users\Admin\AppData\Local\Temp\VoidOfSpace_Stable.2.3.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 2192 wrote to memory of 4724 N/A C:\Users\Admin\AppData\Local\Temp\VoidOfSpace_Stable.2.3.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 4724 wrote to memory of 1536 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Windows\SysWOW64\cmd.exe
PID 4724 wrote to memory of 1536 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Windows\SysWOW64\cmd.exe
PID 4724 wrote to memory of 1536 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Windows\SysWOW64\cmd.exe
PID 1536 wrote to memory of 4808 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\chcp.com
PID 1536 wrote to memory of 4808 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\chcp.com
PID 1536 wrote to memory of 4808 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\chcp.com
PID 4724 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 4724 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 4724 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 4724 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 4724 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 4724 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 4724 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 4724 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 4724 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 4724 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 4724 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 4724 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 4724 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 4724 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 4724 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 4724 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 4724 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 4724 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 4724 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 4724 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 4724 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 4724 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 4724 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 4724 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 4724 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 4724 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 4724 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 4724 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 4724 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 4724 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 4724 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 4724 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 4724 wrote to memory of 3148 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 4724 wrote to memory of 3148 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 4724 wrote to memory of 3148 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe
PID 4724 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Windows\SysWOW64\cmd.exe
PID 4724 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Windows\SysWOW64\cmd.exe
PID 4724 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Windows\SysWOW64\cmd.exe
PID 804 wrote to memory of 1872 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 804 wrote to memory of 1872 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 804 wrote to memory of 1872 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 4724 wrote to memory of 5116 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Windows\SysWOW64\cmd.exe
PID 4724 wrote to memory of 5116 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Windows\SysWOW64\cmd.exe
PID 4724 wrote to memory of 5116 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Windows\SysWOW64\cmd.exe
PID 5116 wrote to memory of 3504 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 5116 wrote to memory of 3504 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 5116 wrote to memory of 3504 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 4724 wrote to memory of 3348 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Windows\SysWOW64\cmd.exe
PID 4724 wrote to memory of 3348 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Windows\SysWOW64\cmd.exe
PID 4724 wrote to memory of 3348 N/A C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe C:\Windows\SysWOW64\cmd.exe
PID 3348 wrote to memory of 3340 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\NETSTAT.EXE
PID 3348 wrote to memory of 3340 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\NETSTAT.EXE
PID 3348 wrote to memory of 3340 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\NETSTAT.EXE
PID 3340 wrote to memory of 356 N/A C:\Windows\SysWOW64\NETSTAT.EXE C:\Windows\SysWOW64\cmd.exe
PID 3340 wrote to memory of 356 N/A C:\Windows\SysWOW64\NETSTAT.EXE C:\Windows\SysWOW64\cmd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\VoidOfSpace_Stable.2.3.exe

"C:\Users\Admin\AppData\Local\Temp\VoidOfSpace_Stable.2.3.exe"

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe

"C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "chcp"

C:\Windows\SysWOW64\chcp.com

chcp

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe

"C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xidxaxbnnenmrnel" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 --field-trial-handle=1796,i,11936568809303706755,47349734718611018,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe

"C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\xidxaxbnnenmrnel" --mojo-platform-channel-handle=2056 --field-trial-handle=1796,i,11936568809303706755,47349734718611018,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "netstat -r"

C:\Windows\SysWOW64\NETSTAT.EXE

netstat -r

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Windows\system32\route.exe" print

C:\Windows\SysWOW64\ROUTE.EXE

C:\Windows\system32\route.exe print

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "netstat -nao"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\SysWOW64\ping.exe

ping 8.8.8.8 -n 1

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\SysWOW64\NETSTAT.EXE

netstat -nao

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\netsh.exe

"C:\Windows\system32\netsh.exe" wlan show networks mode=Bssid

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "netstat -r"

C:\Windows\SysWOW64\NETSTAT.EXE

netstat -r

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Windows\system32\route.exe" print

C:\Windows\SysWOW64\ROUTE.EXE

C:\Windows\system32\route.exe print

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "netsh lan show profiles"

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe

"C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --user-data-dir="C:\Users\Admin\AppData\Roaming\xidxaxbnnenmrnel" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2480 --field-trial-handle=1796,i,11936568809303706755,47349734718611018,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Windows\SysWOW64\netsh.exe

netsh lan show profiles

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "ipconfig /all"

C:\Windows\SysWOW64\ipconfig.exe

ipconfig /all

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

Network

Country Destination Domain Proto
US 20.42.73.26:443 tcp
NL 8.238.21.254:80 tcp
US 8.8.8.8:53 64.13.109.52.in-addr.arpa udp
US 8.8.8.8:53 196.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 doenerium.kqnfkpoccicxiudstqonfotuwsrhuxkwhqjjfsbjhonoubrccy.nl udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 188.114.96.0:443 doenerium.kqnfkpoccicxiudstqonfotuwsrhuxkwhqjjfsbjhonoubrccy.nl tcp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 0.96.114.188.in-addr.arpa udp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 canary.discord.com udp
US 8.8.8.8:53 doenerium.bbynetwork.nl udp
US 162.159.136.232:443 canary.discord.com tcp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 104.21.60.146:443 doenerium.bbynetwork.nl tcp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.59.81:443 ipinfo.io tcp
US 8.8.8.8:53 81.59.117.34.in-addr.arpa udp
US 8.8.8.8:53 146.60.21.104.in-addr.arpa udp
US 8.8.8.8:53 232.136.159.162.in-addr.arpa udp
US 8.8.8.8:53 apiv2.gofile.io udp
FR 151.80.29.83:443 apiv2.gofile.io tcp
US 8.8.8.8:53 store1.gofile.io udp
FR 31.14.70.243:443 store1.gofile.io tcp
US 8.8.8.8:53 83.29.80.151.in-addr.arpa udp
US 162.159.136.232:443 canary.discord.com tcp
US 104.21.60.146:443 doenerium.bbynetwork.nl tcp
US 8.8.8.8:53 243.70.14.31.in-addr.arpa udp
US 162.159.136.232:443 canary.discord.com tcp
US 104.21.60.146:443 doenerium.bbynetwork.nl tcp
US 8.8.8.8:53 84.65.42.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 240.81.21.72.in-addr.arpa udp

Files

\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\chrome_100_percent.pak

MD5 acd0fa0a90b43cd1c87a55a991b4fac3
SHA1 17b84e8d24da12501105b87452f86bfa5f9b1b3c
SHA256 ccbca246b9a93fa8d4f01a01345e7537511c590e4a8efd5777b1596d10923b4b
SHA512 3e4c4f31c6c7950d5b886f6a8768077331a8f880d70b905cf7f35f74be204c63200ff4a88fa236abccc72ec0fc102c14f50dd277a30f814f35adfe5a7ae3b774

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\chrome_200_percent.pak

MD5 4610337e3332b7e65b73a6ea738b47df
SHA1 8d824c9cf0a84ab902e8069a4de9bf6c1a9aaf3b
SHA256 c91abf556e55c29d1ea9f560bb17cc3489cb67a5d0c7a22b58485f5f2fbcf25c
SHA512 039b50284d28dcd447e0a486a099fa99914d29b543093cccda77bbefdd61f7b7f05bb84b2708ae128c5f2d0c0ab19046d08796d1b5a1cff395a0689ab25ccb51

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\ffmpeg.dll

MD5 1bb0e1140ef08440ad47d80b70dbf742
SHA1 c2e4243bad76b465b5ab39865ac023db1632d6b0
SHA256 c0d9edde3864d9450744f4bc526a98608b629aeed01c6647f600802e1b1cf671
SHA512 29d71e3bd7df7014a03e26ca6ee5b59ff6e3d06096742fae5dec6282abd1f0d2f24c886a503e3a691d38cc68e0da504a7f657dcec4758b640a1a523d3eeaa57a

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\d3dcompiler_47.dll

MD5 3b4647bcb9feb591c2c05d1a606ed988
SHA1 b42c59f96fb069fd49009dfd94550a7764e6c97c
SHA256 35773c397036b368c1e75d4e0d62c36d98139ebe74e42c1ff7be71c6b5a19fd7
SHA512 00cd443b36f53985212ac43b44f56c18bf70e25119bbf9c59d05e2358ff45254b957f1ec63fc70fb57b1726fd8f76ccfad8103c67454b817a4f183f9122e3f50

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\resources.pak

MD5 7d5065ecba284ed704040fca1c821922
SHA1 095fcc890154a52ad1998b4b1e318f99b3e5d6b8
SHA256 a10c3d236246e001cb9d434a65fc3e8aa7acddddd9608008db5c5c73dee0ba1f
SHA512 521b2266e3257adaa775014f77b0d512ff91b087c2572359d68ffe633b57a423227e3d5af8ee4494538f1d09aa45ffa1fe8e979814178512c37f7088ddd7995d

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\LICENSES.chromium.html

MD5 312446edf757f7e92aad311f625cef2a
SHA1 91102d30d5abcfa7b6ec732e3682fb9c77279ba3
SHA256 c2656201ac86438d062673771e33e44d6d5e97670c3160e0de1cb0bd5fbbae9b
SHA512 dce01f2448a49a0e6f08bbde6570f76a87dcc81179bb51d5e2642ad033ee81ae3996800363826a65485ab79085572bbace51409ae7102ed1a12df65018676333

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\LICENSE.electron.txt

MD5 4d42118d35941e0f664dddbd83f633c5
SHA1 2b21ec5f20fe961d15f2b58efb1368e66d202e5c
SHA256 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
SHA512 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\libGLESv2.dll

MD5 44f7c21b6010048e0dcdc43d83ebd357
SHA1 d0a4dfd8dbae1a8421c3043315d78ecd84502b16
SHA256 f6259a9b9c284ee5916447dd9d0ba051c2908c9d3662d42d8bbe6ce6d65a37de
SHA512 7e03538dd8e798d0e808a8fc6e149e83de9f8404e839900f6c9535da6aac8ef4d5c31044e547dde34dcece1255fab9a9255fa069a99fcb08e49785d812b3887c

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\libEGL.dll

MD5 e0a5d1a5d55dffb55513acb736cef1c1
SHA1 307fc023790af5bf3d45678de985e8e9f34896f7
SHA256 aa5da4005c76cfe5195b69282b2ad249d7dc2300bbc979592bd67315fc30c669
SHA512 094e23869fd42c60f83e0f4d1a2cd1a29d2efd805ac02a01ce9700b8e7b0e39e52fe86503264a0298c85f0d02b38620f1e773f2ea981f3049aeba3104b04253f

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\icudtl.dat

MD5 d89ce8c00659d8e5d408c696ee087ce3
SHA1 49fc8109960be3bb32c06c3d1256cb66dded19a8
SHA256 9dfbe0dad5c7021cfe8df7f52458c422cbc5be9e16ff33ec90665bb1e3f182de
SHA512 db097ce3eb9e132d0444df79b167a7dcb2df31effbbd3df72da3d24ae2230cc5213c6df5e575985a9918fbd0a6576e335b6ebc12b6258bc93fa205399de64c37

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\vk_swiftshader.dll

MD5 65a5705d95a0820740b3396851ff1751
SHA1 a692a80bafc41ba1b29ef19890f8465b3fb20dcb
SHA256 4c4b935cbb320033f504a89b1eb0a4bcb176bbd46a5981153cb1f54deb146a1c
SHA512 0c5df23b96eaf952c4a498ff6d854df2b62e7631b16c2855ed37ddbadffba3dd52e7450f2e06cf094bec2e0d70d14c87a652150766d90ec8662e03123df5942d

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\vulkan-1.dll

MD5 a947c5d8fec95a0f24b4143ced301209
SHA1 ebf3089985377a58b8431a14e22a814857287aaf
SHA256 29cb256921a1b0f222c82650469d534ccdf038d1f395b3aaa9f1086918f5d3fa
SHA512 75f5e055f4422b5558fc1cb3ea84fb7cbeaae6f71c786cc06c295d4ab51c0b1c84e28a7c89fe544f007dbe8e612bed4059139f1575934fe4bac8e538c674ebd3

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\v8_context_snapshot.bin

MD5 4f4d00247758c684c295243ddedd2948
SHA1 f8e8fc6c22fde9df1d60c329e38b38a85f96bb69
SHA256 4ea84c4465eea20b46e6ded30f711f1e0d61e15574d861b0210819abd5e895e5
SHA512 2c335672979114bd68ff6f1b1b94235fbf072fe8642cad1f7d61855b92741f0633fa0ccb77cd520be560db2d3ac75f9be08e22806487bf5d3045781e3903ad45

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\snapshot_blob.bin

MD5 916127734bc7c5b0db478191a37fc19a
SHA1 f9d868c2578f14513fcb95e109aec795c98dbba3
SHA256 e19ed7fb96e19bb5bfe791df03561d654ea5d52021c3403a2652f439a8d77801
SHA512 d291b26568572d5777b036577ddf30c1b6c6c41e9d53ef2d8af735db001ea5c568371f3907fbffc02feee628f0f29afb718ae5deb32ff245a37947a7b1b9c297

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\Runtime Broker.exe

MD5 62e24a1f94bd66049b54ff28834e153e
SHA1 26a54a44b6bb6b5ba4962a661b8ebceef255a4b5
SHA256 3801d4a82ed4da1ee834966e6c7eef02ea71fbab88fb76a5e2d2383aba8570f2
SHA512 9f30c7b4dda5f1c845b71c68b3d2e83897d10e15cef970c5e9ecfa4939fb74e7c5bfee647ca8f409d714fc08d14f2efb7067a7ce4a64e68658dfaefa93117fa4

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\locales\el.pak

MD5 9528d21e8a3f5bad7ca273999012ebe8
SHA1 58cd673ce472f3f2f961cf8b69b0c8b8c01d457c
SHA256 e79c1e7a47250d88581e8e3baf78dcaf31fe660b74a1e015be0f4bafdfd63e12
SHA512 165822c49ce0bdb82f3c3221e6725dac70f53cfdad722407a508fa29605bc669fb5e5070f825f02d830e0487b28925644438305372a366a3d60b55da039633d7

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\locales\de.pak

MD5 8e6654b89ed4c1dc02e1e2d06764805a
SHA1 ff660bc85bb4a0fa3b2637050d2b2d1aecc37ad8
SHA256 61cbce9a31858ddf70cc9b0c05fb09ce7032bfb8368a77533521722465c57475
SHA512 5ac71eda16f07f3f2b939891eda2969c443440350fd88ab3a9b3180b8b1a3ecb11e79e752cf201f21b3dbfba00bcc2e4f796f347e6137a165c081e86d970ee61

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\locales\da.pak

MD5 1a53d374b9c37f795a462aac7a3f118f
SHA1 154be9cf05042eced098a20ff52fa174798e1fea
SHA256 d0c38eb889ee27d81183a0535762d8ef314f0fdeb90ccca9176a0ce9ab09b820
SHA512 395279c9246bd30a0e45d775d9f9c36353bd11d9463282661c2abd876bdb53be9c9b617bb0c2186592cd154e9353ea39e3feed6b21a07b6850ab8ecd57e1ed29

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\locales\cs.pak

MD5 04a680847c4a66ad9f0a88fb9fb1fc7b
SHA1 2afcdf4234a9644fb128b70182f5a3df1ee05be1
SHA256 1cc44c5fbe1c0525df37c5b6267a677f79c9671f86eda75b6fc13abf5d5356eb
SHA512 3a8a409a3c34149a977dea8a4cb0e0822281aed2b0a75b02479c95109d7d51f6fb2c2772ccf1486ca4296a0ac2212094098f5ce6a1265fa6a7eb941c0cfef83e

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\locales\ca.pak

MD5 d259469e94f2adf54380195555154518
SHA1 d69060bbe8e765ca4dc1f7d7c04c3c53c44b8ab5
SHA256 f98b7442befc285398a5dd6a96740cba31d2f5aadadd4d5551a05712d693029b
SHA512 d0bd0201acf4f7daa84e89aa484a3dec7b6a942c3115486716593213be548657ad702ef2bc1d3d95a4a56b0f6e7c33d5375f41d6a863e4ce528f2bd6a318240e

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\locales\bn.pak

MD5 5cdd07fa357c846771058c2db67eb13b
SHA1 deb87fc5c13da03be86f67526c44f144cc65f6f6
SHA256 01c830b0007b8ce6aca46e26d812947c3df818927b826f7d8c5ffd0008a32384
SHA512 2ac29a3aa3278bd9a8fe1ba28e87941f719b14fbf8b52e0b7dc9d66603c9c147b9496bf7be4d9e3aa0231c024694ef102dcc094c80c42be5d68d3894c488098c

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\locales\bg.pak

MD5 a19269683a6347e07c55325b9ecc03a4
SHA1 d42989daf1c11fcfff0978a4fb18f55ec71630ec
SHA256 ad65351a240205e881ef5c4cf30ad1bc6b6e04414343583597086b62d48d8a24
SHA512 1660e487df3f3f4ec1cea81c73dca0ab86aaf121252fbd54c7ac091a43d60e1afd08535b082efd7387c12616672e78aa52dddfca01f833abef244284482f2c76

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\locales\ar.pak

MD5 47a6d10b4112509852d4794229c0a03b
SHA1 2fb49a0b07fbdf8d4ce51a7b5a7f711f47a34951
SHA256 857fe3ab766b60a8d82b7b6043137e3a7d9f5cfb8ddd942316452838c67d0495
SHA512 5f5b280261195b8894efae9df2bece41c6c6a72199d65ba633c30d50a579f95fa04916a30db77831f517b22449196d364d6f70d10d6c5b435814184b3bcf1667

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\locales\am.pak

MD5 2009647c3e7aed2c4c6577ee4c546e19
SHA1 e2bbacf95ec3695daae34835a8095f19a782cbcf
SHA256 6d61e5189438f3728f082ad6f694060d7ee8e571df71240dfd5b77045a62954e
SHA512 996474d73191f2d550c516ed7526c9e2828e2853fcfbe87ca69d8b1242eb0dedf04030bbca3e93236bbd967d39de7f9477c73753af263816faf7d4371f363ba3

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\locales\af.pak

MD5 7e51349edc7e6aed122bfa00970fab80
SHA1 eb6df68501ecce2090e1af5837b5f15ac3a775eb
SHA256 f528e698b164283872f76df2233a47d7d41e1aba980ce39f6b078e577fd14c97
SHA512 69da19053eb95eef7ab2a2d3f52ca765777bdf976e5862e8cebbaa1d1ce84a7743f50695a3e82a296b2f610475abb256844b6b9eb7a23a60b4a9fc4eae40346d

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\locales\en-US.pak

MD5 5e3813e616a101e4a169b05f40879a62
SHA1 615e4d94f69625dda81dfaec7f14e9ee320a2884
SHA256 4d207c5c202c19c4daca3fddb2ae4f747f943a8faf86a947eef580e2f2aee687
SHA512 764a271a9cfb674cce41ee7aed0ad75f640ce869efd3c865d1b2d046c9638f4e8d9863a386eba098f5dcedd20ea98bad8bca158b68eb4bdd606d683f31227594

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\locales\en-GB.pak

MD5 d59e613e8f17bdafd00e0e31e1520d1f
SHA1 529017d57c4efed1d768ab52e5a2bc929fdfb97c
SHA256 90e585f101cf0bb77091a9a9a28812694cee708421ce4908302bbd1bc24ac6fd
SHA512 29ff3d42e5d0229f3f17bc0ed6576c147d5c61ce2bd9a2e658a222b75d993230de3ce35ca6b06f5afa9ea44cfc67817a30a87f4faf8dc3a5c883b6ee30f87210

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\locales\es-419.pak

MD5 7f6696cc1e71f84d9ec24e9dc7bd6345
SHA1 36c1c44404ee48fc742b79173f2c7699e1e0301f
SHA256 d1f17508f3a0106848c48a240d49a943130b14bd0feb5ed7ae89605c7b7017d1
SHA512 b226f94f00978f87b7915004a13cdbd23de2401a8afaa2517498538967df89b735f8ecc46870c92e3022cac795218a60ad2b8fff1efad9feea4ec193704a568a

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\locales\et.pak

MD5 a94e1775f91ea8622f82ae5ab5ba6765
SHA1 ff17accdd83ac7fcc630e9141e9114da7de16fdb
SHA256 1606b94aef97047863481928624214b7e0ec2f1e34ec48a117965b928e009163
SHA512 a2575d2bd50494310e8ef9c77d6c1749420dfbe17a91d724984df025c47601976af7d971ecae988c99723d53f240e1a6b3b7650a17f3b845e3daeefaaf9fe9b9

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\locales\es.pak

MD5 a36992d320a88002697da97cd6a4f251
SHA1 c1f88f391a40ccf2b8a7b5689320c63d6d42935f
SHA256 c5566b661675b613d69a507cbf98768bc6305b80e6893dc59651a4be4263f39d
SHA512 9719709229a4e8f63247b3efe004ecfeb5127f5a885234a5f78ee2b368f9e6c44eb68a071e26086e02aa0e61798b7e7b9311d35725d3409ffc0e740f3aa3b9b5

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\locales\lv.pak

MD5 e4f7d9e385cb525e762ece1aa243e818
SHA1 689d784379bac189742b74cd8700c687feeeded1
SHA256 523d141e59095da71a41c14aec8fe9ee667ae4b868e0477a46dd18a80b2007ef
SHA512 e4796134048cd12056d746f6b8f76d9ea743c61fee5993167f607959f11fd3b496429c3e61ed5464551fd1931de4878ab06f23a3788ee34bb56f53db25bcb6df

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\locales\lt.pak

MD5 980c27fd74cc3560b296fe8e7c77d51f
SHA1 f581efa1b15261f654588e53e709a2692d8bb8a3
SHA256 41e0f3619cda3b00abbbf07b9cd64ec7e4785ed4c8a784c928e582c3b6b8b7db
SHA512 51196f6f633667e849ef20532d57ec81c5f63bab46555cea8fab2963a078acdfa84843eded85c3b30f49ef3ceb8be9e4ef8237e214ef9ecff6373a84d395b407

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\locales\ko.pak

MD5 b4fbff56e4974a7283d564c6fc0365be
SHA1 de68bd097def66d63d5ff04046f3357b7b0e23ac
SHA256 8c9acde13edcd40d5b6eb38ad179cc27aa3677252a9cd47990eba38ad42833e5
SHA512 0698aa058561bb5a8fe565bb0bec21548e246dbb9d38f6010e9b0ad9de0f59bce9e98841033ad3122a163dd321ee4b11ed191277cdcb8e0b455d725593a88aa5

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\locales\kn.pak

MD5 c548a5f1fb5753408e44f3f011588594
SHA1 e064ab403972036dad1b35abe9794e95dbe4cc00
SHA256 890f50a57b862f482d367713201e1e559ac778fc3a36322d1dfbbef2535dd9cb
SHA512 6975e4bb1a90e0906cf6266f79da6cc4ae32f72a6141943bcfcf9b33f791e9751a9aafde9ca537f33f6ba8e4d697125fbc2ec4ffd3bc35851f406567dae7e631

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\locales\ja.pak

MD5 d10d536bcd183030ba07ff5c61bf5e3a
SHA1 44dd78dba9f098ac61222eb9647d111ad1608960
SHA256 2a3d3abc9f80bad52bd6da5769901e7b9e9f052b6a58a7cc95ce16c86a3aa85a
SHA512 c67aede9ded1100093253e350d6137ab8b2a852bd84b6c82ba1853f792e053cecd0ea0519319498aed5759bedc66d75516a4f2f7a07696a0cef24d5f34ef9dd2

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\locales\it.pak

MD5 d58a43068bf847c7cd6284742c2f7823
SHA1 497389765143fac48af2bd7f9a309bfe65f59ed9
SHA256 265d8b1bc479ad64fa7a41424c446139205af8029a2469d558813edd10727f9c
SHA512 547a1581dda28c5c1a0231c736070d8a7b53a085a0ce643a4a1510c63a2d4670ff2632e9823cd25ae2c7cdc87fa65883e0a193853890d4415b38056cb730ab54

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\locales\id.pak

MD5 7b39423028da71b4e776429bb4f27122
SHA1 cb052ab5f734d7a74a160594b25f8a71669c38f2
SHA256 3d95c5819f57a0ad06a118a07e0b5d821032edcf622df9b10a09da9aa974885f
SHA512 e40679b01ab14b6c8dfdce588f3b47bcaff55dbb1539b343f611b3fcbd1d0e7d8c347a2b928215a629f97e5f68d19c51af775ec27c6f906cac131beae646ce1a

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\locales\hu.pak

MD5 f5e1ca8a14c75c6f62d4bff34e27ddb5
SHA1 7aba6bff18bdc4c477da603184d74f054805c78f
SHA256 c0043d9fa0b841da00ec1672d60015804d882d4765a62b6483f2294c3c5b83e0
SHA512 1050f96f4f79f681b3eaf4012ec0e287c5067b75ba7a2cbe89d9b380c07698099b156a0eb2cbc5b8aa336d2daa98e457b089935b534c4d6636987e7e7e32b169

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\locales\hr.pak

MD5 8f9498d18d90477ad24ea01a97370b08
SHA1 3868791b549fc7369ab90cd27684f129ebd628be
SHA256 846943f77a425f3885689dcf12d62951c5b7646e68eadc533b8b5c2a1373f02e
SHA512 3c66a84592debe522f26c48b55c04198ad8a16c0dcfa05816825656c76c1c6cccf5767b009f20ecb77d5a589ee44b0a0011ec197fec720168a6c72c71ebf77fd

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\locales\ru.pak

MD5 ab9902025dcf7d5408bf6377b046272b
SHA1 c9496e5af3e2a43377290a4883c0555e27b1f10f
SHA256 983b15dcc31d0e9a3da78cd6021e5add2a3c2247322aded9454a5d148d127aae
SHA512 d255d5f5b6b09af2cdec7b9c171eebb1de1094cc5b4ddf43a3d4310f8f5f223ac48b8da97a07764d1b44f1d4a14fe3a0c92a0ce6fe9a4ae9a6b4a342e038f842

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\locales\ro.pak

MD5 99eaa3d101354088379771fd85159de1
SHA1 a32db810115d6dcf83a887e71d5b061b5eefe41f
SHA256 33f4c20f7910bc3e636bc3bec78f4807685153242dd4bc77648049772cf47423
SHA512 c6f87da1b5c156aa206dc21a9da3132cbfb0e12e10da7dc3b60363089de9e0124bbad00a233e61325348223fc5953d4f23e46fe47ec8e7ca07702ac73f3fd2e9

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\locales\pt-PT.pak

MD5 6a7232f316358d8376a1667426782796
SHA1 8b70fe0f3ab2d73428f19ecd376c5deba4a0bb6c
SHA256 6a526cd5268b80df24104a7f40f55e4f1068185febbbb5876ba2cb7f78410f84
SHA512 40d24b3d01e20ae150083b00bb6e10bca81737c48219bce22fa88faaad85bdc8c56ac9b1eb01854173b0ed792e34bdfbac26d3605b6a35c14cf2824c000d0da1

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\locales\pt-BR.pak

MD5 0d9dea9e24645c2a3f58e4511c564a36
SHA1 dcd2620a1935c667737eea46ca7bb2bdcb31f3a6
SHA256 ca7b880391fcd319e976fcc9b5780ea71de655492c4a52448c51ab2170eeef3b
SHA512 8fcf871f8be7727e2368df74c05ca927c5f0bc3484c4934f83c0abc98ecaf774ad7aba56e1bf17c92b1076c0b8eb9c076cc949cd5427efcade9ddf14f6b56bc5

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\locales\pl.pak

MD5 18d49d5376237bb8a25413b55751a833
SHA1 0b47a7381de61742ac2184850822c5fa2afa559e
SHA256 1729aa5c8a7e24a0db98febcc91df8b7b5c16f9b6bb13a2b0795038f2a14b981
SHA512 45344a533cc35c8ce05cf29b11da6c0f97d8854dae46cf45ef7d090558ef95c3bd5fdc284d9a7809f0b2bf30985002be2aa6a4749c0d9ae9bdff4ad13de4e570

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\locales\nl.pak

MD5 181d2a0ece4b67281d9d2323e9b9824d
SHA1 e8bdc53757e96c12f3cd256c7812532dd524a0ea
SHA256 6629e68c457806621ed23aa53b3675336c3e643f911f8485118a412ef9ed14ce
SHA512 10d8cc9411ca475c9b659a2cc88d365e811217d957c82d9c144d94843bc7c7a254ee2451a6f485e92385a660fa01577cffa0d64b6e9e658a87bef8fccbbeaf7e

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\locales\nb.pak

MD5 af0fd9179417ba1d7fcca3cc5bee1532
SHA1 f746077bbf6a73c6de272d5855d4f1ca5c3af086
SHA256 e900f6d0dd9d5a05b5297618f1fe1600c189313da931a9cb390ee42383eb070f
SHA512 c94791d6b84200b302073b09357abd2a1d7576b068bae01dccda7bc154a6487145c83c9133848ccf4cb9e6dc6c5a9d4be9d818e5a0c8f440a4e04ae8eabd4a29

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\locales\ms.pak

MD5 9b3e2f3c49897228d51a324ab625eb45
SHA1 8f3daec46e9a99c3b33e3d0e56c03402ccc52b9d
SHA256 61a3daae72558662851b49175c402e9fe6fd1b279e7b9028e49506d9444855c5
SHA512 409681829a861cd4e53069d54c80315e0c8b97e5db4cd74985d06238be434a0f0c387392e3f80916164898af247d17e8747c6538f08c0ef1c5e92a7d1b14f539

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\locales\mr.pak

MD5 c0ef1866167d926fb351e9f9bf13f067
SHA1 6092d04ef3ce62be44c29da5d0d3a04985e2bc04
SHA256 88df231cf2e506db3453f90a797194662a5f85e23bbac2ed3169d91a145d2091
SHA512 9e2b90f3ac1ae5744c22c2442fbcd86a8496afc2c58f6ca060d6dbb08af6f7411ef910a7c8ca5aedee99b5443d4dff709c7935e8322cb32f8b071ee59caee733

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\locales\ml.pak

MD5 8b38c65fc30210c7af9b6fa0424266f4
SHA1 116413710ffcf94fbfa38cb97a47731e43a306f5
SHA256 e8df9a74417c5839c531d7ccab63884a80afb731cc62cbbb3fd141779086ac7d
SHA512 0fd349c644ac1a2e7ed0247e40900d3a9957f5bef1351b872710d02687c934a8e63d3a7585e91f7df78054aeff8f7abd8c93a94fcd20c799779a64278bab2097

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\locales\hi.pak

MD5 1766a05be4dc634b3321b5b8a142c671
SHA1 b959bcadc3724ae28b5fe141f3b497f51d1e28cf
SHA256 0eee8e751b5b0af1e226106beb09477634f9f80774ff30894c0f5a12b925ac35
SHA512 faec1d6166133674a56b5e38a68f9e235155cc910b5cceb3985981b123cc29eda4cd60b9313ab787ec0a8f73bf715299d9bf068e4d52b766a7ab8808bd146a39

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\locales\ta.pak

MD5 7006691481966109cce413f48a349ff2
SHA1 6bd243d753cf66074359abe28cfae75bcedd2d23
SHA256 24ea4028da66a293a43d27102012235198f42a1e271fe568c7fd78490a3ee647
SHA512 e12c0d1792a28bf4885e77185c2a0c5386438f142275b8f77317eb8a5cee994b3241bb264d9502d60bfbce9cf8b3b9f605c798d67819259f501719d054083bea

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\locales\sw.pak

MD5 39277ae2d91fdc1bd38bea892b388485
SHA1 ff787fb0156c40478d778b2a6856ad7b469bd7cb
SHA256 6d6d095a1b39c38c273be35cd09eb1914bd3a53f05180a3b3eb41a81ae31d5d3
SHA512 be2d8fbedaa957f0c0823e7beb80de570edd0b8e7599cf8f2991dc671bdcbbbe618c15b36705d83be7b6e9a0d32ec00f519fc8543b548422ca8dcf07c0548ab4

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\locales\sv.pak

MD5 502e4a8b3301253abe27c4fd790fbe90
SHA1 17abcd7a84da5f01d12697e0dffc753ffb49991a
SHA256 7d72e3adb35e13ec90f2f4271ad2a9b817a2734da423d972517f3cff299165fd
SHA512 bd270abaf9344c96b0f63fc8cec04f0d0ac9fc343ab5a80f5b47e4b13b8b1c0c4b68f19550573a1d965bb18a27edf29f5dd592944d754b80ea9684dbcedea822

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\locales\tr.pak

MD5 3a858619502c68d5f7de599060f96db9
SHA1 80a66d9b5f1e04cda19493ffc4a2f070200e0b62
SHA256 d81f28f69da0036f9d77242b2a58b4a76f0d5c54b3e26ee96872ac54d7abb841
SHA512 39a7ec0dfe62bcb3f69ce40100e952517b5123f70c70b77b4c9be3d98296772f10d3083276bc43e1db66ed4d9bfa385a458e829ca2a7d570825d7a69e8fbb5f4

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\locales\th.pak

MD5 2c41616dfe7fcdb4913cfafe5d097f95
SHA1 cf7d9e8ad3aa47d683e47f116528c0e4a9a159b0
SHA256 f11041c48831c93aa11bbf885d330739a33a42db211daccf80192668e2186ed3
SHA512 97329717e11bc63456c56022a7b7f5da730da133e3fc7b2cc660d63a955b1a639c556b857c039a004f92e5f35be61bf33c035155be0a361e3cd6d87b549df811

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\locales\te.pak

MD5 f809bf5184935c74c8e7086d34ea306c
SHA1 709ab3decff033cf2fa433ecc5892a7ac2e3752e
SHA256 9bbfa7a9f2116281bf0af1e8ffb279d1aa97ac3ed9ebc80c3ade19e922d7e2d4
SHA512 de4b14dd6018fdbdf5033abda4da2cb9f5fcf26493788e35d88c07a538b84fdd663ee20255dfd9c1aac201f0cce846050d2925c55bf42d4029cb78b057930acd

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\locales\sr.pak

MD5 cbb817a58999d754f99582b72e1ae491
SHA1 6ec3fd06dee0b1fe5002cb0a4fe8ec533a51f9fd
SHA256 4bd7e466cb5f5b0a451e1192aa1abaaf9526855a86d655f94c9ce2183ec80c25
SHA512 efef29cedb7b08d37f9df1705d36613f423e994a041b137d5c94d2555319ffb068bb311884c9d4269b0066746dacd508a7d01df40a8561590461d5f02cb52f8b

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\locales\sl.pak

MD5 d4bd9f20fd29519d6b017067e659442c
SHA1 782283b65102de4a0a61b901dea4e52ab6998f22
SHA256 f33afa6b8df235b09b84377fc3c90403c159c87edd8cd8004b7f6edd65c85ce6
SHA512 adf8d8ec17e8b05771f47b19e8027f88237ad61bca42995f424c1f5bd6efa92b23c69d363264714c1550b9cd0d03f66a7cfb792c3fbf9d5c173175b0a8c039dc

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\locales\sk.pak

MD5 c6c7396dbfb989f034d50bd053503366
SHA1 089f176b88235cce5bca7abfcc78254e93296d61
SHA256 439f7d6c23217c965179898754edcef8fd1248bdd9b436703bf1ff710701117a
SHA512 1476963f47b45d2d26536706b7eeba34cfae124a3087f7727c4efe0f19610f94393012cda462060b1a654827e41f463d7226afa977654dcd85b27b7f8d1528eb

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\locales\he.pak

MD5 6d787dc113adfb6a539674af7d6195db
SHA1 f966461049d54c61cdd1e48ef1ea0d3330177768
SHA256 a976fad1cc4eb29709018c5ffcc310793a7ceb2e69c806454717ccae9cbc4d21
SHA512 6748dad2813fc544b50ddea0481b5ace3eb5055fb2d985ca357403d3b799618d051051b560c4151492928d6d40fce9bb33b167217c020bdcc3ed4cae58f6b676

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\locales\gu.pak

MD5 7b5f52f72d3a93f76337d5cf3168ebd1
SHA1 00d444b5a7f73f566e98abadf867e6bb27433091
SHA256 798ea5d88a57d1d78fa518bf35c5098cbeb1453d2cb02ef98cd26cf85d927707
SHA512 10c6f4faab8ccb930228c1d9302472d0752be19af068ec5917249675b40f22ab24c3e29ec3264062826113b966c401046cff70d91e7e05d8aadcc0b4e07fec9b

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\locales\fr.pak

MD5 0bf28aff31e8887e27c4cd96d3069816
SHA1 b5313cf6b5fbce7e97e32727a3fae58b0f2f5e97
SHA256 2e1d413442def9cae2d93612e3fd04f3afaf3dd61e4ed7f86400d320af5500c2
SHA512 95172b3b1153b31fceb4b53681635a881457723cd1000562463d2f24712267b209b3588c085b89c985476c82d9c27319cb6378619889379da4fae1595cb11992

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\locales\fil.pak

MD5 3165351c55e3408eaa7b661fa9dc8924
SHA1 181bee2a96d2f43d740b865f7e39a1ba06e2ca2b
SHA256 2630a9d5912c8ef023154c6a6fb5c56faf610e1e960af66abef533af19b90caa
SHA512 3b1944ea3cfcbe98d4ce390ea3a8ff1f6730eb8054e282869308efe91a9ddcd118290568c1fc83bd80e8951c4e70a451e984c27b400f2bde8053ea25b9620655

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\locales\fi.pak

MD5 d4b776267efebdcb279162c213f3db22
SHA1 7236108af9e293c8341c17539aa3f0751000860a
SHA256 297e3647eaf9b3b95cf833d88239919e371e74cc345a2e48a5033ebe477cd54e
SHA512 1dc7d966d12e0104aacb300fd4e94a88587a347db35ad2327a046ef833fb354fd9cbe31720b6476db6c01cfcb90b4b98ce3cd995e816210b1438a13006624e8f

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\locales\fa.pak

MD5 9d273af70eafd1b5d41f157dbfb94fdc
SHA1 da98bde34b59976d4514ff518bd977a713ea4f2e
SHA256 319d1e20150d4e3f496309ba82fce850e91378ee4b0c7119a003a510b14f878b
SHA512 0a892071bea92cc7f1a914654bc4f9da6b9c08e3cb29bb41e9094f6120ddc7a08a257c0d2b475c98e7cdcf604830e582cf2a538cc184056207f196ffc43f29ad

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\locales\ur.pak

MD5 ff0a23974aef88afc86ecc806dbf1d60
SHA1 e7bae97cbb8692a0d106644dfaa9b7d7ea6fcef0
SHA256 f245ab242aafeef37db736c780476534fad0706aa66dcb8b6b8cd181b4778385
SHA512 aabe8160fac7e0eb8e8eb80963fe995fa4a802147d1b8f605bc0fe3f8e2474463c1d313471c11c85eb5578112232fdc8e89b8a6d43dbe38a328538ff30a78d08

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\locales\zh-TW.pak

MD5 524711882cbfb5b95a63ef48f884cff0
SHA1 1078037687cfc5d038eeb8b63d295239e0edc47a
SHA256 9e16499cd96a155d410c8df4c812c52ff2a750f8c4db87fd891c1e58c1428c78
SHA512 16d45a81f7f4606eda9d12a8b1da06e3c866b11bdc0c92a4022bfb8d02b885d8f028457cf23e3f7589dfd191ed7f7fbc68c81b6e1411834edfcbc9cc85e0dc4d

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\locales\zh-CN.pak

MD5 20f315d38e3b2edc5832931e7770b62a
SHA1 2390bd585dec1e884873454bb98b6f1467dcf7bb
SHA256 53a803724bbf2e7f40aab860325c348f786eeca1ea5ca39a76b4c4a616e3233f
SHA512 c338e241de3561707c7c275b7d6e0fb16185a8cd7112057c08b74ffce122148ef693fe310c839ff93f102726a78e61de3e68c8e324f445a07a98ee9c4fdd4e13

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\locales\vi.pak

MD5 3fe6f90f1f990aed508deda3810ce8c2
SHA1 3b86f00666d55e984b4aca1a5e8319ffa8f411ff
SHA256 5eebb23221aebcf0be01bfc2695f7dd35b17f6769be1e28e5610d35c9717854b
SHA512 9aa9d55f112c8b32aa636086cfd2161d97ea313cac1a44101014128124a03504c992ac8efd265aba4e91787aef7134a14507a600f5ec96ff82df950a8883828c

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\locales\uk.pak

MD5 ee70e9f3557b9c8c67bfb8dfcb51384d
SHA1 fc4dfc35cde1a00f97eefe5e0a2b9b9c0149751e
SHA256 54324671a161f6d67c790bfd29349db2e2d21f5012dc97e891f8f5268bdf7e22
SHA512 f4e1da71cb0485851e8ebcd5d5cf971961737ad238353453db938b4a82a68a6bbaf3de7553f0ff1f915a0e6640a3e54f5368d9154b0a4ad38e439f5808c05b9f

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\resources\elevate.exe

MD5 792b92c8ad13c46f27c7ced0810694df
SHA1 d8d449b92de20a57df722df46435ba4553ecc802
SHA256 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
SHA512 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

C:\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\7z-out\resources\app.asar

MD5 a42dd0974f64631df98a8915d61df624
SHA1 ba29b4c0bc6f7355c25dd250eb9d7b6c25b67628
SHA256 823398a4ee59260c3b5d0b7c951483fbca2d0891ac8e6dcada74dc359528b87e
SHA512 27189bff087b4c546a2e7f7f7cd6651f004538205196863a7261e1c2c7573cb5714ddd284445e1aec0f33f720de01d687e8408b90bf57670bea314ccfef2d8bf

\Users\Admin\AppData\Local\Temp\nsuC5C7.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe

MD5 62e24a1f94bd66049b54ff28834e153e
SHA1 26a54a44b6bb6b5ba4962a661b8ebceef255a4b5
SHA256 3801d4a82ed4da1ee834966e6c7eef02ea71fbab88fb76a5e2d2383aba8570f2
SHA512 9f30c7b4dda5f1c845b71c68b3d2e83897d10e15cef970c5e9ecfa4939fb74e7c5bfee647ca8f409d714fc08d14f2efb7067a7ce4a64e68658dfaefa93117fa4

\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\ffmpeg.dll

MD5 1bb0e1140ef08440ad47d80b70dbf742
SHA1 c2e4243bad76b465b5ab39865ac023db1632d6b0
SHA256 c0d9edde3864d9450744f4bc526a98608b629aeed01c6647f600802e1b1cf671
SHA512 29d71e3bd7df7014a03e26ca6ee5b59ff6e3d06096742fae5dec6282abd1f0d2f24c886a503e3a691d38cc68e0da504a7f657dcec4758b640a1a523d3eeaa57a

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\ffmpeg.dll

MD5 1bb0e1140ef08440ad47d80b70dbf742
SHA1 c2e4243bad76b465b5ab39865ac023db1632d6b0
SHA256 c0d9edde3864d9450744f4bc526a98608b629aeed01c6647f600802e1b1cf671
SHA512 29d71e3bd7df7014a03e26ca6ee5b59ff6e3d06096742fae5dec6282abd1f0d2f24c886a503e3a691d38cc68e0da504a7f657dcec4758b640a1a523d3eeaa57a

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\v8_context_snapshot.bin

MD5 4f4d00247758c684c295243ddedd2948
SHA1 f8e8fc6c22fde9df1d60c329e38b38a85f96bb69
SHA256 4ea84c4465eea20b46e6ded30f711f1e0d61e15574d861b0210819abd5e895e5
SHA512 2c335672979114bd68ff6f1b1b94235fbf072fe8642cad1f7d61855b92741f0633fa0ccb77cd520be560db2d3ac75f9be08e22806487bf5d3045781e3903ad45

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\icudtl.dat

MD5 d89ce8c00659d8e5d408c696ee087ce3
SHA1 49fc8109960be3bb32c06c3d1256cb66dded19a8
SHA256 9dfbe0dad5c7021cfe8df7f52458c422cbc5be9e16ff33ec90665bb1e3f182de
SHA512 db097ce3eb9e132d0444df79b167a7dcb2df31effbbd3df72da3d24ae2230cc5213c6df5e575985a9918fbd0a6576e335b6ebc12b6258bc93fa205399de64c37

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\resources\app.asar

MD5 a42dd0974f64631df98a8915d61df624
SHA1 ba29b4c0bc6f7355c25dd250eb9d7b6c25b67628
SHA256 823398a4ee59260c3b5d0b7c951483fbca2d0891ac8e6dcada74dc359528b87e
SHA512 27189bff087b4c546a2e7f7f7cd6651f004538205196863a7261e1c2c7573cb5714ddd284445e1aec0f33f720de01d687e8408b90bf57670bea314ccfef2d8bf

\Users\Admin\AppData\Local\Temp\542f6aa9-18a3-4544-a952-7cee33b82e04.tmp.node

MD5 e218cb94b794e60c15f6657ee71f7a53
SHA1 06ccfe40133736d73cc4a8aa5eaf2eabc227afee
SHA256 4b1552f36d3253b98c2d2b3da3f03d080c419ceb3996b22c04c6fb92bba90293
SHA512 59d5700cd55b28df224cfd5ff67dc84efb0f709c19a60c29031d4748b9cc8d034fc4466af62aec4878f21caeff6cd3b7858676759823cd16a6b43b8ea602258e

\Users\Admin\AppData\Local\Temp\7c8c9c24-b150-4aaf-acc6-1ea76d49d89b.tmp.node

MD5 c09b7e30167c35d52f41ecee2954d3ef
SHA1 cecaa1fd65aefe9be4de23dfe10ca37b6737a0d5
SHA256 decc233a25e7c862c9880826096a854fde6d5b1789c20040964957f574988ce7
SHA512 1bfb05c6af6a4b1dbf25685e3ea1e974206c0698176cc34c5723caa57f2db8f72510e75f5ea19700c40c5963cb4f8458a7b61f78347fd89cfcea766f2cc8a321

\Users\Admin\AppData\Local\Temp\48bf01f2-9459-43f6-bef6-14caa69e4d2d.tmp.node

MD5 e8f61500827abc8226e623ae3d10b1ca
SHA1 8caea1db03c3f7d70ed30982835db0c22acfb723
SHA256 63e1d531c5f01947cc62c66cddbceedf36fe8aafd5cd9a10e4e17cfc3f6786e1
SHA512 5ca0590c2c98a69505f04a0d487bcd08c92bd8ab35473ddc90ecff5b7a0c425a9941b5d81d6e0b17f470278deff69fc1ad2ac04eacdc0bfe94ddc986e00f8cf1

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\chrome_100_percent.pak

MD5 acd0fa0a90b43cd1c87a55a991b4fac3
SHA1 17b84e8d24da12501105b87452f86bfa5f9b1b3c
SHA256 ccbca246b9a93fa8d4f01a01345e7537511c590e4a8efd5777b1596d10923b4b
SHA512 3e4c4f31c6c7950d5b886f6a8768077331a8f880d70b905cf7f35f74be204c63200ff4a88fa236abccc72ec0fc102c14f50dd277a30f814f35adfe5a7ae3b774

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\chrome_200_percent.pak

MD5 4610337e3332b7e65b73a6ea738b47df
SHA1 8d824c9cf0a84ab902e8069a4de9bf6c1a9aaf3b
SHA256 c91abf556e55c29d1ea9f560bb17cc3489cb67a5d0c7a22b58485f5f2fbcf25c
SHA512 039b50284d28dcd447e0a486a099fa99914d29b543093cccda77bbefdd61f7b7f05bb84b2708ae128c5f2d0c0ab19046d08796d1b5a1cff395a0689ab25ccb51

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\resources.pak

MD5 7d5065ecba284ed704040fca1c821922
SHA1 095fcc890154a52ad1998b4b1e318f99b3e5d6b8
SHA256 a10c3d236246e001cb9d434a65fc3e8aa7acddddd9608008db5c5c73dee0ba1f
SHA512 521b2266e3257adaa775014f77b0d512ff91b087c2572359d68ffe633b57a423227e3d5af8ee4494538f1d09aa45ffa1fe8e979814178512c37f7088ddd7995d

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\locales\en-US.pak

MD5 5e3813e616a101e4a169b05f40879a62
SHA1 615e4d94f69625dda81dfaec7f14e9ee320a2884
SHA256 4d207c5c202c19c4daca3fddb2ae4f747f943a8faf86a947eef580e2f2aee687
SHA512 764a271a9cfb674cce41ee7aed0ad75f640ce869efd3c865d1b2d046c9638f4e8d9863a386eba098f5dcedd20ea98bad8bca158b68eb4bdd606d683f31227594

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe

MD5 62e24a1f94bd66049b54ff28834e153e
SHA1 26a54a44b6bb6b5ba4962a661b8ebceef255a4b5
SHA256 3801d4a82ed4da1ee834966e6c7eef02ea71fbab88fb76a5e2d2383aba8570f2
SHA512 9f30c7b4dda5f1c845b71c68b3d2e83897d10e15cef970c5e9ecfa4939fb74e7c5bfee647ca8f409d714fc08d14f2efb7067a7ce4a64e68658dfaefa93117fa4

\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\ffmpeg.dll

MD5 1bb0e1140ef08440ad47d80b70dbf742
SHA1 c2e4243bad76b465b5ab39865ac023db1632d6b0
SHA256 c0d9edde3864d9450744f4bc526a98608b629aeed01c6647f600802e1b1cf671
SHA512 29d71e3bd7df7014a03e26ca6ee5b59ff6e3d06096742fae5dec6282abd1f0d2f24c886a503e3a691d38cc68e0da504a7f657dcec4758b640a1a523d3eeaa57a

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe

MD5 62e24a1f94bd66049b54ff28834e153e
SHA1 26a54a44b6bb6b5ba4962a661b8ebceef255a4b5
SHA256 3801d4a82ed4da1ee834966e6c7eef02ea71fbab88fb76a5e2d2383aba8570f2
SHA512 9f30c7b4dda5f1c845b71c68b3d2e83897d10e15cef970c5e9ecfa4939fb74e7c5bfee647ca8f409d714fc08d14f2efb7067a7ce4a64e68658dfaefa93117fa4

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\libglesv2.dll

MD5 44f7c21b6010048e0dcdc43d83ebd357
SHA1 d0a4dfd8dbae1a8421c3043315d78ecd84502b16
SHA256 f6259a9b9c284ee5916447dd9d0ba051c2908c9d3662d42d8bbe6ce6d65a37de
SHA512 7e03538dd8e798d0e808a8fc6e149e83de9f8404e839900f6c9535da6aac8ef4d5c31044e547dde34dcece1255fab9a9255fa069a99fcb08e49785d812b3887c

\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\vulkan-1.dll

MD5 a947c5d8fec95a0f24b4143ced301209
SHA1 ebf3089985377a58b8431a14e22a814857287aaf
SHA256 29cb256921a1b0f222c82650469d534ccdf038d1f395b3aaa9f1086918f5d3fa
SHA512 75f5e055f4422b5558fc1cb3ea84fb7cbeaae6f71c786cc06c295d4ab51c0b1c84e28a7c89fe544f007dbe8e612bed4059139f1575934fe4bac8e538c674ebd3

\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\vk_swiftshader.dll

MD5 65a5705d95a0820740b3396851ff1751
SHA1 a692a80bafc41ba1b29ef19890f8465b3fb20dcb
SHA256 4c4b935cbb320033f504a89b1eb0a4bcb176bbd46a5981153cb1f54deb146a1c
SHA512 0c5df23b96eaf952c4a498ff6d854df2b62e7631b16c2855ed37ddbadffba3dd52e7450f2e06cf094bec2e0d70d14c87a652150766d90ec8662e03123df5942d

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\vk_swiftshader.dll

MD5 65a5705d95a0820740b3396851ff1751
SHA1 a692a80bafc41ba1b29ef19890f8465b3fb20dcb
SHA256 4c4b935cbb320033f504a89b1eb0a4bcb176bbd46a5981153cb1f54deb146a1c
SHA512 0c5df23b96eaf952c4a498ff6d854df2b62e7631b16c2855ed37ddbadffba3dd52e7450f2e06cf094bec2e0d70d14c87a652150766d90ec8662e03123df5942d

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\vulkan-1.dll

MD5 a947c5d8fec95a0f24b4143ced301209
SHA1 ebf3089985377a58b8431a14e22a814857287aaf
SHA256 29cb256921a1b0f222c82650469d534ccdf038d1f395b3aaa9f1086918f5d3fa
SHA512 75f5e055f4422b5558fc1cb3ea84fb7cbeaae6f71c786cc06c295d4ab51c0b1c84e28a7c89fe544f007dbe8e612bed4059139f1575934fe4bac8e538c674ebd3

\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\libEGL.dll

MD5 e0a5d1a5d55dffb55513acb736cef1c1
SHA1 307fc023790af5bf3d45678de985e8e9f34896f7
SHA256 aa5da4005c76cfe5195b69282b2ad249d7dc2300bbc979592bd67315fc30c669
SHA512 094e23869fd42c60f83e0f4d1a2cd1a29d2efd805ac02a01ce9700b8e7b0e39e52fe86503264a0298c85f0d02b38620f1e773f2ea981f3049aeba3104b04253f

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\libegl.dll

MD5 e0a5d1a5d55dffb55513acb736cef1c1
SHA1 307fc023790af5bf3d45678de985e8e9f34896f7
SHA256 aa5da4005c76cfe5195b69282b2ad249d7dc2300bbc979592bd67315fc30c669
SHA512 094e23869fd42c60f83e0f4d1a2cd1a29d2efd805ac02a01ce9700b8e7b0e39e52fe86503264a0298c85f0d02b38620f1e773f2ea981f3049aeba3104b04253f

\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\libGLESv2.dll

MD5 44f7c21b6010048e0dcdc43d83ebd357
SHA1 d0a4dfd8dbae1a8421c3043315d78ecd84502b16
SHA256 f6259a9b9c284ee5916447dd9d0ba051c2908c9d3662d42d8bbe6ce6d65a37de
SHA512 7e03538dd8e798d0e808a8fc6e149e83de9f8404e839900f6c9535da6aac8ef4d5c31044e547dde34dcece1255fab9a9255fa069a99fcb08e49785d812b3887c

\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\d3dcompiler_47.dll

MD5 3b4647bcb9feb591c2c05d1a606ed988
SHA1 b42c59f96fb069fd49009dfd94550a7764e6c97c
SHA256 35773c397036b368c1e75d4e0d62c36d98139ebe74e42c1ff7be71c6b5a19fd7
SHA512 00cd443b36f53985212ac43b44f56c18bf70e25119bbf9c59d05e2358ff45254b957f1ec63fc70fb57b1726fd8f76ccfad8103c67454b817a4f183f9122e3f50

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\D3DCompiler_47.dll

MD5 3b4647bcb9feb591c2c05d1a606ed988
SHA1 b42c59f96fb069fd49009dfd94550a7764e6c97c
SHA256 35773c397036b368c1e75d4e0d62c36d98139ebe74e42c1ff7be71c6b5a19fd7
SHA512 00cd443b36f53985212ac43b44f56c18bf70e25119bbf9c59d05e2358ff45254b957f1ec63fc70fb57b1726fd8f76ccfad8103c67454b817a4f183f9122e3f50

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe

MD5 62e24a1f94bd66049b54ff28834e153e
SHA1 26a54a44b6bb6b5ba4962a661b8ebceef255a4b5
SHA256 3801d4a82ed4da1ee834966e6c7eef02ea71fbab88fb76a5e2d2383aba8570f2
SHA512 9f30c7b4dda5f1c845b71c68b3d2e83897d10e15cef970c5e9ecfa4939fb74e7c5bfee647ca8f409d714fc08d14f2efb7067a7ce4a64e68658dfaefa93117fa4

\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\ffmpeg.dll

MD5 1bb0e1140ef08440ad47d80b70dbf742
SHA1 c2e4243bad76b465b5ab39865ac023db1632d6b0
SHA256 c0d9edde3864d9450744f4bc526a98608b629aeed01c6647f600802e1b1cf671
SHA512 29d71e3bd7df7014a03e26ca6ee5b59ff6e3d06096742fae5dec6282abd1f0d2f24c886a503e3a691d38cc68e0da504a7f657dcec4758b640a1a523d3eeaa57a

memory/3504-704-0x0000000006F80000-0x0000000006FB6000-memory.dmp

memory/3504-703-0x00000000070C0000-0x00000000070D0000-memory.dmp

memory/3504-705-0x00000000070C0000-0x00000000070D0000-memory.dmp

memory/3504-706-0x0000000007700000-0x0000000007D28000-memory.dmp

memory/3504-707-0x00000000076A0000-0x00000000076C2000-memory.dmp

memory/3504-708-0x0000000007F80000-0x0000000007FE6000-memory.dmp

memory/3504-709-0x0000000007F00000-0x0000000007F66000-memory.dmp

memory/3504-710-0x0000000008080000-0x00000000083D0000-memory.dmp

memory/3504-711-0x0000000008450000-0x000000000846C000-memory.dmp

memory/3504-712-0x0000000008480000-0x00000000084CB000-memory.dmp

memory/3504-713-0x00000000087A0000-0x0000000008816000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_5ts4geze.k5o.ps1

MD5 c4ca4238a0b923820dcc509a6f75849b
SHA1 356a192b7913b04c54574d18c28d46e6395428ab
SHA256 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA512 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

memory/3504-728-0x0000000009880000-0x0000000009914000-memory.dmp

memory/3504-729-0x0000000009540000-0x000000000955A000-memory.dmp

memory/3504-730-0x00000000095B0000-0x00000000095D2000-memory.dmp

memory/3504-731-0x0000000009E20000-0x000000000A31E000-memory.dmp

memory/3504-732-0x00000000099C0000-0x0000000009A52000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log

MD5 1b7f2d0c97746c57ef6693e1ffc972c5
SHA1 625624baeae6d019b41e20335f2eab9da9af06ba
SHA256 25755533a50bb3934dc069ffde969f9895914edfb55f7ff800183a7d04460794
SHA512 c9ca27871eeca5e318420403010eb3ec497a588e5ffd6da4de9be6864a290a91b85a4b264919e22ababf445b909f57bb3d332399998342313278ceeb68e88f0b

memory/668-760-0x0000000007410000-0x0000000007420000-memory.dmp

memory/668-756-0x0000000007410000-0x0000000007420000-memory.dmp

memory/1064-764-0x0000000006860000-0x0000000006870000-memory.dmp

memory/1416-765-0x0000000006CF0000-0x0000000006D00000-memory.dmp

memory/1416-766-0x0000000006CF0000-0x0000000006D00000-memory.dmp

memory/4196-767-0x0000000007080000-0x0000000007090000-memory.dmp

memory/1040-769-0x00000000047F0000-0x0000000004800000-memory.dmp

memory/4196-768-0x0000000007080000-0x0000000007090000-memory.dmp

memory/1064-763-0x0000000006860000-0x0000000006870000-memory.dmp

memory/376-770-0x0000000004BC0000-0x0000000004BD0000-memory.dmp

memory/376-772-0x0000000004BC0000-0x0000000004BD0000-memory.dmp

memory/604-773-0x0000000006860000-0x0000000006870000-memory.dmp

memory/604-774-0x0000000006860000-0x0000000006870000-memory.dmp

memory/212-775-0x00000000047D0000-0x00000000047E0000-memory.dmp

memory/4312-776-0x0000000007580000-0x0000000007590000-memory.dmp

memory/212-778-0x00000000047D0000-0x00000000047E0000-memory.dmp

memory/668-780-0x00000000082D0000-0x0000000008620000-memory.dmp

memory/4408-771-0x0000000005210000-0x0000000005220000-memory.dmp

memory/1040-781-0x00000000047F0000-0x0000000004800000-memory.dmp

memory/4408-782-0x0000000005210000-0x0000000005220000-memory.dmp

memory/4312-783-0x0000000007580000-0x0000000007590000-memory.dmp

memory/2068-784-0x00000000047A0000-0x00000000047B0000-memory.dmp

memory/2068-785-0x00000000047A0000-0x00000000047B0000-memory.dmp

memory/1416-786-0x0000000008220000-0x000000000826B000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 7ca45fcf50dc7512d078155d54a1b563
SHA1 a4dec520afb1f4f30e80a218c980e32ca7c6d48d
SHA256 3f229023abc6f7d6b77f9b47b97a20f154999106f695b431a84c3b44e42da990
SHA512 5afac2635cc70034ad2d00d170ff265e99013210f81bce60538d1076921ee4c4251efb9e44c806a0ee8b982db3c2ab706f0b7a591cbce21a946b54f16c37c38b

memory/1416-842-0x0000000007FD0000-0x000000000800C000-memory.dmp

memory/668-1010-0x0000000007410000-0x0000000007420000-memory.dmp

memory/1064-1026-0x0000000006860000-0x0000000006870000-memory.dmp

memory/668-1017-0x0000000007410000-0x0000000007420000-memory.dmp

memory/1064-1074-0x0000000006860000-0x0000000006870000-memory.dmp

memory/1416-1083-0x0000000006CF0000-0x0000000006D00000-memory.dmp

memory/1416-1092-0x0000000006CF0000-0x0000000006D00000-memory.dmp

memory/4196-1100-0x0000000007080000-0x0000000007090000-memory.dmp

memory/4196-1106-0x0000000007080000-0x0000000007090000-memory.dmp

memory/376-1110-0x0000000009F70000-0x000000000A5E8000-memory.dmp

memory/1040-1109-0x00000000047F0000-0x0000000004800000-memory.dmp

memory/376-1114-0x0000000004BC0000-0x0000000004BD0000-memory.dmp

memory/376-1121-0x0000000004BC0000-0x0000000004BD0000-memory.dmp

memory/604-1124-0x0000000006860000-0x0000000006870000-memory.dmp

memory/604-1128-0x0000000006860000-0x0000000006870000-memory.dmp

memory/4408-1118-0x0000000005210000-0x0000000005220000-memory.dmp

memory/212-1130-0x00000000047D0000-0x00000000047E0000-memory.dmp

memory/4312-1131-0x0000000007580000-0x0000000007590000-memory.dmp

memory/212-1132-0x00000000047D0000-0x00000000047E0000-memory.dmp

memory/1040-1153-0x00000000047F0000-0x0000000004800000-memory.dmp

memory/4408-1156-0x0000000005210000-0x0000000005220000-memory.dmp

memory/4312-1160-0x0000000007580000-0x0000000007590000-memory.dmp

memory/668-1202-0x0000000009D30000-0x0000000009D63000-memory.dmp

memory/376-1208-0x0000000009910000-0x000000000992E000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 bc17cb7a48070ebf1337a6111399a277
SHA1 529136fb1ae8743151f208ac67a3d5bb65c98a85
SHA256 f607704dd4e69a029c3c412335eaba877d5b8355cc3d41320b9fc036ef248f64
SHA512 2614d3db53d006c3e82de91f457c2d689e1548c3b572373bf4737b84fb0b0601a7eaf460a11e6f45a59dc812bbfca49a30284445eb3c98a800bb2124cbacef0b

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

MD5 f06df74299002844641b0d51601b9cc4
SHA1 d03fdf2d80d957b49856447e03d6948d6be5bf55
SHA256 24d73b74b9d7e77a2e637373e591424f9eb32fa830df97c5e9caeea0f295a5d5
SHA512 7cc5bcc112c02dd0deaa772519f1908c32b8d6a736f4662fb9df200ee2b8a3d576ee4462230fdead4dd02c3ca28b50d1484a95b696fe2ad5c796659a83da25ca

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

MD5 f06df74299002844641b0d51601b9cc4
SHA1 d03fdf2d80d957b49856447e03d6948d6be5bf55
SHA256 24d73b74b9d7e77a2e637373e591424f9eb32fa830df97c5e9caeea0f295a5d5
SHA512 7cc5bcc112c02dd0deaa772519f1908c32b8d6a736f4662fb9df200ee2b8a3d576ee4462230fdead4dd02c3ca28b50d1484a95b696fe2ad5c796659a83da25ca

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

MD5 f06df74299002844641b0d51601b9cc4
SHA1 d03fdf2d80d957b49856447e03d6948d6be5bf55
SHA256 24d73b74b9d7e77a2e637373e591424f9eb32fa830df97c5e9caeea0f295a5d5
SHA512 7cc5bcc112c02dd0deaa772519f1908c32b8d6a736f4662fb9df200ee2b8a3d576ee4462230fdead4dd02c3ca28b50d1484a95b696fe2ad5c796659a83da25ca

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

MD5 3f0485d79fbb3d63b72eabb412f9aea4
SHA1 5e37309ac8251993dbb62da924c5710b92fb9a75
SHA256 8453e615b38893be8bb74d2160fc1b4de5a45150d43ee611a992888c29919415
SHA512 320bfa2cab9f43f72ad3bd5b45fcbf44dd1af73f9a8f82ef101b24ee62193ee59b0475e13e30af8b152a1ee0224d4760f04892b2cab68a4ac19ea8ac23d0e331

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

MD5 3f0485d79fbb3d63b72eabb412f9aea4
SHA1 5e37309ac8251993dbb62da924c5710b92fb9a75
SHA256 8453e615b38893be8bb74d2160fc1b4de5a45150d43ee611a992888c29919415
SHA512 320bfa2cab9f43f72ad3bd5b45fcbf44dd1af73f9a8f82ef101b24ee62193ee59b0475e13e30af8b152a1ee0224d4760f04892b2cab68a4ac19ea8ac23d0e331

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

MD5 3f0485d79fbb3d63b72eabb412f9aea4
SHA1 5e37309ac8251993dbb62da924c5710b92fb9a75
SHA256 8453e615b38893be8bb74d2160fc1b4de5a45150d43ee611a992888c29919415
SHA512 320bfa2cab9f43f72ad3bd5b45fcbf44dd1af73f9a8f82ef101b24ee62193ee59b0475e13e30af8b152a1ee0224d4760f04892b2cab68a4ac19ea8ac23d0e331

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

MD5 3f0485d79fbb3d63b72eabb412f9aea4
SHA1 5e37309ac8251993dbb62da924c5710b92fb9a75
SHA256 8453e615b38893be8bb74d2160fc1b4de5a45150d43ee611a992888c29919415
SHA512 320bfa2cab9f43f72ad3bd5b45fcbf44dd1af73f9a8f82ef101b24ee62193ee59b0475e13e30af8b152a1ee0224d4760f04892b2cab68a4ac19ea8ac23d0e331

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

MD5 3f0485d79fbb3d63b72eabb412f9aea4
SHA1 5e37309ac8251993dbb62da924c5710b92fb9a75
SHA256 8453e615b38893be8bb74d2160fc1b4de5a45150d43ee611a992888c29919415
SHA512 320bfa2cab9f43f72ad3bd5b45fcbf44dd1af73f9a8f82ef101b24ee62193ee59b0475e13e30af8b152a1ee0224d4760f04892b2cab68a4ac19ea8ac23d0e331

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

MD5 f06df74299002844641b0d51601b9cc4
SHA1 d03fdf2d80d957b49856447e03d6948d6be5bf55
SHA256 24d73b74b9d7e77a2e637373e591424f9eb32fa830df97c5e9caeea0f295a5d5
SHA512 7cc5bcc112c02dd0deaa772519f1908c32b8d6a736f4662fb9df200ee2b8a3d576ee4462230fdead4dd02c3ca28b50d1484a95b696fe2ad5c796659a83da25ca

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

MD5 f06df74299002844641b0d51601b9cc4
SHA1 d03fdf2d80d957b49856447e03d6948d6be5bf55
SHA256 24d73b74b9d7e77a2e637373e591424f9eb32fa830df97c5e9caeea0f295a5d5
SHA512 7cc5bcc112c02dd0deaa772519f1908c32b8d6a736f4662fb9df200ee2b8a3d576ee4462230fdead4dd02c3ca28b50d1484a95b696fe2ad5c796659a83da25ca

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 ea462772d5b93a6cb17c9ae039ae7f2d
SHA1 ee95963738432d237fee19bac0150f7530100477
SHA256 22210844516a9b4616473cb7593f42ee42fa1ff32e1cea64da6a3ee277aa23ab
SHA512 3e2cbeff4be03827e09e1533f11a8a745af1ace9086672534fafe21ed13b6d0edb1422b48cae8ddacfe54ab251c045f13f5a07d5eb37eb320e4081693240dfcb

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

MD5 79bce756bb7613675d67aa13a241d960
SHA1 87482817d9c0c9cae51ccca535c12e0c7a7551ed
SHA256 421bd1d4553e06deb3d9911b6d65a11910ff8766dd35e53b19d937594025dd37
SHA512 e47a026b99ed74aa18223382049a16e392393ad4b93834ad38283e9b5753740362ac397f5230a44e572bf7369db5acdfddf6175da9bd513cb98648a0883f7ca6

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

MD5 18f16f5a05bef4c488ebb75a92e5d6d0
SHA1 e4e2b8002dbce9d926ea2d5d808360c893b97aa6
SHA256 f7f6bf9a2a9d291bfce4aa9ef6793bd9b8c3e4ea07f238b7208fe4bfc99ba236
SHA512 611317e28c254cf6e7517ab5eb3f8be6863022988011dbb932571cb75dcffdc97e04f4eb16eea00d8a8ca15ca2d80101dd99ce69e4d398c262dff171713f0ecc

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

MD5 b1f08239803364a3c15f84e50280aa52
SHA1 948427421c45cf2d2f55b4ca03dc35001f90f3fa
SHA256 d51a3dd7fcae73402404c52bef1985666656099555cacde63c1b43b4e63ac473
SHA512 e15af866bf7bfc06dfd507802d7c874c35b2f37c284a9febeea9dc466a8febe3dd4804b27603302b89a8f6194485edeba332b3c13b8126a9386a7f4a18d57ec7

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 597b6f509e5a8c59f0d7590af8cb3e70
SHA1 9b00237c11580730862f5c372170c7f61ebbe2f0
SHA256 9591cc3ed335bb663be0e10980019e6683d000f9c96f5334fafb844fc9ed13ff
SHA512 368fb3d8b57c6cf5e46c1f7770d082c57691581444f4b6bf06c705ddfcb47c93d7bbd7f92915aa59676582458a3a51bbb50a14d62f7d6a0fc1a44f3493bf31a8

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 5d44ecff83e096e7f01c5b490e39c28e
SHA1 200cca05bb7718e85d940403f1b4fad843f2546e
SHA256 40381ab78ecc30da94a4a07b91ad9f341fd4fbb29e08bceed33519e05cebadb2
SHA512 7b4520673949f5282a2c8d612ae188b2b0cc33f10d7b6962e3040ecfbca262c5c22f36fd9dec692df13f8501b0690ad220ad6238967504aa59f13c4996d34c24

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

MD5 b60f3f435263e00ffaeeea498f4e340c
SHA1 9b4b11ad0273b279d7dd10720b3450e6e1914af5
SHA256 d612b74bef9a2eae8fcd5aedd4606b184a41e12a6adb90517e52e17555cf81c0
SHA512 6f5b0ba9afe5e3369d0832488f9407d3dd1049b1eb869967a450ecb06736f228b1044caa974f39e9a1670d0276aacbf58f66ad313945a7b40ef214dc461825cb

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

MD5 25f59240e18db09fb18e7cc90e1e9979
SHA1 aa55927697076ad674613d4c99a179c7aeca7540
SHA256 a38ae83c2a4c9b017d4be5320a72670e614e6c4ad5fb5441479630f8221320da
SHA512 5c2c4f5241a27a23124039630711a5aac1f60812228b3e842224df5b7b3514446c9c974c33c6acdfe92877e65c926250693b000cd6c9f2f1f05ffff2f503991d

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 0d47d21685b4a50eb49691c7539b10b7
SHA1 556ff6cddcf18fd6e655c1316df1c3f73f4400d5
SHA256 0d60d7d0231e6e2abc2e7dc8db9739ecebe068ba7e968f91b17c67c309178f7a
SHA512 edaa1e98259d0b58fbbd34ee3fd071227c9890651902259ca236d45381806f8a401d78fa919a0cc9fd7a4e071aee7845b6363b0da44cd55362f93e398fab6e13

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

MD5 3b8e6aaa0e449220aabc885219fffc65
SHA1 2a821ed9bc0f05065436efca4abcbb7c85e2b908
SHA256 8197a63a46a38037f59c36f6d082b12d4f6d7a0d3bd104aad4f3c8f0218a7a2e
SHA512 089510a0a892f597ebfa7ade9f06226309303ad75908012cb0ef1f401258dbe33851719ddba5ffe9be56aa4da86a654dddac45875832ffcdf490fba7de181f07

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

MD5 237a73fb475b5d451e593c6a67473531
SHA1 0bf55174e730da3d71bf39df50de789c748b9eb5
SHA256 45f6c3047b47f8de0a2e8800d0a8aa093c4acf3036dab5259d58e66977b86f90
SHA512 89a67721ce927fa8c1ffe41956d88a3452a9a799e88ca5112414b2b62420bed22187225dcb25b2249917808c943570bd6013b0ee9192ef006e7b7a6f12e28fb0

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

MD5 de69bf04a0db0d40f83c37ad2a6f60e8
SHA1 862d8d2d67b13c6935f2bc464418b2a583c5ed76
SHA256 9b0b51279bc5f27b5995c127e2048bcca63487fc921908bff8a936158774e30c
SHA512 7b202aa23d98c3c2fff0a57af1c135907a97d7974a0a871fd00e6dc79a404618d6073eb295f6f9210ebf0b55331cb1c234b216abe126a308e1d6b3e6e1209994

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

MD5 de69bf04a0db0d40f83c37ad2a6f60e8
SHA1 862d8d2d67b13c6935f2bc464418b2a583c5ed76
SHA256 9b0b51279bc5f27b5995c127e2048bcca63487fc921908bff8a936158774e30c
SHA512 7b202aa23d98c3c2fff0a57af1c135907a97d7974a0a871fd00e6dc79a404618d6073eb295f6f9210ebf0b55331cb1c234b216abe126a308e1d6b3e6e1209994

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 4f0348872ad81cdaa541d16204016c8a
SHA1 b38f6ad8eac102878d15a2b53f2d90004822bbdb
SHA256 31c7a36f441b71126a7029428c8e59d0bac7f031e85bb3dc563b38f8689a80c7
SHA512 313cbb12cfe887f22481f49fa6a30839a6e23077e3117d7c65d7533bfa501626bcffc31a33e6a10217e087490156b82d5d0c0d7a9cafd86d78a889a4a6ddbc13

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 c4dfde7ac9105f1c7aee27ea39ad170b
SHA1 bb2a2717893b338741058109c99a01f1354123b5
SHA256 54e94898b2413c10658f894b2787727eb199063845363e46b2455e9c6fcc69f3
SHA512 cdaacacd30edebf3eaf101b0364cb7699848bb96a0ecbdb7a5ec22ff22d7bdbac28883b997569b6b91ba2ad633e716f10aa15615bc304d3192e0e8a7f410971a

C:\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\Runtime Broker.exe

MD5 62e24a1f94bd66049b54ff28834e153e
SHA1 26a54a44b6bb6b5ba4962a661b8ebceef255a4b5
SHA256 3801d4a82ed4da1ee834966e6c7eef02ea71fbab88fb76a5e2d2383aba8570f2
SHA512 9f30c7b4dda5f1c845b71c68b3d2e83897d10e15cef970c5e9ecfa4939fb74e7c5bfee647ca8f409d714fc08d14f2efb7067a7ce4a64e68658dfaefa93117fa4

\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\ffmpeg.dll

MD5 1bb0e1140ef08440ad47d80b70dbf742
SHA1 c2e4243bad76b465b5ab39865ac023db1632d6b0
SHA256 c0d9edde3864d9450744f4bc526a98608b629aeed01c6647f600802e1b1cf671
SHA512 29d71e3bd7df7014a03e26ca6ee5b59ff6e3d06096742fae5dec6282abd1f0d2f24c886a503e3a691d38cc68e0da504a7f657dcec4758b640a1a523d3eeaa57a

\Users\Admin\AppData\Local\Temp\2P6qMnx6DZQmqwgadXyeWi64ESl\vk_swiftshader.dll

MD5 65a5705d95a0820740b3396851ff1751
SHA1 a692a80bafc41ba1b29ef19890f8465b3fb20dcb
SHA256 4c4b935cbb320033f504a89b1eb0a4bcb176bbd46a5981153cb1f54deb146a1c
SHA512 0c5df23b96eaf952c4a498ff6d854df2b62e7631b16c2855ed37ddbadffba3dd52e7450f2e06cf094bec2e0d70d14c87a652150766d90ec8662e03123df5942d

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 ecd5775cfc97ba36319d6d3315ba05a5
SHA1 af3ec2c34ec7d20da80a111e5f65495c923d58c7
SHA256 9961da345c9b27ac64c3e11bb833a0e4839120be1228c8c2b1647d7ef057869e
SHA512 9edc72ff33d38f13e292c236fafe5661d832f7545d49cb595256cacab909c5586f0bdd4c283c3ddb0c2a2ad82908a5b60ee82bea9e0c8f7afc6c1eeae53c6e25

memory/684-6668-0x0000000074570000-0x0000000074571000-memory.dmp

memory/1320-8844-0x00000000773D9000-0x00000000773DE000-memory.dmp

memory/4572-9917-0x00000000773D9000-0x00000000773DE000-memory.dmp

memory/1628-10759-0x00000000030A0000-0x000000000314E000-memory.dmp