Malware Analysis Report

2025-08-06 00:52

Sample ID 230429-t563aadd3x
Target ValorantLoading0.exe
SHA256 2db50e843ecb7e518b6dbf29192158e0b2c3bfacdbe2257be98ad45319bba568
Tags
lumma spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2db50e843ecb7e518b6dbf29192158e0b2c3bfacdbe2257be98ad45319bba568

Threat Level: Known bad

The file ValorantLoading0.exe was found to be: Known bad.

Malicious Activity Summary

lumma spyware stealer

Lumma Stealer

Loads dropped DLL

Executes dropped EXE

Reads user/profile data of web browsers

Drops startup file

Checks computer location settings

Legitimate hosting services abused for malware hosting/C2

Enumerates physical storage devices

Unsigned PE

Modifies data under HKEY_USERS

Modifies system certificate store

Kills process with taskkill

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

Enumerates processes with tasklist

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: LoadsDriver

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-04-29 16:39

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2023-04-29 16:39

Reported

2023-04-29 17:10

Platform

win10v2004-20230220-en

Max time kernel

1669s

Max time network

1801s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ValorantLoading0.exe"

Signatures

Lumma Stealer

stealer lumma

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Updater.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\ValorantLoading0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ValorantLoading0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ValorantLoading0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A

Reads user/profile data of web browsers

spyware stealer

Enumerates physical storage devices

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\ValorantLoading0.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1480 wrote to memory of 1608 N/A C:\Users\Admin\AppData\Local\Temp\ValorantLoading0.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 1480 wrote to memory of 1608 N/A C:\Users\Admin\AppData\Local\Temp\ValorantLoading0.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 1480 wrote to memory of 1608 N/A C:\Users\Admin\AppData\Local\Temp\ValorantLoading0.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 1608 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 1608 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 1608 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 1608 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 1608 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 1608 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 1608 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 1608 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 1608 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 1608 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 1608 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 1608 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 1608 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 1608 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 1608 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 1608 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 1608 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 1608 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 1608 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 1608 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 1608 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 1608 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 1608 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 1608 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 1608 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 1608 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 1608 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 1608 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 1608 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 1608 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 1608 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 1608 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 1608 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 1608 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 1608 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 1608 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 1608 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 1608 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 1608 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 1608 wrote to memory of 3500 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 1608 wrote to memory of 3500 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 1608 wrote to memory of 3500 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 1608 wrote to memory of 4852 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 1608 wrote to memory of 4852 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 1608 wrote to memory of 4852 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 1608 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Windows\SysWOW64\cmd.exe
PID 1608 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Windows\SysWOW64\cmd.exe
PID 1608 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Windows\SysWOW64\cmd.exe
PID 2992 wrote to memory of 1856 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 2992 wrote to memory of 1856 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 2992 wrote to memory of 1856 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 1608 wrote to memory of 216 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Windows\SysWOW64\cmd.exe
PID 1608 wrote to memory of 216 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Windows\SysWOW64\cmd.exe
PID 1608 wrote to memory of 216 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Windows\SysWOW64\cmd.exe
PID 216 wrote to memory of 4208 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 216 wrote to memory of 4208 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 216 wrote to memory of 4208 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 1608 wrote to memory of 1296 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 1608 wrote to memory of 1296 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 1608 wrote to memory of 1296 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 1608 wrote to memory of 3732 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Windows\SysWOW64\cmd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\ValorantLoading0.exe

"C:\Users\Admin\AppData\Local\Temp\ValorantLoading0.exe"

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1616 --field-trial-handle=1732,i,11881029116188559175,8147238235178464338,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --mojo-platform-channel-handle=2056 --field-trial-handle=1732,i,11881029116188559175,8147238235178464338,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --app-path="C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2436 --field-trial-handle=1732,i,11881029116188559175,8147238235178464338,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=848 --field-trial-handle=1732,i,11881029116188559175,8147238235178464338,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 254.178.238.8.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 20.42.65.90:443 tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 13.107.4.50:80 tcp
US 13.107.4.50:80 tcp
US 8.8.8.8:53 bbynetwork.nl udp
US 104.21.60.146:443 bbynetwork.nl tcp
US 104.21.60.146:443 bbynetwork.nl tcp
US 104.21.60.146:443 bbynetwork.nl tcp
US 104.21.60.146:443 bbynetwork.nl tcp
US 104.21.60.146:443 bbynetwork.nl tcp
US 104.21.60.146:443 bbynetwork.nl tcp
US 104.21.60.146:443 bbynetwork.nl tcp
US 104.21.60.146:443 bbynetwork.nl tcp
US 8.8.8.8:53 stun.l.google.com udp
US 74.125.128.127:19302 stun.l.google.com udp
US 8.8.8.8:53 viewer.bby.gg udp
GB 51.77.122.237:443 viewer.bby.gg tcp
GB 51.77.122.237:443 viewer.bby.gg tcp
US 8.8.8.8:53 146.60.21.104.in-addr.arpa udp
US 8.8.8.8:53 127.128.125.74.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 45.8.109.52.in-addr.arpa udp
NL 178.79.208.1:80 tcp
US 8.8.8.8:53 226.162.46.104.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 47.125.24.20.in-addr.arpa udp
US 8.8.8.8:53 58.104.205.20.in-addr.arpa udp
US 8.8.8.8:53 97.238.32.23.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\nstDCBA.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

C:\Users\Admin\AppData\Local\Temp\nstDCBA.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\chrome_100_percent.pak

MD5 44a69827d4aa75426f3c577af2f8618e
SHA1 7bdd115425b05414b64dcdb7d980b92ecd3f15b3
SHA256 bca4401b578a6ac0fe793e8519fed82b5444972b7d6c176ec0369ed13beaad7b
SHA512 5c7bdf1f1deb72c79b860bf48f16c19cb19b4d861c0b6beb585512ad58b1bc4b64e24edfcd97233e5b91dcd0f63ed1c7b278d22ec062fd0dfe28fe49cae52049

C:\Users\Admin\AppData\Local\Temp\nstDCBA.tmp\7z-out\chrome_200_percent.pak

MD5 9c379fc04a7bf1a853b14834f58c9f4b
SHA1 c105120fd00001c9ebdf2b3b981ecccb02f8eefb
SHA256 b2c25fb30fee5f04ccdb8bf3c937a667502d266e428425feeb5af964f6167d48
SHA512 f28844dba7780e5f5c9d77ac3d29069dfcd6698447d5723886e510eadd51d6285e06adbda06bf4a69f841afc161c764cb2e5b9ad2c92f0a87176709b4acd2c13

C:\Users\Admin\AppData\Local\Temp\nstDCBA.tmp\7z-out\d3dcompiler_47.dll

MD5 ab3be0c427c6e405fad496db1545bd61
SHA1 76012f31db8618624bc8b563698b2669365e49cb
SHA256 827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6
SHA512 d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba

C:\Users\Admin\AppData\Local\Temp\nstDCBA.tmp\7z-out\snapshot_blob.bin

MD5 c2cf86c9046343131080edf914f69eba
SHA1 10bb7f1a96fdbcd4d5cd7a0ec2477f3c0354eed7
SHA256 7209863f22740b465301ce82919a042df5dbb7a7c50828643c9cd2e1e8802496
SHA512 d78ffcdcc9ca77c1405f3e98ba5b5b7a56c39bd06d923f39a4df9e56aba3af8afd1ebd8f09a85b5f2c71c9c2e5843d9e724ca3475693966dcfab1c7703c6c06d

C:\Users\Admin\AppData\Local\Temp\nstDCBA.tmp\7z-out\libGLESv2.dll

MD5 7b2ce44ad89a57b1183d36e89fd0357f
SHA1 178f7ed96f5c879b08729acff45bc50cd2ed64c7
SHA256 9072dc08a094f4669e50ac1d062e1e0ee53714eec67a2e7fc0dd2de832239701
SHA512 9d2909023d60564c8ab65cb1668e52b715c37df22bef480e5efa3218b1fad8777acaeae7a17b385e2dda2f3dc0e051ec157ec73b56cef1aff2b8a2281ef7ba41

C:\Users\Admin\AppData\Local\Temp\nstDCBA.tmp\7z-out\libEGL.dll

MD5 5c70cc094fc6e108a5689c88f1144a51
SHA1 460b668e4301e774b79b182756db25fb0b7c206e
SHA256 c99a051b9d73bc638d593561ea7ed499db689420b51d5945a618579a26cb0b42
SHA512 3943bb1bbbe683a4d2a43609d78dec9b70b58f542f88aa783080732201650b38bd0a3e6936439cfadc211c51512da9680999d6e4f7deb077096988b6878124e7

C:\Users\Admin\AppData\Local\Temp\nstDCBA.tmp\7z-out\icudtl.dat

MD5 cf9421b601645bda331c7136a0a9c3f8
SHA1 9950d66df9022f1caa941ab0e9647636f7b7a286
SHA256 8d8a74ca376338623170d59c455476218d5a667d5991a52556aa9c9a70ebc5e5
SHA512 bc9601e2b4ab28130bfadfd6f61b3ed500deb0bd235dc5ca94999c09f59d10bdcbf278869a9802f918830041f620c88e2c3b506608ade661db48ccd84c1977eb

C:\Users\Admin\AppData\Local\Temp\nstDCBA.tmp\7z-out\ffmpeg.dll

MD5 2132fad8315a47284cb3ffc75b318b28
SHA1 1f41e3b2dbb2dd2f59f3a278bdae715c15a5948a
SHA256 5923c9159b33f5645741afef4550a7c3a57283cb6c22b95b677c8d4799d3db29
SHA512 f5eeabda49d1938a24a5c8859ca2707368ce874bcee57c658d8b1013572b92687de92159df6b3db0f19e46ae9809873103beba50233b2925ef6ae76855011945

C:\Users\Admin\AppData\Local\Temp\nstDCBA.tmp\7z-out\v8_context_snapshot.bin

MD5 60beed67e605fdbe79d2735f59113a93
SHA1 6cd5625c6dfb8a16b619490890e38c6da902b43e
SHA256 ffc7423ee2a75a420118465181e9307c6b7b2df5e40d7e4018dec07a9c6bab11
SHA512 1f4bff04464fab0c149344529903aa805c7c03b7f8c21b5f959c7c7ff11802d07079e069d3b8e8a63f409a4541b3aac4b695c535228c4a89b15c8033567d645f

C:\Users\Admin\AppData\Local\Temp\nstDCBA.tmp\7z-out\ValorantLoading0%.exe

MD5 eddf449b4cb68943b945cd402552da0a
SHA1 7e158b5db7261b7c55d32f7da8c9ae381b16de59
SHA256 cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a
SHA512 33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7

C:\Users\Admin\AppData\Local\Temp\nstDCBA.tmp\7z-out\vulkan-1.dll

MD5 bb7496239e0f1b44c935df3954c3fc42
SHA1 d063da60766682cf40b690bc03094e5c7ebd8669
SHA256 e125930a96f0bcb36287932ceb3676d44e5c5e6a9e8ab6ca6ca60faa833f3d9c
SHA512 7b8fecee987d1f551f1d66446348c62601784977ccdca302f5173f049972271f341ec05a0de6c1eee4f2e8cb761538dd7cea03d1364920a5b1dddf02a397a324

C:\Users\Admin\AppData\Local\Temp\nstDCBA.tmp\7z-out\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\nstDCBA.tmp\7z-out\vk_swiftshader.dll

MD5 dd3a757828c6cc214fac84486f69ba8e
SHA1 5f79beada6f80c903b5d1c04f0eb30e8acd396a2
SHA256 baf14a4d3a28ac7ceab2a750a49bbc5d3259856c16ee160a444b92b8de908e9c
SHA512 9d4943c76f828bb61162517acc50cb34cb181f155e8ddcaa293f493354789fa3ace21eabca833d407aa0c83b89fa7661cb6739f147c3002972d1db364ab4828e

C:\Users\Admin\AppData\Local\Temp\nstDCBA.tmp\7z-out\resources\app.asar

MD5 da5450df07fb87578c50f8eaa285c061
SHA1 449fbd7d4d1bede8e332d23680356c288dc67b29
SHA256 40e5407156eaf70e89d953f39314196c9f0a909ad64a3e511812f2358c697089
SHA512 cb035593dbf7766e0afe8494493069c89c9bd1587124b17449ead9085d0bdefcc069dadd47296fa46f3918f2edfa114e8eac7ad4d7b54c25ef01b08a27bc894e

C:\Users\Admin\AppData\Local\Temp\nstDCBA.tmp\7z-out\resources\elevate.exe

MD5 792b92c8ad13c46f27c7ced0810694df
SHA1 d8d449b92de20a57df722df46435ba4553ecc802
SHA256 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
SHA512 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

C:\Users\Admin\AppData\Local\Temp\nstDCBA.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

MD5 eddf449b4cb68943b945cd402552da0a
SHA1 7e158b5db7261b7c55d32f7da8c9ae381b16de59
SHA256 cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a
SHA512 33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ffmpeg.dll

MD5 2132fad8315a47284cb3ffc75b318b28
SHA1 1f41e3b2dbb2dd2f59f3a278bdae715c15a5948a
SHA256 5923c9159b33f5645741afef4550a7c3a57283cb6c22b95b677c8d4799d3db29
SHA512 f5eeabda49d1938a24a5c8859ca2707368ce874bcee57c658d8b1013572b92687de92159df6b3db0f19e46ae9809873103beba50233b2925ef6ae76855011945

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ffmpeg.dll

MD5 2132fad8315a47284cb3ffc75b318b28
SHA1 1f41e3b2dbb2dd2f59f3a278bdae715c15a5948a
SHA256 5923c9159b33f5645741afef4550a7c3a57283cb6c22b95b677c8d4799d3db29
SHA512 f5eeabda49d1938a24a5c8859ca2707368ce874bcee57c658d8b1013572b92687de92159df6b3db0f19e46ae9809873103beba50233b2925ef6ae76855011945

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\icudtl.dat

MD5 cf9421b601645bda331c7136a0a9c3f8
SHA1 9950d66df9022f1caa941ab0e9647636f7b7a286
SHA256 8d8a74ca376338623170d59c455476218d5a667d5991a52556aa9c9a70ebc5e5
SHA512 bc9601e2b4ab28130bfadfd6f61b3ed500deb0bd235dc5ca94999c09f59d10bdcbf278869a9802f918830041f620c88e2c3b506608ade661db48ccd84c1977eb

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\v8_context_snapshot.bin

MD5 60beed67e605fdbe79d2735f59113a93
SHA1 6cd5625c6dfb8a16b619490890e38c6da902b43e
SHA256 ffc7423ee2a75a420118465181e9307c6b7b2df5e40d7e4018dec07a9c6bab11
SHA512 1f4bff04464fab0c149344529903aa805c7c03b7f8c21b5f959c7c7ff11802d07079e069d3b8e8a63f409a4541b3aac4b695c535228c4a89b15c8033567d645f

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\resources\app.asar

MD5 da5450df07fb87578c50f8eaa285c061
SHA1 449fbd7d4d1bede8e332d23680356c288dc67b29
SHA256 40e5407156eaf70e89d953f39314196c9f0a909ad64a3e511812f2358c697089
SHA512 cb035593dbf7766e0afe8494493069c89c9bd1587124b17449ead9085d0bdefcc069dadd47296fa46f3918f2edfa114e8eac7ad4d7b54c25ef01b08a27bc894e

C:\Users\Admin\AppData\Local\Temp\31f147c5-4f83-4e6e-848e-a1f313a132c3.tmp.node

MD5 aa7eb1ed50471e76e52494e9ecf56e88
SHA1 b5cdfc7ca8fdfae7be282852d206966dcb88700d
SHA256 1544875269095605b5ef42195f86e785972cb6bef187a39fc388f46b6beb2ba2
SHA512 37b5714542b4cafc88646e535f8b55b5a0d0afeb5aa4c39624494d37727c9763f903a24c7844c03736aabede062f226bd90e8c99edfd657742a9f61379d5ecff

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\chrome_100_percent.pak

MD5 44a69827d4aa75426f3c577af2f8618e
SHA1 7bdd115425b05414b64dcdb7d980b92ecd3f15b3
SHA256 bca4401b578a6ac0fe793e8519fed82b5444972b7d6c176ec0369ed13beaad7b
SHA512 5c7bdf1f1deb72c79b860bf48f16c19cb19b4d861c0b6beb585512ad58b1bc4b64e24edfcd97233e5b91dcd0f63ed1c7b278d22ec062fd0dfe28fe49cae52049

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\chrome_200_percent.pak

MD5 9c379fc04a7bf1a853b14834f58c9f4b
SHA1 c105120fd00001c9ebdf2b3b981ecccb02f8eefb
SHA256 b2c25fb30fee5f04ccdb8bf3c937a667502d266e428425feeb5af964f6167d48
SHA512 f28844dba7780e5f5c9d77ac3d29069dfcd6698447d5723886e510eadd51d6285e06adbda06bf4a69f841afc161c764cb2e5b9ad2c92f0a87176709b4acd2c13

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

MD5 eddf449b4cb68943b945cd402552da0a
SHA1 7e158b5db7261b7c55d32f7da8c9ae381b16de59
SHA256 cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a
SHA512 33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ffmpeg.dll

MD5 2132fad8315a47284cb3ffc75b318b28
SHA1 1f41e3b2dbb2dd2f59f3a278bdae715c15a5948a
SHA256 5923c9159b33f5645741afef4550a7c3a57283cb6c22b95b677c8d4799d3db29
SHA512 f5eeabda49d1938a24a5c8859ca2707368ce874bcee57c658d8b1013572b92687de92159df6b3db0f19e46ae9809873103beba50233b2925ef6ae76855011945

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ffmpeg.dll

MD5 2132fad8315a47284cb3ffc75b318b28
SHA1 1f41e3b2dbb2dd2f59f3a278bdae715c15a5948a
SHA256 5923c9159b33f5645741afef4550a7c3a57283cb6c22b95b677c8d4799d3db29
SHA512 f5eeabda49d1938a24a5c8859ca2707368ce874bcee57c658d8b1013572b92687de92159df6b3db0f19e46ae9809873103beba50233b2925ef6ae76855011945

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

MD5 eddf449b4cb68943b945cd402552da0a
SHA1 7e158b5db7261b7c55d32f7da8c9ae381b16de59
SHA256 cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a
SHA512 33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

MD5 eddf449b4cb68943b945cd402552da0a
SHA1 7e158b5db7261b7c55d32f7da8c9ae381b16de59
SHA256 cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a
SHA512 33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\d3dcompiler_47.dll

MD5 ab3be0c427c6e405fad496db1545bd61
SHA1 76012f31db8618624bc8b563698b2669365e49cb
SHA256 827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6
SHA512 d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\vk_swiftshader.dll

MD5 dd3a757828c6cc214fac84486f69ba8e
SHA1 5f79beada6f80c903b5d1c04f0eb30e8acd396a2
SHA256 baf14a4d3a28ac7ceab2a750a49bbc5d3259856c16ee160a444b92b8de908e9c
SHA512 9d4943c76f828bb61162517acc50cb34cb181f155e8ddcaa293f493354789fa3ace21eabca833d407aa0c83b89fa7661cb6739f147c3002972d1db364ab4828e

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\vk_swiftshader.dll

MD5 dd3a757828c6cc214fac84486f69ba8e
SHA1 5f79beada6f80c903b5d1c04f0eb30e8acd396a2
SHA256 baf14a4d3a28ac7ceab2a750a49bbc5d3259856c16ee160a444b92b8de908e9c
SHA512 9d4943c76f828bb61162517acc50cb34cb181f155e8ddcaa293f493354789fa3ace21eabca833d407aa0c83b89fa7661cb6739f147c3002972d1db364ab4828e

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\debug.log

MD5 f11fa798594affd42bf8b8f638bc60e9
SHA1 8eb770447aea941ff7f00419db6c7a147dea4f65
SHA256 439d0ea18158c5fcdca33c711df8221ac891d02fa98dd67d05fd9d03d7fcebfd
SHA512 56c7aa20a561eaabeb94771ba13516993a1e52d2d10da4bbb017bf66317977ea6d88a06d720bd9bc77e903e64f1da38b8fc615d5ccc02576a90cee46bd390106

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ffmpeg.dll

MD5 2132fad8315a47284cb3ffc75b318b28
SHA1 1f41e3b2dbb2dd2f59f3a278bdae715c15a5948a
SHA256 5923c9159b33f5645741afef4550a7c3a57283cb6c22b95b677c8d4799d3db29
SHA512 f5eeabda49d1938a24a5c8859ca2707368ce874bcee57c658d8b1013572b92687de92159df6b3db0f19e46ae9809873103beba50233b2925ef6ae76855011945

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\vulkan-1.dll

MD5 bb7496239e0f1b44c935df3954c3fc42
SHA1 d063da60766682cf40b690bc03094e5c7ebd8669
SHA256 e125930a96f0bcb36287932ceb3676d44e5c5e6a9e8ab6ca6ca60faa833f3d9c
SHA512 7b8fecee987d1f551f1d66446348c62601784977ccdca302f5173f049972271f341ec05a0de6c1eee4f2e8cb761538dd7cea03d1364920a5b1dddf02a397a324

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\vulkan-1.dll

MD5 bb7496239e0f1b44c935df3954c3fc42
SHA1 d063da60766682cf40b690bc03094e5c7ebd8669
SHA256 e125930a96f0bcb36287932ceb3676d44e5c5e6a9e8ab6ca6ca60faa833f3d9c
SHA512 7b8fecee987d1f551f1d66446348c62601784977ccdca302f5173f049972271f341ec05a0de6c1eee4f2e8cb761538dd7cea03d1364920a5b1dddf02a397a324

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\libEGL.dll

MD5 5c70cc094fc6e108a5689c88f1144a51
SHA1 460b668e4301e774b79b182756db25fb0b7c206e
SHA256 c99a051b9d73bc638d593561ea7ed499db689420b51d5945a618579a26cb0b42
SHA512 3943bb1bbbe683a4d2a43609d78dec9b70b58f542f88aa783080732201650b38bd0a3e6936439cfadc211c51512da9680999d6e4f7deb077096988b6878124e7

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\libegl.dll

MD5 5c70cc094fc6e108a5689c88f1144a51
SHA1 460b668e4301e774b79b182756db25fb0b7c206e
SHA256 c99a051b9d73bc638d593561ea7ed499db689420b51d5945a618579a26cb0b42
SHA512 3943bb1bbbe683a4d2a43609d78dec9b70b58f542f88aa783080732201650b38bd0a3e6936439cfadc211c51512da9680999d6e4f7deb077096988b6878124e7

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\libGLESv2.dll

MD5 7b2ce44ad89a57b1183d36e89fd0357f
SHA1 178f7ed96f5c879b08729acff45bc50cd2ed64c7
SHA256 9072dc08a094f4669e50ac1d062e1e0ee53714eec67a2e7fc0dd2de832239701
SHA512 9d2909023d60564c8ab65cb1668e52b715c37df22bef480e5efa3218b1fad8777acaeae7a17b385e2dda2f3dc0e051ec157ec73b56cef1aff2b8a2281ef7ba41

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\libglesv2.dll

MD5 7b2ce44ad89a57b1183d36e89fd0357f
SHA1 178f7ed96f5c879b08729acff45bc50cd2ed64c7
SHA256 9072dc08a094f4669e50ac1d062e1e0ee53714eec67a2e7fc0dd2de832239701
SHA512 9d2909023d60564c8ab65cb1668e52b715c37df22bef480e5efa3218b1fad8777acaeae7a17b385e2dda2f3dc0e051ec157ec73b56cef1aff2b8a2281ef7ba41

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\D3DCompiler_47.dll

MD5 ab3be0c427c6e405fad496db1545bd61
SHA1 76012f31db8618624bc8b563698b2669365e49cb
SHA256 827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6
SHA512 d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

MD5 eddf449b4cb68943b945cd402552da0a
SHA1 7e158b5db7261b7c55d32f7da8c9ae381b16de59
SHA256 cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a
SHA512 33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7

C:\Users\Admin\AppData\Local\Temp\0220b9a6-0a18-49d9-94a3-2d84062e124b.tmp.node

MD5 566b70feb8fce14caa4c18c08ce7f5f2
SHA1 f2ebbadcf5914860f0041cae0e0562879d3e8af5
SHA256 66bcc5fb47acb03d1d4e6d37553d80bc087b92e405c4392631d8c5e34d773097
SHA512 35d63d6cd0c1cfe9b58037bc382f84247a762994e2a09eb9e8a2a4c622845c5ada8c7874d3ebc25f3e59faca6f3052897a81394e07e17b71ddc4686e2df9925d

C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\Network Persistent State

MD5 32470c35e7c93267041fb3f3c08c4de9
SHA1 f4f41217cd76c7791258c0c1fe429f5641cc4de1
SHA256 c091a0440254b5f71f8a50429803040da4e957e55f287ae12efaf1a3690dec85
SHA512 4ceddb261cb115323aa2bef65e72402c8c2bf3a91743ce26ce7911d7af2190a0e50580e0178b46643d2b837e65305facdb96fccc46aef59f77e4547ab383cac5

C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\Network Persistent State~RFe588393.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

MD5 eddf449b4cb68943b945cd402552da0a
SHA1 7e158b5db7261b7c55d32f7da8c9ae381b16de59
SHA256 cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a
SHA512 33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ffmpeg.dll

MD5 2132fad8315a47284cb3ffc75b318b28
SHA1 1f41e3b2dbb2dd2f59f3a278bdae715c15a5948a
SHA256 5923c9159b33f5645741afef4550a7c3a57283cb6c22b95b677c8d4799d3db29
SHA512 f5eeabda49d1938a24a5c8859ca2707368ce874bcee57c658d8b1013572b92687de92159df6b3db0f19e46ae9809873103beba50233b2925ef6ae76855011945

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\vk_swiftshader.dll

MD5 dd3a757828c6cc214fac84486f69ba8e
SHA1 5f79beada6f80c903b5d1c04f0eb30e8acd396a2
SHA256 baf14a4d3a28ac7ceab2a750a49bbc5d3259856c16ee160a444b92b8de908e9c
SHA512 9d4943c76f828bb61162517acc50cb34cb181f155e8ddcaa293f493354789fa3ace21eabca833d407aa0c83b89fa7661cb6739f147c3002972d1db364ab4828e

memory/1296-379-0x000000000F200000-0x000000000F201000-memory.dmp

memory/1296-380-0x000000000F200000-0x000000000F201000-memory.dmp

memory/1296-381-0x000000000F200000-0x000000000F201000-memory.dmp

memory/1296-385-0x000000000F200000-0x000000000F201000-memory.dmp

memory/1296-386-0x000000000F200000-0x000000000F201000-memory.dmp

memory/1296-387-0x000000000F200000-0x000000000F201000-memory.dmp

memory/1296-388-0x000000000F200000-0x000000000F201000-memory.dmp

memory/1296-391-0x000000000F200000-0x000000000F201000-memory.dmp

memory/1296-390-0x000000000F200000-0x000000000F201000-memory.dmp

memory/1296-389-0x000000000F200000-0x000000000F201000-memory.dmp

memory/3480-394-0x0000000005210000-0x0000000005246000-memory.dmp

memory/3480-395-0x00000000053F0000-0x0000000005400000-memory.dmp

memory/3480-396-0x00000000053F0000-0x0000000005400000-memory.dmp

memory/3480-397-0x0000000005A30000-0x0000000006058000-memory.dmp

memory/3480-398-0x0000000005810000-0x0000000005832000-memory.dmp

memory/3480-399-0x0000000005930000-0x0000000005996000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ein1rtug.vql.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/3480-405-0x00000000061D0000-0x0000000006236000-memory.dmp

memory/3480-410-0x0000000005570000-0x000000000558E000-memory.dmp

memory/3480-411-0x00000000077D0000-0x0000000007866000-memory.dmp

memory/3480-412-0x0000000006CC0000-0x0000000006CDA000-memory.dmp

memory/3480-413-0x0000000006D10000-0x0000000006D32000-memory.dmp

memory/3480-414-0x0000000007E20000-0x00000000083C4000-memory.dmp

memory/3480-415-0x0000000007910000-0x00000000079A2000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log

MD5 eedc851ccfb2e8281babb78c2f244c68
SHA1 4df05baf7c1b4f14aad3244aa30e95f234504eaf
SHA256 f8bb083f4072511a1b6c0c2e571a376fb678719fc20890ec96be851d25eaa790
SHA512 643d95f22f271d585f33609fefe30fd17b5b0380613553a86d1e94d5fb602660f2d4b7196915ac5e00f1d17702bbbecf9f4274f5dbb18820745a215b91cbc7ba

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 8e764454469c8037d2e0f012cb7a1ba1
SHA1 6a482c3f6d8e7faee6b1397b15c6243e7efa15f6
SHA256 17b2f354b06b392ff956c086ed78baa95133f5ad04539584eedf294e5547e360
SHA512 23bf444ef9a126e8b5e70c71a9b1816404dccce83beba859bf18681f8f541190d9f9fca821a0cbbce24d4e10939c97959d124bf471b4cf63692de526b957eb2b

memory/4184-429-0x00000000053B0000-0x00000000053C0000-memory.dmp

memory/4184-430-0x00000000053B0000-0x00000000053C0000-memory.dmp

memory/3372-432-0x00000000054D0000-0x00000000054E0000-memory.dmp

memory/3372-433-0x00000000054D0000-0x00000000054E0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 f4419fefdb2b381e195f574b457b7a48
SHA1 78b01a321fffafed68d4043ceeca5f12fdb12add
SHA256 a9a7bba0d0e981fdca9e3f353e3ec517da23c4dfdd1bacf93af8ac09dd9a7a6b
SHA512 107da6a803f87d416db01ffa68bb6d73bc07f34411f3986ed908f1efa80e2c09977c27bbb7c681e72dfcd4fad19b8b941b76595274f5ccc77eda9c7f3ad6f715

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 3c5c8b51ee193fd7891af5f8b7cc5710
SHA1 62b6b7ab13ed53ca0a75821ffb6dc86d73097499
SHA256 07a07faf440d5ce9e844260b6fa899a6d430efc2086b4734f0d283403ad2266e
SHA512 b6591b6ad3fba2a75257c4ea8549deb884a0027493cd7fa3767e463ef4732de3311061b3d78e48a01038b1a8197da3c5e71658ea2a8b663927483e11e8572485

memory/3620-456-0x0000000005050000-0x0000000005060000-memory.dmp

memory/3620-455-0x0000000005050000-0x0000000005060000-memory.dmp

memory/1800-467-0x00000000052F0000-0x0000000005300000-memory.dmp

memory/1800-468-0x00000000052F0000-0x0000000005300000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 eb0c37b9c8f63f922db3830e3d8979e8
SHA1 030b976a4cef8028cabc026bdfd9861599cced38
SHA256 ebc812a80bd189ad0c25c3859c67cd974d1f0a3dfea0fe01f8ba8f906d3d4186
SHA512 c6fba74c115dad8ac4daba9caa0677d8d008c0e02f2439dca0231b346cea0294604e140975cf61335b63667f82b881b506219d6d316911b90ee203236ae2dc58

memory/2468-476-0x0000000004E80000-0x0000000004E90000-memory.dmp

memory/2468-478-0x0000000004E80000-0x0000000004E90000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 efc94373bb880d4f2623b7761a0d08dd
SHA1 6f5ed6f5aa9452755b48cfa2d7ced955e228f0e5
SHA256 8ff5660a5c67a83df6dc7b65b156dca7095c61e1f9d21c77a2edb5b2a23150dc
SHA512 0dc38e3c65b6545a4bc18cfee0d0825bd5394e05304e68060705cdc80505b0ab1d987736a1ff4b6fb79ff871a158f557165004113b4039ee7f98b89ec8149c22

memory/1704-484-0x0000000005130000-0x0000000005140000-memory.dmp

memory/1704-485-0x0000000005130000-0x0000000005140000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 ca68e1b1b552430d27dfb29bd0f10228
SHA1 60d643dd9ed746f3762a3557436bcbeecf2b6cd0
SHA256 1807b735b6ddc95d331e3f33d9f1f4df7f40e5fbeac2e966b4c19793b1589c95
SHA512 57c5e0967027e609ba51966a37e5427c79ff675684ed48f086a9535641049487172cd8e39ced2c3a5c0c1ffd2cd50cfff1862239dd789c04cf9784c4df0e12e9

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 73bb5acd8afe1ef5dc84a0bbbc2da08b
SHA1 caac0a8d740a8cf82d30c13efbf8992055f1e190
SHA256 63c3c3220e933949f4e5ca98b275127aada438579dcb5f96d8d10b381cd1304e
SHA512 7d6dc99f3be877ce3b5950a9b9dd1108fef3b0d24f24014fcca9cae42427ab2cf5a20f6887b087e7c0f54222b77d73e786c7184f88b5fa870a75e74c30270d67

memory/1260-507-0x00000000048B0000-0x00000000048C0000-memory.dmp

memory/1260-508-0x00000000048B0000-0x00000000048C0000-memory.dmp

memory/1296-511-0x00000000045B0000-0x00000000045C0000-memory.dmp

memory/1296-510-0x00000000045B0000-0x00000000045C0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 26f26487c83dcec7237db3109ccb1171
SHA1 86229099f67c1aa6b74a2c65a2129631e912ea43
SHA256 fd380ad15dcd4bb9fb8b4c53410595741079dedd6b136a5fd07bd8ed98937229
SHA512 1c59edcfa9c58377b521a32a5be615bdbbfde185aeca74869a7d99c1fac84ebca8b3d53f36bc7f97b05f1ad1625c3ac14b3136dfe098b6ca28ed9522b65d5e40

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 cbe5505c651b6177dd1d7d96c59fd3f6
SHA1 9cba6c6442557dd62303c14ecc836b02c6cc0b34
SHA256 a338dfac98c2f43c52e22cefa4be4e6dc0fdde9e5a24d209bbc2c748ca813571
SHA512 2e61c096427a08004c0271aa75f665cd494d7b0adf2b0e30221d4f769298af0da13119b523aa5aaf159794db82a960e5c8cc08479ebaf552e02ea823ab7a8aaa

memory/3244-533-0x0000000002910000-0x0000000002920000-memory.dmp

memory/3244-534-0x0000000002910000-0x0000000002920000-memory.dmp

memory/1288-536-0x00000000049B0000-0x00000000049C0000-memory.dmp

memory/1288-537-0x00000000049B0000-0x00000000049C0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 ace8885df03b40f0a13df13edf53a1a8
SHA1 baaf541eb67f24cbcfa4a74e4a3a302b2c6e9d35
SHA256 446fb92cd71da2903c9204a91ee7614c0c279f48ae8fbf1bc85f37f9f3632d6f
SHA512 569179535650f26423b6e4704f5275651b930f0f534d9ffc73b910be5e358026075c85da2ee0669c90b23ab4c4067afc564b342434e121dd77934f598eed2fed

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 4df5203ca7ea36fd614921fb22bc9c0a
SHA1 82166314043b1e64a76259e40f5802c06ee0f72e
SHA256 371486e2b76aa64344c08bf9563e8de5bd3a825742f2b10f5ed5faa7365d2573
SHA512 9f5beb7329881e351f591c16ec1b01bc99f43986ca9dd9dd5bf312e5c5c8036243c6adcbf2d7e36106a8169aa430d52d319e99849bade9773e3a0b3fb47e3cc0

memory/3216-560-0x0000000002840000-0x0000000002850000-memory.dmp

memory/3216-559-0x0000000002840000-0x0000000002850000-memory.dmp

memory/4576-571-0x0000000005010000-0x0000000005020000-memory.dmp

memory/4576-572-0x0000000005010000-0x0000000005020000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 52713677083cdaed2defdf18a72240ee
SHA1 a2fcecfabcc8f63a7e21d33a0580fb2f7df14e94
SHA256 bbfaa6e4dc0911725857ee3dc6896a28eb48cafdf2acfc1dcf4cb53cf06beeb6
SHA512 60f7d26b95e05416cbf11d6b26306bea7de0c4ef90a694cb93b7ce51491cb3ecda156c9904bcf50bff39fe04b56228e3bb91190a18ad1789db13119d5bd3edef

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 a21c941e550abf07b7cdb3c7c7e30614
SHA1 ec671e1cf38ec3fc77feaab22653e58618002213
SHA256 5d8118d5b784a8cc214465a414e3121982b3384dc673461fc1a864d11e8e11b5
SHA512 e26cd16b0312b92af9490047ab294bd6c4e82b71e7b539fbaf3e3523021fc8bd909aff8999c73f6da652c857d05422f201aa751b74c2b6bf75a61675e3868e53

memory/2424-585-0x0000000002280000-0x0000000002290000-memory.dmp

memory/2424-586-0x0000000002280000-0x0000000002290000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 82ae2e00666a3a4d714402d63702dcdc
SHA1 69d45b868ac79321588bf15234d892f099e2f479
SHA256 98a97924427fba4a2f4c542e1a9d467810c63dfc3d99a96390eb50aa60b17d64
SHA512 085585df8a804a2c06bafd3d04651df221ba7f213003ddaf97b61c0aa04d8102905dcff8c72c7f63c84eecffc4cd1ee7b9d616d330c4570a81f57dd4f402a4b5

memory/756-598-0x0000000002B30000-0x0000000002B40000-memory.dmp

memory/756-599-0x0000000002B30000-0x0000000002B40000-memory.dmp

memory/2236-610-0x0000000004AB0000-0x0000000004AC0000-memory.dmp

memory/2236-611-0x0000000004AB0000-0x0000000004AC0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 842ff5c782da5ac4c29dace8118eca50
SHA1 952e9660d4b7a5f5ff6c579342c1e6c04891a12b
SHA256 084580792fa96b302d183e77fa2c744d6cde4e1b8aa993263cf79f7444a4e9cc
SHA512 ce058ebb43d14576f911bf01e304fb198b811da404786a04a9073d7cc794a37b06f45709b05198dd77db262483f740ef35695922f9dc7b5d74c76bbd0d6ec962

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 b90e956653e29c315dbd0ab92954b068
SHA1 a6790d5ecb34c609990e53a2313a1feec806b52b
SHA256 b7149de91fdd34cbf980b69402c5e7efb6871b1a0a1ef40db274072726c64c93
SHA512 fa339862337e1c735877be54ec027ac0edea95a0309ba3e22f6a4be2ef017ef118b961dc276aca6d48b7f555eced4a7534db584e9eb58b60d708a458131d6b04

memory/1816-624-0x0000000005210000-0x0000000005220000-memory.dmp

memory/1816-625-0x0000000005210000-0x0000000005220000-memory.dmp

memory/2132-632-0x0000000002750000-0x0000000002760000-memory.dmp

memory/2132-633-0x0000000002750000-0x0000000002760000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 ab9a3ee2485d9efd6abf8da91f146c49
SHA1 31603f5cb3c6234788f6f801aa4f4e77963c2383
SHA256 ff631041f7181a3e63cb567c7b201f923a380a17236382ec8f97e378a9bb2dda
SHA512 41ed86684228660715092a2a64c4b63d799b64ca725658c7c32d82773f807c5b062f6eb5e8161a0352d3b5f1fba03a8bfe4568859954a02194629dd795a06152

memory/3036-640-0x0000000004570000-0x0000000004580000-memory.dmp

memory/3036-641-0x0000000004570000-0x0000000004580000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 41962e7e1688ab3d335c2dc15af7780b
SHA1 7425c7be7abb90e77cfcfa52f888c4da37e908ba
SHA256 3bf89f17b1551a8931fb0bdc62824b131f5ee74534b93a14540641f6b5016fa7
SHA512 85743a5760666766cc73033fce1fe7f080c51eeca7a0ba6c57b441e6124ea6e4a9c57152ab2cd04dc0c8b932c21257468a3a65d42e14ccc7e6634dafc2b49163

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 0db31dd528a60c3f4e9d2d777041af88
SHA1 11339881a2580f668c2a1fac6429a57992ae8e75
SHA256 9f60a0938adceaf520a19ca60e40cf607f970da22e8a15f883429120c61cc47c
SHA512 11b1cea22234c655e305da05b4b03dd8771512975d56147d11cd4c02bd7d92068497958e0468f64a3f8553501fee12f7f4715c41de514585c6c2ac30c40bde96

memory/1984-663-0x00000000022D0000-0x00000000022E0000-memory.dmp

memory/1984-664-0x00000000022D0000-0x00000000022E0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 7722c46860a0ec6ea652e6feb783e3b2
SHA1 1db9dd5c062cf9102c5c57aaba58c59e0062a153
SHA256 bffdd3a5d1ef71a1b467aaf3c99b11eea8976f02f498751a0ce740012fb015ab
SHA512 4ae7a5b252ec9597bec37228e38df809a16045bcd1484d172ac98cc28312e6eedc5dfb1821277ba325c9d479469a26dfd3665298d88101ed9730884d85704c92

memory/2088-676-0x0000000002210000-0x0000000002220000-memory.dmp

memory/2088-677-0x0000000002210000-0x0000000002220000-memory.dmp

memory/3900-688-0x0000000002FA0000-0x0000000002FB0000-memory.dmp

memory/3900-689-0x0000000002FA0000-0x0000000002FB0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 39292116a35b21c7c64913eab5673aa8
SHA1 c40e3414c67ad0492e5d43a396554c473983e5ff
SHA256 9a34a25a27351d5ddbef8148ae0b53dae9cfa52d21cb4e3c3be3f7220095712a
SHA512 575cb81a439f3853c5a8718e938ebd08f0402658defdfcad387fc11126f0a4cd08926a1d002f6bdb18147994abfd8782a3bc8f0d6c49fab59c67fedd6c2996f8

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 74a79dff1da2d1119e17a345d7073a02
SHA1 4917e1c0e39f2eb80ac644f91d0841ebd669603f
SHA256 371162f63820cae89b453f6df3fb43fdc31cd29a1671f4c89a72a8e6c1674b90
SHA512 4ec46c89eb76b27d06600d9a5963ea32fbd27597423648bcd99e30940a498fa543306efd174a4ea13257ca5fe8deac06275cd5f84b5f20449ed862c5543446d7

memory/888-702-0x0000000002DE0000-0x0000000002DF0000-memory.dmp

memory/888-703-0x0000000002DE0000-0x0000000002DF0000-memory.dmp

memory/2720-714-0x0000000002720000-0x0000000002730000-memory.dmp

memory/2720-715-0x0000000002720000-0x0000000002730000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 d76c0660ca807a1996f57d1df7a7d9c3
SHA1 92659bc37d3857fa8b02b033ff7bfb1572c09dae
SHA256 724776b349294615f883e63005e1345945367a33d0c449d4e1f83b8b66a8725b
SHA512 6d751c0a3740defe5df0b91163c7b42a4adcc7a8c995578f9ab75c79263a27bd43e1fd11ee32093bd49babe6985e2ca348ab8750dd60f7d3eef872859cd4cfa0

memory/2100-719-0x0000000002440000-0x0000000002450000-memory.dmp

memory/2100-718-0x0000000002440000-0x0000000002450000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 c79b2cfcf2a6790a65ed202a73fa2d21
SHA1 98f5a8cda46d06dc3821bc10e2a8246b74f2cf0c
SHA256 5495ef7c33101cf880279e5a4cc787a2a870951ee64656a92ebd5e2043bb2be2
SHA512 c215c2d9e8829e44ea8b06e3c01b7668506c95ee120f00a901fa00563abf8d9528494ac461c0861724c00d6494d1e783a35a0c669dbe76171574e31c88688f81

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 5eea6e476096af0ae604ac595b03b0b7
SHA1 f56d87376fae2c4757bb2e92ac60383973e68a76
SHA256 4cd07e6f5d98a186c0a2c9765b494b9c47a31b3811a17be2816878b6eac19370
SHA512 db6a09f841226266dbd8b3d473d9b86a174ecd1d201eb88957f1ed9fade1b9251d5ce31891bb82f754c0937358e01feb44bf76383729c45fac300a2bba1815b3

memory/4372-741-0x0000000004640000-0x0000000004650000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 d315f500acf182e1040e15a5e4d94f9f
SHA1 5cd49946ee05eb9ab62a1d4c33eb60cbd625eaf1
SHA256 3476812390b63a9d8bafe37bd35e5fea6b6ac14296094153007be3a7449c91a9
SHA512 66e0e5c681f1b29de278971bb96ebe0df883c6e882f2baa2dc0db07c567dfb82e7408f0222704036135b2728d71bf72d60726a15071ec2d7ec73234ad760a512

memory/4968-753-0x0000000004FC0000-0x0000000004FD0000-memory.dmp

memory/748-764-0x0000000004860000-0x0000000004870000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 4d2037e7623c492720599ded740799d2
SHA1 3c27acf5515bb66d37448b6e5e4b866a3887e669
SHA256 3b0809ee4f6c5bc49a69f585e969461222b8954f8eb9a87e5e5f83ebf3f475c7
SHA512 6870c9592117be7de8603dab07aaca7333c36a40b4a2c4dee3792abf5736717a90a26f096b3e6f29f58a1f6b9e30ca750ed26c5493b6f2079f4c04dffccfe7fb

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 57578994410159f24efce2ce7746c6b5
SHA1 3a76ebf94f75d34fba135fb2d5467cefb89a3225
SHA256 e39238af0d7fb376ab90d471b60382385cfa5e609848d0fc093e5e3c2d072a40
SHA512 caf700656d513118031c09761ef050f8c6e4fb55263c2962a7677da45406fa66263e4c03bad2552cfd15004a66d9b5614c0d3c932c133520dbfd13282bcf4168

Analysis: behavioral1

Detonation Overview

Submitted

2023-04-29 16:39

Reported

2023-04-29 17:10

Platform

win10-20230220-en

Max time kernel

416s

Max time network

1805s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ValorantLoading0.exe"

Signatures

Lumma Stealer

stealer lumma

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Updater.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Updater.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\ValorantLoading0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ValorantLoading0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ValorantLoading0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
N/A N/A C:\Users\Admin\Downloads\ValorantLoading0.exe N/A
N/A N/A C:\Users\Admin\Downloads\ValorantLoading0.exe N/A
N/A N/A C:\Users\Admin\Downloads\ValorantLoading0.exe N/A
N/A N/A C:\Users\Admin\Downloads\ValorantLoading0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A

Reads user/profile data of web browsers

spyware stealer

Legitimate hosting services abused for malware hosting/C2

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133272672325470673" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c137e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\ValorantLoading0.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2684 wrote to memory of 4420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 4420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 4132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 4132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 4132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 4132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 4132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 4132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 4132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 4132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 4132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 4132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 4132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 4132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 4132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 4132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 4132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 4132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 4132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 4132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 4132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 4132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 4132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 4132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\ValorantLoading0.exe

"C:\Users\Admin\AppData\Local\Temp\ValorantLoading0.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc89b09758,0x7ffc89b09768,0x7ffc89b09778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1800 --field-trial-handle=1864,i,12499727715021896120,6633718164888454282,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1864,i,12499727715021896120,6633718164888454282,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2112 --field-trial-handle=1864,i,12499727715021896120,6633718164888454282,131072 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2976 --field-trial-handle=1864,i,12499727715021896120,6633718164888454282,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2960 --field-trial-handle=1864,i,12499727715021896120,6633718164888454282,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4372 --field-trial-handle=1864,i,12499727715021896120,6633718164888454282,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4532 --field-trial-handle=1864,i,12499727715021896120,6633718164888454282,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4684 --field-trial-handle=1864,i,12499727715021896120,6633718164888454282,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 --field-trial-handle=1864,i,12499727715021896120,6633718164888454282,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 --field-trial-handle=1864,i,12499727715021896120,6633718164888454282,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5216 --field-trial-handle=1864,i,12499727715021896120,6633718164888454282,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5032 --field-trial-handle=1864,i,12499727715021896120,6633718164888454282,131072 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1412 --field-trial-handle=1540,i,972579413874400961,9101782717619210052,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --mojo-platform-channel-handle=1792 --field-trial-handle=1540,i,972579413874400961,9101782717619210052,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4784 --field-trial-handle=1864,i,12499727715021896120,6633718164888454282,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3512 --field-trial-handle=1864,i,12499727715021896120,6633718164888454282,131072 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --app-path="C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2168 --field-trial-handle=1540,i,972579413874400961,9101782717619210052,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"

C:\Windows\SysWOW64\taskkill.exe

taskkill /IM chrome.exe /F

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc89b09758,0x7ffc89b09768,0x7ffc89b09778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=1776,i,10623592800305787501,5949596201159941909,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1776,i,10623592800305787501,5949596201159941909,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1724 --field-trial-handle=1776,i,10623592800305787501,5949596201159941909,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3132 --field-trial-handle=1776,i,10623592800305787501,5949596201159941909,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2996 --field-trial-handle=1776,i,10623592800305787501,5949596201159941909,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc89b09758,0x7ffc89b09768,0x7ffc89b09778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1860 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1824 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1544 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2996 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2964 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4400 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4536 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4704 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5072 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3836 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4356 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3588 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4844 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4356 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1480 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=1984 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5796 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5840 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3004 --field-trial-handle=1540,i,972579413874400961,9101782717619210052,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=2600 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:1

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=1996 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:1

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:2

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=2112 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:1

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x3a4

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5876 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:8

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4296 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=4624 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6088 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5944 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:8

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6024 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:8

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6052 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5844 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1868 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3372 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:8

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6292 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2648 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6288 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:8

C:\Users\Admin\Downloads\ValorantLoading0.exe

"C:\Users\Admin\Downloads\ValorantLoading0.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6156 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:8

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1648,i,11590796678809053000,8349264842438926235,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --mojo-platform-channel-handle=1792 --field-trial-handle=1648,i,11590796678809053000,8349264842438926235,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --app-path="C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1976 --field-trial-handle=1648,i,11590796678809053000,8349264842438926235,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2264 --field-trial-handle=1648,i,11590796678809053000,8349264842438926235,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=2476 --field-trial-handle=1648,i,11590796678809053000,8349264842438926235,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"

C:\Windows\SysWOW64\taskkill.exe

taskkill /IM chrome.exe /F

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc86ad9758,0x7ffc86ad9768,0x7ffc86ad9778

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1748 --field-trial-handle=1804,i,8414395691452615796,16588407271770260867,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1472 --field-trial-handle=1804,i,8414395691452615796,16588407271770260867,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1804,i,8414395691452615796,16588407271770260867,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3032 --field-trial-handle=1804,i,8414395691452615796,16588407271770260867,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3012 --field-trial-handle=1804,i,8414395691452615796,16588407271770260867,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3744 --field-trial-handle=1804,i,8414395691452615796,16588407271770260867,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4424 --field-trial-handle=1804,i,8414395691452615796,16588407271770260867,131072 /prefetch:8

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4576 --field-trial-handle=1804,i,8414395691452615796,16588407271770260867,131072 /prefetch:8

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4728 --field-trial-handle=1804,i,8414395691452615796,16588407271770260867,131072 /prefetch:1

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3876 --field-trial-handle=1804,i,8414395691452615796,16588407271770260867,131072 /prefetch:1

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 --field-trial-handle=1804,i,8414395691452615796,16588407271770260867,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5152 --field-trial-handle=1804,i,8414395691452615796,16588407271770260867,131072 /prefetch:8

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5260 --field-trial-handle=1804,i,8414395691452615796,16588407271770260867,131072 /prefetch:1

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5760 --field-trial-handle=1804,i,8414395691452615796,16588407271770260867,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5756 --field-trial-handle=1804,i,8414395691452615796,16588407271770260867,131072 /prefetch:8

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5904 --field-trial-handle=1804,i,8414395691452615796,16588407271770260867,131072 /prefetch:8

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5992 --field-trial-handle=1804,i,8414395691452615796,16588407271770260867,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6008 --field-trial-handle=1804,i,8414395691452615796,16588407271770260867,131072 /prefetch:8

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Users\Admin\Downloads\ValorantCrashFix.exe

"C:\Users\Admin\Downloads\ValorantCrashFix.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6336 --field-trial-handle=1804,i,8414395691452615796,16588407271770260867,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6384 --field-trial-handle=1804,i,8414395691452615796,16588407271770260867,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6324 --field-trial-handle=1804,i,8414395691452615796,16588407271770260867,131072 /prefetch:8

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6204 --field-trial-handle=1804,i,8414395691452615796,16588407271770260867,131072 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1372 --field-trial-handle=1652,i,8397822801295824722,8578704139296503051,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --mojo-platform-channel-handle=1808 --field-trial-handle=1652,i,8397822801295824722,8578704139296503051,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --app-path="C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1976 --field-trial-handle=1652,i,8397822801295824722,8578704139296503051,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6340 --field-trial-handle=1804,i,8414395691452615796,16588407271770260867,131072 /prefetch:1

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4928 --field-trial-handle=1804,i,8414395691452615796,16588407271770260867,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5852 --field-trial-handle=1804,i,8414395691452615796,16588407271770260867,131072 /prefetch:8

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1420 --field-trial-handle=1652,i,8397822801295824722,8578704139296503051,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5840 --field-trial-handle=1804,i,8414395691452615796,16588407271770260867,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5212 --field-trial-handle=1804,i,8414395691452615796,16588407271770260867,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6236 --field-trial-handle=1804,i,8414395691452615796,16588407271770260867,131072 /prefetch:8

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=1672 --field-trial-handle=1652,i,8397822801295824722,8578704139296503051,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Users\Admin\Downloads\ValorantCrashFix (1).exe

"C:\Users\Admin\Downloads\ValorantCrashFix (1).exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Users\Admin\Downloads\ValorantCrashFix.exe

"C:\Users\Admin\Downloads\ValorantCrashFix.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1480 --field-trial-handle=1656,i,6598855442484090673,8993598744926605985,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --mojo-platform-channel-handle=1800 --field-trial-handle=1656,i,6598855442484090673,8993598744926605985,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --app-path="C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1968 --field-trial-handle=1656,i,6598855442484090673,8993598744926605985,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Users\Admin\Downloads\ValorantCrashFix.exe

"C:\Users\Admin\Downloads\ValorantCrashFix.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1476 --field-trial-handle=1656,i,6598855442484090673,8993598744926605985,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1404 --field-trial-handle=1900,i,11275430132542899955,4821870957611725172,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --mojo-platform-channel-handle=1744 --field-trial-handle=1900,i,11275430132542899955,4821870957611725172,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --app-path="C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1984 --field-trial-handle=1900,i,11275430132542899955,4821870957611725172,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=1676 --field-trial-handle=1656,i,6598855442484090673,8993598744926605985,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1408 --field-trial-handle=1900,i,11275430132542899955,4821870957611725172,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Users\Admin\Downloads\ValorantLoading0.exe

"C:\Users\Admin\Downloads\ValorantLoading0.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=1896 --field-trial-handle=1900,i,11275430132542899955,4821870957611725172,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2484 --field-trial-handle=1804,i,8414395691452615796,16588407271770260867,131072 /prefetch:2

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1496 --field-trial-handle=1764,i,11568462724635971712,4940487018290650109,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --mojo-platform-channel-handle=1776 --field-trial-handle=1764,i,11568462724635971712,4940487018290650109,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --app-path="C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1956 --field-trial-handle=1764,i,11568462724635971712,4940487018290650109,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\taskkill.exe

taskkill /IM chrome.exe /F

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1484 --field-trial-handle=1764,i,11568462724635971712,4940487018290650109,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=2896 --field-trial-handle=1764,i,11568462724635971712,4940487018290650109,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1480 --field-trial-handle=1656,i,2025088977129206709,4803243312783940910,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --mojo-platform-channel-handle=1700 --field-trial-handle=1656,i,2025088977129206709,4803243312783940910,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --app-path="C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1972 --field-trial-handle=1656,i,2025088977129206709,4803243312783940910,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1472 --field-trial-handle=1656,i,2025088977129206709,4803243312783940910,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"

C:\Windows\SysWOW64\taskkill.exe

taskkill /IM chrome.exe /F

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=2864 --field-trial-handle=1656,i,2025088977129206709,4803243312783940910,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Users\Admin\Downloads\ValorantCrashFix.exe

"C:\Users\Admin\Downloads\ValorantCrashFix.exe"

C:\Users\Admin\Downloads\ValorantCrashFix.exe

"C:\Users\Admin\Downloads\ValorantCrashFix.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"

C:\Windows\SysWOW64\taskkill.exe

taskkill /IM chrome.exe /F

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1516 --field-trial-handle=1636,i,7827047277507529759,4986235463361905208,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --mojo-platform-channel-handle=1788 --field-trial-handle=1636,i,7827047277507529759,4986235463361905208,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --app-path="C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1928 --field-trial-handle=1636,i,7827047277507529759,4986235463361905208,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1404 --field-trial-handle=1956,i,14532525442944481257,10514172397341467779,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --mojo-platform-channel-handle=1740 --field-trial-handle=1956,i,14532525442944481257,10514172397341467779,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --app-path="C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1908 --field-trial-handle=1956,i,14532525442944481257,10514172397341467779,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1504 --field-trial-handle=1636,i,7827047277507529759,4986235463361905208,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2880 --field-trial-handle=1956,i,14532525442944481257,10514172397341467779,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=1708 --field-trial-handle=1636,i,7827047277507529759,4986235463361905208,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=2348 --field-trial-handle=1956,i,14532525442944481257,10514172397341467779,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Users\Admin\Downloads\ValorantCrashFix.exe

"C:\Users\Admin\Downloads\ValorantCrashFix.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1412 --field-trial-handle=1660,i,6893684906988407719,17670959226448085688,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --mojo-platform-channel-handle=1808 --field-trial-handle=1660,i,6893684906988407719,17670959226448085688,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --app-path="C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2044 --field-trial-handle=1660,i,6893684906988407719,17670959226448085688,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1416 --field-trial-handle=1660,i,6893684906988407719,17670959226448085688,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=2100 --field-trial-handle=1660,i,6893684906988407719,17670959226448085688,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

Network

Country Destination Domain Proto
US 8.8.8.8:53 250.255.255.239.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 206.23.217.172.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 251.0.0.224.in-addr.arpa udp
US 8.8.8.8:53 b.f.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa udp
US 8.8.8.8:53 discord.gg udp
US 162.159.135.234:80 discord.gg tcp
US 162.159.135.234:80 discord.gg tcp
US 8.8.8.8:53 234.135.159.162.in-addr.arpa udp
US 162.159.135.234:443 discord.gg tcp
US 8.8.8.8:53 discord.com udp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com udp
US 8.8.8.8:53 232.135.159.162.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 connect.facebook.net udp
FR 157.240.196.15:443 connect.facebook.net tcp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 172.64.144.98:443 geolocation.onetrust.com tcp
FR 157.240.196.15:443 connect.facebook.net udp
US 8.8.8.8:53 8.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 15.196.240.157.in-addr.arpa udp
US 8.8.8.8:53 98.144.64.172.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 52.182.143.210:443 tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 apps.identrust.com udp
NL 88.221.25.153:80 apps.identrust.com tcp
US 8.8.8.8:53 www.facebook.com udp
DE 157.240.20.35:443 www.facebook.com tcp
DE 157.240.20.35:443 www.facebook.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 178.36.239.216.in-addr.arpa udp
US 8.8.8.8:53 153.25.221.88.in-addr.arpa udp
US 8.8.8.8:53 35.20.240.157.in-addr.arpa udp
US 8.8.8.8:53 240.232.18.117.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 bbynetwork.nl udp
US 104.21.60.146:443 bbynetwork.nl tcp
US 104.21.60.146:443 bbynetwork.nl tcp
US 104.21.60.146:443 bbynetwork.nl tcp
US 104.21.60.146:443 bbynetwork.nl tcp
US 104.21.60.146:443 bbynetwork.nl tcp
US 104.21.60.146:443 bbynetwork.nl tcp
US 104.21.60.146:443 bbynetwork.nl tcp
US 104.21.60.146:443 bbynetwork.nl tcp
US 8.8.8.8:53 146.60.21.104.in-addr.arpa udp
US 8.8.8.8:443 dns.google udp
US 8.8.8.8:443 dns.google udp
US 13.107.42.16:443 tcp
US 74.125.128.127:19302 udp
GB 51.77.122.237:443 tcp
US 8.8.8.8:53 0.77.109.52.in-addr.arpa udp
GB 51.77.122.237:443 tcp
US 8.8.8.8:53 127.128.125.74.in-addr.arpa udp
US 104.21.60.146:443 bbynetwork.nl tcp
US 104.21.60.146:443 bbynetwork.nl tcp
US 8.8.8.8:53 clients2.google.com udp
NL 142.251.36.46:443 clients2.google.com tcp
US 8.8.8.8:53 46.36.251.142.in-addr.arpa udp
US 162.159.135.234:443 discord.gg tcp
US 162.159.135.234:443 discord.gg tcp
US 162.159.135.232:443 discord.com tcp
US 8.8.8.8:53 connect.facebook.net udp
US 157.240.251.9:443 connect.facebook.net tcp
US 172.64.144.98:443 geolocation.onetrust.com tcp
US 162.159.135.232:443 discord.com udp
US 157.240.251.9:443 connect.facebook.net udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 8.8.8.8:53 9.251.240.157.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
DE 157.240.20.35:443 www.facebook.com tcp
DE 157.240.20.35:443 www.facebook.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 remote-auth-gateway.discord.gg udp
US 162.159.136.234:443 remote-auth-gateway.discord.gg tcp
US 8.8.8.8:53 234.136.159.162.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 162.179.250.142.in-addr.arpa udp
US 162.159.135.232:443 discord.com udp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.16.168.131:443 js.hcaptcha.com tcp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 104.16.168.131:443 newassets.hcaptcha.com udp
US 8.8.8.8:53 hcaptcha.com udp
US 8.8.8.8:53 131.168.16.104.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 imgs.hcaptcha.com udp
US 104.16.169.131:443 imgs.hcaptcha.com udp
US 8.8.8.8:53 131.169.16.104.in-addr.arpa udp
US 162.159.136.234:443 remote-auth-gateway.discord.gg tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 216.58.214.3:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 3.214.58.216.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 162.159.135.232:443 discord.com udp
US 104.16.168.131:443 imgs.hcaptcha.com udp
US 104.16.169.131:443 imgs.hcaptcha.com udp
US 162.159.136.234:443 remote-auth-gateway.discord.gg tcp
US 8.8.8.8:53 gateway.discord.gg udp
US 162.159.134.234:443 gateway.discord.gg tcp
US 8.8.8.8:53 234.134.159.162.in-addr.arpa udp
US 8.8.8.8:53 status.discord.com udp
US 162.159.137.232:443 status.discord.com tcp
US 8.8.8.8:53 232.137.159.162.in-addr.arpa udp
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.129.233:443 cdn.discordapp.com tcp
US 8.8.8.8:53 233.129.159.162.in-addr.arpa udp
US 162.159.129.233:443 cdn.discordapp.com udp
US 162.159.129.233:443 cdn.discordapp.com udp
US 162.159.137.232:443 status.discord.com udp
US 162.159.135.232:443 status.discord.com udp
NL 216.58.214.3:443 beacons.gcp.gvt2.com udp
US 162.159.129.233:443 cdn.discordapp.com udp
US 8.8.8.8:53 images-ext-2.discordapp.net udp
US 162.159.129.232:443 images-ext-2.discordapp.net tcp
US 8.8.8.8:53 232.129.159.162.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 34.197.79.40.in-addr.arpa udp
US 8.8.8.8:53 126.178.238.8.in-addr.arpa udp
US 8.8.8.8:53 108.211.229.192.in-addr.arpa udp
NL 216.58.214.3:443 beacons.gcp.gvt2.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 254.22.238.8.in-addr.arpa udp
US 8.8.8.8:53 canary.discord.com udp
US 8.8.8.8:53 bbynetwork.nl udp
US 162.159.135.232:443 canary.discord.com tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 8.8.8.8:53 stun.l.google.com udp
US 74.125.128.127:19302 stun.l.google.com udp
US 162.159.135.232:443 canary.discord.com tcp
US 8.8.8.8:53 viewer.bby.gg udp
US 8.8.8.8:53 199.197.67.172.in-addr.arpa udp
GB 51.77.122.237:443 viewer.bby.gg tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 172.67.197.199:443 bbynetwork.nl tcp
GB 51.77.122.237:443 viewer.bby.gg tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 discord.gg udp
US 162.159.134.234:80 discord.gg tcp
US 162.159.134.234:80 discord.gg tcp
US 8.8.8.8:53 discord.com udp
US 162.159.137.232:443 discord.com tcp
US 8.8.8.8:53 connect.facebook.net udp
DE 157.240.20.19:443 connect.facebook.net tcp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 104.18.43.158:443 geolocation.onetrust.com tcp
DE 157.240.20.19:443 connect.facebook.net udp
US 162.159.137.232:443 discord.com udp
US 8.8.8.8:53 19.20.240.157.in-addr.arpa udp
US 8.8.8.8:53 200.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 158.43.18.104.in-addr.arpa udp
US 162.159.134.234:443 discord.gg tcp
US 162.159.137.232:443 discord.com udp
US 162.159.129.233:443 cdn.discordapp.com udp
US 162.159.129.233:443 cdn.discordapp.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 162.159.129.233:443 cdn.discordapp.com udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 162.159.135.232:443 discord.com tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 8.8.8.8:443 dns.google udp
GB 51.77.122.237:443 viewer.bby.gg tcp
US 74.125.128.127:19302 stun.l.google.com udp
US 162.159.135.232:443 discord.com tcp
GB 51.77.122.237:443 viewer.bby.gg tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 162.159.135.232:443 discord.com tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 162.159.135.232:443 discord.com tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 8.8.8.8:443 dns.google udp
US 74.125.128.127:19302 stun.l.google.com udp
GB 51.77.122.237:443 viewer.bby.gg tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 172.67.197.199:443 bbynetwork.nl tcp
GB 51.77.122.237:443 viewer.bby.gg tcp
US 162.159.135.232:443 discord.com tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 162.159.135.232:443 discord.com tcp
US 172.67.197.199:443 bbynetwork.nl tcp
GB 51.77.122.237:443 viewer.bby.gg tcp
US 74.125.128.127:19302 stun.l.google.com udp
US 172.67.197.199:443 bbynetwork.nl tcp
US 172.67.197.199:443 bbynetwork.nl tcp
GB 51.77.122.237:443 viewer.bby.gg tcp
US 162.159.135.232:443 discord.com tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 162.159.135.232:443 discord.com tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 8.8.8.8:443 dns.google udp
GB 51.77.122.237:443 viewer.bby.gg tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 172.67.197.199:443 bbynetwork.nl tcp
GB 51.77.122.237:443 viewer.bby.gg tcp
US 74.125.128.127:19302 stun.l.google.com udp
US 172.67.197.199:443 bbynetwork.nl tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 bbynetwork.nl udp
US 172.67.197.199:443 bbynetwork.nl tcp
US 8.8.8.8:53 canary.discord.com udp
US 172.67.197.199:443 bbynetwork.nl tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 162.159.128.233:443 canary.discord.com tcp
US 162.159.128.233:443 canary.discord.com tcp
US 8.8.8.8:443 dns.google udp
US 74.125.128.127:19302 stun.l.google.com udp
GB 51.77.122.237:443 viewer.bby.gg tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 8.8.8.8:53 233.128.159.162.in-addr.arpa udp
GB 51.77.122.237:443 viewer.bby.gg tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google udp
US 162.159.128.233:443 canary.discord.com tcp
US 8.8.8.8:443 dns.google udp
US 172.67.197.199:443 bbynetwork.nl tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 162.159.128.233:443 canary.discord.com tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 172.67.197.199:443 bbynetwork.nl tcp
GB 51.77.122.237:443 viewer.bby.gg tcp
US 162.159.128.233:443 canary.discord.com tcp
GB 51.77.122.237:443 viewer.bby.gg tcp
US 74.125.128.127:19302 stun.l.google.com udp
GB 51.77.122.237:443 viewer.bby.gg tcp
US 74.125.128.127:19302 stun.l.google.com udp
GB 51.77.122.237:443 viewer.bby.gg tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 162.159.128.233:443 canary.discord.com tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 162.159.128.233:443 canary.discord.com tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 162.159.128.233:443 canary.discord.com tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 8.8.8.8:443 dns.google udp
GB 51.77.122.237:443 viewer.bby.gg tcp
US 74.125.128.127:19302 stun.l.google.com udp
GB 51.77.122.237:443 viewer.bby.gg tcp
US 8.8.8.8:53 discord.gg udp
US 162.159.136.234:443 discord.gg tcp
US 162.159.136.234:443 discord.gg tcp
US 8.8.8.8:53 discord.com udp
US 162.159.137.232:443 discord.com udp
US 8.8.8.8:53 connect.facebook.net udp
US 157.240.251.9:443 connect.facebook.net udp
US 157.240.251.9:443 connect.facebook.net tcp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 104.18.43.158:443 geolocation.onetrust.com tcp
US 162.159.133.234:443 discord.gg tcp
US 8.8.8.8:53 234.133.159.162.in-addr.arpa udp
US 8.8.8.8:53 status.discord.com udp
US 162.159.138.232:443 status.discord.com udp
US 8.8.8.8:53 232.138.159.162.in-addr.arpa udp
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.130.233:443 cdn.discordapp.com udp
US 162.159.130.233:443 cdn.discordapp.com tcp
US 8.8.8.8:53 233.130.159.162.in-addr.arpa udp
US 162.159.130.233:443 cdn.discordapp.com udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 162.159.130.233:443 cdn.discordapp.com udp
US 162.159.137.232:443 status.discord.com udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 canary.discord.com udp
US 8.8.8.8:53 bbynetwork.nl udp
US 162.159.135.232:443 canary.discord.com tcp
US 104.21.60.146:443 bbynetwork.nl tcp
US 104.21.60.146:443 bbynetwork.nl tcp
US 104.21.60.146:443 bbynetwork.nl tcp
US 104.21.60.146:443 bbynetwork.nl tcp
US 104.21.60.146:443 bbynetwork.nl tcp
US 162.159.135.232:443 canary.discord.com tcp
US 8.8.8.8:53 dns.google udp
US 104.21.60.146:443 bbynetwork.nl tcp
US 8.8.4.4:443 dns.google udp
US 104.21.60.146:443 bbynetwork.nl tcp
US 104.21.60.146:443 bbynetwork.nl tcp
US 74.125.128.127:19302 stun.l.google.com udp
GB 51.77.122.237:443 viewer.bby.gg tcp
GB 51.77.122.237:443 viewer.bby.gg tcp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp

Files

\Users\Admin\AppData\Local\Temp\nsb6547.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

\Users\Admin\AppData\Local\Temp\nsb6547.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\chrome_100_percent.pak

MD5 44a69827d4aa75426f3c577af2f8618e
SHA1 7bdd115425b05414b64dcdb7d980b92ecd3f15b3
SHA256 bca4401b578a6ac0fe793e8519fed82b5444972b7d6c176ec0369ed13beaad7b
SHA512 5c7bdf1f1deb72c79b860bf48f16c19cb19b4d861c0b6beb585512ad58b1bc4b64e24edfcd97233e5b91dcd0f63ed1c7b278d22ec062fd0dfe28fe49cae52049

C:\Users\Admin\AppData\Local\Temp\nsb6547.tmp\7z-out\chrome_200_percent.pak

MD5 9c379fc04a7bf1a853b14834f58c9f4b
SHA1 c105120fd00001c9ebdf2b3b981ecccb02f8eefb
SHA256 b2c25fb30fee5f04ccdb8bf3c937a667502d266e428425feeb5af964f6167d48
SHA512 f28844dba7780e5f5c9d77ac3d29069dfcd6698447d5723886e510eadd51d6285e06adbda06bf4a69f841afc161c764cb2e5b9ad2c92f0a87176709b4acd2c13

C:\Users\Admin\AppData\Local\Temp\nsb6547.tmp\7z-out\d3dcompiler_47.dll

MD5 ab3be0c427c6e405fad496db1545bd61
SHA1 76012f31db8618624bc8b563698b2669365e49cb
SHA256 827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6
SHA512 d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba

C:\Users\Admin\AppData\Local\Temp\nsb6547.tmp\7z-out\libEGL.dll

MD5 5c70cc094fc6e108a5689c88f1144a51
SHA1 460b668e4301e774b79b182756db25fb0b7c206e
SHA256 c99a051b9d73bc638d593561ea7ed499db689420b51d5945a618579a26cb0b42
SHA512 3943bb1bbbe683a4d2a43609d78dec9b70b58f542f88aa783080732201650b38bd0a3e6936439cfadc211c51512da9680999d6e4f7deb077096988b6878124e7

C:\Users\Admin\AppData\Local\Temp\nsb6547.tmp\7z-out\icudtl.dat

MD5 cf9421b601645bda331c7136a0a9c3f8
SHA1 9950d66df9022f1caa941ab0e9647636f7b7a286
SHA256 8d8a74ca376338623170d59c455476218d5a667d5991a52556aa9c9a70ebc5e5
SHA512 bc9601e2b4ab28130bfadfd6f61b3ed500deb0bd235dc5ca94999c09f59d10bdcbf278869a9802f918830041f620c88e2c3b506608ade661db48ccd84c1977eb

C:\Users\Admin\AppData\Local\Temp\nsb6547.tmp\7z-out\ffmpeg.dll

MD5 2132fad8315a47284cb3ffc75b318b28
SHA1 1f41e3b2dbb2dd2f59f3a278bdae715c15a5948a
SHA256 5923c9159b33f5645741afef4550a7c3a57283cb6c22b95b677c8d4799d3db29
SHA512 f5eeabda49d1938a24a5c8859ca2707368ce874bcee57c658d8b1013572b92687de92159df6b3db0f19e46ae9809873103beba50233b2925ef6ae76855011945

C:\Users\Admin\AppData\Local\Temp\nsb6547.tmp\7z-out\v8_context_snapshot.bin

MD5 60beed67e605fdbe79d2735f59113a93
SHA1 6cd5625c6dfb8a16b619490890e38c6da902b43e
SHA256 ffc7423ee2a75a420118465181e9307c6b7b2df5e40d7e4018dec07a9c6bab11
SHA512 1f4bff04464fab0c149344529903aa805c7c03b7f8c21b5f959c7c7ff11802d07079e069d3b8e8a63f409a4541b3aac4b695c535228c4a89b15c8033567d645f

C:\Users\Admin\AppData\Local\Temp\nsb6547.tmp\7z-out\snapshot_blob.bin

MD5 c2cf86c9046343131080edf914f69eba
SHA1 10bb7f1a96fdbcd4d5cd7a0ec2477f3c0354eed7
SHA256 7209863f22740b465301ce82919a042df5dbb7a7c50828643c9cd2e1e8802496
SHA512 d78ffcdcc9ca77c1405f3e98ba5b5b7a56c39bd06d923f39a4df9e56aba3af8afd1ebd8f09a85b5f2c71c9c2e5843d9e724ca3475693966dcfab1c7703c6c06d

C:\Users\Admin\AppData\Local\Temp\nsb6547.tmp\7z-out\libGLESv2.dll

MD5 7b2ce44ad89a57b1183d36e89fd0357f
SHA1 178f7ed96f5c879b08729acff45bc50cd2ed64c7
SHA256 9072dc08a094f4669e50ac1d062e1e0ee53714eec67a2e7fc0dd2de832239701
SHA512 9d2909023d60564c8ab65cb1668e52b715c37df22bef480e5efa3218b1fad8777acaeae7a17b385e2dda2f3dc0e051ec157ec73b56cef1aff2b8a2281ef7ba41

C:\Users\Admin\AppData\Local\Temp\nsb6547.tmp\7z-out\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\nsb6547.tmp\7z-out\vulkan-1.dll

MD5 bb7496239e0f1b44c935df3954c3fc42
SHA1 d063da60766682cf40b690bc03094e5c7ebd8669
SHA256 e125930a96f0bcb36287932ceb3676d44e5c5e6a9e8ab6ca6ca60faa833f3d9c
SHA512 7b8fecee987d1f551f1d66446348c62601784977ccdca302f5173f049972271f341ec05a0de6c1eee4f2e8cb761538dd7cea03d1364920a5b1dddf02a397a324

C:\Users\Admin\AppData\Local\Temp\nsb6547.tmp\7z-out\vk_swiftshader.dll

MD5 dd3a757828c6cc214fac84486f69ba8e
SHA1 5f79beada6f80c903b5d1c04f0eb30e8acd396a2
SHA256 baf14a4d3a28ac7ceab2a750a49bbc5d3259856c16ee160a444b92b8de908e9c
SHA512 9d4943c76f828bb61162517acc50cb34cb181f155e8ddcaa293f493354789fa3ace21eabca833d407aa0c83b89fa7661cb6739f147c3002972d1db364ab4828e

C:\Users\Admin\AppData\Local\Temp\nsb6547.tmp\7z-out\ValorantLoading0%.exe

MD5 eddf449b4cb68943b945cd402552da0a
SHA1 7e158b5db7261b7c55d32f7da8c9ae381b16de59
SHA256 cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a
SHA512 33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7

C:\Users\Admin\AppData\Local\Temp\nsb6547.tmp\7z-out\resources\elevate.exe

MD5 792b92c8ad13c46f27c7ced0810694df
SHA1 d8d449b92de20a57df722df46435ba4553ecc802
SHA256 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
SHA512 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

C:\Users\Admin\AppData\Local\Temp\nsb6547.tmp\7z-out\resources\app.asar

MD5 da5450df07fb87578c50f8eaa285c061
SHA1 449fbd7d4d1bede8e332d23680356c288dc67b29
SHA256 40e5407156eaf70e89d953f39314196c9f0a909ad64a3e511812f2358c697089
SHA512 cb035593dbf7766e0afe8494493069c89c9bd1587124b17449ead9085d0bdefcc069dadd47296fa46f3918f2edfa114e8eac7ad4d7b54c25ef01b08a27bc894e

\Users\Admin\AppData\Local\Temp\nsb6547.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 53aff1011096e82e6fc89566df2fe07a
SHA1 3bcd7621b13270bbead0897e9867a517d29e1a14
SHA256 83fa47e9a314f670235dbd2bcd423b55d3ca299bb900341aa142e27ab27f5e88
SHA512 c0b67c65ac8f5953ed8a430e8750ae3ae3cfedeb768823bf6b0533f0f4971e0badb9317957ed67d6cc6b1d53c7a8a1c56a7ef58d48187e71dcc11e5a4b4ac91a

\??\pipe\crashpad_2684_WMSBDLCVEPUHXRSN

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

MD5 eddf449b4cb68943b945cd402552da0a
SHA1 7e158b5db7261b7c55d32f7da8c9ae381b16de59
SHA256 cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a
SHA512 33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7

\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ffmpeg.dll

MD5 2132fad8315a47284cb3ffc75b318b28
SHA1 1f41e3b2dbb2dd2f59f3a278bdae715c15a5948a
SHA256 5923c9159b33f5645741afef4550a7c3a57283cb6c22b95b677c8d4799d3db29
SHA512 f5eeabda49d1938a24a5c8859ca2707368ce874bcee57c658d8b1013572b92687de92159df6b3db0f19e46ae9809873103beba50233b2925ef6ae76855011945

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ffmpeg.dll

MD5 2132fad8315a47284cb3ffc75b318b28
SHA1 1f41e3b2dbb2dd2f59f3a278bdae715c15a5948a
SHA256 5923c9159b33f5645741afef4550a7c3a57283cb6c22b95b677c8d4799d3db29
SHA512 f5eeabda49d1938a24a5c8859ca2707368ce874bcee57c658d8b1013572b92687de92159df6b3db0f19e46ae9809873103beba50233b2925ef6ae76855011945

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\v8_context_snapshot.bin

MD5 60beed67e605fdbe79d2735f59113a93
SHA1 6cd5625c6dfb8a16b619490890e38c6da902b43e
SHA256 ffc7423ee2a75a420118465181e9307c6b7b2df5e40d7e4018dec07a9c6bab11
SHA512 1f4bff04464fab0c149344529903aa805c7c03b7f8c21b5f959c7c7ff11802d07079e069d3b8e8a63f409a4541b3aac4b695c535228c4a89b15c8033567d645f

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\icudtl.dat

MD5 cf9421b601645bda331c7136a0a9c3f8
SHA1 9950d66df9022f1caa941ab0e9647636f7b7a286
SHA256 8d8a74ca376338623170d59c455476218d5a667d5991a52556aa9c9a70ebc5e5
SHA512 bc9601e2b4ab28130bfadfd6f61b3ed500deb0bd235dc5ca94999c09f59d10bdcbf278869a9802f918830041f620c88e2c3b506608ade661db48ccd84c1977eb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a3f1c6a95bb5058528365bd4a439f8b8
SHA1 c97bfe330601e9c2a8c0225b958de4eb87f985bb
SHA256 2709167292807ca4a58544a9610cd255299f7cbdc038ea806d80576d167a7d37
SHA512 00d8413da70d2c7c66634e9ac9d68b81dc32a01096ff271aece5574c606425f6970ed059653b70526a0e883c5eb600bb5ed1bcbab5eb757bbed94f9954acef81

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 e8030a8c07cf59e79f1caa0bcf5ec6fd
SHA1 887f3afa40e5d52a1cbfcfb974b13512e97e74f1
SHA256 c6e1abc25c27e5e7e112c73daaeeec588175d6b4277222c3885da02b6587fc7b
SHA512 de64b889daef7921e9a53622a09fb88ee63d7464cfd12a87f047ba366ea9f616e8fbd2e66aa19b4bc4cce5e44296093ea06f2f366dd8437fcfb6e1c55fb9b328

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\resources\app.asar

MD5 da5450df07fb87578c50f8eaa285c061
SHA1 449fbd7d4d1bede8e332d23680356c288dc67b29
SHA256 40e5407156eaf70e89d953f39314196c9f0a909ad64a3e511812f2358c697089
SHA512 cb035593dbf7766e0afe8494493069c89c9bd1587124b17449ead9085d0bdefcc069dadd47296fa46f3918f2edfa114e8eac7ad4d7b54c25ef01b08a27bc894e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f39d83273e1bdf3714d6ca2b6bb2c427
SHA1 d22a39607c2f278087c7d30fbde54d2353156be3
SHA256 5c8e0c16cc66363749d8d548e30887e31538a7b9e1e450d1c04f13e128d05444
SHA512 6758d5a5b81dea75d9ac0d74ee89d728af2c3e638f902f058b770438f02a88ae2f0b4f81d7b110f05fbc676e084de3783b0f490ce8c8f9d8cb495d825208d790

\Users\Admin\AppData\Local\Temp\3628fc39-b899-4c22-aced-23bbf049e734.tmp.node

MD5 aa7eb1ed50471e76e52494e9ecf56e88
SHA1 b5cdfc7ca8fdfae7be282852d206966dcb88700d
SHA256 1544875269095605b5ef42195f86e785972cb6bef187a39fc388f46b6beb2ba2
SHA512 37b5714542b4cafc88646e535f8b55b5a0d0afeb5aa4c39624494d37727c9763f903a24c7844c03736aabede062f226bd90e8c99edfd657742a9f61379d5ecff

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\chrome_200_percent.pak

MD5 9c379fc04a7bf1a853b14834f58c9f4b
SHA1 c105120fd00001c9ebdf2b3b981ecccb02f8eefb
SHA256 b2c25fb30fee5f04ccdb8bf3c937a667502d266e428425feeb5af964f6167d48
SHA512 f28844dba7780e5f5c9d77ac3d29069dfcd6698447d5723886e510eadd51d6285e06adbda06bf4a69f841afc161c764cb2e5b9ad2c92f0a87176709b4acd2c13

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\chrome_100_percent.pak

MD5 44a69827d4aa75426f3c577af2f8618e
SHA1 7bdd115425b05414b64dcdb7d980b92ecd3f15b3
SHA256 bca4401b578a6ac0fe793e8519fed82b5444972b7d6c176ec0369ed13beaad7b
SHA512 5c7bdf1f1deb72c79b860bf48f16c19cb19b4d861c0b6beb585512ad58b1bc4b64e24edfcd97233e5b91dcd0f63ed1c7b278d22ec062fd0dfe28fe49cae52049

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

MD5 eddf449b4cb68943b945cd402552da0a
SHA1 7e158b5db7261b7c55d32f7da8c9ae381b16de59
SHA256 cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a
SHA512 33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7

\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ffmpeg.dll

MD5 2132fad8315a47284cb3ffc75b318b28
SHA1 1f41e3b2dbb2dd2f59f3a278bdae715c15a5948a
SHA256 5923c9159b33f5645741afef4550a7c3a57283cb6c22b95b677c8d4799d3db29
SHA512 f5eeabda49d1938a24a5c8859ca2707368ce874bcee57c658d8b1013572b92687de92159df6b3db0f19e46ae9809873103beba50233b2925ef6ae76855011945

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

MD5 eddf449b4cb68943b945cd402552da0a
SHA1 7e158b5db7261b7c55d32f7da8c9ae381b16de59
SHA256 cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a
SHA512 33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

MD5 eddf449b4cb68943b945cd402552da0a
SHA1 7e158b5db7261b7c55d32f7da8c9ae381b16de59
SHA256 cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a
SHA512 33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7

\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\vk_swiftshader.dll

MD5 dd3a757828c6cc214fac84486f69ba8e
SHA1 5f79beada6f80c903b5d1c04f0eb30e8acd396a2
SHA256 baf14a4d3a28ac7ceab2a750a49bbc5d3259856c16ee160a444b92b8de908e9c
SHA512 9d4943c76f828bb61162517acc50cb34cb181f155e8ddcaa293f493354789fa3ace21eabca833d407aa0c83b89fa7661cb6739f147c3002972d1db364ab4828e

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\vk_swiftshader.dll

MD5 dd3a757828c6cc214fac84486f69ba8e
SHA1 5f79beada6f80c903b5d1c04f0eb30e8acd396a2
SHA256 baf14a4d3a28ac7ceab2a750a49bbc5d3259856c16ee160a444b92b8de908e9c
SHA512 9d4943c76f828bb61162517acc50cb34cb181f155e8ddcaa293f493354789fa3ace21eabca833d407aa0c83b89fa7661cb6739f147c3002972d1db364ab4828e

\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ffmpeg.dll

MD5 2132fad8315a47284cb3ffc75b318b28
SHA1 1f41e3b2dbb2dd2f59f3a278bdae715c15a5948a
SHA256 5923c9159b33f5645741afef4550a7c3a57283cb6c22b95b677c8d4799d3db29
SHA512 f5eeabda49d1938a24a5c8859ca2707368ce874bcee57c658d8b1013572b92687de92159df6b3db0f19e46ae9809873103beba50233b2925ef6ae76855011945

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\vulkan-1.dll

MD5 bb7496239e0f1b44c935df3954c3fc42
SHA1 d063da60766682cf40b690bc03094e5c7ebd8669
SHA256 e125930a96f0bcb36287932ceb3676d44e5c5e6a9e8ab6ca6ca60faa833f3d9c
SHA512 7b8fecee987d1f551f1d66446348c62601784977ccdca302f5173f049972271f341ec05a0de6c1eee4f2e8cb761538dd7cea03d1364920a5b1dddf02a397a324

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\vulkan-1.dll

MD5 bb7496239e0f1b44c935df3954c3fc42
SHA1 d063da60766682cf40b690bc03094e5c7ebd8669
SHA256 e125930a96f0bcb36287932ceb3676d44e5c5e6a9e8ab6ca6ca60faa833f3d9c
SHA512 7b8fecee987d1f551f1d66446348c62601784977ccdca302f5173f049972271f341ec05a0de6c1eee4f2e8cb761538dd7cea03d1364920a5b1dddf02a397a324

\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\libEGL.dll

MD5 5c70cc094fc6e108a5689c88f1144a51
SHA1 460b668e4301e774b79b182756db25fb0b7c206e
SHA256 c99a051b9d73bc638d593561ea7ed499db689420b51d5945a618579a26cb0b42
SHA512 3943bb1bbbe683a4d2a43609d78dec9b70b58f542f88aa783080732201650b38bd0a3e6936439cfadc211c51512da9680999d6e4f7deb077096988b6878124e7

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\libegl.dll

MD5 5c70cc094fc6e108a5689c88f1144a51
SHA1 460b668e4301e774b79b182756db25fb0b7c206e
SHA256 c99a051b9d73bc638d593561ea7ed499db689420b51d5945a618579a26cb0b42
SHA512 3943bb1bbbe683a4d2a43609d78dec9b70b58f542f88aa783080732201650b38bd0a3e6936439cfadc211c51512da9680999d6e4f7deb077096988b6878124e7

\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\libGLESv2.dll

MD5 7b2ce44ad89a57b1183d36e89fd0357f
SHA1 178f7ed96f5c879b08729acff45bc50cd2ed64c7
SHA256 9072dc08a094f4669e50ac1d062e1e0ee53714eec67a2e7fc0dd2de832239701
SHA512 9d2909023d60564c8ab65cb1668e52b715c37df22bef480e5efa3218b1fad8777acaeae7a17b385e2dda2f3dc0e051ec157ec73b56cef1aff2b8a2281ef7ba41

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\libglesv2.dll

MD5 7b2ce44ad89a57b1183d36e89fd0357f
SHA1 178f7ed96f5c879b08729acff45bc50cd2ed64c7
SHA256 9072dc08a094f4669e50ac1d062e1e0ee53714eec67a2e7fc0dd2de832239701
SHA512 9d2909023d60564c8ab65cb1668e52b715c37df22bef480e5efa3218b1fad8777acaeae7a17b385e2dda2f3dc0e051ec157ec73b56cef1aff2b8a2281ef7ba41

\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\d3dcompiler_47.dll

MD5 ab3be0c427c6e405fad496db1545bd61
SHA1 76012f31db8618624bc8b563698b2669365e49cb
SHA256 827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6
SHA512 d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\D3DCompiler_47.dll

MD5 ab3be0c427c6e405fad496db1545bd61
SHA1 76012f31db8618624bc8b563698b2669365e49cb
SHA256 827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6
SHA512 d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

MD5 eddf449b4cb68943b945cd402552da0a
SHA1 7e158b5db7261b7c55d32f7da8c9ae381b16de59
SHA256 cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a
SHA512 33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 88754e316bca5e2e78d49351193d6110
SHA1 fca5f4674e3eb08fbf9a6dffba773f74124cd095
SHA256 33d27463ce4af0c9f09acd7b88789eb194d4499e2febb0bf47cd1ecc7d9f7003
SHA512 525f5815441583bf1d2d9f1abe17a24a8fd5e621b1d3c9f9b696575268de13f2fae029020af0cf1222c40898f19addb28a95c9326f0ae25a5bfce91d360b09e7

\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ffmpeg.dll

MD5 2132fad8315a47284cb3ffc75b318b28
SHA1 1f41e3b2dbb2dd2f59f3a278bdae715c15a5948a
SHA256 5923c9159b33f5645741afef4550a7c3a57283cb6c22b95b677c8d4799d3db29
SHA512 f5eeabda49d1938a24a5c8859ca2707368ce874bcee57c658d8b1013572b92687de92159df6b3db0f19e46ae9809873103beba50233b2925ef6ae76855011945

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 949a498e96f64032e503bb10be31a4f0
SHA1 6272a355b626deab2b189cb2d48dff301708a2cb
SHA256 20df74df43c1587fa16cdb9142384cb6aab5db99730c8d5e26993808f29468ee
SHA512 54ec6fb031815d095ef25f6719fde5ccf729366b412a8902e027bdf40050a5da130d4c55bfce48e9986714b29ccdabbc7e6a64942f8aecd2abe9dfe9bd733d37

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\debug.log

MD5 1b0327f052b1eb8fe75868dcd07a300b
SHA1 7052078c799c5f4188ef0360d7a87aec2562d343
SHA256 ad28649e895fc8b6e68913bc8f3b109c79a39a676278187dcdb3e9aef41fb51b
SHA512 ebb24adbaa2cf4d8c49c238f3d7669522130d1aba1d77d6ada88f3be196cb880c6e216148f3df24a77da6b21bb835f10a9ec352f3a8708015499dad78337a157

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log

MD5 decfec6c7a6d7ac47a1b5eed256bb2d3
SHA1 410d98ee7ce540ab525b92d1b3942098fa2423ce
SHA256 a4d3af6e06326febf2fea5b77ca466e9f0b660c731021285a96c411d06f461dc
SHA512 628c9ac0dd3a7cd54b629025863ef838a877d36a29597a6089a77e097531b0a23870787db6d19df3ea61368ce93036661d9787fc84d3980680220683ec51dbcb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 e8030a8c07cf59e79f1caa0bcf5ec6fd
SHA1 887f3afa40e5d52a1cbfcfb974b13512e97e74f1
SHA256 c6e1abc25c27e5e7e112c73daaeeec588175d6b4277222c3885da02b6587fc7b
SHA512 de64b889daef7921e9a53622a09fb88ee63d7464cfd12a87f047ba366ea9f616e8fbd2e66aa19b4bc4cce5e44296093ea06f2f366dd8437fcfb6e1c55fb9b328

\Users\Admin\AppData\Local\Temp\118c708e-855c-4f7a-937f-877d54906444.tmp.node

MD5 566b70feb8fce14caa4c18c08ce7f5f2
SHA1 f2ebbadcf5914860f0041cae0e0562879d3e8af5
SHA256 66bcc5fb47acb03d1d4e6d37553d80bc087b92e405c4392631d8c5e34d773097
SHA512 35d63d6cd0c1cfe9b58037bc382f84247a762994e2a09eb9e8a2a4c622845c5ada8c7874d3ebc25f3e59faca6f3052897a81394e07e17b71ddc4686e2df9925d

C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\TransportSecurity

MD5 aa766d7f7c76b067a8333bbf418e8aa9
SHA1 74743904e53defb8ccd54eaa4cb9ffd5c9073e49
SHA256 4562d40bbb11234562e9a130b1f7ff6776ebae9bd4ca033cd769cb04f8c51d97
SHA512 a89af5221e9ce7ea8c1f24778c657ee4874abff1b71fd4f24d0f051bc39048ebed7e422b0c12a4de8c45e620cc74bad3822b5c2c1369ea36cff4e533d07546fb

C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\TransportSecurity~RFe57cbeb.TMP

MD5 59580a1df1712788d1ee681928b7b2ad
SHA1 df9900b3d9948351b01b8b7e596603cf90669045
SHA256 fd517484ce56ff04ddc30f1551b63e4e55ebf31bbde39c028c574e3d61f30a02
SHA512 12fa33f781a5a3708ce8d7dfb232c3646435517928ca7f0c8a27c9ed1ef94eead7c306981e0e7663caa6827fd2dcc962e76a4e85da48fb1df5481e5c3adddd5f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma

MD5 c806c4473f82ec409d0d01281513adc3
SHA1 a2a0d2dea8fb5429c8eb339d7504936db8b7ed95
SHA256 92cd61a571d3eb9dbff4319c293faf68a9a0960bd7efac19cd413df10d0b325a
SHA512 febbaad04eaa215c13f624905fa79c93f04057432895a67e93a41343fcbd02da3424713c62b068429d75a6833981c54f1dfa2df81d9d5ec891ab40fdd5bb2895

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 dd9a2eda3b4beca49d44d01d9398aafb
SHA1 0f2ff6332faf3710a198dae6461efb10c5033159
SHA256 af77621dced9da095af2cf51a0a9001ba1d62fb7adcd9efd36cd5ddced60cc6b
SHA512 85e7a21bbaa741ae8d43e600957dd543480202ea61c212e891fee3810bfb8e7690636cfb11adbfc0079c4948eab4573ce7929b331d69cf5f4a4559705631691e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\crashpad_236_EDJDKTZJMMPOATDY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 dd9a2eda3b4beca49d44d01d9398aafb
SHA1 0f2ff6332faf3710a198dae6461efb10c5033159
SHA256 af77621dced9da095af2cf51a0a9001ba1d62fb7adcd9efd36cd5ddced60cc6b
SHA512 85e7a21bbaa741ae8d43e600957dd543480202ea61c212e891fee3810bfb8e7690636cfb11adbfc0079c4948eab4573ce7929b331d69cf5f4a4559705631691e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c0096b76de4a56bee57f03c8e25d0030
SHA1 b3b26f3657f37d49a47e4265679533480a6d272e
SHA256 4f08cefcc16c0b6653549bcd65598e81a0b785a5adb4f69c8017398e8a6304fa
SHA512 2dcd56351eec7e21f7fbb989e11ca2e752515e8ac59d20a875678b164dadd139f4bf70d335a6b83adf3d497e28a19e49b1129fca61e1af3b5f4be08a3f2a6286

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

MD5 9eae63c7a967fc314dd311d9f46a45b7
SHA1 caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf
SHA256 4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d
SHA512 bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

MD5 ca1e360e15783a5e339359fc5cbf4d63
SHA1 455cf6fe7ecedeaa36f0c03d65dc5d6931caf1e9
SHA256 bb0b32d5ac77023f60e04e338239b313b894c71d3728f72bb297bfe25696c195
SHA512 922478ff4485c7db3b150aecdd58b9c77cfb6ba666f6495612a3fdb7c184cf07ceda7d14cd2502abd498871eaa4ee58735873e68f586529d6b808570f315d7c4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

MD5 f7b623460ee0c615fc560ebd37b9a156
SHA1 7856e725fd507ed2e83cd76c2f21a3dc599a1738
SHA256 aad5656af8c66de9b5dd974770e7396891888c0c8441b3a3cc16270f2b260f76
SHA512 b95f8bd94bf7f31c96ded186151526618fd54859562982a808fe2f2fc1994229d1bedca41caddef3470bdd82de5f1c90da3d7b048ee17879a1f0491ce140eb05

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 88754e316bca5e2e78d49351193d6110
SHA1 fca5f4674e3eb08fbf9a6dffba773f74124cd095
SHA256 33d27463ce4af0c9f09acd7b88789eb194d4499e2febb0bf47cd1ecc7d9f7003
SHA512 525f5815441583bf1d2d9f1abe17a24a8fd5e621b1d3c9f9b696575268de13f2fae029020af0cf1222c40898f19addb28a95c9326f0ae25a5bfce91d360b09e7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

MD5 301fdd34d64b4c17f215bb3e8cf533ad
SHA1 0c15806b37f472c77b87348da09c41abf3bd97b6
SHA256 03052498312209ce226ee4729ff2a6738149e841a189a34afea91accb754a962
SHA512 447b8d1e8fea5e577d5eacf32e7928e054e173674a97960211acb110f492d2ce9b704c758619496fd22cba78d7a76f6d00eae8d79f34f7f08e44b7f1c5984678

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

MD5 c342f63f1e54c714f4c56748fbe8fec3
SHA1 15f27c92f1747aa1c4e927b7b3b901ee43fae34f
SHA256 74233bb370799cd109c334363644cf82dc545f8a140fc942d4d680b8a24974f6
SHA512 bad436d226ec766865588b2ce53d3aa2b8ad04f019075e42a9ae18e10fa952d8b809e997ed82d894fffb97cb96e2f79b54d12e46353ae10ee6d6bd265f0d1625

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

MD5 8674030a27d4d7578be72a6ba70a88ec
SHA1 4a90b514d0c6ea87e73464eafdc503d3d2e8d8cb
SHA256 ae6d75f72f9e7820a0016dd471a52e7dce60bf4b641c858cb4f9192379d6c77a
SHA512 70a5f1c3880b1cbe8fcbea8afcc68975cb10a153e12b7d49e7d5dc37eaeee1cb05c8d4db7aef3c776ebbba1a7ff7a8f776da63e3717e2e403d77c22334ae97b6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\reports\6f6361f2-3440-4ffb-a15f-e6f73be1f73f.dmp

MD5 9956dd3ef3b14a3f157b72fe183e63f6
SHA1 02fb1d066bbee9f13e97a4de78cf1ded42fdad0b
SHA256 9bc717aea85f2e41902a86aeb94e7c2d55cce4d25564b2260a948cec6afeab3e
SHA512 6bd20911d0d0cd9cf2e854c00f486dfb38e5e8ad18045fdd534b678cda499560af2913410c13e0a587194a2ce5a2de05ed613332b882739b5124382cbcf9673b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\d17976ad-75d2-4c64-a9f3-a821b35ff3e9.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 e31ee11a6670929bb2b5c3f9806d2e1c
SHA1 7935cf90e182ccf68a97e268cc5034842e7c8d2d
SHA256 b3170dd5f79bff8392b01ad9694cdb1e8bb6c72c28e7a738df4a212d7d124138
SHA512 808d25e45473233b467ed9830e20b656dd4a9ae55e11794cb5d7c4c1fd66fb870fefeee6373637653eef8f3e0a05d6877a4fdd178c5be112b0ff8302e1948eec

C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\Network Persistent State

MD5 9f20c4b914eb7281a14c8d9f691ed542
SHA1 fac9d4fe64818b3afc7424c64c5e8fc8fc84f8cd
SHA256 22678cad90833ca3b784339d0244c113bda08230b1a23772455197d2f51613a3
SHA512 5889bbff1cc9869a6b362104eb6f8b143d7a321c3e33f5b4d4b136644786db6966395bbe286ddcae1f58f6f7866b85b999ca198cc1f080c4ede1d33b6478a680

C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\Network Persistent State~RFe582016.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

MD5 b5fcc55cffd66f38d548e8b63206c5e6
SHA1 79db08ababfa33a4f644fa8fe337195b5aba44c7
SHA256 7730df1165195dd5bb6b40d6e519b4ce07aceb03601a77bca6535d31698d4ca1
SHA512 aaa17175e90dbca04f0fa753084731313e70119fef7d408b41ff4170116ab24eaee0bd05dca2cc43464b1ee920819e5ce6f6e750d97e3c4fc605f01e7ff9c649

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 1505ab57f851caf5f1353c08d022ed02
SHA1 5ebe0cbb23c0010bc23ddd32cc0f4de384015c29
SHA256 495881f08e006a5e59977502736562712f3d943bd989170cec9cafcf02f54781
SHA512 07c79d3fa18bd45132a2e84012993c2854505a3225892405e0f7ca856fb629bb7a8bcc3d70e8b7e5a58c5c4ff4a54ad90b643f1d05dd00dfc073a067ea8b2012

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 08b31d7b7c0f13651a539d74e9dbe8ef
SHA1 dac4904082455c070b4f724753d97ea79c0e0690
SHA256 14158e1e810581e71db1e993077270dd045fcf1bb0fa0f8ee33b782804f3ffb0
SHA512 027925a4f3de333f459394d4adc6619113e1caefeea33a315983e0c30dc883f3e53c7632b0507e0054205701b5fc724d1a2210fd812a6cd007ab43694288a3f5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 50411f8f1a9c3eb9489960320e1db7c7
SHA1 ae5d55fc20e8d97b74eeb7389bd94d64a2ab8c3e
SHA256 93b8d3c453026475bd4515204b7070cd4fa471f7fca122826e541da27f0be098
SHA512 c7a60f6ccdb106879f579bb7f1b2672ca5b9436af4c7e8e1d3e67ecd25223d67d581a029a52311983b9fb94b9668a3e88c45c0b4996d959e5fedd4f6f4501287

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0af9bd06d8590ae9134aa5d1d8f965af
SHA1 561818075e62430070e4149d29f25eb7b34d8bb9
SHA256 6fbd0f351853e6340a9f932d7b10ab8e2c0760a92a3c646d73010eae01ab34a0
SHA512 9a4e772b5fd672ebdb57a8208885423cf9a948c56ce6d6e9cf829bfa17205fe3fa0a07e7e7d752fe82df62ab960d8839c0be1ffc3c11b324f4e27413e69afb6c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 90915a0648fbcb065ff37379ccbf8992
SHA1 861167e2382684f5517719308384c673c6c4c9c1
SHA256 aef450a6f3e0b7f8679d9d7763270bdf3e5d8560740b7363997ea2be732fce69
SHA512 7c982ea77fa11fb3ea8fafd2f5126525aeba85c62c681a3b25d53e8b6ab42017fc5da6abc2544d2b23b9b68d77527125b09f8eef49b8459713cc33e2b8549298

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 00e440f9d006be49c323da48278b7875
SHA1 4b783f764d8cd27d41d030d4353daddb71adc111
SHA256 2f7f133645f8e494a0db8137e603a58012acc662c11b49609c086ed0cd1f29f5
SHA512 ab1105cb138f45246f608734eca92a1a04388f6dfc66f098e51ab53c8f471759cd6f692a475aedd63a44ffdcd0eb4ad09263dd89af2ab78bbe31409d8c0ec324

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2488eb0a88b527fd2fe257d98ef92770
SHA1 c81bca519a2fc42412f50413199b62a367d28ae9
SHA256 ff3e5fe7e7455f74373138703fcafee61c39816a0ed6a77c2d861eb1b411e362
SHA512 0465c7ed7ef2c5b67ac53f96bb8666267a76979d257e0429e4b54fb6ff84eb97559f932a804f22a1d6b0d5ce2e6a7e4055effcb03bca952fa128df0599d1ebc6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d259f6a52ad8b1c81927cba6e96397c3
SHA1 97226252314b469228d84c6b994b79272d84e0bc
SHA256 482c90eb4e9e0a42cbd9b7975d59d06453378f4a9c2924338efe9364077907d8
SHA512 c57c3aaeca0643d5d4402377124da5261c13c930268af1d7311f071016c8d894278c7e625450e1a5eb375c9271399bf189417ed39f847ea0f098b835ce59cafa

memory/824-818-0x00000000043B0000-0x00000000043E6000-memory.dmp

memory/824-819-0x0000000006D90000-0x00000000073B8000-memory.dmp

memory/824-820-0x00000000043A0000-0x00000000043B0000-memory.dmp

memory/824-821-0x00000000043A0000-0x00000000043B0000-memory.dmp

memory/824-822-0x00000000073F0000-0x0000000007412000-memory.dmp

memory/824-823-0x0000000007670000-0x00000000076D6000-memory.dmp

memory/824-824-0x0000000007790000-0x00000000077F6000-memory.dmp

memory/824-825-0x0000000007800000-0x0000000007B50000-memory.dmp

memory/824-827-0x0000000007B90000-0x0000000007BAC000-memory.dmp

memory/824-828-0x0000000007D00000-0x0000000007D4B000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 547d1166ea6ced159a48e850012f2a02
SHA1 9bad50381a815ffd908f0f2cc05d7fdf664c7113
SHA256 473ffa9555e517ded21ff883206d26d80a11228f0aeb226261f9dde75efe9bb4
SHA512 5c82040117911e24c52953915fd261de40e74e43e4e9afe99fb8c6299ac61a4ced43bdb68fffe1b375080b0d477e9b923d6326292f8ac94bd0fe8f8bbcc2424d

memory/824-838-0x0000000007EA0000-0x0000000007F16000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_1uintg3d.qly.ps1

MD5 c4ca4238a0b923820dcc509a6f75849b
SHA1 356a192b7913b04c54574d18c28d46e6395428ab
SHA256 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA512 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 667ee9f37b148dda5504f7b3c1c682d6
SHA1 de5de758a1e657c9e6c453a5c88da9a05f9b70cd
SHA256 6759a28f2fb6bf6842768f57fc5853a2581b185635cf98c8a7fe4ba3e0be4567
SHA512 2d56c2a6097557f706a7ad1fa1e0f8983ee8e5c0d2a72da1c6ec9d54d6aebd36e8771e58c9ca38f5574fd50bf86a3841f9faa39458bb55c2b7d9ee4b8523ab9a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 119df767b7373d75c90984a21eb5c340
SHA1 8955e88534e69fff27902a6b43f73e585a76ec31
SHA256 b32f196432fedbcd5c07d3a379f3fec1bb4786969fefb6c70510e218754be721
SHA512 7eb511790599cbb26bc592423f67ed15e70330ed383f47908bda824a09674ea27a7d01c7dcf0e3393e12a40a028e7baf65e653374a1389dc884c6b170930c6c1

memory/824-871-0x0000000008F40000-0x0000000008FD4000-memory.dmp

memory/824-872-0x0000000008C80000-0x0000000008C9A000-memory.dmp

memory/824-873-0x0000000008CD0000-0x0000000008CF2000-memory.dmp

memory/824-874-0x0000000009570000-0x0000000009A6E000-memory.dmp

memory/824-875-0x0000000009110000-0x00000000091A2000-memory.dmp

memory/4076-884-0x0000000006C40000-0x0000000006C50000-memory.dmp

memory/4076-883-0x0000000006C40000-0x0000000006C50000-memory.dmp

memory/4384-904-0x0000000006C20000-0x0000000006C30000-memory.dmp

memory/4384-905-0x0000000006C20000-0x0000000006C30000-memory.dmp

memory/1788-942-0x00000000040D0000-0x00000000040E0000-memory.dmp

memory/1788-943-0x00000000040D0000-0x00000000040E0000-memory.dmp

memory/3280-954-0x0000000006900000-0x0000000006910000-memory.dmp

memory/3280-955-0x0000000006900000-0x0000000006910000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 2542b94e9ac6e83aed780f36d715c2e0
SHA1 6a28bbaff7de9fc1e007395b9712dc0f9cce94ef
SHA256 3b7fae246e690dfbfe9afd532b62dd4c20faf88a8e497ddc85fe8544809af242
SHA512 d8dd84913b9965a35458bbf961ee9158feeccedbf3f84b2be4182b4843189fea8c8d70918b68e6a06dbd1b38d9fc15efd6efc877a492a94a991de16966385449

memory/5016-984-0x0000000006C10000-0x0000000006C20000-memory.dmp

memory/5016-985-0x0000000006C10000-0x0000000006C20000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 bb27d46c7684df546d5938550b14b655
SHA1 c3992406d1f8e4926362da9f90b519ce137ca032
SHA256 90a5359ed920116ce2c4c0498af99ae6e91dbee4cdb97f3792af4218be393851
SHA512 a062345d3e2edcad7acbf0bc7f48e170ce1ed070797c73ecb49c421ae1ba778ac64a018fe7125d31b7c63b60a0cf0a36d146f9885a9615805b4eae36702ea0b1

memory/336-1025-0x00000000048A0000-0x00000000048B0000-memory.dmp

memory/336-1026-0x00000000048A0000-0x00000000048B0000-memory.dmp

memory/2220-1040-0x00000000044D0000-0x00000000044E0000-memory.dmp

memory/2220-1041-0x00000000044D0000-0x00000000044E0000-memory.dmp

memory/3408-1067-0x0000000004270000-0x0000000004280000-memory.dmp

memory/3408-1071-0x0000000004270000-0x0000000004280000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e283c160c6e2c70fda4e6c7bd2fa7277
SHA1 1c02dab65a8ed02e3b7bbb720dc9e570d3935a22
SHA256 26534f79f25dd15e5ea41cd95d123a9beb2a1499364dcfc00eb2074941bea3c6
SHA512 8a99ba7afe930a1b6ebd4a23950079c7c586985f9edb206876c27a1ad705d679f1ded277004ed4b139dcdeaa8d26404f57a91186d1945bd4bd78702e9b95da25

memory/3716-1105-0x0000000007100000-0x0000000007110000-memory.dmp

memory/3716-1106-0x0000000007100000-0x0000000007110000-memory.dmp

memory/2040-1115-0x00000000073F0000-0x0000000007400000-memory.dmp

memory/2040-1116-0x00000000073F0000-0x0000000007400000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 23caddf1ccceea41801b580edd5b1b49
SHA1 b1297434505a195f3eb7e752228f3fdcf7c23c13
SHA256 a4de5e769499b4c9eef547c2e0a88a725f56fc18ac639d82524a3ca02adadcb4
SHA512 9dd100ebe71dcfee937ef5adcc599485cb5cb2ccfd6ccbe1772dfbdb8b23c78ecb87a27ceb589a0f6ad8715b939f3cd308848bd1043d14b332d986e1107a9972

memory/3560-1145-0x0000000004820000-0x0000000004830000-memory.dmp

memory/3560-1146-0x0000000004820000-0x0000000004830000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 4601249de9b9b6d21b403ae43abbc851
SHA1 d3e99a7bc059cacc93bc7b527fada405d8aa7016
SHA256 4abbc1e8d40287c02db0df21c7ebb501bae9a40d82428ed3d9d38f5e3a255e1f
SHA512 37a3f3d98d34d21ae64dfe157d651274764a526fefe1085df8a47db5e025e1d715c955e9a4ca06cb77fc38a56b6c4be8d832496ffd8593044de98a99dc710aea

memory/2256-1186-0x0000000004AB0000-0x0000000004AC0000-memory.dmp

memory/2256-1187-0x0000000004AB0000-0x0000000004AC0000-memory.dmp

memory/4276-1197-0x00000000068B0000-0x00000000068C0000-memory.dmp

memory/4276-1198-0x00000000068B0000-0x00000000068C0000-memory.dmp

memory/4516-1219-0x0000000004680000-0x0000000004690000-memory.dmp

memory/4516-1220-0x0000000004680000-0x0000000004690000-memory.dmp

memory/3408-1253-0x0000000004F90000-0x0000000004FA0000-memory.dmp

memory/3408-1254-0x0000000004F90000-0x0000000004FA0000-memory.dmp

memory/228-1262-0x0000000006520000-0x0000000006530000-memory.dmp

memory/228-1263-0x0000000006520000-0x0000000006530000-memory.dmp

memory/1208-1284-0x00000000049B0000-0x00000000049C0000-memory.dmp

memory/1208-1293-0x00000000049B0000-0x00000000049C0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 34d4c12d5f9b09ea521d0fce05d5d7f0
SHA1 97cd967535824f307c23d3b3b6f0da5e25941e3d
SHA256 f336b855354fc866018cdb7edb4fb65cacb2c41524c88fbee4ccafbc01a1b04b
SHA512 64515cc2dbc690b9116bf5b4d99b11ff7a3eb189d364da891e370c909cb529c6928b499c902999b45c4d4922ee9985a425d5453d3b53a67d1ac21be5952c0600

memory/3840-1328-0x00000000075A0000-0x00000000075B0000-memory.dmp

memory/3840-1329-0x00000000075A0000-0x00000000075B0000-memory.dmp

memory/4680-1351-0x0000000002B30000-0x0000000002B40000-memory.dmp

memory/4680-1352-0x0000000002B30000-0x0000000002B40000-memory.dmp

memory/4840-1368-0x0000000006C60000-0x0000000006C70000-memory.dmp

memory/4840-1369-0x0000000006C60000-0x0000000006C70000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e47540a77daeb32a7681c0be3e6650f3
SHA1 04a9d8225c38cf79e7ea72891504d8b36e292950
SHA256 4f23de42bcb2bbc60283f299ce12d04e7e9845c775b97bb4966978e65d6ee6b3
SHA512 e53270f26a12f1febb2bbe55894c4aa6ddceac001ec5852690d5e89d7a62cb3488bf98111ade2c4540477c048abf95ebc8239619de9629d43a1b265fd0ef5e18

memory/4540-1400-0x0000000004720000-0x0000000004730000-memory.dmp

memory/4540-1401-0x0000000004720000-0x0000000004730000-memory.dmp

memory/1892-1423-0x0000000004F30000-0x0000000004F40000-memory.dmp

memory/1892-1424-0x0000000004F30000-0x0000000004F40000-memory.dmp

memory/1276-1448-0x00000000044D0000-0x00000000044E0000-memory.dmp

memory/1276-1449-0x00000000044D0000-0x00000000044E0000-memory.dmp

memory/4448-1471-0x0000000006FD0000-0x0000000006FE0000-memory.dmp

memory/4448-1472-0x0000000006FD0000-0x0000000006FE0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 143b87574d1df5e9d215764671491566
SHA1 b815b33de1af95b03b8e04b9dceb98846df1ff88
SHA256 16d05354a85b6d53ec0be6d3dc2e4c107636dc1fe3dc095f51509a46ff5e9402
SHA512 4837dde3488721f15e89ed13997b358d7d3c834b76b03ced4a884a93bedf304d37374b586df3ab2516d70bbaf558e3fe000d91fe9e5244d05137bc965015981a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 84a600d6ea5058e201087aec95674523
SHA1 30809cb2112c184b494df9ef8e916809ebaab14e
SHA256 2e74282fefe7175a812ce06707e23425ec745eaf56115b54a210340bb89d3d64
SHA512 bc3e1bd82807df401273b9ee09dbe1a33d2e617769fc1105f8ecaa2fceeb032e279f5892c425600517fe348996eb64d483665473ae968755b1dea6fa1f38ac1a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b83423a19c02f4aae32ed624a564a4bd
SHA1 52c22f8a3c4dcde86cea6c321227d1758c3b081c
SHA256 0636b9be78b354615935a4f98ce40f84cac1ffcb6c5be25b253e564d8e158065
SHA512 8133f3d9df74adeeb84ff4bbf196a8cd1325c031f4c81b75f05c4278b21e45892f3ee0f17b495efb5c2d445759a989265b545d4bbc673b9bc4822d01e4b49347

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 29190449745052e7e32f44fd92dc2222
SHA1 2d886fd2e67dc34b9d17baebffeb8fe06b71295c
SHA256 449241d6aaccd4c2af4ae5c097ed85620d5dac2fbb0adcfb468df85b6a6ef313
SHA512 495fa4a94eb88b9e646207589319d2c88fbafdeff94bd7d698813c51e23a285dced93e68445d59cbae3cb8df3d5f3fccd549909e0c689df572f302f0e90a2a1b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 337f9fa37ff0684f1d030d5a3d63ea49
SHA1 58748faabbebdbb0cff9db4e9b2ec86b2e05e5d5
SHA256 9ac7930b2a158c4c008e19ee542e50cac1d7912b7048bf5ce00507a63225c30e
SHA512 d033c400e8d9ac247176decc5eddeef7f17fe3dc9cce7cac9fdd289ae2b559e4bcfe146ff6b6ac39bb82e4472f2dd3634a1ec2aebda888affe486a1c73aeee09

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5a9694.TMP

MD5 46386886259ae9ab6dca3ad111ff5904
SHA1 f3ccc2d451f0f1e5c534803bd01df2cbbed147fd
SHA256 26f790beaebb05b620ca7d89e05d5e5fd6dc8d0e745c93f07cf3fe0349a600c2
SHA512 75d774e58a006d5fd73247319c35ba52b3eb3f32875618fe2390126dade04adfc7ce875951ffa9738a72741b33282cbe58c95381a6b8ec34d360435d4297cd49

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1ffea99e89245769d9d6446d2ef52b46
SHA1 ca7d41bdd51f3cc8393439645cb1a285e03b8e88
SHA256 d194eb60d969c20aaa084b82857cd9a40545035218658e8e38bbe2c3a79905cc
SHA512 dcafa23f14f83ecc7581401864e6c2e88053337961af4117e07a9844cd3e6c6ca9f1214bc347b61bd3c67113a3d0bbd8bf3e6218938f7ba624d29774f39ba06b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3b9ae65ace35e02a4d6156157bfe7c3e
SHA1 25ea590ffb8d8961591e1eb396d1a7e4ab69c662
SHA256 ba9d96625e4b278629b505e7cbe09a358982eaf203066f0b2201eeaefee00b36
SHA512 76c107194abff94d15a1370190f0700c0e5b20a0a79b15e479fc4f98188f3f471236cd727638f527bc695c7c265d8a90329255c6298fd49a6db19bb643dc94d5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 e1bede21620163d8cd3bac73ad00e565
SHA1 d2c596f410e0323bdd7bbfeba9856868c9252463
SHA256 abb589fa11e42463913b434153bb1e96ebf46593b373b2ade1f7adcf6d87eeef
SHA512 b67178a93602469f5e0276fd6bee7d3d123e527ec93de97cc995783ef52db43fcaa9495b1795ca62d012b8c3629b9ddc4d28a9e333b21c47f5794c9d870ec6f8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f8fb15a3b4c7d8c37a0282628df6ab52
SHA1 81e118f4f129ded1f02b242e829095a5776ef917
SHA256 5925c57dd1ca44c4950b3d9f672e64f00aad3327ac3cdd84f324a93a81cd3a8f
SHA512 a08117dffb36560de180f3997ab1f4fecab486373d731027bd6f2ec57ffb4f6ac0edce0a3a853b0a84a06887b0cf79f57ab3baf5dd50d84bff0ac04fb9ab0997

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 77d063b2c1aaebc224041a924194c87e
SHA1 e55a995c517e0ff01436dc253e474c14986d92e3
SHA256 65ee4eeeffba802676ff8e1f193e246cc114400f8213c452b0a2a64c93d96f4b
SHA512 e50189e4480fa24aa5fe61b3ff2185172bbfe13d53fd71fd13e3046bd257cf4e40dfecda8dbe07e7f3faed6244bb9a69ba06f964cd0a5a21f6a0663740e9cf4e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 06e48577243890cd2546d1cc97afb8f5
SHA1 a0b8754c008646506543cfac0e2068a021f8088b
SHA256 6723174cb8c29ad73f70614882865f5ed7093a71aeae8dd8f96348bc35394eb6
SHA512 507d1c19aacc9e8891f2fac32aca69eac91f98a6f43a1b8b515c7fdda1d99ce186efa45bdd769233753c6a8efaf175293f87a4703977cc56924c27ba9effda24

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 97aaa6add5341b5210322ad01f3e97f6
SHA1 6f97eddc59229f235f4013ef40d698246a070139
SHA256 2ce6bae3360aa48ae0593137cdbdf830de84aecf889b1cf1edd765d3c7b27a6b
SHA512 3dce25808a6a723a6a2ebe92caf3d24486dbd0e55c2e4a8d7f197c92486f335018a0ba1e938e50bd4b63e7d584b01e58af4db33c5a2c8678521040175ae6d0b2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 17ef476f42a5bca4154933e587529e5e
SHA1 ef41c655716feceb2f13c1370df72cd60df267ad
SHA256 706e36e295e572eda50206517c7491ec9357001590521c9c3c387095b8855897
SHA512 b7051334c4d9a8e13ef6b7479ade2ca52d2d47f7174a0e2f3c64f0da1e57295afa44fbbd0d1827509de74819b40b056a70af9e1e9bec4ca435bb9a3533dbc874

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b7881b586a664beeb03ed1500dc82d88
SHA1 b3296043d8681c52cf8482c82ffce9534c79b6b2
SHA256 9473d732622d8a8e5792786cf290a55e2dff559ff345cc1227ab1dce6a0db04b
SHA512 762467aed9c03b891fb755a20dd46cbb84a9bd64a5ba17b9d966f8833c49d62de55c040f40ad23e985ad566dafa0516f5a0fee42f4f1c4d49e4b91aeb1a57840

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2aef410d8b8211eabc87347c7e7d173a
SHA1 97e4316a371d8c7bf1240e38841275d978394635
SHA256 96aea285dbd1b3b8e759f456cee60421e2ffe76ca2746b437cc4e9199074f959
SHA512 fe9830c18de384be6f982d0448c6c275b9af72206d602a0e5a5da4287c42f63814875f2a2d297e8a28247a20a57a9ba1059e2f95b1fc52aeb7b0915453a9bee8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 dc1dd8909a7a0bc623c582559ea1f0b0
SHA1 f176e8a738c9251d0b7448f83bf01eeb1bf0dcf0
SHA256 cef250058100378cb59255745d84a9cd0e2414390cf96cc5a5484dc909f059c1
SHA512 728dfacc446763a79ace6c252d0b7619106eb87ab6787591cbcb1640163dfc85dcdb0afa6edbe8f611333d58fb75d76c4b19033e652c964e04f0ae6ed903f8dc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 95c72d450156c5c38949486c1b2a4132
SHA1 bb06267543314e1494cec4810c6ae11989b04ceb
SHA256 842193a1e8fd50d17d2c7a2dd78d532adb2d20376f70d27109efa5340e40a49d
SHA512 27f3776c43af3ed274560fe0abc77f46a62a01b3b9c1f61a8138b203fef219b70a45cada223f895ced37f96db32f782da10e2ae19d9c1c38133a1de3735e288d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 47f7732687e10a7692cc28721a4422fa
SHA1 baaf022ba6602c02e38094b9923df05b8865febf
SHA256 ee5b17144ab4a0e22919cc823295178c465b24b86b4c0c45ce983e5f2aeb2b13
SHA512 cab5d345cb5470487d843ce5211d242b1fd57151aadfa799c989d9e9b8f2a48dff586311e9f0257bda5b2a92c87391b81a18458eb301a3109fb0ec5a48d7cbcd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f5fd61261b925ff2461b858d79bd3654
SHA1 08ac41b03acb5f4f0dda5ff7f687f78af005ffae
SHA256 00c2fc1c3856a1746860e1c7fe972010f993b6ac0fdf5e4433bf4acbd4c9f0dc
SHA512 740e2bde808ad76a68646f6cdadabb4b71e208ed1319bbff2b06a27e668615b6395bb50fc11ab661a98da2a03e29dce5906ae6eb9ac5b46ad5fef2308446adf4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 47665f06589a0de80896afe718da796d
SHA1 6cf012ce9409078443b33678bfa29af39f394320
SHA256 67697a03f8f8e55134784c4d9acd73d3b8065b46fc38e119b9e2f6d44fc78f75
SHA512 0d63852a176f5d7a7d9f1e46e83dfc020366fb7aeac70bc98a76420089bb345138ea5ccacef85bd117184d0f0a500f1254696145c61980386a6073e2d226527f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 2ff25b0a11d1e7dad44bc44c5342db54
SHA1 6f263100842b46225bfaac94ab326eb3777014cd
SHA256 233aa32cebafdaf303766c9bd574ae4e2985f53fea5ec379dc106cc018908376
SHA512 ab59af45488d1a9fa1d435bb22f2c3444a0c98a0ac159fa2e4cb50c0b3daaada2ce1e5307f9f33c2fc1c4f58f49f07fbece674232abd48e48554bbdf701fba5d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 a810301b578ebd1b1f721d6c0a5afb59
SHA1 b9c9e58a38d16eb48c54664d8c34ec178b67277f
SHA256 c0036a4e8c0c6d3d0e2cc55bfa9a51bcd957be4475f79b4c4551e32242c10c37
SHA512 ea8d561988ad6701d8895799f279cdecab0f4a779f49b017694e04d2a8400d2446c972c9c80b1fa4dee2f8d2ce4b3e34d639db25201a63975b7cddc0570a6e21

C:\Users\Admin\Downloads\ValorantLoading0.exe

MD5 528c7fa8598ab0f0cf3ace973391a991
SHA1 1bb881224b1b5400204b1493d1920ad7750064fe
SHA256 2db50e843ecb7e518b6dbf29192158e0b2c3bfacdbe2257be98ad45319bba568
SHA512 5996f3f55f5d77fa877f7377a978c4b132e72311861fabf04dc086f3d8fd6bcc4c5412128ce8cdbd6db349c4587e45c86ed40284aba8e0bbb5fc0ce4da5d3cf1

C:\Users\Admin\AppData\Local\Temp\nse6CF.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

C:\Users\Admin\AppData\Local\Temp\nse6CF.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000059

MD5 98c235091178b3a88be7c52c350fff41
SHA1 dde07f9104b150520a280da73353c80a46777f21
SHA256 d7a1df8dc206bf52894aea31d846d5ac413fdd92e36b01fe0817fe5af60bdadd
SHA512 3f5821ddc197b2cc8e64f6cd4388de169a1fc9548201386fc251c14443e2175a33e0b701890a405fc2fd30c3d2ab8d695ac3294f4f729e1a2ef6476412e9f412

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 db6cb8a78efd8210abccbe5244f59ea5
SHA1 b8780870a81bddff9360ae0deafa55d5942a8447
SHA256 7d6734bbb98b6ea72917e5024e0bbc6b938050b4b4ac9349c2df7ba970439f1f
SHA512 3c979cbc4cfa7283467aa6ee8e0ac2562761d75a71a9a32046bb47afaf775f840c6478343d8e53c9412de30d3b87cd9e955bfbc09db0a96ee6b6fc3039785cd3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6f68f787679d68835dd811366f854ab2
SHA1 8a8be493bd9200703e16ed38f90a34ff24f1baa6
SHA256 6ef5e2e0a59c166f1c77c6fe0e64bdf5c34e07a18471eed8aa4ab619e508dc6e
SHA512 613444ad3170e1d8486117e02f1e199213e2546e4bc3f8b5a68281223922b4f79d51f6f9d15847c6d008cdcfa3a6d2147a97972a9fb1e047f71fd42bd317c8fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 35894b3201a10faf0809097c0d3b6979
SHA1 1ed4150b42f3bcb43928df58396dc5f78766ed83
SHA256 9d0a210973a8f6ec8feb6d569376ca72e0ffbe845f6714231c728bd795451398
SHA512 091a466d32dcfaa708d477cf51b29fac7379066211f5eede7dea4a92dc6dba015f5106a690631be48fef19c301e58cb76df3f3fa710142d5188d1844fd3b8c38

C:\Users\Admin\AppData\Local\Temp\nse6CF.tmp\app-32.7z

MD5 8896e4db1b06c6d916750bf2dbe06b81
SHA1 29bf45e3e7d7dcc990ac9e166950a905f0107c4d
SHA256 32a63dfb84e89def4920aedeb4fd3ae96d359a5d035ba0f8a8338876954f0e74
SHA512 c5216d9c1f075354fbc6f05c0ffdac2c4aca70240b53756be63ae179eb78635ae769ee2a0a9850e007b2753d1969674bdcb8e5c87992d26af263a74f22176c2f

C:\Users\Admin\AppData\Local\Temp\nse6CF.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 590032388a9c06f668c7e9e95e1f6af7
SHA1 ccd88e3bfda0d3d2a146381b5f0d9a92a9ed4315
SHA256 a5e10c47564e671f14fba0f724fc76e75a1dc0e9e52ebce6793198d782985ad6
SHA512 c79ae8196822da5d543f91d7f6f479d6cbaf65f7febf4a9f89286d7f4c183d86b663c1bdc05e1b4dbc2f8a655160f57994d306ff2ffb2efd01004a87516e6d85

C:\Users\Admin\AppData\Local\Temp\76fc0578-d0ae-4d1f-b789-016fe3d294b2.tmp.node

MD5 aa7eb1ed50471e76e52494e9ecf56e88
SHA1 b5cdfc7ca8fdfae7be282852d206966dcb88700d
SHA256 1544875269095605b5ef42195f86e785972cb6bef187a39fc388f46b6beb2ba2
SHA512 37b5714542b4cafc88646e535f8b55b5a0d0afeb5aa4c39624494d37727c9763f903a24c7844c03736aabede062f226bd90e8c99edfd657742a9f61379d5ecff

C:\Users\Admin\AppData\Local\Temp\c1246ab6-f178-4f8a-96e4-352d29ef9754.tmp.node

MD5 566b70feb8fce14caa4c18c08ce7f5f2
SHA1 f2ebbadcf5914860f0041cae0e0562879d3e8af5
SHA256 66bcc5fb47acb03d1d4e6d37553d80bc087b92e405c4392631d8c5e34d773097
SHA512 35d63d6cd0c1cfe9b58037bc382f84247a762994e2a09eb9e8a2a4c622845c5ada8c7874d3ebc25f3e59faca6f3052897a81394e07e17b71ddc4686e2df9925d

C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\01fa3cf7-09ba-4467-9494-5bbe85e93cce.tmp

MD5 2f4a943b721fbe003f59e03ad40ec552
SHA1 cf9d3e3f47b907a1d244e5c5533ee87581d78a00
SHA256 4a47066a0eaf5e2d39253ca0ab598b60a7d6c8966b5f8a406960dd0013e3f485
SHA512 10bb36be9c08ace3b825758ee3f215850ab3c71cdbc6149a6568f1fb6c0ba409b8750b48810f68664fd82ade0a558787d361b95ac072e448ef4c2c5c5f91fdb0

C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\TransportSecurity

MD5 9593f06cca6207ec57fe6bf060d79d41
SHA1 5f61def6d592e7e2886ca5318fada2998d2c31b5
SHA256 fec8cf8a3a164987d8f4a38456daa8d65f0387172b07ada85a180648a5b5b66d
SHA512 0620d04fe032a9d31ce455b4814affddcd1a92486f880641d174e22f92f7b44fa6aff481815a5bd09158651c03e93733e628053230455d0073cc42a117235e4b

C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\Network Persistent State

MD5 1da0ca36b753c46b152b368f57b9d852
SHA1 3e48979ab80284cce14b1a9c153aa7600d3496af
SHA256 2c280c55aa1b18a3ee95e8e20b413f6c138097f864cd44b3d59c979decc7892b
SHA512 966cf8cc817a1b5760a890cb831076a60da1fc9aa1b962e3c921bd12dfee648a8784bea6428746800fbdde407ae6fe1dcc109b0f62cbc9d8018b38f680de5665

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 97d77c1a95146344eb98cfaf625d530c
SHA1 3303264e52869e5fad87d76dc93308916efc3f7b
SHA256 b5413937dd6f5d3e15bb669e70b0f52860373009115de4816ecd03793d95b24a
SHA512 a44dbbdd2c56cb94e2d64fe651a1edf5028ff5616bd2eee381c88c196aa10a45df7cfd6eb7fea33a35567d097a5a04087026a9b2fe919624e3b94266f5557819

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 0c2374d08e45490a794b5042f7c0b2e0
SHA1 b3915637108cfa27d558e23855c83d2926bc8374
SHA256 764249e82fbcf79d15ce9d50d39046fe94a08455153a5c0241afeb73f21452f3
SHA512 e35fc80fe1ce84519d5e32afe44d2a3c063ae69d22a155eb3642487eb9cae0ff8360e60535d1b941e1eb816ab3b11371c1702d8e8694c3bb3ab806a83eb45a66

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000064

MD5 a87c36d1a3dddc5a08c471677af0fbc8
SHA1 323ef631fc1311fe867817b43aafd14d738db4d4
SHA256 7ec3e0e66c4aa93ece2d74df9cdf419f2d1f1b38eb38a393f29b4537ad48ad02
SHA512 ca66efb3b9af99ab7bca293f330bbf86a0f6c0e9ec058116a7b7f2fbad689e00e6c2bec9577abc1aba3002625afba3535d5493981724c549452857ad4b7b4255

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000065

MD5 c797a129e6b807c9a068a403e3c8da50
SHA1 dd63f00e2807421a7e8bdd81042612c493890383
SHA256 2b8b16b5d7e7de628458ab63bf308e9acb65795a9bc08a06e8603c80edb9e24d
SHA512 ae4b0fd2c001f7492a57c72148de0257f8248a9a4c37995bb8741a74f9d874fbea5494cc8cfcde25b299a08d2f1fc17db9b1331a8b6311a4a232ae271a6011ce

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a1c7750d-80b0-45f8-9bc3-bd6d3366349f.tmp

MD5 6c2549709316a7bb11821311d0c327d9
SHA1 a7cc153f026c2d0e23a2d07bb197fe3deab876de
SHA256 a3dbbe609fb8450d543fb1d30125a577321f242f5d58cf1fff16cf419653acb0
SHA512 1316732264f8ec24904245206a9e97c671b8e1c1ea9914416abbaa81bff335540bfa9bea006d93e3054c1ce0ced38d88b9d7943e6450fb30fa62d19b594fb231

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 38f5ee64ab4051651303732110154174
SHA1 86340732db47c467f6f52f070953a2cfd5a4cd49
SHA256 7ff4c5926dc80f1d56f4104e0467f28043097e3652340f91e58e9754a0fb3d0b
SHA512 b4e449aa04e83ea70a32fb9fc34e1786dcd4c5d707a2027cfaea1a07bb55982808ef155adac0518364f9f74dd61ec8e7819708691181f2ba043fc106bb515ecd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9f78bd9b420a6ac45508eb52ccbd26e7
SHA1 63760f582d138a126a367a7f191a349b1afa59d6
SHA256 ad892de321f4a954ba0f42f72d950f7a4d29424f13e3cb40f1c16a39ed8c6d90
SHA512 a0a25833f7fb43330104a96f33c38c5510439e0338e09bb97c6031029e9de5d4a88c899a8da2319323f712614f46d23fbed74d08bc4a4de36ec80be435e23439

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 019b45c4ba7cc08e37240e8b5bba6b1e
SHA1 dfd7337c7a35c82e7179f2d3897d5c99989bbce5
SHA256 1a187cc2276716b9e887e1a41441af322e00c1c2b9f77f553468d53aef69d5fa
SHA512 1fb981d18bf0e17677a9ec055b0b2593224cfbbcb783a05074ebad8a612e6d5d559e6b63b6be4dde42bf54731dd72dd3e10ac408714e13879a66423639d20419

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9f4c4830bfe0eeb3aa782b536cb42c53
SHA1 a68ca1c2271a5895319dfa85423d4315109075da
SHA256 5264fc76dd713908e324dc6207430c7976b1efa871633871634b287c98f5a51b
SHA512 c164034e71b287d7cd92213357f4bc668ddd98e4c3138346fc688041d594e9f76e23de1291336b03f8ef4b5f113ca5660e2d41b42fa724aedd606a49aea2f908

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 82659f0014d86b4685c7f9dbb62ae904
SHA1 47a2984d6dcfb5f803ce4466670452ef8f815743
SHA256 9728775ff8bac9196a89fb5f5e03951e9c164705001c2b638c7862b351d4d5c7
SHA512 86b8711a8395e4a7f161aeab9876da3a005c13b0d1dd10344bf0e3e02fc5e8445736d8c118adb83ae01db80612d6cb78c8ff6409ca2cb968dd202488366f4cf7

C:\Users\Admin\Downloads\ValorantCrashFix.exe

MD5 90a846872e9407bd87f26bcb0ac4795e
SHA1 42e3f60794f0a70dd5baf29460c0b83516358c34
SHA256 0af3cadfcc64053a939c71f2a95648cc7a5cf6078656703e1de32acc69657b03
SHA512 9d3120f6ba61164917612394c6212fc5eca4c0b756f5af7373d314920dbdedc11783d31b47ec646479eab58940a7dcd807e81f49da005c340c1e04c23d289a76

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 70fdda17e8fe08bad83a2f18ca2eb6c9
SHA1 82f6ee104fe3c144e3f7ae250e980c7f85fda175
SHA256 164bfe5dfc0661c28a4a30e416c734de1404fac7ebbffe625bb2f0383f5f619e
SHA512 9df682d38a9eb5d0531f419c5fd7bb4ca12f0eeb114fe5163d80a15e974b7291c2d7a2f5017b4239c18b7a5c790b05bbc9aae0152cc506f25a2b1c74e6ca1c89

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fd17000d8c8eeec07e48dfb2fc266387
SHA1 8dabf50e36ff433e4d72d10ef8fea04a75c5794d
SHA256 0ca55ad9194968c3aa1f3d143fc62f53ad7ec95bd700362f6ab1d84d02c54b7a
SHA512 df07bdb51759436c0631ed36998eabb9625888d5dc4b0c9c8dffe47ba85807bc3c605408499bb58a39589b2ca54db709c585d4fecb779a0207c5ab5e260f9574

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ba457a40020c4cf1fd068e532b942534
SHA1 09023fb008dd1ef9dd8d3f14813bbcee58dacdce
SHA256 8d5061e0031ebd2a3c87e68efc4eb5643c9adcb65c991c9b7c6e4de3a9893798
SHA512 4e9af53bb942d5dab2b972bda259296962d79e426c6a6d5fc000b3bf1ddce01c2acc39f60d4be8f0bfceda511a4d213f20a348d39bf356f0c37114c921898359

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7f60e79a216769e2f09cea350552366d
SHA1 afe5b6e17f7d2f3b1764ddfd9efced95c9162a6c
SHA256 91cec80d9407eea79ef4fdc6e2aaf6119a7b9a6e011ac51661edcb0e025fc233
SHA512 a09be93fd4aa734faee1d78535779fba7650d8e1e227ca1e87b596707e50651afad69ded74b24fb597fe9ac29bae78ac6cfa4f6eccc83083a793b0e2f601fe8a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 e32334641c93eb5231b41f8dedb25ade
SHA1 01d515a9f0e1bea04932d58334611da0483d347c
SHA256 417d91b8af8f3316e4397d91b4388de32404e81d8ae4eb757c09285a458df0e6
SHA512 5eeda24e422f3b27be53a3d2db3215c7a9605bfd6e5f906b4548b3cd1bbfec19c94f4684dad954b452c5b9a8cfc0bf9183a58977f70290a98ec1dfcd26f71f76

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 6f9b0a9bd1bc19f418581274027bc568
SHA1 882251abdee827d9ff302f0964f42434cabf5812
SHA256 f01120cc910a0b2ce956252223df12b0e55d14e3cd24be2bb14ac5347c3de619
SHA512 e334570852a614b7c0408291208a6e881645bb4efd53f79c2f99959bcfb571f028d61b489cfad8fd2a9b1220701f0d4468119ebfc914a5c4b43556531f62665b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 fc1a6bcb321272645ebb445eb6c5e6a8
SHA1 480c20e69dca1183c5c58c2525b963840cad0458
SHA256 75fb258844e0e57a3255d3e0adce3dceb3a2f4bd406286cea2f0209dad3e28a0
SHA512 1d44bed2cf135bdc913aaefa341ec32d38898aeb2da1b3f45f0fa669b6c703c1330fcef605d7f04a8a2e2e45b4d9561b14a52998b493babba03506a3fbc59699

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 503f86681c6930ff7961b4a97dbd1707
SHA1 c13da2368275e2f177d5f60a7e71032ba8f3703c
SHA256 54194af965b38eb380f873af48d1eba45984f5275bf2540eccb3eac951be0254
SHA512 0723be79b2347623e5f6b045135a582e09651acb58b10a9e0eb5704710c96071164c5c5c6077d9c845332d16fc757e715d7c2661beda9d30e8016204a521a023

C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\TransportSecurity

MD5 eff50464ee002c3dd1ab3c103f9b7a0c
SHA1 c3473d419eb9a966e2599fc57d9ea35e9b5fa4d8
SHA256 821ff6609c1cc485cb6f538e754a0ef84ccbaf1fb737ab1159ece6274c1e9ceb
SHA512 604360943a5702413171b09d194febcb8e0168272d0cf2ade8d8412e521b5d955752cad0336ca5e8c26b65fc01cfa7796e24087e37d8bb7b17248a9a8455e7be

C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\TransportSecurity

MD5 6ea1daae0d48fedc857a8c413ed91c01
SHA1 69030715b7fb9ed863fdf2a0c59ffc18c4590454
SHA256 214e8cf740eac59e06c5da416c91bc097cccfab2fe3262f410913a1a4986b5bf
SHA512 17a7f94d1351ca5ce9386cf9e7b63b6055a460dc509d068875eade52249f400b6c348d06b1232082f44cca3e1562cc47d6db86ab332491903d76240e9af5724b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Login Data.bby

MD5 95ee64819829aa20da92dc2516b02d53
SHA1 e1e81fa60dbb73eaa92fbaef2821d2bb124566a9
SHA256 9f7de5163137ae938b6a343c40d1d45dee23184831efdebe08ef56a142261665
SHA512 e3a265e3b9f0af84d77b222e6af28aba5abb21c139c53e059bfdef95aac0e5ab6ae71e2a7ebd966eaeba22ac750cae3718f81dac8f80eb96d6be3d86858df03c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data.bby

MD5 d1a6d25ec5801fad5bb43e51fe4cdbc4
SHA1 f3876c3f19ff446b3d070676bf3c954aa8cc0560
SHA256 13d3f0368adc88ffecc9fe7d865375489657ab904931baee6a6decc7b8256ceb
SHA512 abab9375d5a60b07f73fab6998a7bc071849fb077fd6a9045b33284cd64198dc28f058c842318c2b180fda3ec91e2cf92da8dc73961401f811fdbc6d555cc97d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies.bby

MD5 95e444b390eaf786f32031596b47f8e9
SHA1 020e63e8537d8149833b1d717de738369ce3b334
SHA256 a16375c1332eca60de3e4c227da940ba9c7785a461aa80d6c43d3e3345ed0534
SHA512 fcce361de17dcd486d7dc76dd8cdedfca87d66155e4a41e05a2e211c86b7bc5f9e8542e672e2dabe59073d8ed760bfce005a26e372eeaca5c647774e28f044f7

C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\TransportSecurity

MD5 29023c62f5f6e0678cf61365b460682e
SHA1 beb8ef06c872cb28402e9caaf75c5f173c0dc9ca
SHA256 57ca669e400ebc017c9966ecef04712a12d2b064fb5ee5e7d559f88c23755505
SHA512 233e1c65b3d81bcdc9c86d32382d17959748daaaba0210cc92f22c91743900d1e136f93f1a36f01d094ecf32217d74677ce46d023fa172785c32bccd0b2b702e

C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\TransportSecurity

MD5 c5bd1e4a39bcea45d656c6dcf9648fe8
SHA1 217db9b8cb1cfd63c25bd932cbd86c64a252185f
SHA256 db91e40a9f7b03a778ce2582c5ea139c399b317e3d817143fce49da76aff789e
SHA512 8531cd4cbd6d26a7be02b47f8e3075b5521c489e8de8f73f9edae98930cb222c23e9a0ed968fb27bd4d1b07622d21acda50253000c1e2906c67acfe57b8c0302

C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\Network Persistent State

MD5 27d6693482ded47d2acf8f49975269be
SHA1 398e36d224acb906ec9c29ed34879e72eab0d7ef
SHA256 afa0bc3502caebfefa1d34e8fadf06b7c1ceb8af4f2caccf0bb1835a90fb4506
SHA512 64c00a084b989637809a617ab38b10a9efd3d72cfb13d08f6ff4b787b7e60d08958bee4d6055f6b745078c673e112b2ad630ecd89d15b45499ceed6520d328dd

C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\TransportSecurity

MD5 8e8e747bcabfaeff67611470d4d77333
SHA1 ecb29ae42d3e569b3c2803aaecc106c9ac9c564d
SHA256 c93a5ac0ed9e89de3d0c90941c20586d06d48ba4751aea588515a929b2ea639c
SHA512 bf2f5c891132239db42ecd9c36d1da7763281fcb8d6cc18463042c03cb667d5f9047877c3d0b9b157df8fde4c768a7cb5679baa1dc8b83e1e822c51837cd1c0d

C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\Network Persistent State

MD5 2fe6f54e957fb0cc90094a62864a2936
SHA1 145e8b83c8bba7fc9dad4e1ac5b24f1276ef76b3
SHA256 56f6a20c741f46d919a453d567a6f690718a5494f3fd6258955bdf780f4cc2f0
SHA512 bab9d5f9a0b93fed59e4f70affa31bb5394179e28f6c71b9385c507df1b21bc2ac003b3cfed4077d22c3d5ee24cba3a185c39c52d5b55d3afffab2ec7fa837e4

C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\Network Persistent State

MD5 174b145fef092e6e698b7d16359f3445
SHA1 f07202d2d55f656ca41f3b4c232685c2f94e4eee
SHA256 45b17482943150229cd664b91e7551231ebb39f2e559e0ab93d65454a4456eb5
SHA512 044b4ab98a4ac5bf453a998a17a74f419de73a491aed20e1c963e2cd97031906c36e70def25672ce78bf4dccb65544170766df13beffb9ee94147cc0d5cc0dac

C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\TransportSecurity

MD5 94743594d95ed4a77ef7e93843b6b24e
SHA1 0a91851bbd95c04e4cec399cb3a15992b8360abb
SHA256 9d9ef6ca7a7627db2f139ca49928b88a0aa30723bbe9563fcd7eea774fedbffd
SHA512 eeae12f5e6a8c43cb934d4b9334509bb107b4c6ed216b193d608c4749172dd2a6b0acfa809c3a7cc0862990264ce381f8b8f78c69ba519dd0de0baa0ba92444e

C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\Network Persistent State

MD5 3ed179e5b7e68e12fa9dfae3147ec497
SHA1 b8621442128c9e3175714ddcc6852d86c84c2c77
SHA256 8c9a09afff80d62de64e5df043e7778fdecfd995e9c8ca2789d4f83344db0889
SHA512 0d17fc4cb55f3a58a6cf45976946962e0582ce330ff877ca3cef6cd4abe8f5e7c7d88849eb80cb91d8f9de92beb15deae46eb717e2b0ea7f598876b30d485554

C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\Network Persistent State

MD5 20a4db120a740f73984f80e9ff97e7d8
SHA1 abf7ec4c54efa6b49333bf660f2fff30dd4d96df
SHA256 f62a0f9c97f8f5e16228674d8f89d4237f70a20dfc2c29e2ec789d138e86ca13
SHA512 9f4ab8d3ba5e6143db8a12549225b4c12302023c43348b06ed367eb0834640b5928a1ed1556068dc06baf598827fc77bc936667c44cbd617f6214ac40d3a8094

C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\TransportSecurity

MD5 aa7c6e42c8797b60e71b43962daf7326
SHA1 c2062c5d06f842f026ca9271a84789eddf2b20b7
SHA256 3a82fca04db1fe93db8b13e2c91ffd57b74977799aea266ec708345695e33e3b
SHA512 b79fb9d5c4666f00ea2a5d0dae14d204e043d83b928d0553f973f32c0f37c12811abc535bad056881cccdbe3132035bb6cf4ae3e6e88258817b82d892cc12850

C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\Network Persistent State

MD5 7fdd9241fc705731ad360d1293d73612
SHA1 96bb5ce605866299d104a66d43eae35d9bd43c3f
SHA256 be2ab64715e5e9ce6fbf1ce29d20c2dcddb3590bc12d0937e429a1290ccef1b1
SHA512 85a893174e4cf6b204b6a6f6e8913b92277d68ee4ec15724fc57d3280a883c77b7c37b66115906fd464736c5ef03302b55b108a458bbe249261b1e83d1ac57ea

C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\TransportSecurity

MD5 01075f46417ed3cc826fb999df42afff
SHA1 248bd70d9b68e10502ecfc92ef627a74bb072e37
SHA256 7bbe142e41920ba7987b87e5b6f48352ed2133fbcd4f06e9d58efc2a12a1a8af
SHA512 cf0c5bba0a9728b2f2e46ba24efe943360f703efb2bce50fc6ed250d7717e8faddc29a2eb72e400424b24ef999835981ea153a91ba638c59cf4d3ab291e2d00b

C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\TransportSecurity

MD5 3f261dbb23bdbf3d4dff87280f862321
SHA1 94ebc969ef86165daf4d011ff56310e25e660aef
SHA256 bd798cb11598ebc1ceac5280aa87e5cf2730239ba689325b6de4985bb148b2c2
SHA512 5fc0f2269f7de8316755a044c0c3ccdcdbd35efd215873d2f970f83188d9d7d30572ea3e2941c71d003f6123d1f8d92f09f05ee3528a22b1d41fe56c18251832

C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\Network Persistent State

MD5 9b79fc14adf80d9b8be06a6eebad83b9
SHA1 2b0a91ed152b6fd47c195efa41fd204b049bd28c
SHA256 08d411b3d4652cdc2d50e1a6c11602c2c4804c3fa0d532573bbd03e9b1b38d24
SHA512 b9d9d55c57169f5540dc84a897fb1e65b7af1a027a86031fa0c61ebbb6b9c10af8864081345396474ecc37ea488e4ce402485610a31da3cfc8b8b1657bcc1273

C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\Network Persistent State

MD5 6bf7abfaa162a1ab0f5ecc69d935505d
SHA1 7e7c4cd2e5178c44a410ac1dcd9ccc3db9cc9c1c
SHA256 4416d370b54d87c1904d2581ea7d2757a08d73a05460734207da1306db68f2ed
SHA512 443e234f7df3592a444bf473235eff5372fc26222ccd37a1de7e85441df2ca659540ab8c8aa3b23e5259f8f61876040d015264533735a738b247a58471f955ca

C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\Network Persistent State

MD5 47e1bfa5e59f1cf64abe541852e077a4
SHA1 89d387532a133bcf3a24eb78c73d5bf44689b677
SHA256 7e71bc73ff2b48bb79cf5a8a135382fd17aba97e83a1d7b1552cddca2517ec3c
SHA512 a599fc4a549628444111bbbb9a620477b7fd97edf4e0407a1467afd32a6323f3b5f52ada8e279a7655f8596518211a17660a4c38ea506f5b115b394448cb1325

C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\Network Persistent State

MD5 fa53b6b6b2a306d5bd8c98f73f7ce572
SHA1 521fd37d152c0a4867345d1f8f091ff47fd900a8
SHA256 2a71d2b54acf30d9361a4c429793d3d99a6585c2b66a5c5b49149d0044f13a75
SHA512 893fb410aa8f2e70ebd2d2dda33731a102720cc3d3d57a058a206efd6d152f6021430cd6e8d377c6553e658511e1c7d93205479ff68a19a14a89d33e81facb9e

C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\TransportSecurity

MD5 8ac2b5883b73f67569164819664b5408
SHA1 6b62ef8d1dc76be2c840c57e4ae268a63a5a9444
SHA256 97e99dc519c243b9c7289927d870efa90038ffde10473cb2fa71eb711732ee34
SHA512 77a873b9c5e0f107ed00701bc578026870030a2ae746c0a179ff90b38b055b64785f30a425a0204283e5ad9a6498692f69dce30a401cef2db002865700dc91cb

C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\Network Persistent State

MD5 7fbf2040e923cc4ad053f4adaf04a177
SHA1 bee684599f2f37f25a4d3d590703636949ea58a5
SHA256 914d662e30041fcc5ae06807895f2f71de65a08ed7a1c5f539e23ffced0a2077
SHA512 9b5c573e3d03c2df1fc910405c9fb7f6ab2e754b41572528771a71c2f5be883c3f55bb19ea41387d12a8f7410a1d84dac0a1443bfde3034a1a1a818a4eea05d9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 d5370b0b76ae9718ecd93ff7a79390fe
SHA1 8d84f08e66b23a0a9edbf70baed332df34dad3a6
SHA256 8499a1a7d755244cb8a3a704779cd5e7d4a2b881844a2a540335a75181f6ce2a
SHA512 bff77237ca099d197eb7c67f4eea828081bf82e15e4803d6607e7521f27efaa19fd7f11eeb853d00a7ab76e31e869c28174564bf2b9a025b20ad6b9f42bf4ee2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

MD5 9eae63c7a967fc314dd311d9f46a45b7
SHA1 caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf
SHA256 4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d
SHA512 bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 0edc55455692b43c5ea850c68560220e
SHA1 2634b0ab8ff2fa4757659d8ad05d2c6f4d63c767
SHA256 ac1b320a5ef6ed7eba60b9f3457b90bc671144aa277a52d31979d54d76f335e6
SHA512 71199aebe2fe21a2496d173c9234bd2e8adb74be1c51c8edce1755acc6d7e1ed61746ab29ab824210312f692bfed9f9b45fa65f1cd4fbdda07b454e33e21938e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 66308781fbb1366f74cabbc332817cce
SHA1 283db737e8fd2ceaaffb45e3bb0e44c065d56504
SHA256 e7db5a79549b7d174b617f5b526c27d4078ea44f4fb5a7e3c9a3fd7861d6fddb
SHA512 ac32d1f84b957fd9dc990a9156970d9a5e6fa7be5a3ac586eee2b69756e7bbc862a2d366d788bfc8f4ab1d37f28bc8157107618c84254f23ecc42475c7d6c08a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1ff84e9cf3dc72098ecdac45c57c5ba6
SHA1 7b0c494d69551698115d48f3515da6506b98b7bb
SHA256 41c332a44f71c2c538af8c92231a46a4b57784b380d0aef4e70b5c01e583894a
SHA512 1d969d50fa19c2cb6dff25cf118425d84b7f0fddca694f2b63cff46ab261f421d881be707f3b5d18a1e695ca66c454976d858d2dd5ac098b246ba75a9adfb68e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 36a1e2d4672325d1508b57a341c2d4ec
SHA1 760a8da90052a8b4d244a0b4fe7c2c1b659c1f77
SHA256 73c7670215f99a6f83fe5dfb232ee45f1a8784bc27d4c6e815871afe08630d53
SHA512 be27b26dc2155691d846b4b0ac638b7f71dddd65b687593caa0b7eeb7de5911f509401e47361f3ae5d525d8b7583534ed10c66a76cb403a3243d3d1eb17fe7f0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 68718af4bbc2d6210f651ad45613f623
SHA1 a2273425076d78a06017e57d831961376a2f566f
SHA256 ebde3bb4d9075c355e02555712923c6fa6aa2cce7e096d1779a5c7be92f0aba4
SHA512 977384b3aa20d46dbc1ae18a96fb8b2b8d0e081030d1e2576884e83f546c71db0d1f309cbb7b70673633b60dbbf01258ad63267cb84cc0a77b27e7cdfef06b0c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 317ecdcebb891f64fe65d059930b66d4
SHA1 52b571b66f0bc3d205a231e51115292814c5beb7
SHA256 9593d3afe2626d13ad39f8122f2606516fda055222385c8900af3597ef834588
SHA512 db8393fe72262f1659fd20bdf46ceb070727353ee1d68576f97dded18d5aefec9b9713995ebc5dd1f99e337d9ec30a9a653dcdada739e1534f3187ecd8508ab8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 14ba6363499a302a4ed2ddce3491b92d
SHA1 ae050c130f5ad96a8f7ba46cc3cedbb5e00b1f86
SHA256 ffe81ff44d039b7ec1c62f387c7bbac099c578d2dd26cbaae14facc0b95b00de
SHA512 6d8c87d0d7484bf99e2d18f82fe79ec62227f054574d1825842679ade611f7ab7a54bef47b49711dc7dd5fcf64575a79bda7b7fd820e01875e1f156054762b97

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 661645d76e6f041d09328a055ec8ecc3
SHA1 c9fb67b7d1ea402e792db4f0ac052987a5cb4c0e
SHA256 9883c7c78669c75631953b9db4765c055efc4e86654b0a23a233049546f176a6
SHA512 a4d4b48a5d477f225f1af7410b7b45b3c1491d24f5bae3e69542eb2da12aba4120f67f1eca55b2a2a6278984adc2611183ff7a8c80c570eb97f71f9581b595f1

C:\Users\Admin\Downloads\ValorantCrashFix (2).exe

MD5 07ce2697ceb03120226d424cded06601
SHA1 875db06d8fdb61cc1d48494cc2d59da6c2b66076
SHA256 ee5f14e41bd53408bfdbc2c130d2d486b428209fe71a1103e5ef0485f1493c28
SHA512 808747792837b9af280eea05c27c672f7f0cb589a3cb0d6a5a4329d6b435b7a3216ba0206fa13674831064d7f77949fd82950c2c3ec3c822ea3a9824a44c9249

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 946c0f00d9ec252f9cacf8c258232d27
SHA1 131544a37525e1d778ef13a03f044fe1eafc2573
SHA256 3741ed6e4a230df992c8b70890b12c6034ee0ba61c1df139fdaeba9d380ff991
SHA512 417f07cec1f5d27a33d8205d63d0e7699f53df28242e41b60e8b2882e07cfae9c91cd8e6b2cba6f77433a7f9db1e6b4f414fbbe52d7a954127f115e7a2a6ae16

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 efce261d1662da728828ed28ed185c74
SHA1 8c6f06ea2e5eba015401a0c390a65abcd8c03f1f
SHA256 e74c575c24d6070e2e4b43b6888fa32d2d1d1b5ceedd811067701b7728139a60
SHA512 94141abaca423f2011fbe8913b55f23d9975f9bb56b484209f05960e4749998ffa395320dce9ad497736a87251d51162eb4bce99f6af7b35c7a136d0d7a9ef77

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b5520133cc376e618e4407850f50b74c
SHA1 eab90cda858734e49661e27408732ca82519ebea
SHA256 fd992213601be6d9719f9b8786f5729a569420155b50b47d4d3fcdc6fdd66b5f
SHA512 3030b34d750d31805983f66a7854f86d48b477441060408331c0e48f40cc02b87460eb03ccbb97c85b2d229c659948ea0ef10bb18c82e8d120e8aa96ee2956f3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 c2e2147542e295575ebacbfe06be3d56
SHA1 77d505ab15d24bc97a93e94fd9f7ad74f8ac2bf1
SHA256 0de26924770825456f6aa79e9eec7385557ce4b88f261aa54740edd80beef90f
SHA512 714db1386619bcb0ca98ae5254c52c19adcb063f9e3d414d3dbf472db0df591b9de5bca734c1d2c283406546c1e5d75bf0f00405bfb2c6b3b49c970e758e3cd7

C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\412d9d56-484e-4129-914e-417c39523603.tmp

MD5 71ac520f3849c8dc11ef166e968d051b
SHA1 c65e07d4bf81d15bbe934ff3bb6b164dbe0d98c3
SHA256 ee3d4dd70fbca40343528944622aad59afc0e284ba9cda36fb084dfb40a82281
SHA512 c2be4206bc069fbfe27ee3f89dcea148cd27ad16f6dd950ce33606348d4e5a6af114e631573a6c78e0cd33e5680e4a40155769d28cad138623e10ad5204ce2c0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 d8b8961104542a3250e6e0e9ad2e8d1b
SHA1 6104fb8befbb796d84206b20298ded7f9202f0bb
SHA256 384251375acce7718cd0101e7cca638a1ee8272f24ef126c118896cccf87ea03
SHA512 a88ce5bcba9e62c6e95e030cf1f14bbbc373c6fa933b896ee50c25242e78d02c30f4551ffd4b11143c639612e2062b29855b733aa2f09d66a497fe3e44318749

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d8469433202cba36c73a31223232df1d
SHA1 ec78a4c248bf1cff999572863cc75c5add5df4e4
SHA256 b1de2e775dbc04052be687caf49c75498b5c455e7946ddaf6bcfc4fcdccbfbb4
SHA512 128a31608333791aebccce9a4a12efb852b5b1a6ad062373900ab929cc088e0d9c2f1b5853d27cb4eed17ffc37636f5411719ba695461849436928f1253ca0ac

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\58e0e1f5-7e59-401f-a56a-66123191223a.tmp

MD5 2c069dbb78c4d550576faedc776ded45
SHA1 80c8fb16b047af661f3bf1bc4a0d0c38a13e8655
SHA256 c0e3142c593f29baed83ccbab1135c73d9c66920e73d1b725b4edd2afc51f5a8
SHA512 0129dda09a71140fcc2caf218a69296150154e0773300dc50bbd5f71c9990f46698d67e8ae58e86d4c342ebd0bf7d907104d61bf91db9fd1515320cbf48447df

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 4f9eb83da549858b5461daaa07a14165
SHA1 95bb3bdde89c43a8344a6a0013e5cb1f46782007
SHA256 3f307376459080bb66668dda2ec7df4dc74cf01369d7976ac701abe0f94ccbe3
SHA512 976d17bc547d291020d91a73aacef3a4f0c9234d95761bd16c10693b078a7310a9817d8a8825c030a275acd9bd6d4c474c3d4972c2f6f7e8cf1ea4c537677531

C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\Network Persistent State

MD5 50567d058fea38f23b56f6bf645bd891
SHA1 bdb97d76e96d0d3e8c8ea28518fe017616d611ae
SHA256 083efc83469947d5b6dc91d748076b6c7e12de12c04a1bacc51141d250cb4a1f
SHA512 c1b634e1927f19f7fada2eb76f77f071e9f077bf8b54fd3ff84caf6a98263227e4253e047677eaa1511c5fdab20d9cfb77c1bd4d61558c2637c5d5f520a03370

C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\Network Persistent State

MD5 738722f405e9916933d7b42d80265090
SHA1 31579b16d079ee3cad03e0f1851199f28ca61b0c
SHA256 3a2d296c844b0de8179ac7c4e209bd1cbe6d423de2ec9099da162e3cc5188c35
SHA512 bf954b2bd809ba209671677a7c8698b4b13b5068425dd47b24850c0a57e78d25e1e55221e0f010a5746297d19692ab037c2f02d53ace5e5e7d1b4866909874a3

C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\TransportSecurity

MD5 f9b7efb3435dcb2cc7fd92fea63bc3e8
SHA1 2f286b1f0eefeeb6e2959f582af1a6ee8894f503
SHA256 9fa63bcac4ded17520ede3378cdd2f3ce26383c80b6bc5955981560a3f1fce5a
SHA512 00563294a4c917f62e4dd04cde6d5ee11d4c15c63e74a00087d58c5e9b4ec819afac9bab46373234086d6ca44c6ee733d5db350b736041c15ff2d579a40c29f5

C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\TransportSecurity

MD5 31b1cbcc2b6103a3f68d97a8c09fcbfb
SHA1 3231a62300be858d15a12fddce4e50f3d144ba14
SHA256 a9f9aaed338f1fbb7f7d1cd2c0d97ff2ad8c96594a0213cc80b661ac98cbc0b2
SHA512 37575c1cb759325a36340d95a0fbf0c887f500b2cb04c4e59cc1ddb533de79a341e7d35a5dc1c9b18826f6e455cb812b5d044fef1dac38230472d356cc4d3a89

C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\Network Persistent State

MD5 c3fc6ae788b21614f818d722e01ec2eb
SHA1 9418e19df0ab157b34e36862904d8e1b40ad217b
SHA256 ec3abbf99c84ec902e60012c23536aa89fa99742ac37faeac041c4039d9b19b1
SHA512 e1e5b0c0f49b3927c8b76bf89f5bc38832c130da6c8148a82eaf5192ba253ed0315a0e8b2a22356dbe881f742ba459fc3e1a81cc0ee45d0f6e63cede1027d2e4

C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\Network Persistent State

MD5 a8716fb84dd21bce90bf3245f0355a23
SHA1 664f8f7de487e56172b367e7bdf28d8552d6378c
SHA256 7a3a3a71fac526ea2b903256021674af4911b2d3b3ca98df61033dfd392f82ce
SHA512 f2b7d5d4db3c54f8c5832e5c598fd969034ecf5cc37963436d1f05b607db2b24e5cf158eafe099e1bc1fff4ac6dd86b2f31c6618ee6a58ca61d009090bb9a080

C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\TransportSecurity

MD5 62a3d19dbed46a1f7aaa89c89b8affd6
SHA1 cb8c64ab560958d9aceeee649af193e513311a93
SHA256 9bc53dc5511f72ebd1cc1f2a9dd06c3345c02ad766a9b476ec5093a1e987ca57
SHA512 4f477caed87ae54e984eb79b1c438a2a481a32d50122b9d2ce9d9c705fe118f999797232e464ba038579925505a0fff37bd544cec461ace2e6f6913d9a51bb10