Analysis Overview
SHA256
2db50e843ecb7e518b6dbf29192158e0b2c3bfacdbe2257be98ad45319bba568
Threat Level: Known bad
The file ValorantLoading0.exe was found to be: Known bad.
Malicious Activity Summary
Lumma Stealer
Loads dropped DLL
Executes dropped EXE
Reads user/profile data of web browsers
Drops startup file
Checks computer location settings
Legitimate hosting services abused for malware hosting/C2
Enumerates physical storage devices
Unsigned PE
Modifies data under HKEY_USERS
Modifies system certificate store
Kills process with taskkill
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Suspicious use of AdjustPrivilegeToken
Enumerates processes with tasklist
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2023-04-29 16:39
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2023-04-29 16:39
Reported
2023-04-29 17:10
Platform
win10v2004-20230220-en
Max time kernel
1669s
Max time network
1801s
Command Line
Signatures
Lumma Stealer
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Updater.exe | C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Enumerates physical storage devices
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\ValorantLoading0.exe
"C:\Users\Admin\AppData\Local\Temp\ValorantLoading0.exe"
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1616 --field-trial-handle=1732,i,11881029116188559175,8147238235178464338,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --mojo-platform-channel-handle=2056 --field-trial-handle=1732,i,11881029116188559175,8147238235178464338,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --app-path="C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2436 --field-trial-handle=1732,i,11881029116188559175,8147238235178464338,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=848 --field-trial-handle=1732,i,11881029116188559175,8147238235178464338,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.178.238.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 20.42.65.90:443 | tcp | |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 13.107.4.50:80 | tcp | |
| US | 13.107.4.50:80 | tcp | |
| US | 8.8.8.8:53 | bbynetwork.nl | udp |
| US | 104.21.60.146:443 | bbynetwork.nl | tcp |
| US | 104.21.60.146:443 | bbynetwork.nl | tcp |
| US | 104.21.60.146:443 | bbynetwork.nl | tcp |
| US | 104.21.60.146:443 | bbynetwork.nl | tcp |
| US | 104.21.60.146:443 | bbynetwork.nl | tcp |
| US | 104.21.60.146:443 | bbynetwork.nl | tcp |
| US | 104.21.60.146:443 | bbynetwork.nl | tcp |
| US | 104.21.60.146:443 | bbynetwork.nl | tcp |
| US | 8.8.8.8:53 | stun.l.google.com | udp |
| US | 74.125.128.127:19302 | stun.l.google.com | udp |
| US | 8.8.8.8:53 | viewer.bby.gg | udp |
| GB | 51.77.122.237:443 | viewer.bby.gg | tcp |
| GB | 51.77.122.237:443 | viewer.bby.gg | tcp |
| US | 8.8.8.8:53 | 146.60.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.128.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:53 | 45.8.109.52.in-addr.arpa | udp |
| NL | 178.79.208.1:80 | tcp | |
| US | 8.8.8.8:53 | 226.162.46.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.125.24.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.104.205.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.238.32.23.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\nstDCBA.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
C:\Users\Admin\AppData\Local\Temp\nstDCBA.tmp\nsis7z.dll
| MD5 | 80e44ce4895304c6a3a831310fbf8cd0 |
| SHA1 | 36bd49ae21c460be5753a904b4501f1abca53508 |
| SHA256 | b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592 |
| SHA512 | c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\chrome_100_percent.pak
| MD5 | 44a69827d4aa75426f3c577af2f8618e |
| SHA1 | 7bdd115425b05414b64dcdb7d980b92ecd3f15b3 |
| SHA256 | bca4401b578a6ac0fe793e8519fed82b5444972b7d6c176ec0369ed13beaad7b |
| SHA512 | 5c7bdf1f1deb72c79b860bf48f16c19cb19b4d861c0b6beb585512ad58b1bc4b64e24edfcd97233e5b91dcd0f63ed1c7b278d22ec062fd0dfe28fe49cae52049 |
C:\Users\Admin\AppData\Local\Temp\nstDCBA.tmp\7z-out\chrome_200_percent.pak
| MD5 | 9c379fc04a7bf1a853b14834f58c9f4b |
| SHA1 | c105120fd00001c9ebdf2b3b981ecccb02f8eefb |
| SHA256 | b2c25fb30fee5f04ccdb8bf3c937a667502d266e428425feeb5af964f6167d48 |
| SHA512 | f28844dba7780e5f5c9d77ac3d29069dfcd6698447d5723886e510eadd51d6285e06adbda06bf4a69f841afc161c764cb2e5b9ad2c92f0a87176709b4acd2c13 |
C:\Users\Admin\AppData\Local\Temp\nstDCBA.tmp\7z-out\d3dcompiler_47.dll
| MD5 | ab3be0c427c6e405fad496db1545bd61 |
| SHA1 | 76012f31db8618624bc8b563698b2669365e49cb |
| SHA256 | 827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6 |
| SHA512 | d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba |
C:\Users\Admin\AppData\Local\Temp\nstDCBA.tmp\7z-out\snapshot_blob.bin
| MD5 | c2cf86c9046343131080edf914f69eba |
| SHA1 | 10bb7f1a96fdbcd4d5cd7a0ec2477f3c0354eed7 |
| SHA256 | 7209863f22740b465301ce82919a042df5dbb7a7c50828643c9cd2e1e8802496 |
| SHA512 | d78ffcdcc9ca77c1405f3e98ba5b5b7a56c39bd06d923f39a4df9e56aba3af8afd1ebd8f09a85b5f2c71c9c2e5843d9e724ca3475693966dcfab1c7703c6c06d |
C:\Users\Admin\AppData\Local\Temp\nstDCBA.tmp\7z-out\libGLESv2.dll
| MD5 | 7b2ce44ad89a57b1183d36e89fd0357f |
| SHA1 | 178f7ed96f5c879b08729acff45bc50cd2ed64c7 |
| SHA256 | 9072dc08a094f4669e50ac1d062e1e0ee53714eec67a2e7fc0dd2de832239701 |
| SHA512 | 9d2909023d60564c8ab65cb1668e52b715c37df22bef480e5efa3218b1fad8777acaeae7a17b385e2dda2f3dc0e051ec157ec73b56cef1aff2b8a2281ef7ba41 |
C:\Users\Admin\AppData\Local\Temp\nstDCBA.tmp\7z-out\libEGL.dll
| MD5 | 5c70cc094fc6e108a5689c88f1144a51 |
| SHA1 | 460b668e4301e774b79b182756db25fb0b7c206e |
| SHA256 | c99a051b9d73bc638d593561ea7ed499db689420b51d5945a618579a26cb0b42 |
| SHA512 | 3943bb1bbbe683a4d2a43609d78dec9b70b58f542f88aa783080732201650b38bd0a3e6936439cfadc211c51512da9680999d6e4f7deb077096988b6878124e7 |
C:\Users\Admin\AppData\Local\Temp\nstDCBA.tmp\7z-out\icudtl.dat
| MD5 | cf9421b601645bda331c7136a0a9c3f8 |
| SHA1 | 9950d66df9022f1caa941ab0e9647636f7b7a286 |
| SHA256 | 8d8a74ca376338623170d59c455476218d5a667d5991a52556aa9c9a70ebc5e5 |
| SHA512 | bc9601e2b4ab28130bfadfd6f61b3ed500deb0bd235dc5ca94999c09f59d10bdcbf278869a9802f918830041f620c88e2c3b506608ade661db48ccd84c1977eb |
C:\Users\Admin\AppData\Local\Temp\nstDCBA.tmp\7z-out\ffmpeg.dll
| MD5 | 2132fad8315a47284cb3ffc75b318b28 |
| SHA1 | 1f41e3b2dbb2dd2f59f3a278bdae715c15a5948a |
| SHA256 | 5923c9159b33f5645741afef4550a7c3a57283cb6c22b95b677c8d4799d3db29 |
| SHA512 | f5eeabda49d1938a24a5c8859ca2707368ce874bcee57c658d8b1013572b92687de92159df6b3db0f19e46ae9809873103beba50233b2925ef6ae76855011945 |
C:\Users\Admin\AppData\Local\Temp\nstDCBA.tmp\7z-out\v8_context_snapshot.bin
| MD5 | 60beed67e605fdbe79d2735f59113a93 |
| SHA1 | 6cd5625c6dfb8a16b619490890e38c6da902b43e |
| SHA256 | ffc7423ee2a75a420118465181e9307c6b7b2df5e40d7e4018dec07a9c6bab11 |
| SHA512 | 1f4bff04464fab0c149344529903aa805c7c03b7f8c21b5f959c7c7ff11802d07079e069d3b8e8a63f409a4541b3aac4b695c535228c4a89b15c8033567d645f |
C:\Users\Admin\AppData\Local\Temp\nstDCBA.tmp\7z-out\ValorantLoading0%.exe
| MD5 | eddf449b4cb68943b945cd402552da0a |
| SHA1 | 7e158b5db7261b7c55d32f7da8c9ae381b16de59 |
| SHA256 | cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a |
| SHA512 | 33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7 |
C:\Users\Admin\AppData\Local\Temp\nstDCBA.tmp\7z-out\vulkan-1.dll
| MD5 | bb7496239e0f1b44c935df3954c3fc42 |
| SHA1 | d063da60766682cf40b690bc03094e5c7ebd8669 |
| SHA256 | e125930a96f0bcb36287932ceb3676d44e5c5e6a9e8ab6ca6ca60faa833f3d9c |
| SHA512 | 7b8fecee987d1f551f1d66446348c62601784977ccdca302f5173f049972271f341ec05a0de6c1eee4f2e8cb761538dd7cea03d1364920a5b1dddf02a397a324 |
C:\Users\Admin\AppData\Local\Temp\nstDCBA.tmp\7z-out\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
C:\Users\Admin\AppData\Local\Temp\nstDCBA.tmp\7z-out\vk_swiftshader.dll
| MD5 | dd3a757828c6cc214fac84486f69ba8e |
| SHA1 | 5f79beada6f80c903b5d1c04f0eb30e8acd396a2 |
| SHA256 | baf14a4d3a28ac7ceab2a750a49bbc5d3259856c16ee160a444b92b8de908e9c |
| SHA512 | 9d4943c76f828bb61162517acc50cb34cb181f155e8ddcaa293f493354789fa3ace21eabca833d407aa0c83b89fa7661cb6739f147c3002972d1db364ab4828e |
C:\Users\Admin\AppData\Local\Temp\nstDCBA.tmp\7z-out\resources\app.asar
| MD5 | da5450df07fb87578c50f8eaa285c061 |
| SHA1 | 449fbd7d4d1bede8e332d23680356c288dc67b29 |
| SHA256 | 40e5407156eaf70e89d953f39314196c9f0a909ad64a3e511812f2358c697089 |
| SHA512 | cb035593dbf7766e0afe8494493069c89c9bd1587124b17449ead9085d0bdefcc069dadd47296fa46f3918f2edfa114e8eac7ad4d7b54c25ef01b08a27bc894e |
C:\Users\Admin\AppData\Local\Temp\nstDCBA.tmp\7z-out\resources\elevate.exe
| MD5 | 792b92c8ad13c46f27c7ced0810694df |
| SHA1 | d8d449b92de20a57df722df46435ba4553ecc802 |
| SHA256 | 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37 |
| SHA512 | 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40 |
C:\Users\Admin\AppData\Local\Temp\nstDCBA.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
| MD5 | eddf449b4cb68943b945cd402552da0a |
| SHA1 | 7e158b5db7261b7c55d32f7da8c9ae381b16de59 |
| SHA256 | cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a |
| SHA512 | 33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7 |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ffmpeg.dll
| MD5 | 2132fad8315a47284cb3ffc75b318b28 |
| SHA1 | 1f41e3b2dbb2dd2f59f3a278bdae715c15a5948a |
| SHA256 | 5923c9159b33f5645741afef4550a7c3a57283cb6c22b95b677c8d4799d3db29 |
| SHA512 | f5eeabda49d1938a24a5c8859ca2707368ce874bcee57c658d8b1013572b92687de92159df6b3db0f19e46ae9809873103beba50233b2925ef6ae76855011945 |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ffmpeg.dll
| MD5 | 2132fad8315a47284cb3ffc75b318b28 |
| SHA1 | 1f41e3b2dbb2dd2f59f3a278bdae715c15a5948a |
| SHA256 | 5923c9159b33f5645741afef4550a7c3a57283cb6c22b95b677c8d4799d3db29 |
| SHA512 | f5eeabda49d1938a24a5c8859ca2707368ce874bcee57c658d8b1013572b92687de92159df6b3db0f19e46ae9809873103beba50233b2925ef6ae76855011945 |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\icudtl.dat
| MD5 | cf9421b601645bda331c7136a0a9c3f8 |
| SHA1 | 9950d66df9022f1caa941ab0e9647636f7b7a286 |
| SHA256 | 8d8a74ca376338623170d59c455476218d5a667d5991a52556aa9c9a70ebc5e5 |
| SHA512 | bc9601e2b4ab28130bfadfd6f61b3ed500deb0bd235dc5ca94999c09f59d10bdcbf278869a9802f918830041f620c88e2c3b506608ade661db48ccd84c1977eb |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\v8_context_snapshot.bin
| MD5 | 60beed67e605fdbe79d2735f59113a93 |
| SHA1 | 6cd5625c6dfb8a16b619490890e38c6da902b43e |
| SHA256 | ffc7423ee2a75a420118465181e9307c6b7b2df5e40d7e4018dec07a9c6bab11 |
| SHA512 | 1f4bff04464fab0c149344529903aa805c7c03b7f8c21b5f959c7c7ff11802d07079e069d3b8e8a63f409a4541b3aac4b695c535228c4a89b15c8033567d645f |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\resources\app.asar
| MD5 | da5450df07fb87578c50f8eaa285c061 |
| SHA1 | 449fbd7d4d1bede8e332d23680356c288dc67b29 |
| SHA256 | 40e5407156eaf70e89d953f39314196c9f0a909ad64a3e511812f2358c697089 |
| SHA512 | cb035593dbf7766e0afe8494493069c89c9bd1587124b17449ead9085d0bdefcc069dadd47296fa46f3918f2edfa114e8eac7ad4d7b54c25ef01b08a27bc894e |
C:\Users\Admin\AppData\Local\Temp\31f147c5-4f83-4e6e-848e-a1f313a132c3.tmp.node
| MD5 | aa7eb1ed50471e76e52494e9ecf56e88 |
| SHA1 | b5cdfc7ca8fdfae7be282852d206966dcb88700d |
| SHA256 | 1544875269095605b5ef42195f86e785972cb6bef187a39fc388f46b6beb2ba2 |
| SHA512 | 37b5714542b4cafc88646e535f8b55b5a0d0afeb5aa4c39624494d37727c9763f903a24c7844c03736aabede062f226bd90e8c99edfd657742a9f61379d5ecff |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\chrome_100_percent.pak
| MD5 | 44a69827d4aa75426f3c577af2f8618e |
| SHA1 | 7bdd115425b05414b64dcdb7d980b92ecd3f15b3 |
| SHA256 | bca4401b578a6ac0fe793e8519fed82b5444972b7d6c176ec0369ed13beaad7b |
| SHA512 | 5c7bdf1f1deb72c79b860bf48f16c19cb19b4d861c0b6beb585512ad58b1bc4b64e24edfcd97233e5b91dcd0f63ed1c7b278d22ec062fd0dfe28fe49cae52049 |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\chrome_200_percent.pak
| MD5 | 9c379fc04a7bf1a853b14834f58c9f4b |
| SHA1 | c105120fd00001c9ebdf2b3b981ecccb02f8eefb |
| SHA256 | b2c25fb30fee5f04ccdb8bf3c937a667502d266e428425feeb5af964f6167d48 |
| SHA512 | f28844dba7780e5f5c9d77ac3d29069dfcd6698447d5723886e510eadd51d6285e06adbda06bf4a69f841afc161c764cb2e5b9ad2c92f0a87176709b4acd2c13 |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
| MD5 | eddf449b4cb68943b945cd402552da0a |
| SHA1 | 7e158b5db7261b7c55d32f7da8c9ae381b16de59 |
| SHA256 | cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a |
| SHA512 | 33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7 |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ffmpeg.dll
| MD5 | 2132fad8315a47284cb3ffc75b318b28 |
| SHA1 | 1f41e3b2dbb2dd2f59f3a278bdae715c15a5948a |
| SHA256 | 5923c9159b33f5645741afef4550a7c3a57283cb6c22b95b677c8d4799d3db29 |
| SHA512 | f5eeabda49d1938a24a5c8859ca2707368ce874bcee57c658d8b1013572b92687de92159df6b3db0f19e46ae9809873103beba50233b2925ef6ae76855011945 |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ffmpeg.dll
| MD5 | 2132fad8315a47284cb3ffc75b318b28 |
| SHA1 | 1f41e3b2dbb2dd2f59f3a278bdae715c15a5948a |
| SHA256 | 5923c9159b33f5645741afef4550a7c3a57283cb6c22b95b677c8d4799d3db29 |
| SHA512 | f5eeabda49d1938a24a5c8859ca2707368ce874bcee57c658d8b1013572b92687de92159df6b3db0f19e46ae9809873103beba50233b2925ef6ae76855011945 |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
| MD5 | eddf449b4cb68943b945cd402552da0a |
| SHA1 | 7e158b5db7261b7c55d32f7da8c9ae381b16de59 |
| SHA256 | cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a |
| SHA512 | 33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7 |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
| MD5 | eddf449b4cb68943b945cd402552da0a |
| SHA1 | 7e158b5db7261b7c55d32f7da8c9ae381b16de59 |
| SHA256 | cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a |
| SHA512 | 33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7 |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\d3dcompiler_47.dll
| MD5 | ab3be0c427c6e405fad496db1545bd61 |
| SHA1 | 76012f31db8618624bc8b563698b2669365e49cb |
| SHA256 | 827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6 |
| SHA512 | d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\vk_swiftshader.dll
| MD5 | dd3a757828c6cc214fac84486f69ba8e |
| SHA1 | 5f79beada6f80c903b5d1c04f0eb30e8acd396a2 |
| SHA256 | baf14a4d3a28ac7ceab2a750a49bbc5d3259856c16ee160a444b92b8de908e9c |
| SHA512 | 9d4943c76f828bb61162517acc50cb34cb181f155e8ddcaa293f493354789fa3ace21eabca833d407aa0c83b89fa7661cb6739f147c3002972d1db364ab4828e |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\vk_swiftshader.dll
| MD5 | dd3a757828c6cc214fac84486f69ba8e |
| SHA1 | 5f79beada6f80c903b5d1c04f0eb30e8acd396a2 |
| SHA256 | baf14a4d3a28ac7ceab2a750a49bbc5d3259856c16ee160a444b92b8de908e9c |
| SHA512 | 9d4943c76f828bb61162517acc50cb34cb181f155e8ddcaa293f493354789fa3ace21eabca833d407aa0c83b89fa7661cb6739f147c3002972d1db364ab4828e |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\debug.log
| MD5 | f11fa798594affd42bf8b8f638bc60e9 |
| SHA1 | 8eb770447aea941ff7f00419db6c7a147dea4f65 |
| SHA256 | 439d0ea18158c5fcdca33c711df8221ac891d02fa98dd67d05fd9d03d7fcebfd |
| SHA512 | 56c7aa20a561eaabeb94771ba13516993a1e52d2d10da4bbb017bf66317977ea6d88a06d720bd9bc77e903e64f1da38b8fc615d5ccc02576a90cee46bd390106 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ffmpeg.dll
| MD5 | 2132fad8315a47284cb3ffc75b318b28 |
| SHA1 | 1f41e3b2dbb2dd2f59f3a278bdae715c15a5948a |
| SHA256 | 5923c9159b33f5645741afef4550a7c3a57283cb6c22b95b677c8d4799d3db29 |
| SHA512 | f5eeabda49d1938a24a5c8859ca2707368ce874bcee57c658d8b1013572b92687de92159df6b3db0f19e46ae9809873103beba50233b2925ef6ae76855011945 |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\vulkan-1.dll
| MD5 | bb7496239e0f1b44c935df3954c3fc42 |
| SHA1 | d063da60766682cf40b690bc03094e5c7ebd8669 |
| SHA256 | e125930a96f0bcb36287932ceb3676d44e5c5e6a9e8ab6ca6ca60faa833f3d9c |
| SHA512 | 7b8fecee987d1f551f1d66446348c62601784977ccdca302f5173f049972271f341ec05a0de6c1eee4f2e8cb761538dd7cea03d1364920a5b1dddf02a397a324 |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\vulkan-1.dll
| MD5 | bb7496239e0f1b44c935df3954c3fc42 |
| SHA1 | d063da60766682cf40b690bc03094e5c7ebd8669 |
| SHA256 | e125930a96f0bcb36287932ceb3676d44e5c5e6a9e8ab6ca6ca60faa833f3d9c |
| SHA512 | 7b8fecee987d1f551f1d66446348c62601784977ccdca302f5173f049972271f341ec05a0de6c1eee4f2e8cb761538dd7cea03d1364920a5b1dddf02a397a324 |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\libEGL.dll
| MD5 | 5c70cc094fc6e108a5689c88f1144a51 |
| SHA1 | 460b668e4301e774b79b182756db25fb0b7c206e |
| SHA256 | c99a051b9d73bc638d593561ea7ed499db689420b51d5945a618579a26cb0b42 |
| SHA512 | 3943bb1bbbe683a4d2a43609d78dec9b70b58f542f88aa783080732201650b38bd0a3e6936439cfadc211c51512da9680999d6e4f7deb077096988b6878124e7 |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\libegl.dll
| MD5 | 5c70cc094fc6e108a5689c88f1144a51 |
| SHA1 | 460b668e4301e774b79b182756db25fb0b7c206e |
| SHA256 | c99a051b9d73bc638d593561ea7ed499db689420b51d5945a618579a26cb0b42 |
| SHA512 | 3943bb1bbbe683a4d2a43609d78dec9b70b58f542f88aa783080732201650b38bd0a3e6936439cfadc211c51512da9680999d6e4f7deb077096988b6878124e7 |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\libGLESv2.dll
| MD5 | 7b2ce44ad89a57b1183d36e89fd0357f |
| SHA1 | 178f7ed96f5c879b08729acff45bc50cd2ed64c7 |
| SHA256 | 9072dc08a094f4669e50ac1d062e1e0ee53714eec67a2e7fc0dd2de832239701 |
| SHA512 | 9d2909023d60564c8ab65cb1668e52b715c37df22bef480e5efa3218b1fad8777acaeae7a17b385e2dda2f3dc0e051ec157ec73b56cef1aff2b8a2281ef7ba41 |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\libglesv2.dll
| MD5 | 7b2ce44ad89a57b1183d36e89fd0357f |
| SHA1 | 178f7ed96f5c879b08729acff45bc50cd2ed64c7 |
| SHA256 | 9072dc08a094f4669e50ac1d062e1e0ee53714eec67a2e7fc0dd2de832239701 |
| SHA512 | 9d2909023d60564c8ab65cb1668e52b715c37df22bef480e5efa3218b1fad8777acaeae7a17b385e2dda2f3dc0e051ec157ec73b56cef1aff2b8a2281ef7ba41 |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\D3DCompiler_47.dll
| MD5 | ab3be0c427c6e405fad496db1545bd61 |
| SHA1 | 76012f31db8618624bc8b563698b2669365e49cb |
| SHA256 | 827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6 |
| SHA512 | d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
| MD5 | eddf449b4cb68943b945cd402552da0a |
| SHA1 | 7e158b5db7261b7c55d32f7da8c9ae381b16de59 |
| SHA256 | cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a |
| SHA512 | 33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7 |
C:\Users\Admin\AppData\Local\Temp\0220b9a6-0a18-49d9-94a3-2d84062e124b.tmp.node
| MD5 | 566b70feb8fce14caa4c18c08ce7f5f2 |
| SHA1 | f2ebbadcf5914860f0041cae0e0562879d3e8af5 |
| SHA256 | 66bcc5fb47acb03d1d4e6d37553d80bc087b92e405c4392631d8c5e34d773097 |
| SHA512 | 35d63d6cd0c1cfe9b58037bc382f84247a762994e2a09eb9e8a2a4c622845c5ada8c7874d3ebc25f3e59faca6f3052897a81394e07e17b71ddc4686e2df9925d |
C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\Network Persistent State
| MD5 | 32470c35e7c93267041fb3f3c08c4de9 |
| SHA1 | f4f41217cd76c7791258c0c1fe429f5641cc4de1 |
| SHA256 | c091a0440254b5f71f8a50429803040da4e957e55f287ae12efaf1a3690dec85 |
| SHA512 | 4ceddb261cb115323aa2bef65e72402c8c2bf3a91743ce26ce7911d7af2190a0e50580e0178b46643d2b837e65305facdb96fccc46aef59f77e4547ab383cac5 |
C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\Network Persistent State~RFe588393.TMP
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
| MD5 | eddf449b4cb68943b945cd402552da0a |
| SHA1 | 7e158b5db7261b7c55d32f7da8c9ae381b16de59 |
| SHA256 | cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a |
| SHA512 | 33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7 |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ffmpeg.dll
| MD5 | 2132fad8315a47284cb3ffc75b318b28 |
| SHA1 | 1f41e3b2dbb2dd2f59f3a278bdae715c15a5948a |
| SHA256 | 5923c9159b33f5645741afef4550a7c3a57283cb6c22b95b677c8d4799d3db29 |
| SHA512 | f5eeabda49d1938a24a5c8859ca2707368ce874bcee57c658d8b1013572b92687de92159df6b3db0f19e46ae9809873103beba50233b2925ef6ae76855011945 |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\vk_swiftshader.dll
| MD5 | dd3a757828c6cc214fac84486f69ba8e |
| SHA1 | 5f79beada6f80c903b5d1c04f0eb30e8acd396a2 |
| SHA256 | baf14a4d3a28ac7ceab2a750a49bbc5d3259856c16ee160a444b92b8de908e9c |
| SHA512 | 9d4943c76f828bb61162517acc50cb34cb181f155e8ddcaa293f493354789fa3ace21eabca833d407aa0c83b89fa7661cb6739f147c3002972d1db364ab4828e |
memory/1296-379-0x000000000F200000-0x000000000F201000-memory.dmp
memory/1296-380-0x000000000F200000-0x000000000F201000-memory.dmp
memory/1296-381-0x000000000F200000-0x000000000F201000-memory.dmp
memory/1296-385-0x000000000F200000-0x000000000F201000-memory.dmp
memory/1296-386-0x000000000F200000-0x000000000F201000-memory.dmp
memory/1296-387-0x000000000F200000-0x000000000F201000-memory.dmp
memory/1296-388-0x000000000F200000-0x000000000F201000-memory.dmp
memory/1296-391-0x000000000F200000-0x000000000F201000-memory.dmp
memory/1296-390-0x000000000F200000-0x000000000F201000-memory.dmp
memory/1296-389-0x000000000F200000-0x000000000F201000-memory.dmp
memory/3480-394-0x0000000005210000-0x0000000005246000-memory.dmp
memory/3480-395-0x00000000053F0000-0x0000000005400000-memory.dmp
memory/3480-396-0x00000000053F0000-0x0000000005400000-memory.dmp
memory/3480-397-0x0000000005A30000-0x0000000006058000-memory.dmp
memory/3480-398-0x0000000005810000-0x0000000005832000-memory.dmp
memory/3480-399-0x0000000005930000-0x0000000005996000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ein1rtug.vql.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/3480-405-0x00000000061D0000-0x0000000006236000-memory.dmp
memory/3480-410-0x0000000005570000-0x000000000558E000-memory.dmp
memory/3480-411-0x00000000077D0000-0x0000000007866000-memory.dmp
memory/3480-412-0x0000000006CC0000-0x0000000006CDA000-memory.dmp
memory/3480-413-0x0000000006D10000-0x0000000006D32000-memory.dmp
memory/3480-414-0x0000000007E20000-0x00000000083C4000-memory.dmp
memory/3480-415-0x0000000007910000-0x00000000079A2000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
| MD5 | eedc851ccfb2e8281babb78c2f244c68 |
| SHA1 | 4df05baf7c1b4f14aad3244aa30e95f234504eaf |
| SHA256 | f8bb083f4072511a1b6c0c2e571a376fb678719fc20890ec96be851d25eaa790 |
| SHA512 | 643d95f22f271d585f33609fefe30fd17b5b0380613553a86d1e94d5fb602660f2d4b7196915ac5e00f1d17702bbbecf9f4274f5dbb18820745a215b91cbc7ba |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 8e764454469c8037d2e0f012cb7a1ba1 |
| SHA1 | 6a482c3f6d8e7faee6b1397b15c6243e7efa15f6 |
| SHA256 | 17b2f354b06b392ff956c086ed78baa95133f5ad04539584eedf294e5547e360 |
| SHA512 | 23bf444ef9a126e8b5e70c71a9b1816404dccce83beba859bf18681f8f541190d9f9fca821a0cbbce24d4e10939c97959d124bf471b4cf63692de526b957eb2b |
memory/4184-429-0x00000000053B0000-0x00000000053C0000-memory.dmp
memory/4184-430-0x00000000053B0000-0x00000000053C0000-memory.dmp
memory/3372-432-0x00000000054D0000-0x00000000054E0000-memory.dmp
memory/3372-433-0x00000000054D0000-0x00000000054E0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | f4419fefdb2b381e195f574b457b7a48 |
| SHA1 | 78b01a321fffafed68d4043ceeca5f12fdb12add |
| SHA256 | a9a7bba0d0e981fdca9e3f353e3ec517da23c4dfdd1bacf93af8ac09dd9a7a6b |
| SHA512 | 107da6a803f87d416db01ffa68bb6d73bc07f34411f3986ed908f1efa80e2c09977c27bbb7c681e72dfcd4fad19b8b941b76595274f5ccc77eda9c7f3ad6f715 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 3c5c8b51ee193fd7891af5f8b7cc5710 |
| SHA1 | 62b6b7ab13ed53ca0a75821ffb6dc86d73097499 |
| SHA256 | 07a07faf440d5ce9e844260b6fa899a6d430efc2086b4734f0d283403ad2266e |
| SHA512 | b6591b6ad3fba2a75257c4ea8549deb884a0027493cd7fa3767e463ef4732de3311061b3d78e48a01038b1a8197da3c5e71658ea2a8b663927483e11e8572485 |
memory/3620-456-0x0000000005050000-0x0000000005060000-memory.dmp
memory/3620-455-0x0000000005050000-0x0000000005060000-memory.dmp
memory/1800-467-0x00000000052F0000-0x0000000005300000-memory.dmp
memory/1800-468-0x00000000052F0000-0x0000000005300000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | eb0c37b9c8f63f922db3830e3d8979e8 |
| SHA1 | 030b976a4cef8028cabc026bdfd9861599cced38 |
| SHA256 | ebc812a80bd189ad0c25c3859c67cd974d1f0a3dfea0fe01f8ba8f906d3d4186 |
| SHA512 | c6fba74c115dad8ac4daba9caa0677d8d008c0e02f2439dca0231b346cea0294604e140975cf61335b63667f82b881b506219d6d316911b90ee203236ae2dc58 |
memory/2468-476-0x0000000004E80000-0x0000000004E90000-memory.dmp
memory/2468-478-0x0000000004E80000-0x0000000004E90000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | efc94373bb880d4f2623b7761a0d08dd |
| SHA1 | 6f5ed6f5aa9452755b48cfa2d7ced955e228f0e5 |
| SHA256 | 8ff5660a5c67a83df6dc7b65b156dca7095c61e1f9d21c77a2edb5b2a23150dc |
| SHA512 | 0dc38e3c65b6545a4bc18cfee0d0825bd5394e05304e68060705cdc80505b0ab1d987736a1ff4b6fb79ff871a158f557165004113b4039ee7f98b89ec8149c22 |
memory/1704-484-0x0000000005130000-0x0000000005140000-memory.dmp
memory/1704-485-0x0000000005130000-0x0000000005140000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | ca68e1b1b552430d27dfb29bd0f10228 |
| SHA1 | 60d643dd9ed746f3762a3557436bcbeecf2b6cd0 |
| SHA256 | 1807b735b6ddc95d331e3f33d9f1f4df7f40e5fbeac2e966b4c19793b1589c95 |
| SHA512 | 57c5e0967027e609ba51966a37e5427c79ff675684ed48f086a9535641049487172cd8e39ced2c3a5c0c1ffd2cd50cfff1862239dd789c04cf9784c4df0e12e9 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 73bb5acd8afe1ef5dc84a0bbbc2da08b |
| SHA1 | caac0a8d740a8cf82d30c13efbf8992055f1e190 |
| SHA256 | 63c3c3220e933949f4e5ca98b275127aada438579dcb5f96d8d10b381cd1304e |
| SHA512 | 7d6dc99f3be877ce3b5950a9b9dd1108fef3b0d24f24014fcca9cae42427ab2cf5a20f6887b087e7c0f54222b77d73e786c7184f88b5fa870a75e74c30270d67 |
memory/1260-507-0x00000000048B0000-0x00000000048C0000-memory.dmp
memory/1260-508-0x00000000048B0000-0x00000000048C0000-memory.dmp
memory/1296-511-0x00000000045B0000-0x00000000045C0000-memory.dmp
memory/1296-510-0x00000000045B0000-0x00000000045C0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 26f26487c83dcec7237db3109ccb1171 |
| SHA1 | 86229099f67c1aa6b74a2c65a2129631e912ea43 |
| SHA256 | fd380ad15dcd4bb9fb8b4c53410595741079dedd6b136a5fd07bd8ed98937229 |
| SHA512 | 1c59edcfa9c58377b521a32a5be615bdbbfde185aeca74869a7d99c1fac84ebca8b3d53f36bc7f97b05f1ad1625c3ac14b3136dfe098b6ca28ed9522b65d5e40 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | cbe5505c651b6177dd1d7d96c59fd3f6 |
| SHA1 | 9cba6c6442557dd62303c14ecc836b02c6cc0b34 |
| SHA256 | a338dfac98c2f43c52e22cefa4be4e6dc0fdde9e5a24d209bbc2c748ca813571 |
| SHA512 | 2e61c096427a08004c0271aa75f665cd494d7b0adf2b0e30221d4f769298af0da13119b523aa5aaf159794db82a960e5c8cc08479ebaf552e02ea823ab7a8aaa |
memory/3244-533-0x0000000002910000-0x0000000002920000-memory.dmp
memory/3244-534-0x0000000002910000-0x0000000002920000-memory.dmp
memory/1288-536-0x00000000049B0000-0x00000000049C0000-memory.dmp
memory/1288-537-0x00000000049B0000-0x00000000049C0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | ace8885df03b40f0a13df13edf53a1a8 |
| SHA1 | baaf541eb67f24cbcfa4a74e4a3a302b2c6e9d35 |
| SHA256 | 446fb92cd71da2903c9204a91ee7614c0c279f48ae8fbf1bc85f37f9f3632d6f |
| SHA512 | 569179535650f26423b6e4704f5275651b930f0f534d9ffc73b910be5e358026075c85da2ee0669c90b23ab4c4067afc564b342434e121dd77934f598eed2fed |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 4df5203ca7ea36fd614921fb22bc9c0a |
| SHA1 | 82166314043b1e64a76259e40f5802c06ee0f72e |
| SHA256 | 371486e2b76aa64344c08bf9563e8de5bd3a825742f2b10f5ed5faa7365d2573 |
| SHA512 | 9f5beb7329881e351f591c16ec1b01bc99f43986ca9dd9dd5bf312e5c5c8036243c6adcbf2d7e36106a8169aa430d52d319e99849bade9773e3a0b3fb47e3cc0 |
memory/3216-560-0x0000000002840000-0x0000000002850000-memory.dmp
memory/3216-559-0x0000000002840000-0x0000000002850000-memory.dmp
memory/4576-571-0x0000000005010000-0x0000000005020000-memory.dmp
memory/4576-572-0x0000000005010000-0x0000000005020000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 52713677083cdaed2defdf18a72240ee |
| SHA1 | a2fcecfabcc8f63a7e21d33a0580fb2f7df14e94 |
| SHA256 | bbfaa6e4dc0911725857ee3dc6896a28eb48cafdf2acfc1dcf4cb53cf06beeb6 |
| SHA512 | 60f7d26b95e05416cbf11d6b26306bea7de0c4ef90a694cb93b7ce51491cb3ecda156c9904bcf50bff39fe04b56228e3bb91190a18ad1789db13119d5bd3edef |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | a21c941e550abf07b7cdb3c7c7e30614 |
| SHA1 | ec671e1cf38ec3fc77feaab22653e58618002213 |
| SHA256 | 5d8118d5b784a8cc214465a414e3121982b3384dc673461fc1a864d11e8e11b5 |
| SHA512 | e26cd16b0312b92af9490047ab294bd6c4e82b71e7b539fbaf3e3523021fc8bd909aff8999c73f6da652c857d05422f201aa751b74c2b6bf75a61675e3868e53 |
memory/2424-585-0x0000000002280000-0x0000000002290000-memory.dmp
memory/2424-586-0x0000000002280000-0x0000000002290000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 82ae2e00666a3a4d714402d63702dcdc |
| SHA1 | 69d45b868ac79321588bf15234d892f099e2f479 |
| SHA256 | 98a97924427fba4a2f4c542e1a9d467810c63dfc3d99a96390eb50aa60b17d64 |
| SHA512 | 085585df8a804a2c06bafd3d04651df221ba7f213003ddaf97b61c0aa04d8102905dcff8c72c7f63c84eecffc4cd1ee7b9d616d330c4570a81f57dd4f402a4b5 |
memory/756-598-0x0000000002B30000-0x0000000002B40000-memory.dmp
memory/756-599-0x0000000002B30000-0x0000000002B40000-memory.dmp
memory/2236-610-0x0000000004AB0000-0x0000000004AC0000-memory.dmp
memory/2236-611-0x0000000004AB0000-0x0000000004AC0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 842ff5c782da5ac4c29dace8118eca50 |
| SHA1 | 952e9660d4b7a5f5ff6c579342c1e6c04891a12b |
| SHA256 | 084580792fa96b302d183e77fa2c744d6cde4e1b8aa993263cf79f7444a4e9cc |
| SHA512 | ce058ebb43d14576f911bf01e304fb198b811da404786a04a9073d7cc794a37b06f45709b05198dd77db262483f740ef35695922f9dc7b5d74c76bbd0d6ec962 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | b90e956653e29c315dbd0ab92954b068 |
| SHA1 | a6790d5ecb34c609990e53a2313a1feec806b52b |
| SHA256 | b7149de91fdd34cbf980b69402c5e7efb6871b1a0a1ef40db274072726c64c93 |
| SHA512 | fa339862337e1c735877be54ec027ac0edea95a0309ba3e22f6a4be2ef017ef118b961dc276aca6d48b7f555eced4a7534db584e9eb58b60d708a458131d6b04 |
memory/1816-624-0x0000000005210000-0x0000000005220000-memory.dmp
memory/1816-625-0x0000000005210000-0x0000000005220000-memory.dmp
memory/2132-632-0x0000000002750000-0x0000000002760000-memory.dmp
memory/2132-633-0x0000000002750000-0x0000000002760000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | ab9a3ee2485d9efd6abf8da91f146c49 |
| SHA1 | 31603f5cb3c6234788f6f801aa4f4e77963c2383 |
| SHA256 | ff631041f7181a3e63cb567c7b201f923a380a17236382ec8f97e378a9bb2dda |
| SHA512 | 41ed86684228660715092a2a64c4b63d799b64ca725658c7c32d82773f807c5b062f6eb5e8161a0352d3b5f1fba03a8bfe4568859954a02194629dd795a06152 |
memory/3036-640-0x0000000004570000-0x0000000004580000-memory.dmp
memory/3036-641-0x0000000004570000-0x0000000004580000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 41962e7e1688ab3d335c2dc15af7780b |
| SHA1 | 7425c7be7abb90e77cfcfa52f888c4da37e908ba |
| SHA256 | 3bf89f17b1551a8931fb0bdc62824b131f5ee74534b93a14540641f6b5016fa7 |
| SHA512 | 85743a5760666766cc73033fce1fe7f080c51eeca7a0ba6c57b441e6124ea6e4a9c57152ab2cd04dc0c8b932c21257468a3a65d42e14ccc7e6634dafc2b49163 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 0db31dd528a60c3f4e9d2d777041af88 |
| SHA1 | 11339881a2580f668c2a1fac6429a57992ae8e75 |
| SHA256 | 9f60a0938adceaf520a19ca60e40cf607f970da22e8a15f883429120c61cc47c |
| SHA512 | 11b1cea22234c655e305da05b4b03dd8771512975d56147d11cd4c02bd7d92068497958e0468f64a3f8553501fee12f7f4715c41de514585c6c2ac30c40bde96 |
memory/1984-663-0x00000000022D0000-0x00000000022E0000-memory.dmp
memory/1984-664-0x00000000022D0000-0x00000000022E0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 7722c46860a0ec6ea652e6feb783e3b2 |
| SHA1 | 1db9dd5c062cf9102c5c57aaba58c59e0062a153 |
| SHA256 | bffdd3a5d1ef71a1b467aaf3c99b11eea8976f02f498751a0ce740012fb015ab |
| SHA512 | 4ae7a5b252ec9597bec37228e38df809a16045bcd1484d172ac98cc28312e6eedc5dfb1821277ba325c9d479469a26dfd3665298d88101ed9730884d85704c92 |
memory/2088-676-0x0000000002210000-0x0000000002220000-memory.dmp
memory/2088-677-0x0000000002210000-0x0000000002220000-memory.dmp
memory/3900-688-0x0000000002FA0000-0x0000000002FB0000-memory.dmp
memory/3900-689-0x0000000002FA0000-0x0000000002FB0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 39292116a35b21c7c64913eab5673aa8 |
| SHA1 | c40e3414c67ad0492e5d43a396554c473983e5ff |
| SHA256 | 9a34a25a27351d5ddbef8148ae0b53dae9cfa52d21cb4e3c3be3f7220095712a |
| SHA512 | 575cb81a439f3853c5a8718e938ebd08f0402658defdfcad387fc11126f0a4cd08926a1d002f6bdb18147994abfd8782a3bc8f0d6c49fab59c67fedd6c2996f8 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 74a79dff1da2d1119e17a345d7073a02 |
| SHA1 | 4917e1c0e39f2eb80ac644f91d0841ebd669603f |
| SHA256 | 371162f63820cae89b453f6df3fb43fdc31cd29a1671f4c89a72a8e6c1674b90 |
| SHA512 | 4ec46c89eb76b27d06600d9a5963ea32fbd27597423648bcd99e30940a498fa543306efd174a4ea13257ca5fe8deac06275cd5f84b5f20449ed862c5543446d7 |
memory/888-702-0x0000000002DE0000-0x0000000002DF0000-memory.dmp
memory/888-703-0x0000000002DE0000-0x0000000002DF0000-memory.dmp
memory/2720-714-0x0000000002720000-0x0000000002730000-memory.dmp
memory/2720-715-0x0000000002720000-0x0000000002730000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | d76c0660ca807a1996f57d1df7a7d9c3 |
| SHA1 | 92659bc37d3857fa8b02b033ff7bfb1572c09dae |
| SHA256 | 724776b349294615f883e63005e1345945367a33d0c449d4e1f83b8b66a8725b |
| SHA512 | 6d751c0a3740defe5df0b91163c7b42a4adcc7a8c995578f9ab75c79263a27bd43e1fd11ee32093bd49babe6985e2ca348ab8750dd60f7d3eef872859cd4cfa0 |
memory/2100-719-0x0000000002440000-0x0000000002450000-memory.dmp
memory/2100-718-0x0000000002440000-0x0000000002450000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | c79b2cfcf2a6790a65ed202a73fa2d21 |
| SHA1 | 98f5a8cda46d06dc3821bc10e2a8246b74f2cf0c |
| SHA256 | 5495ef7c33101cf880279e5a4cc787a2a870951ee64656a92ebd5e2043bb2be2 |
| SHA512 | c215c2d9e8829e44ea8b06e3c01b7668506c95ee120f00a901fa00563abf8d9528494ac461c0861724c00d6494d1e783a35a0c669dbe76171574e31c88688f81 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 5eea6e476096af0ae604ac595b03b0b7 |
| SHA1 | f56d87376fae2c4757bb2e92ac60383973e68a76 |
| SHA256 | 4cd07e6f5d98a186c0a2c9765b494b9c47a31b3811a17be2816878b6eac19370 |
| SHA512 | db6a09f841226266dbd8b3d473d9b86a174ecd1d201eb88957f1ed9fade1b9251d5ce31891bb82f754c0937358e01feb44bf76383729c45fac300a2bba1815b3 |
memory/4372-741-0x0000000004640000-0x0000000004650000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | d315f500acf182e1040e15a5e4d94f9f |
| SHA1 | 5cd49946ee05eb9ab62a1d4c33eb60cbd625eaf1 |
| SHA256 | 3476812390b63a9d8bafe37bd35e5fea6b6ac14296094153007be3a7449c91a9 |
| SHA512 | 66e0e5c681f1b29de278971bb96ebe0df883c6e882f2baa2dc0db07c567dfb82e7408f0222704036135b2728d71bf72d60726a15071ec2d7ec73234ad760a512 |
memory/4968-753-0x0000000004FC0000-0x0000000004FD0000-memory.dmp
memory/748-764-0x0000000004860000-0x0000000004870000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 4d2037e7623c492720599ded740799d2 |
| SHA1 | 3c27acf5515bb66d37448b6e5e4b866a3887e669 |
| SHA256 | 3b0809ee4f6c5bc49a69f585e969461222b8954f8eb9a87e5e5f83ebf3f475c7 |
| SHA512 | 6870c9592117be7de8603dab07aaca7333c36a40b4a2c4dee3792abf5736717a90a26f096b3e6f29f58a1f6b9e30ca750ed26c5493b6f2079f4c04dffccfe7fb |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 57578994410159f24efce2ce7746c6b5 |
| SHA1 | 3a76ebf94f75d34fba135fb2d5467cefb89a3225 |
| SHA256 | e39238af0d7fb376ab90d471b60382385cfa5e609848d0fc093e5e3c2d072a40 |
| SHA512 | caf700656d513118031c09761ef050f8c6e4fb55263c2962a7677da45406fa66263e4c03bad2552cfd15004a66d9b5614c0d3c932c133520dbfd13282bcf4168 |
Analysis: behavioral1
Detonation Overview
Submitted
2023-04-29 16:39
Reported
2023-04-29 17:10
Platform
win10-20230220-en
Max time kernel
416s
Max time network
1805s
Command Line
Signatures
Lumma Stealer
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Updater.exe | C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Updater.exe | C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Legitimate hosting services abused for malware hosting/C2
Enumerates physical storage devices
Enumerates processes with tasklist
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133272672325470673" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 | C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c137e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\ValorantLoading0.exe
"C:\Users\Admin\AppData\Local\Temp\ValorantLoading0.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc89b09758,0x7ffc89b09768,0x7ffc89b09778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1800 --field-trial-handle=1864,i,12499727715021896120,6633718164888454282,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1864,i,12499727715021896120,6633718164888454282,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2112 --field-trial-handle=1864,i,12499727715021896120,6633718164888454282,131072 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2976 --field-trial-handle=1864,i,12499727715021896120,6633718164888454282,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2960 --field-trial-handle=1864,i,12499727715021896120,6633718164888454282,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4372 --field-trial-handle=1864,i,12499727715021896120,6633718164888454282,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4532 --field-trial-handle=1864,i,12499727715021896120,6633718164888454282,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4684 --field-trial-handle=1864,i,12499727715021896120,6633718164888454282,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 --field-trial-handle=1864,i,12499727715021896120,6633718164888454282,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 --field-trial-handle=1864,i,12499727715021896120,6633718164888454282,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5216 --field-trial-handle=1864,i,12499727715021896120,6633718164888454282,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5032 --field-trial-handle=1864,i,12499727715021896120,6633718164888454282,131072 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1412 --field-trial-handle=1540,i,972579413874400961,9101782717619210052,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --mojo-platform-channel-handle=1792 --field-trial-handle=1540,i,972579413874400961,9101782717619210052,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4784 --field-trial-handle=1864,i,12499727715021896120,6633718164888454282,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3512 --field-trial-handle=1864,i,12499727715021896120,6633718164888454282,131072 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --app-path="C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2168 --field-trial-handle=1540,i,972579413874400961,9101782717619210052,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"
C:\Windows\SysWOW64\taskkill.exe
taskkill /IM chrome.exe /F
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc89b09758,0x7ffc89b09768,0x7ffc89b09778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=1776,i,10623592800305787501,5949596201159941909,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1776,i,10623592800305787501,5949596201159941909,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1724 --field-trial-handle=1776,i,10623592800305787501,5949596201159941909,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3132 --field-trial-handle=1776,i,10623592800305787501,5949596201159941909,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2996 --field-trial-handle=1776,i,10623592800305787501,5949596201159941909,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc89b09758,0x7ffc89b09768,0x7ffc89b09778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1860 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1824 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1544 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2996 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2964 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4400 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4536 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4704 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5072 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3836 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4356 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3588 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4844 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4356 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1480 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=1984 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5796 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5840 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3004 --field-trial-handle=1540,i,972579413874400961,9101782717619210052,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=2600 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=1996 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:2
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=2112 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3a4
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5876 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:8
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4296 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=4624 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6088 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5944 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:8
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6024 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:8
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6052 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5844 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1868 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3372 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:8
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6292 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2648 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6288 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:8
C:\Users\Admin\Downloads\ValorantLoading0.exe
"C:\Users\Admin\Downloads\ValorantLoading0.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6156 --field-trial-handle=2232,i,15815284006725025927,5585523987435789044,131072 /prefetch:8
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1648,i,11590796678809053000,8349264842438926235,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --mojo-platform-channel-handle=1792 --field-trial-handle=1648,i,11590796678809053000,8349264842438926235,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --app-path="C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1976 --field-trial-handle=1648,i,11590796678809053000,8349264842438926235,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2264 --field-trial-handle=1648,i,11590796678809053000,8349264842438926235,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=2476 --field-trial-handle=1648,i,11590796678809053000,8349264842438926235,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"
C:\Windows\SysWOW64\taskkill.exe
taskkill /IM chrome.exe /F
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc86ad9758,0x7ffc86ad9768,0x7ffc86ad9778
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1748 --field-trial-handle=1804,i,8414395691452615796,16588407271770260867,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1472 --field-trial-handle=1804,i,8414395691452615796,16588407271770260867,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1804,i,8414395691452615796,16588407271770260867,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3032 --field-trial-handle=1804,i,8414395691452615796,16588407271770260867,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3012 --field-trial-handle=1804,i,8414395691452615796,16588407271770260867,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3744 --field-trial-handle=1804,i,8414395691452615796,16588407271770260867,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4424 --field-trial-handle=1804,i,8414395691452615796,16588407271770260867,131072 /prefetch:8
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4576 --field-trial-handle=1804,i,8414395691452615796,16588407271770260867,131072 /prefetch:8
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4728 --field-trial-handle=1804,i,8414395691452615796,16588407271770260867,131072 /prefetch:1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3876 --field-trial-handle=1804,i,8414395691452615796,16588407271770260867,131072 /prefetch:1
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 --field-trial-handle=1804,i,8414395691452615796,16588407271770260867,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5152 --field-trial-handle=1804,i,8414395691452615796,16588407271770260867,131072 /prefetch:8
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5260 --field-trial-handle=1804,i,8414395691452615796,16588407271770260867,131072 /prefetch:1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5760 --field-trial-handle=1804,i,8414395691452615796,16588407271770260867,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5756 --field-trial-handle=1804,i,8414395691452615796,16588407271770260867,131072 /prefetch:8
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5904 --field-trial-handle=1804,i,8414395691452615796,16588407271770260867,131072 /prefetch:8
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5992 --field-trial-handle=1804,i,8414395691452615796,16588407271770260867,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6008 --field-trial-handle=1804,i,8414395691452615796,16588407271770260867,131072 /prefetch:8
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Users\Admin\Downloads\ValorantCrashFix.exe
"C:\Users\Admin\Downloads\ValorantCrashFix.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6336 --field-trial-handle=1804,i,8414395691452615796,16588407271770260867,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6384 --field-trial-handle=1804,i,8414395691452615796,16588407271770260867,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6324 --field-trial-handle=1804,i,8414395691452615796,16588407271770260867,131072 /prefetch:8
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6204 --field-trial-handle=1804,i,8414395691452615796,16588407271770260867,131072 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1372 --field-trial-handle=1652,i,8397822801295824722,8578704139296503051,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --mojo-platform-channel-handle=1808 --field-trial-handle=1652,i,8397822801295824722,8578704139296503051,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --app-path="C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1976 --field-trial-handle=1652,i,8397822801295824722,8578704139296503051,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6340 --field-trial-handle=1804,i,8414395691452615796,16588407271770260867,131072 /prefetch:1
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4928 --field-trial-handle=1804,i,8414395691452615796,16588407271770260867,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5852 --field-trial-handle=1804,i,8414395691452615796,16588407271770260867,131072 /prefetch:8
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1420 --field-trial-handle=1652,i,8397822801295824722,8578704139296503051,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5840 --field-trial-handle=1804,i,8414395691452615796,16588407271770260867,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5212 --field-trial-handle=1804,i,8414395691452615796,16588407271770260867,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6236 --field-trial-handle=1804,i,8414395691452615796,16588407271770260867,131072 /prefetch:8
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=1672 --field-trial-handle=1652,i,8397822801295824722,8578704139296503051,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Users\Admin\Downloads\ValorantCrashFix (1).exe
"C:\Users\Admin\Downloads\ValorantCrashFix (1).exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Users\Admin\Downloads\ValorantCrashFix.exe
"C:\Users\Admin\Downloads\ValorantCrashFix.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1480 --field-trial-handle=1656,i,6598855442484090673,8993598744926605985,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --mojo-platform-channel-handle=1800 --field-trial-handle=1656,i,6598855442484090673,8993598744926605985,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --app-path="C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1968 --field-trial-handle=1656,i,6598855442484090673,8993598744926605985,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Users\Admin\Downloads\ValorantCrashFix.exe
"C:\Users\Admin\Downloads\ValorantCrashFix.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1476 --field-trial-handle=1656,i,6598855442484090673,8993598744926605985,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1404 --field-trial-handle=1900,i,11275430132542899955,4821870957611725172,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --mojo-platform-channel-handle=1744 --field-trial-handle=1900,i,11275430132542899955,4821870957611725172,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --app-path="C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1984 --field-trial-handle=1900,i,11275430132542899955,4821870957611725172,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=1676 --field-trial-handle=1656,i,6598855442484090673,8993598744926605985,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1408 --field-trial-handle=1900,i,11275430132542899955,4821870957611725172,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Users\Admin\Downloads\ValorantLoading0.exe
"C:\Users\Admin\Downloads\ValorantLoading0.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=1896 --field-trial-handle=1900,i,11275430132542899955,4821870957611725172,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2484 --field-trial-handle=1804,i,8414395691452615796,16588407271770260867,131072 /prefetch:2
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1496 --field-trial-handle=1764,i,11568462724635971712,4940487018290650109,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --mojo-platform-channel-handle=1776 --field-trial-handle=1764,i,11568462724635971712,4940487018290650109,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --app-path="C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1956 --field-trial-handle=1764,i,11568462724635971712,4940487018290650109,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\taskkill.exe
taskkill /IM chrome.exe /F
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1484 --field-trial-handle=1764,i,11568462724635971712,4940487018290650109,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=2896 --field-trial-handle=1764,i,11568462724635971712,4940487018290650109,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1480 --field-trial-handle=1656,i,2025088977129206709,4803243312783940910,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --mojo-platform-channel-handle=1700 --field-trial-handle=1656,i,2025088977129206709,4803243312783940910,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --app-path="C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1972 --field-trial-handle=1656,i,2025088977129206709,4803243312783940910,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1472 --field-trial-handle=1656,i,2025088977129206709,4803243312783940910,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"
C:\Windows\SysWOW64\taskkill.exe
taskkill /IM chrome.exe /F
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=2864 --field-trial-handle=1656,i,2025088977129206709,4803243312783940910,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Users\Admin\Downloads\ValorantCrashFix.exe
"C:\Users\Admin\Downloads\ValorantCrashFix.exe"
C:\Users\Admin\Downloads\ValorantCrashFix.exe
"C:\Users\Admin\Downloads\ValorantCrashFix.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"
C:\Windows\SysWOW64\taskkill.exe
taskkill /IM chrome.exe /F
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1516 --field-trial-handle=1636,i,7827047277507529759,4986235463361905208,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --mojo-platform-channel-handle=1788 --field-trial-handle=1636,i,7827047277507529759,4986235463361905208,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --app-path="C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1928 --field-trial-handle=1636,i,7827047277507529759,4986235463361905208,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1404 --field-trial-handle=1956,i,14532525442944481257,10514172397341467779,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --mojo-platform-channel-handle=1740 --field-trial-handle=1956,i,14532525442944481257,10514172397341467779,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --app-path="C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1908 --field-trial-handle=1956,i,14532525442944481257,10514172397341467779,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1504 --field-trial-handle=1636,i,7827047277507529759,4986235463361905208,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2880 --field-trial-handle=1956,i,14532525442944481257,10514172397341467779,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=1708 --field-trial-handle=1636,i,7827047277507529759,4986235463361905208,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=2348 --field-trial-handle=1956,i,14532525442944481257,10514172397341467779,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Users\Admin\Downloads\ValorantCrashFix.exe
"C:\Users\Admin\Downloads\ValorantCrashFix.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1412 --field-trial-handle=1660,i,6893684906988407719,17670959226448085688,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --mojo-platform-channel-handle=1808 --field-trial-handle=1660,i,6893684906988407719,17670959226448085688,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --app-path="C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2044 --field-trial-handle=1660,i,6893684906988407719,17670959226448085688,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1416 --field-trial-handle=1660,i,6893684906988407719,17670959226448085688,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=2100 --field-trial-handle=1660,i,6893684906988407719,17670959226448085688,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 250.255.255.239.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | 206.23.217.172.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 251.0.0.224.in-addr.arpa | udp |
| US | 8.8.8.8:53 | b.f.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa | udp |
| US | 8.8.8.8:53 | discord.gg | udp |
| US | 162.159.135.234:80 | discord.gg | tcp |
| US | 162.159.135.234:80 | discord.gg | tcp |
| US | 8.8.8.8:53 | 234.135.159.162.in-addr.arpa | udp |
| US | 162.159.135.234:443 | discord.gg | tcp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 162.159.135.232:443 | discord.com | udp |
| US | 8.8.8.8:53 | 232.135.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| FR | 157.240.196.15:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 172.64.144.98:443 | geolocation.onetrust.com | tcp |
| FR | 157.240.196.15:443 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | 8.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.196.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.144.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| US | 52.182.143.210:443 | tcp | |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 88.221.25.153:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| DE | 157.240.20.35:443 | www.facebook.com | tcp |
| DE | 157.240.20.35:443 | www.facebook.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 178.36.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.25.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.20.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.232.18.117.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:53 | bbynetwork.nl | udp |
| US | 104.21.60.146:443 | bbynetwork.nl | tcp |
| US | 104.21.60.146:443 | bbynetwork.nl | tcp |
| US | 104.21.60.146:443 | bbynetwork.nl | tcp |
| US | 104.21.60.146:443 | bbynetwork.nl | tcp |
| US | 104.21.60.146:443 | bbynetwork.nl | tcp |
| US | 104.21.60.146:443 | bbynetwork.nl | tcp |
| US | 104.21.60.146:443 | bbynetwork.nl | tcp |
| US | 104.21.60.146:443 | bbynetwork.nl | tcp |
| US | 8.8.8.8:53 | 146.60.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 13.107.42.16:443 | tcp | |
| US | 74.125.128.127:19302 | udp | |
| GB | 51.77.122.237:443 | tcp | |
| US | 8.8.8.8:53 | 0.77.109.52.in-addr.arpa | udp |
| GB | 51.77.122.237:443 | tcp | |
| US | 8.8.8.8:53 | 127.128.125.74.in-addr.arpa | udp |
| US | 104.21.60.146:443 | bbynetwork.nl | tcp |
| US | 104.21.60.146:443 | bbynetwork.nl | tcp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| NL | 142.251.36.46:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 46.36.251.142.in-addr.arpa | udp |
| US | 162.159.135.234:443 | discord.gg | tcp |
| US | 162.159.135.234:443 | discord.gg | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 157.240.251.9:443 | connect.facebook.net | tcp |
| US | 172.64.144.98:443 | geolocation.onetrust.com | tcp |
| US | 162.159.135.232:443 | discord.com | udp |
| US | 157.240.251.9:443 | connect.facebook.net | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 8.8.8.8:53 | 9.251.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| DE | 157.240.20.35:443 | www.facebook.com | tcp |
| DE | 157.240.20.35:443 | www.facebook.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | remote-auth-gateway.discord.gg | udp |
| US | 162.159.136.234:443 | remote-auth-gateway.discord.gg | tcp |
| US | 8.8.8.8:53 | 234.136.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 142.251.36.14:443 | play.google.com | tcp |
| NL | 142.251.36.14:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 14.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.179.250.142.in-addr.arpa | udp |
| US | 162.159.135.232:443 | discord.com | udp |
| US | 8.8.8.8:53 | js.hcaptcha.com | udp |
| US | 104.16.168.131:443 | js.hcaptcha.com | tcp |
| US | 8.8.8.8:53 | newassets.hcaptcha.com | udp |
| US | 104.16.168.131:443 | newassets.hcaptcha.com | udp |
| US | 8.8.8.8:53 | hcaptcha.com | udp |
| US | 8.8.8.8:53 | 131.168.16.104.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | imgs.hcaptcha.com | udp |
| US | 104.16.169.131:443 | imgs.hcaptcha.com | udp |
| US | 8.8.8.8:53 | 131.169.16.104.in-addr.arpa | udp |
| US | 162.159.136.234:443 | remote-auth-gateway.discord.gg | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| NL | 216.58.214.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 3.214.58.216.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 162.159.135.232:443 | discord.com | udp |
| US | 104.16.168.131:443 | imgs.hcaptcha.com | udp |
| US | 104.16.169.131:443 | imgs.hcaptcha.com | udp |
| US | 162.159.136.234:443 | remote-auth-gateway.discord.gg | tcp |
| US | 8.8.8.8:53 | gateway.discord.gg | udp |
| US | 162.159.134.234:443 | gateway.discord.gg | tcp |
| US | 8.8.8.8:53 | 234.134.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | status.discord.com | udp |
| US | 162.159.137.232:443 | status.discord.com | tcp |
| US | 8.8.8.8:53 | 232.137.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| US | 8.8.8.8:53 | 233.129.159.162.in-addr.arpa | udp |
| US | 162.159.129.233:443 | cdn.discordapp.com | udp |
| US | 162.159.129.233:443 | cdn.discordapp.com | udp |
| US | 162.159.137.232:443 | status.discord.com | udp |
| US | 162.159.135.232:443 | status.discord.com | udp |
| NL | 216.58.214.3:443 | beacons.gcp.gvt2.com | udp |
| US | 162.159.129.233:443 | cdn.discordapp.com | udp |
| US | 8.8.8.8:53 | images-ext-2.discordapp.net | udp |
| US | 162.159.129.232:443 | images-ext-2.discordapp.net | tcp |
| US | 8.8.8.8:53 | 232.129.159.162.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 34.197.79.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.178.238.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.211.229.192.in-addr.arpa | udp |
| NL | 216.58.214.3:443 | beacons.gcp.gvt2.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 254.22.238.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | canary.discord.com | udp |
| US | 8.8.8.8:53 | bbynetwork.nl | udp |
| US | 162.159.135.232:443 | canary.discord.com | tcp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| US | 8.8.8.8:53 | stun.l.google.com | udp |
| US | 74.125.128.127:19302 | stun.l.google.com | udp |
| US | 162.159.135.232:443 | canary.discord.com | tcp |
| US | 8.8.8.8:53 | viewer.bby.gg | udp |
| US | 8.8.8.8:53 | 199.197.67.172.in-addr.arpa | udp |
| GB | 51.77.122.237:443 | viewer.bby.gg | tcp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| GB | 51.77.122.237:443 | viewer.bby.gg | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:53 | discord.gg | udp |
| US | 162.159.134.234:80 | discord.gg | tcp |
| US | 162.159.134.234:80 | discord.gg | tcp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.137.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| DE | 157.240.20.19:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 104.18.43.158:443 | geolocation.onetrust.com | tcp |
| DE | 157.240.20.19:443 | connect.facebook.net | udp |
| US | 162.159.137.232:443 | discord.com | udp |
| US | 8.8.8.8:53 | 19.20.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.43.18.104.in-addr.arpa | udp |
| US | 162.159.134.234:443 | discord.gg | tcp |
| US | 162.159.137.232:443 | discord.com | udp |
| US | 162.159.129.233:443 | cdn.discordapp.com | udp |
| US | 162.159.129.233:443 | cdn.discordapp.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 162.159.129.233:443 | cdn.discordapp.com | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| GB | 51.77.122.237:443 | viewer.bby.gg | tcp |
| US | 74.125.128.127:19302 | stun.l.google.com | udp |
| US | 162.159.135.232:443 | discord.com | tcp |
| GB | 51.77.122.237:443 | viewer.bby.gg | tcp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 74.125.128.127:19302 | stun.l.google.com | udp |
| GB | 51.77.122.237:443 | viewer.bby.gg | tcp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| GB | 51.77.122.237:443 | viewer.bby.gg | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| GB | 51.77.122.237:443 | viewer.bby.gg | tcp |
| US | 74.125.128.127:19302 | stun.l.google.com | udp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| GB | 51.77.122.237:443 | viewer.bby.gg | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| GB | 51.77.122.237:443 | viewer.bby.gg | tcp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| GB | 51.77.122.237:443 | viewer.bby.gg | tcp |
| US | 74.125.128.127:19302 | stun.l.google.com | udp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:53 | bbynetwork.nl | udp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| US | 8.8.8.8:53 | canary.discord.com | udp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| US | 162.159.128.233:443 | canary.discord.com | tcp |
| US | 162.159.128.233:443 | canary.discord.com | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 74.125.128.127:19302 | stun.l.google.com | udp |
| GB | 51.77.122.237:443 | viewer.bby.gg | tcp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| US | 8.8.8.8:53 | 233.128.159.162.in-addr.arpa | udp |
| GB | 51.77.122.237:443 | viewer.bby.gg | tcp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 162.159.128.233:443 | canary.discord.com | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| US | 162.159.128.233:443 | canary.discord.com | tcp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| GB | 51.77.122.237:443 | viewer.bby.gg | tcp |
| US | 162.159.128.233:443 | canary.discord.com | tcp |
| GB | 51.77.122.237:443 | viewer.bby.gg | tcp |
| US | 74.125.128.127:19302 | stun.l.google.com | udp |
| GB | 51.77.122.237:443 | viewer.bby.gg | tcp |
| US | 74.125.128.127:19302 | stun.l.google.com | udp |
| GB | 51.77.122.237:443 | viewer.bby.gg | tcp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| US | 162.159.128.233:443 | canary.discord.com | tcp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| US | 162.159.128.233:443 | canary.discord.com | tcp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| US | 162.159.128.233:443 | canary.discord.com | tcp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| US | 172.67.197.199:443 | bbynetwork.nl | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| GB | 51.77.122.237:443 | viewer.bby.gg | tcp |
| US | 74.125.128.127:19302 | stun.l.google.com | udp |
| GB | 51.77.122.237:443 | viewer.bby.gg | tcp |
| US | 8.8.8.8:53 | discord.gg | udp |
| US | 162.159.136.234:443 | discord.gg | tcp |
| US | 162.159.136.234:443 | discord.gg | tcp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.137.232:443 | discord.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 157.240.251.9:443 | connect.facebook.net | udp |
| US | 157.240.251.9:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 104.18.43.158:443 | geolocation.onetrust.com | tcp |
| US | 162.159.133.234:443 | discord.gg | tcp |
| US | 8.8.8.8:53 | 234.133.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | status.discord.com | udp |
| US | 162.159.138.232:443 | status.discord.com | udp |
| US | 8.8.8.8:53 | 232.138.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 162.159.130.233:443 | cdn.discordapp.com | udp |
| US | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| US | 8.8.8.8:53 | 233.130.159.162.in-addr.arpa | udp |
| US | 162.159.130.233:443 | cdn.discordapp.com | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 162.159.130.233:443 | cdn.discordapp.com | udp |
| US | 162.159.137.232:443 | status.discord.com | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:53 | canary.discord.com | udp |
| US | 8.8.8.8:53 | bbynetwork.nl | udp |
| US | 162.159.135.232:443 | canary.discord.com | tcp |
| US | 104.21.60.146:443 | bbynetwork.nl | tcp |
| US | 104.21.60.146:443 | bbynetwork.nl | tcp |
| US | 104.21.60.146:443 | bbynetwork.nl | tcp |
| US | 104.21.60.146:443 | bbynetwork.nl | tcp |
| US | 104.21.60.146:443 | bbynetwork.nl | tcp |
| US | 162.159.135.232:443 | canary.discord.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 104.21.60.146:443 | bbynetwork.nl | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 104.21.60.146:443 | bbynetwork.nl | tcp |
| US | 104.21.60.146:443 | bbynetwork.nl | tcp |
| US | 74.125.128.127:19302 | stun.l.google.com | udp |
| GB | 51.77.122.237:443 | viewer.bby.gg | tcp |
| GB | 51.77.122.237:443 | viewer.bby.gg | tcp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
Files
\Users\Admin\AppData\Local\Temp\nsb6547.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
\Users\Admin\AppData\Local\Temp\nsb6547.tmp\nsis7z.dll
| MD5 | 80e44ce4895304c6a3a831310fbf8cd0 |
| SHA1 | 36bd49ae21c460be5753a904b4501f1abca53508 |
| SHA256 | b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592 |
| SHA512 | c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\chrome_100_percent.pak
| MD5 | 44a69827d4aa75426f3c577af2f8618e |
| SHA1 | 7bdd115425b05414b64dcdb7d980b92ecd3f15b3 |
| SHA256 | bca4401b578a6ac0fe793e8519fed82b5444972b7d6c176ec0369ed13beaad7b |
| SHA512 | 5c7bdf1f1deb72c79b860bf48f16c19cb19b4d861c0b6beb585512ad58b1bc4b64e24edfcd97233e5b91dcd0f63ed1c7b278d22ec062fd0dfe28fe49cae52049 |
C:\Users\Admin\AppData\Local\Temp\nsb6547.tmp\7z-out\chrome_200_percent.pak
| MD5 | 9c379fc04a7bf1a853b14834f58c9f4b |
| SHA1 | c105120fd00001c9ebdf2b3b981ecccb02f8eefb |
| SHA256 | b2c25fb30fee5f04ccdb8bf3c937a667502d266e428425feeb5af964f6167d48 |
| SHA512 | f28844dba7780e5f5c9d77ac3d29069dfcd6698447d5723886e510eadd51d6285e06adbda06bf4a69f841afc161c764cb2e5b9ad2c92f0a87176709b4acd2c13 |
C:\Users\Admin\AppData\Local\Temp\nsb6547.tmp\7z-out\d3dcompiler_47.dll
| MD5 | ab3be0c427c6e405fad496db1545bd61 |
| SHA1 | 76012f31db8618624bc8b563698b2669365e49cb |
| SHA256 | 827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6 |
| SHA512 | d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba |
C:\Users\Admin\AppData\Local\Temp\nsb6547.tmp\7z-out\libEGL.dll
| MD5 | 5c70cc094fc6e108a5689c88f1144a51 |
| SHA1 | 460b668e4301e774b79b182756db25fb0b7c206e |
| SHA256 | c99a051b9d73bc638d593561ea7ed499db689420b51d5945a618579a26cb0b42 |
| SHA512 | 3943bb1bbbe683a4d2a43609d78dec9b70b58f542f88aa783080732201650b38bd0a3e6936439cfadc211c51512da9680999d6e4f7deb077096988b6878124e7 |
C:\Users\Admin\AppData\Local\Temp\nsb6547.tmp\7z-out\icudtl.dat
| MD5 | cf9421b601645bda331c7136a0a9c3f8 |
| SHA1 | 9950d66df9022f1caa941ab0e9647636f7b7a286 |
| SHA256 | 8d8a74ca376338623170d59c455476218d5a667d5991a52556aa9c9a70ebc5e5 |
| SHA512 | bc9601e2b4ab28130bfadfd6f61b3ed500deb0bd235dc5ca94999c09f59d10bdcbf278869a9802f918830041f620c88e2c3b506608ade661db48ccd84c1977eb |
C:\Users\Admin\AppData\Local\Temp\nsb6547.tmp\7z-out\ffmpeg.dll
| MD5 | 2132fad8315a47284cb3ffc75b318b28 |
| SHA1 | 1f41e3b2dbb2dd2f59f3a278bdae715c15a5948a |
| SHA256 | 5923c9159b33f5645741afef4550a7c3a57283cb6c22b95b677c8d4799d3db29 |
| SHA512 | f5eeabda49d1938a24a5c8859ca2707368ce874bcee57c658d8b1013572b92687de92159df6b3db0f19e46ae9809873103beba50233b2925ef6ae76855011945 |
C:\Users\Admin\AppData\Local\Temp\nsb6547.tmp\7z-out\v8_context_snapshot.bin
| MD5 | 60beed67e605fdbe79d2735f59113a93 |
| SHA1 | 6cd5625c6dfb8a16b619490890e38c6da902b43e |
| SHA256 | ffc7423ee2a75a420118465181e9307c6b7b2df5e40d7e4018dec07a9c6bab11 |
| SHA512 | 1f4bff04464fab0c149344529903aa805c7c03b7f8c21b5f959c7c7ff11802d07079e069d3b8e8a63f409a4541b3aac4b695c535228c4a89b15c8033567d645f |
C:\Users\Admin\AppData\Local\Temp\nsb6547.tmp\7z-out\snapshot_blob.bin
| MD5 | c2cf86c9046343131080edf914f69eba |
| SHA1 | 10bb7f1a96fdbcd4d5cd7a0ec2477f3c0354eed7 |
| SHA256 | 7209863f22740b465301ce82919a042df5dbb7a7c50828643c9cd2e1e8802496 |
| SHA512 | d78ffcdcc9ca77c1405f3e98ba5b5b7a56c39bd06d923f39a4df9e56aba3af8afd1ebd8f09a85b5f2c71c9c2e5843d9e724ca3475693966dcfab1c7703c6c06d |
C:\Users\Admin\AppData\Local\Temp\nsb6547.tmp\7z-out\libGLESv2.dll
| MD5 | 7b2ce44ad89a57b1183d36e89fd0357f |
| SHA1 | 178f7ed96f5c879b08729acff45bc50cd2ed64c7 |
| SHA256 | 9072dc08a094f4669e50ac1d062e1e0ee53714eec67a2e7fc0dd2de832239701 |
| SHA512 | 9d2909023d60564c8ab65cb1668e52b715c37df22bef480e5efa3218b1fad8777acaeae7a17b385e2dda2f3dc0e051ec157ec73b56cef1aff2b8a2281ef7ba41 |
C:\Users\Admin\AppData\Local\Temp\nsb6547.tmp\7z-out\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
C:\Users\Admin\AppData\Local\Temp\nsb6547.tmp\7z-out\vulkan-1.dll
| MD5 | bb7496239e0f1b44c935df3954c3fc42 |
| SHA1 | d063da60766682cf40b690bc03094e5c7ebd8669 |
| SHA256 | e125930a96f0bcb36287932ceb3676d44e5c5e6a9e8ab6ca6ca60faa833f3d9c |
| SHA512 | 7b8fecee987d1f551f1d66446348c62601784977ccdca302f5173f049972271f341ec05a0de6c1eee4f2e8cb761538dd7cea03d1364920a5b1dddf02a397a324 |
C:\Users\Admin\AppData\Local\Temp\nsb6547.tmp\7z-out\vk_swiftshader.dll
| MD5 | dd3a757828c6cc214fac84486f69ba8e |
| SHA1 | 5f79beada6f80c903b5d1c04f0eb30e8acd396a2 |
| SHA256 | baf14a4d3a28ac7ceab2a750a49bbc5d3259856c16ee160a444b92b8de908e9c |
| SHA512 | 9d4943c76f828bb61162517acc50cb34cb181f155e8ddcaa293f493354789fa3ace21eabca833d407aa0c83b89fa7661cb6739f147c3002972d1db364ab4828e |
C:\Users\Admin\AppData\Local\Temp\nsb6547.tmp\7z-out\ValorantLoading0%.exe
| MD5 | eddf449b4cb68943b945cd402552da0a |
| SHA1 | 7e158b5db7261b7c55d32f7da8c9ae381b16de59 |
| SHA256 | cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a |
| SHA512 | 33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7 |
C:\Users\Admin\AppData\Local\Temp\nsb6547.tmp\7z-out\resources\elevate.exe
| MD5 | 792b92c8ad13c46f27c7ced0810694df |
| SHA1 | d8d449b92de20a57df722df46435ba4553ecc802 |
| SHA256 | 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37 |
| SHA512 | 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40 |
C:\Users\Admin\AppData\Local\Temp\nsb6547.tmp\7z-out\resources\app.asar
| MD5 | da5450df07fb87578c50f8eaa285c061 |
| SHA1 | 449fbd7d4d1bede8e332d23680356c288dc67b29 |
| SHA256 | 40e5407156eaf70e89d953f39314196c9f0a909ad64a3e511812f2358c697089 |
| SHA512 | cb035593dbf7766e0afe8494493069c89c9bd1587124b17449ead9085d0bdefcc069dadd47296fa46f3918f2edfa114e8eac7ad4d7b54c25ef01b08a27bc894e |
\Users\Admin\AppData\Local\Temp\nsb6547.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 53aff1011096e82e6fc89566df2fe07a |
| SHA1 | 3bcd7621b13270bbead0897e9867a517d29e1a14 |
| SHA256 | 83fa47e9a314f670235dbd2bcd423b55d3ca299bb900341aa142e27ab27f5e88 |
| SHA512 | c0b67c65ac8f5953ed8a430e8750ae3ae3cfedeb768823bf6b0533f0f4971e0badb9317957ed67d6cc6b1d53c7a8a1c56a7ef58d48187e71dcc11e5a4b4ac91a |
\??\pipe\crashpad_2684_WMSBDLCVEPUHXRSN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
| MD5 | eddf449b4cb68943b945cd402552da0a |
| SHA1 | 7e158b5db7261b7c55d32f7da8c9ae381b16de59 |
| SHA256 | cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a |
| SHA512 | 33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7 |
\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ffmpeg.dll
| MD5 | 2132fad8315a47284cb3ffc75b318b28 |
| SHA1 | 1f41e3b2dbb2dd2f59f3a278bdae715c15a5948a |
| SHA256 | 5923c9159b33f5645741afef4550a7c3a57283cb6c22b95b677c8d4799d3db29 |
| SHA512 | f5eeabda49d1938a24a5c8859ca2707368ce874bcee57c658d8b1013572b92687de92159df6b3db0f19e46ae9809873103beba50233b2925ef6ae76855011945 |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ffmpeg.dll
| MD5 | 2132fad8315a47284cb3ffc75b318b28 |
| SHA1 | 1f41e3b2dbb2dd2f59f3a278bdae715c15a5948a |
| SHA256 | 5923c9159b33f5645741afef4550a7c3a57283cb6c22b95b677c8d4799d3db29 |
| SHA512 | f5eeabda49d1938a24a5c8859ca2707368ce874bcee57c658d8b1013572b92687de92159df6b3db0f19e46ae9809873103beba50233b2925ef6ae76855011945 |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\v8_context_snapshot.bin
| MD5 | 60beed67e605fdbe79d2735f59113a93 |
| SHA1 | 6cd5625c6dfb8a16b619490890e38c6da902b43e |
| SHA256 | ffc7423ee2a75a420118465181e9307c6b7b2df5e40d7e4018dec07a9c6bab11 |
| SHA512 | 1f4bff04464fab0c149344529903aa805c7c03b7f8c21b5f959c7c7ff11802d07079e069d3b8e8a63f409a4541b3aac4b695c535228c4a89b15c8033567d645f |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\icudtl.dat
| MD5 | cf9421b601645bda331c7136a0a9c3f8 |
| SHA1 | 9950d66df9022f1caa941ab0e9647636f7b7a286 |
| SHA256 | 8d8a74ca376338623170d59c455476218d5a667d5991a52556aa9c9a70ebc5e5 |
| SHA512 | bc9601e2b4ab28130bfadfd6f61b3ed500deb0bd235dc5ca94999c09f59d10bdcbf278869a9802f918830041f620c88e2c3b506608ade661db48ccd84c1977eb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a3f1c6a95bb5058528365bd4a439f8b8 |
| SHA1 | c97bfe330601e9c2a8c0225b958de4eb87f985bb |
| SHA256 | 2709167292807ca4a58544a9610cd255299f7cbdc038ea806d80576d167a7d37 |
| SHA512 | 00d8413da70d2c7c66634e9ac9d68b81dc32a01096ff271aece5574c606425f6970ed059653b70526a0e883c5eb600bb5ed1bcbab5eb757bbed94f9954acef81 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | e8030a8c07cf59e79f1caa0bcf5ec6fd |
| SHA1 | 887f3afa40e5d52a1cbfcfb974b13512e97e74f1 |
| SHA256 | c6e1abc25c27e5e7e112c73daaeeec588175d6b4277222c3885da02b6587fc7b |
| SHA512 | de64b889daef7921e9a53622a09fb88ee63d7464cfd12a87f047ba366ea9f616e8fbd2e66aa19b4bc4cce5e44296093ea06f2f366dd8437fcfb6e1c55fb9b328 |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\resources\app.asar
| MD5 | da5450df07fb87578c50f8eaa285c061 |
| SHA1 | 449fbd7d4d1bede8e332d23680356c288dc67b29 |
| SHA256 | 40e5407156eaf70e89d953f39314196c9f0a909ad64a3e511812f2358c697089 |
| SHA512 | cb035593dbf7766e0afe8494493069c89c9bd1587124b17449ead9085d0bdefcc069dadd47296fa46f3918f2edfa114e8eac7ad4d7b54c25ef01b08a27bc894e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f39d83273e1bdf3714d6ca2b6bb2c427 |
| SHA1 | d22a39607c2f278087c7d30fbde54d2353156be3 |
| SHA256 | 5c8e0c16cc66363749d8d548e30887e31538a7b9e1e450d1c04f13e128d05444 |
| SHA512 | 6758d5a5b81dea75d9ac0d74ee89d728af2c3e638f902f058b770438f02a88ae2f0b4f81d7b110f05fbc676e084de3783b0f490ce8c8f9d8cb495d825208d790 |
\Users\Admin\AppData\Local\Temp\3628fc39-b899-4c22-aced-23bbf049e734.tmp.node
| MD5 | aa7eb1ed50471e76e52494e9ecf56e88 |
| SHA1 | b5cdfc7ca8fdfae7be282852d206966dcb88700d |
| SHA256 | 1544875269095605b5ef42195f86e785972cb6bef187a39fc388f46b6beb2ba2 |
| SHA512 | 37b5714542b4cafc88646e535f8b55b5a0d0afeb5aa4c39624494d37727c9763f903a24c7844c03736aabede062f226bd90e8c99edfd657742a9f61379d5ecff |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\chrome_200_percent.pak
| MD5 | 9c379fc04a7bf1a853b14834f58c9f4b |
| SHA1 | c105120fd00001c9ebdf2b3b981ecccb02f8eefb |
| SHA256 | b2c25fb30fee5f04ccdb8bf3c937a667502d266e428425feeb5af964f6167d48 |
| SHA512 | f28844dba7780e5f5c9d77ac3d29069dfcd6698447d5723886e510eadd51d6285e06adbda06bf4a69f841afc161c764cb2e5b9ad2c92f0a87176709b4acd2c13 |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\chrome_100_percent.pak
| MD5 | 44a69827d4aa75426f3c577af2f8618e |
| SHA1 | 7bdd115425b05414b64dcdb7d980b92ecd3f15b3 |
| SHA256 | bca4401b578a6ac0fe793e8519fed82b5444972b7d6c176ec0369ed13beaad7b |
| SHA512 | 5c7bdf1f1deb72c79b860bf48f16c19cb19b4d861c0b6beb585512ad58b1bc4b64e24edfcd97233e5b91dcd0f63ed1c7b278d22ec062fd0dfe28fe49cae52049 |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
| MD5 | eddf449b4cb68943b945cd402552da0a |
| SHA1 | 7e158b5db7261b7c55d32f7da8c9ae381b16de59 |
| SHA256 | cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a |
| SHA512 | 33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7 |
\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ffmpeg.dll
| MD5 | 2132fad8315a47284cb3ffc75b318b28 |
| SHA1 | 1f41e3b2dbb2dd2f59f3a278bdae715c15a5948a |
| SHA256 | 5923c9159b33f5645741afef4550a7c3a57283cb6c22b95b677c8d4799d3db29 |
| SHA512 | f5eeabda49d1938a24a5c8859ca2707368ce874bcee57c658d8b1013572b92687de92159df6b3db0f19e46ae9809873103beba50233b2925ef6ae76855011945 |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
| MD5 | eddf449b4cb68943b945cd402552da0a |
| SHA1 | 7e158b5db7261b7c55d32f7da8c9ae381b16de59 |
| SHA256 | cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a |
| SHA512 | 33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7 |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
| MD5 | eddf449b4cb68943b945cd402552da0a |
| SHA1 | 7e158b5db7261b7c55d32f7da8c9ae381b16de59 |
| SHA256 | cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a |
| SHA512 | 33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7 |
\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\vk_swiftshader.dll
| MD5 | dd3a757828c6cc214fac84486f69ba8e |
| SHA1 | 5f79beada6f80c903b5d1c04f0eb30e8acd396a2 |
| SHA256 | baf14a4d3a28ac7ceab2a750a49bbc5d3259856c16ee160a444b92b8de908e9c |
| SHA512 | 9d4943c76f828bb61162517acc50cb34cb181f155e8ddcaa293f493354789fa3ace21eabca833d407aa0c83b89fa7661cb6739f147c3002972d1db364ab4828e |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\vk_swiftshader.dll
| MD5 | dd3a757828c6cc214fac84486f69ba8e |
| SHA1 | 5f79beada6f80c903b5d1c04f0eb30e8acd396a2 |
| SHA256 | baf14a4d3a28ac7ceab2a750a49bbc5d3259856c16ee160a444b92b8de908e9c |
| SHA512 | 9d4943c76f828bb61162517acc50cb34cb181f155e8ddcaa293f493354789fa3ace21eabca833d407aa0c83b89fa7661cb6739f147c3002972d1db364ab4828e |
\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ffmpeg.dll
| MD5 | 2132fad8315a47284cb3ffc75b318b28 |
| SHA1 | 1f41e3b2dbb2dd2f59f3a278bdae715c15a5948a |
| SHA256 | 5923c9159b33f5645741afef4550a7c3a57283cb6c22b95b677c8d4799d3db29 |
| SHA512 | f5eeabda49d1938a24a5c8859ca2707368ce874bcee57c658d8b1013572b92687de92159df6b3db0f19e46ae9809873103beba50233b2925ef6ae76855011945 |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\vulkan-1.dll
| MD5 | bb7496239e0f1b44c935df3954c3fc42 |
| SHA1 | d063da60766682cf40b690bc03094e5c7ebd8669 |
| SHA256 | e125930a96f0bcb36287932ceb3676d44e5c5e6a9e8ab6ca6ca60faa833f3d9c |
| SHA512 | 7b8fecee987d1f551f1d66446348c62601784977ccdca302f5173f049972271f341ec05a0de6c1eee4f2e8cb761538dd7cea03d1364920a5b1dddf02a397a324 |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\vulkan-1.dll
| MD5 | bb7496239e0f1b44c935df3954c3fc42 |
| SHA1 | d063da60766682cf40b690bc03094e5c7ebd8669 |
| SHA256 | e125930a96f0bcb36287932ceb3676d44e5c5e6a9e8ab6ca6ca60faa833f3d9c |
| SHA512 | 7b8fecee987d1f551f1d66446348c62601784977ccdca302f5173f049972271f341ec05a0de6c1eee4f2e8cb761538dd7cea03d1364920a5b1dddf02a397a324 |
\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\libEGL.dll
| MD5 | 5c70cc094fc6e108a5689c88f1144a51 |
| SHA1 | 460b668e4301e774b79b182756db25fb0b7c206e |
| SHA256 | c99a051b9d73bc638d593561ea7ed499db689420b51d5945a618579a26cb0b42 |
| SHA512 | 3943bb1bbbe683a4d2a43609d78dec9b70b58f542f88aa783080732201650b38bd0a3e6936439cfadc211c51512da9680999d6e4f7deb077096988b6878124e7 |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\libegl.dll
| MD5 | 5c70cc094fc6e108a5689c88f1144a51 |
| SHA1 | 460b668e4301e774b79b182756db25fb0b7c206e |
| SHA256 | c99a051b9d73bc638d593561ea7ed499db689420b51d5945a618579a26cb0b42 |
| SHA512 | 3943bb1bbbe683a4d2a43609d78dec9b70b58f542f88aa783080732201650b38bd0a3e6936439cfadc211c51512da9680999d6e4f7deb077096988b6878124e7 |
\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\libGLESv2.dll
| MD5 | 7b2ce44ad89a57b1183d36e89fd0357f |
| SHA1 | 178f7ed96f5c879b08729acff45bc50cd2ed64c7 |
| SHA256 | 9072dc08a094f4669e50ac1d062e1e0ee53714eec67a2e7fc0dd2de832239701 |
| SHA512 | 9d2909023d60564c8ab65cb1668e52b715c37df22bef480e5efa3218b1fad8777acaeae7a17b385e2dda2f3dc0e051ec157ec73b56cef1aff2b8a2281ef7ba41 |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\libglesv2.dll
| MD5 | 7b2ce44ad89a57b1183d36e89fd0357f |
| SHA1 | 178f7ed96f5c879b08729acff45bc50cd2ed64c7 |
| SHA256 | 9072dc08a094f4669e50ac1d062e1e0ee53714eec67a2e7fc0dd2de832239701 |
| SHA512 | 9d2909023d60564c8ab65cb1668e52b715c37df22bef480e5efa3218b1fad8777acaeae7a17b385e2dda2f3dc0e051ec157ec73b56cef1aff2b8a2281ef7ba41 |
\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\d3dcompiler_47.dll
| MD5 | ab3be0c427c6e405fad496db1545bd61 |
| SHA1 | 76012f31db8618624bc8b563698b2669365e49cb |
| SHA256 | 827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6 |
| SHA512 | d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\D3DCompiler_47.dll
| MD5 | ab3be0c427c6e405fad496db1545bd61 |
| SHA1 | 76012f31db8618624bc8b563698b2669365e49cb |
| SHA256 | 827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6 |
| SHA512 | d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
| MD5 | eddf449b4cb68943b945cd402552da0a |
| SHA1 | 7e158b5db7261b7c55d32f7da8c9ae381b16de59 |
| SHA256 | cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a |
| SHA512 | 33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 88754e316bca5e2e78d49351193d6110 |
| SHA1 | fca5f4674e3eb08fbf9a6dffba773f74124cd095 |
| SHA256 | 33d27463ce4af0c9f09acd7b88789eb194d4499e2febb0bf47cd1ecc7d9f7003 |
| SHA512 | 525f5815441583bf1d2d9f1abe17a24a8fd5e621b1d3c9f9b696575268de13f2fae029020af0cf1222c40898f19addb28a95c9326f0ae25a5bfce91d360b09e7 |
\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ffmpeg.dll
| MD5 | 2132fad8315a47284cb3ffc75b318b28 |
| SHA1 | 1f41e3b2dbb2dd2f59f3a278bdae715c15a5948a |
| SHA256 | 5923c9159b33f5645741afef4550a7c3a57283cb6c22b95b677c8d4799d3db29 |
| SHA512 | f5eeabda49d1938a24a5c8859ca2707368ce874bcee57c658d8b1013572b92687de92159df6b3db0f19e46ae9809873103beba50233b2925ef6ae76855011945 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 949a498e96f64032e503bb10be31a4f0 |
| SHA1 | 6272a355b626deab2b189cb2d48dff301708a2cb |
| SHA256 | 20df74df43c1587fa16cdb9142384cb6aab5db99730c8d5e26993808f29468ee |
| SHA512 | 54ec6fb031815d095ef25f6719fde5ccf729366b412a8902e027bdf40050a5da130d4c55bfce48e9986714b29ccdabbc7e6a64942f8aecd2abe9dfe9bd733d37 |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\debug.log
| MD5 | 1b0327f052b1eb8fe75868dcd07a300b |
| SHA1 | 7052078c799c5f4188ef0360d7a87aec2562d343 |
| SHA256 | ad28649e895fc8b6e68913bc8f3b109c79a39a676278187dcdb3e9aef41fb51b |
| SHA512 | ebb24adbaa2cf4d8c49c238f3d7669522130d1aba1d77d6ada88f3be196cb880c6e216148f3df24a77da6b21bb835f10a9ec352f3a8708015499dad78337a157 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log
| MD5 | decfec6c7a6d7ac47a1b5eed256bb2d3 |
| SHA1 | 410d98ee7ce540ab525b92d1b3942098fa2423ce |
| SHA256 | a4d3af6e06326febf2fea5b77ca466e9f0b660c731021285a96c411d06f461dc |
| SHA512 | 628c9ac0dd3a7cd54b629025863ef838a877d36a29597a6089a77e097531b0a23870787db6d19df3ea61368ce93036661d9787fc84d3980680220683ec51dbcb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | e8030a8c07cf59e79f1caa0bcf5ec6fd |
| SHA1 | 887f3afa40e5d52a1cbfcfb974b13512e97e74f1 |
| SHA256 | c6e1abc25c27e5e7e112c73daaeeec588175d6b4277222c3885da02b6587fc7b |
| SHA512 | de64b889daef7921e9a53622a09fb88ee63d7464cfd12a87f047ba366ea9f616e8fbd2e66aa19b4bc4cce5e44296093ea06f2f366dd8437fcfb6e1c55fb9b328 |
\Users\Admin\AppData\Local\Temp\118c708e-855c-4f7a-937f-877d54906444.tmp.node
| MD5 | 566b70feb8fce14caa4c18c08ce7f5f2 |
| SHA1 | f2ebbadcf5914860f0041cae0e0562879d3e8af5 |
| SHA256 | 66bcc5fb47acb03d1d4e6d37553d80bc087b92e405c4392631d8c5e34d773097 |
| SHA512 | 35d63d6cd0c1cfe9b58037bc382f84247a762994e2a09eb9e8a2a4c622845c5ada8c7874d3ebc25f3e59faca6f3052897a81394e07e17b71ddc4686e2df9925d |
C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\TransportSecurity
| MD5 | aa766d7f7c76b067a8333bbf418e8aa9 |
| SHA1 | 74743904e53defb8ccd54eaa4cb9ffd5c9073e49 |
| SHA256 | 4562d40bbb11234562e9a130b1f7ff6776ebae9bd4ca033cd769cb04f8c51d97 |
| SHA512 | a89af5221e9ce7ea8c1f24778c657ee4874abff1b71fd4f24d0f051bc39048ebed7e422b0c12a4de8c45e620cc74bad3822b5c2c1369ea36cff4e533d07546fb |
C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\TransportSecurity~RFe57cbeb.TMP
| MD5 | 59580a1df1712788d1ee681928b7b2ad |
| SHA1 | df9900b3d9948351b01b8b7e596603cf90669045 |
| SHA256 | fd517484ce56ff04ddc30f1551b63e4e55ebf31bbde39c028c574e3d61f30a02 |
| SHA512 | 12fa33f781a5a3708ce8d7dfb232c3646435517928ca7f0c8a27c9ed1ef94eead7c306981e0e7663caa6827fd2dcc962e76a4e85da48fb1df5481e5c3adddd5f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma
| MD5 | c806c4473f82ec409d0d01281513adc3 |
| SHA1 | a2a0d2dea8fb5429c8eb339d7504936db8b7ed95 |
| SHA256 | 92cd61a571d3eb9dbff4319c293faf68a9a0960bd7efac19cd413df10d0b325a |
| SHA512 | febbaad04eaa215c13f624905fa79c93f04057432895a67e93a41343fcbd02da3424713c62b068429d75a6833981c54f1dfa2df81d9d5ec891ab40fdd5bb2895 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | dd9a2eda3b4beca49d44d01d9398aafb |
| SHA1 | 0f2ff6332faf3710a198dae6461efb10c5033159 |
| SHA256 | af77621dced9da095af2cf51a0a9001ba1d62fb7adcd9efd36cd5ddced60cc6b |
| SHA512 | 85e7a21bbaa741ae8d43e600957dd543480202ea61c212e891fee3810bfb8e7690636cfb11adbfc0079c4948eab4573ce7929b331d69cf5f4a4559705631691e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\??\pipe\crashpad_236_EDJDKTZJMMPOATDY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | dd9a2eda3b4beca49d44d01d9398aafb |
| SHA1 | 0f2ff6332faf3710a198dae6461efb10c5033159 |
| SHA256 | af77621dced9da095af2cf51a0a9001ba1d62fb7adcd9efd36cd5ddced60cc6b |
| SHA512 | 85e7a21bbaa741ae8d43e600957dd543480202ea61c212e891fee3810bfb8e7690636cfb11adbfc0079c4948eab4573ce7929b331d69cf5f4a4559705631691e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | c0096b76de4a56bee57f03c8e25d0030 |
| SHA1 | b3b26f3657f37d49a47e4265679533480a6d272e |
| SHA256 | 4f08cefcc16c0b6653549bcd65598e81a0b785a5adb4f69c8017398e8a6304fa |
| SHA512 | 2dcd56351eec7e21f7fbb989e11ca2e752515e8ac59d20a875678b164dadd139f4bf70d335a6b83adf3d497e28a19e49b1129fca61e1af3b5f4be08a3f2a6286 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version
| MD5 | 9eae63c7a967fc314dd311d9f46a45b7 |
| SHA1 | caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf |
| SHA256 | 4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d |
| SHA512 | bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | ca1e360e15783a5e339359fc5cbf4d63 |
| SHA1 | 455cf6fe7ecedeaa36f0c03d65dc5d6931caf1e9 |
| SHA256 | bb0b32d5ac77023f60e04e338239b313b894c71d3728f72bb297bfe25696c195 |
| SHA512 | 922478ff4485c7db3b150aecdd58b9c77cfb6ba666f6495612a3fdb7c184cf07ceda7d14cd2502abd498871eaa4ee58735873e68f586529d6b808570f315d7c4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links
| MD5 | f7b623460ee0c615fc560ebd37b9a156 |
| SHA1 | 7856e725fd507ed2e83cd76c2f21a3dc599a1738 |
| SHA256 | aad5656af8c66de9b5dd974770e7396891888c0c8441b3a3cc16270f2b260f76 |
| SHA512 | b95f8bd94bf7f31c96ded186151526618fd54859562982a808fe2f2fc1994229d1bedca41caddef3470bdd82de5f1c90da3d7b048ee17879a1f0491ce140eb05 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 88754e316bca5e2e78d49351193d6110 |
| SHA1 | fca5f4674e3eb08fbf9a6dffba773f74124cd095 |
| SHA256 | 33d27463ce4af0c9f09acd7b88789eb194d4499e2febb0bf47cd1ecc7d9f7003 |
| SHA512 | 525f5815441583bf1d2d9f1abe17a24a8fd5e621b1d3c9f9b696575268de13f2fae029020af0cf1222c40898f19addb28a95c9326f0ae25a5bfce91d360b09e7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons
| MD5 | 301fdd34d64b4c17f215bb3e8cf533ad |
| SHA1 | 0c15806b37f472c77b87348da09c41abf3bd97b6 |
| SHA256 | 03052498312209ce226ee4729ff2a6738149e841a189a34afea91accb754a962 |
| SHA512 | 447b8d1e8fea5e577d5eacf32e7928e054e173674a97960211acb110f492d2ce9b704c758619496fd22cba78d7a76f6d00eae8d79f34f7f08e44b7f1c5984678 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG
| MD5 | c342f63f1e54c714f4c56748fbe8fec3 |
| SHA1 | 15f27c92f1747aa1c4e927b7b3b901ee43fae34f |
| SHA256 | 74233bb370799cd109c334363644cf82dc545f8a140fc942d4d680b8a24974f6 |
| SHA512 | bad436d226ec766865588b2ce53d3aa2b8ad04f019075e42a9ae18e10fa952d8b809e997ed82d894fffb97cb96e2f79b54d12e46353ae10ee6d6bd265f0d1625 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History
| MD5 | 8674030a27d4d7578be72a6ba70a88ec |
| SHA1 | 4a90b514d0c6ea87e73464eafdc503d3d2e8d8cb |
| SHA256 | ae6d75f72f9e7820a0016dd471a52e7dce60bf4b641c858cb4f9192379d6c77a |
| SHA512 | 70a5f1c3880b1cbe8fcbea8afcc68975cb10a153e12b7d49e7d5dc37eaeee1cb05c8d4db7aef3c776ebbba1a7ff7a8f776da63e3717e2e403d77c22334ae97b6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\reports\6f6361f2-3440-4ffb-a15f-e6f73be1f73f.dmp
| MD5 | 9956dd3ef3b14a3f157b72fe183e63f6 |
| SHA1 | 02fb1d066bbee9f13e97a4de78cf1ded42fdad0b |
| SHA256 | 9bc717aea85f2e41902a86aeb94e7c2d55cce4d25564b2260a948cec6afeab3e |
| SHA512 | 6bd20911d0d0cd9cf2e854c00f486dfb38e5e8ad18045fdd534b678cda499560af2913410c13e0a587194a2ce5a2de05ed613332b882739b5124382cbcf9673b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\d17976ad-75d2-4c64-a9f3-a821b35ff3e9.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | e31ee11a6670929bb2b5c3f9806d2e1c |
| SHA1 | 7935cf90e182ccf68a97e268cc5034842e7c8d2d |
| SHA256 | b3170dd5f79bff8392b01ad9694cdb1e8bb6c72c28e7a738df4a212d7d124138 |
| SHA512 | 808d25e45473233b467ed9830e20b656dd4a9ae55e11794cb5d7c4c1fd66fb870fefeee6373637653eef8f3e0a05d6877a4fdd178c5be112b0ff8302e1948eec |
C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\Network Persistent State
| MD5 | 9f20c4b914eb7281a14c8d9f691ed542 |
| SHA1 | fac9d4fe64818b3afc7424c64c5e8fc8fc84f8cd |
| SHA256 | 22678cad90833ca3b784339d0244c113bda08230b1a23772455197d2f51613a3 |
| SHA512 | 5889bbff1cc9869a6b362104eb6f8b143d7a321c3e33f5b4d4b136644786db6966395bbe286ddcae1f58f6f7866b85b999ca198cc1f080c4ede1d33b6478a680 |
C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\Network Persistent State~RFe582016.TMP
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
| MD5 | b5fcc55cffd66f38d548e8b63206c5e6 |
| SHA1 | 79db08ababfa33a4f644fa8fe337195b5aba44c7 |
| SHA256 | 7730df1165195dd5bb6b40d6e519b4ce07aceb03601a77bca6535d31698d4ca1 |
| SHA512 | aaa17175e90dbca04f0fa753084731313e70119fef7d408b41ff4170116ab24eaee0bd05dca2cc43464b1ee920819e5ce6f6e750d97e3c4fc605f01e7ff9c649 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 1505ab57f851caf5f1353c08d022ed02 |
| SHA1 | 5ebe0cbb23c0010bc23ddd32cc0f4de384015c29 |
| SHA256 | 495881f08e006a5e59977502736562712f3d943bd989170cec9cafcf02f54781 |
| SHA512 | 07c79d3fa18bd45132a2e84012993c2854505a3225892405e0f7ca856fb629bb7a8bcc3d70e8b7e5a58c5c4ff4a54ad90b643f1d05dd00dfc073a067ea8b2012 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 08b31d7b7c0f13651a539d74e9dbe8ef |
| SHA1 | dac4904082455c070b4f724753d97ea79c0e0690 |
| SHA256 | 14158e1e810581e71db1e993077270dd045fcf1bb0fa0f8ee33b782804f3ffb0 |
| SHA512 | 027925a4f3de333f459394d4adc6619113e1caefeea33a315983e0c30dc883f3e53c7632b0507e0054205701b5fc724d1a2210fd812a6cd007ab43694288a3f5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 50411f8f1a9c3eb9489960320e1db7c7 |
| SHA1 | ae5d55fc20e8d97b74eeb7389bd94d64a2ab8c3e |
| SHA256 | 93b8d3c453026475bd4515204b7070cd4fa471f7fca122826e541da27f0be098 |
| SHA512 | c7a60f6ccdb106879f579bb7f1b2672ca5b9436af4c7e8e1d3e67ecd25223d67d581a029a52311983b9fb94b9668a3e88c45c0b4996d959e5fedd4f6f4501287 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0af9bd06d8590ae9134aa5d1d8f965af |
| SHA1 | 561818075e62430070e4149d29f25eb7b34d8bb9 |
| SHA256 | 6fbd0f351853e6340a9f932d7b10ab8e2c0760a92a3c646d73010eae01ab34a0 |
| SHA512 | 9a4e772b5fd672ebdb57a8208885423cf9a948c56ce6d6e9cf829bfa17205fe3fa0a07e7e7d752fe82df62ab960d8839c0be1ffc3c11b324f4e27413e69afb6c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 90915a0648fbcb065ff37379ccbf8992 |
| SHA1 | 861167e2382684f5517719308384c673c6c4c9c1 |
| SHA256 | aef450a6f3e0b7f8679d9d7763270bdf3e5d8560740b7363997ea2be732fce69 |
| SHA512 | 7c982ea77fa11fb3ea8fafd2f5126525aeba85c62c681a3b25d53e8b6ab42017fc5da6abc2544d2b23b9b68d77527125b09f8eef49b8459713cc33e2b8549298 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 00e440f9d006be49c323da48278b7875 |
| SHA1 | 4b783f764d8cd27d41d030d4353daddb71adc111 |
| SHA256 | 2f7f133645f8e494a0db8137e603a58012acc662c11b49609c086ed0cd1f29f5 |
| SHA512 | ab1105cb138f45246f608734eca92a1a04388f6dfc66f098e51ab53c8f471759cd6f692a475aedd63a44ffdcd0eb4ad09263dd89af2ab78bbe31409d8c0ec324 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2488eb0a88b527fd2fe257d98ef92770 |
| SHA1 | c81bca519a2fc42412f50413199b62a367d28ae9 |
| SHA256 | ff3e5fe7e7455f74373138703fcafee61c39816a0ed6a77c2d861eb1b411e362 |
| SHA512 | 0465c7ed7ef2c5b67ac53f96bb8666267a76979d257e0429e4b54fb6ff84eb97559f932a804f22a1d6b0d5ce2e6a7e4055effcb03bca952fa128df0599d1ebc6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d259f6a52ad8b1c81927cba6e96397c3 |
| SHA1 | 97226252314b469228d84c6b994b79272d84e0bc |
| SHA256 | 482c90eb4e9e0a42cbd9b7975d59d06453378f4a9c2924338efe9364077907d8 |
| SHA512 | c57c3aaeca0643d5d4402377124da5261c13c930268af1d7311f071016c8d894278c7e625450e1a5eb375c9271399bf189417ed39f847ea0f098b835ce59cafa |
memory/824-818-0x00000000043B0000-0x00000000043E6000-memory.dmp
memory/824-819-0x0000000006D90000-0x00000000073B8000-memory.dmp
memory/824-820-0x00000000043A0000-0x00000000043B0000-memory.dmp
memory/824-821-0x00000000043A0000-0x00000000043B0000-memory.dmp
memory/824-822-0x00000000073F0000-0x0000000007412000-memory.dmp
memory/824-823-0x0000000007670000-0x00000000076D6000-memory.dmp
memory/824-824-0x0000000007790000-0x00000000077F6000-memory.dmp
memory/824-825-0x0000000007800000-0x0000000007B50000-memory.dmp
memory/824-827-0x0000000007B90000-0x0000000007BAC000-memory.dmp
memory/824-828-0x0000000007D00000-0x0000000007D4B000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 547d1166ea6ced159a48e850012f2a02 |
| SHA1 | 9bad50381a815ffd908f0f2cc05d7fdf664c7113 |
| SHA256 | 473ffa9555e517ded21ff883206d26d80a11228f0aeb226261f9dde75efe9bb4 |
| SHA512 | 5c82040117911e24c52953915fd261de40e74e43e4e9afe99fb8c6299ac61a4ced43bdb68fffe1b375080b0d477e9b923d6326292f8ac94bd0fe8f8bbcc2424d |
memory/824-838-0x0000000007EA0000-0x0000000007F16000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_1uintg3d.qly.ps1
| MD5 | c4ca4238a0b923820dcc509a6f75849b |
| SHA1 | 356a192b7913b04c54574d18c28d46e6395428ab |
| SHA256 | 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b |
| SHA512 | 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 667ee9f37b148dda5504f7b3c1c682d6 |
| SHA1 | de5de758a1e657c9e6c453a5c88da9a05f9b70cd |
| SHA256 | 6759a28f2fb6bf6842768f57fc5853a2581b185635cf98c8a7fe4ba3e0be4567 |
| SHA512 | 2d56c2a6097557f706a7ad1fa1e0f8983ee8e5c0d2a72da1c6ec9d54d6aebd36e8771e58c9ca38f5574fd50bf86a3841f9faa39458bb55c2b7d9ee4b8523ab9a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 119df767b7373d75c90984a21eb5c340 |
| SHA1 | 8955e88534e69fff27902a6b43f73e585a76ec31 |
| SHA256 | b32f196432fedbcd5c07d3a379f3fec1bb4786969fefb6c70510e218754be721 |
| SHA512 | 7eb511790599cbb26bc592423f67ed15e70330ed383f47908bda824a09674ea27a7d01c7dcf0e3393e12a40a028e7baf65e653374a1389dc884c6b170930c6c1 |
memory/824-871-0x0000000008F40000-0x0000000008FD4000-memory.dmp
memory/824-872-0x0000000008C80000-0x0000000008C9A000-memory.dmp
memory/824-873-0x0000000008CD0000-0x0000000008CF2000-memory.dmp
memory/824-874-0x0000000009570000-0x0000000009A6E000-memory.dmp
memory/824-875-0x0000000009110000-0x00000000091A2000-memory.dmp
memory/4076-884-0x0000000006C40000-0x0000000006C50000-memory.dmp
memory/4076-883-0x0000000006C40000-0x0000000006C50000-memory.dmp
memory/4384-904-0x0000000006C20000-0x0000000006C30000-memory.dmp
memory/4384-905-0x0000000006C20000-0x0000000006C30000-memory.dmp
memory/1788-942-0x00000000040D0000-0x00000000040E0000-memory.dmp
memory/1788-943-0x00000000040D0000-0x00000000040E0000-memory.dmp
memory/3280-954-0x0000000006900000-0x0000000006910000-memory.dmp
memory/3280-955-0x0000000006900000-0x0000000006910000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 2542b94e9ac6e83aed780f36d715c2e0 |
| SHA1 | 6a28bbaff7de9fc1e007395b9712dc0f9cce94ef |
| SHA256 | 3b7fae246e690dfbfe9afd532b62dd4c20faf88a8e497ddc85fe8544809af242 |
| SHA512 | d8dd84913b9965a35458bbf961ee9158feeccedbf3f84b2be4182b4843189fea8c8d70918b68e6a06dbd1b38d9fc15efd6efc877a492a94a991de16966385449 |
memory/5016-984-0x0000000006C10000-0x0000000006C20000-memory.dmp
memory/5016-985-0x0000000006C10000-0x0000000006C20000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | bb27d46c7684df546d5938550b14b655 |
| SHA1 | c3992406d1f8e4926362da9f90b519ce137ca032 |
| SHA256 | 90a5359ed920116ce2c4c0498af99ae6e91dbee4cdb97f3792af4218be393851 |
| SHA512 | a062345d3e2edcad7acbf0bc7f48e170ce1ed070797c73ecb49c421ae1ba778ac64a018fe7125d31b7c63b60a0cf0a36d146f9885a9615805b4eae36702ea0b1 |
memory/336-1025-0x00000000048A0000-0x00000000048B0000-memory.dmp
memory/336-1026-0x00000000048A0000-0x00000000048B0000-memory.dmp
memory/2220-1040-0x00000000044D0000-0x00000000044E0000-memory.dmp
memory/2220-1041-0x00000000044D0000-0x00000000044E0000-memory.dmp
memory/3408-1067-0x0000000004270000-0x0000000004280000-memory.dmp
memory/3408-1071-0x0000000004270000-0x0000000004280000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e283c160c6e2c70fda4e6c7bd2fa7277 |
| SHA1 | 1c02dab65a8ed02e3b7bbb720dc9e570d3935a22 |
| SHA256 | 26534f79f25dd15e5ea41cd95d123a9beb2a1499364dcfc00eb2074941bea3c6 |
| SHA512 | 8a99ba7afe930a1b6ebd4a23950079c7c586985f9edb206876c27a1ad705d679f1ded277004ed4b139dcdeaa8d26404f57a91186d1945bd4bd78702e9b95da25 |
memory/3716-1105-0x0000000007100000-0x0000000007110000-memory.dmp
memory/3716-1106-0x0000000007100000-0x0000000007110000-memory.dmp
memory/2040-1115-0x00000000073F0000-0x0000000007400000-memory.dmp
memory/2040-1116-0x00000000073F0000-0x0000000007400000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 23caddf1ccceea41801b580edd5b1b49 |
| SHA1 | b1297434505a195f3eb7e752228f3fdcf7c23c13 |
| SHA256 | a4de5e769499b4c9eef547c2e0a88a725f56fc18ac639d82524a3ca02adadcb4 |
| SHA512 | 9dd100ebe71dcfee937ef5adcc599485cb5cb2ccfd6ccbe1772dfbdb8b23c78ecb87a27ceb589a0f6ad8715b939f3cd308848bd1043d14b332d986e1107a9972 |
memory/3560-1145-0x0000000004820000-0x0000000004830000-memory.dmp
memory/3560-1146-0x0000000004820000-0x0000000004830000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 4601249de9b9b6d21b403ae43abbc851 |
| SHA1 | d3e99a7bc059cacc93bc7b527fada405d8aa7016 |
| SHA256 | 4abbc1e8d40287c02db0df21c7ebb501bae9a40d82428ed3d9d38f5e3a255e1f |
| SHA512 | 37a3f3d98d34d21ae64dfe157d651274764a526fefe1085df8a47db5e025e1d715c955e9a4ca06cb77fc38a56b6c4be8d832496ffd8593044de98a99dc710aea |
memory/2256-1186-0x0000000004AB0000-0x0000000004AC0000-memory.dmp
memory/2256-1187-0x0000000004AB0000-0x0000000004AC0000-memory.dmp
memory/4276-1197-0x00000000068B0000-0x00000000068C0000-memory.dmp
memory/4276-1198-0x00000000068B0000-0x00000000068C0000-memory.dmp
memory/4516-1219-0x0000000004680000-0x0000000004690000-memory.dmp
memory/4516-1220-0x0000000004680000-0x0000000004690000-memory.dmp
memory/3408-1253-0x0000000004F90000-0x0000000004FA0000-memory.dmp
memory/3408-1254-0x0000000004F90000-0x0000000004FA0000-memory.dmp
memory/228-1262-0x0000000006520000-0x0000000006530000-memory.dmp
memory/228-1263-0x0000000006520000-0x0000000006530000-memory.dmp
memory/1208-1284-0x00000000049B0000-0x00000000049C0000-memory.dmp
memory/1208-1293-0x00000000049B0000-0x00000000049C0000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 34d4c12d5f9b09ea521d0fce05d5d7f0 |
| SHA1 | 97cd967535824f307c23d3b3b6f0da5e25941e3d |
| SHA256 | f336b855354fc866018cdb7edb4fb65cacb2c41524c88fbee4ccafbc01a1b04b |
| SHA512 | 64515cc2dbc690b9116bf5b4d99b11ff7a3eb189d364da891e370c909cb529c6928b499c902999b45c4d4922ee9985a425d5453d3b53a67d1ac21be5952c0600 |
memory/3840-1328-0x00000000075A0000-0x00000000075B0000-memory.dmp
memory/3840-1329-0x00000000075A0000-0x00000000075B0000-memory.dmp
memory/4680-1351-0x0000000002B30000-0x0000000002B40000-memory.dmp
memory/4680-1352-0x0000000002B30000-0x0000000002B40000-memory.dmp
memory/4840-1368-0x0000000006C60000-0x0000000006C70000-memory.dmp
memory/4840-1369-0x0000000006C60000-0x0000000006C70000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e47540a77daeb32a7681c0be3e6650f3 |
| SHA1 | 04a9d8225c38cf79e7ea72891504d8b36e292950 |
| SHA256 | 4f23de42bcb2bbc60283f299ce12d04e7e9845c775b97bb4966978e65d6ee6b3 |
| SHA512 | e53270f26a12f1febb2bbe55894c4aa6ddceac001ec5852690d5e89d7a62cb3488bf98111ade2c4540477c048abf95ebc8239619de9629d43a1b265fd0ef5e18 |
memory/4540-1400-0x0000000004720000-0x0000000004730000-memory.dmp
memory/4540-1401-0x0000000004720000-0x0000000004730000-memory.dmp
memory/1892-1423-0x0000000004F30000-0x0000000004F40000-memory.dmp
memory/1892-1424-0x0000000004F30000-0x0000000004F40000-memory.dmp
memory/1276-1448-0x00000000044D0000-0x00000000044E0000-memory.dmp
memory/1276-1449-0x00000000044D0000-0x00000000044E0000-memory.dmp
memory/4448-1471-0x0000000006FD0000-0x0000000006FE0000-memory.dmp
memory/4448-1472-0x0000000006FD0000-0x0000000006FE0000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 143b87574d1df5e9d215764671491566 |
| SHA1 | b815b33de1af95b03b8e04b9dceb98846df1ff88 |
| SHA256 | 16d05354a85b6d53ec0be6d3dc2e4c107636dc1fe3dc095f51509a46ff5e9402 |
| SHA512 | 4837dde3488721f15e89ed13997b358d7d3c834b76b03ced4a884a93bedf304d37374b586df3ab2516d70bbaf558e3fe000d91fe9e5244d05137bc965015981a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 84a600d6ea5058e201087aec95674523 |
| SHA1 | 30809cb2112c184b494df9ef8e916809ebaab14e |
| SHA256 | 2e74282fefe7175a812ce06707e23425ec745eaf56115b54a210340bb89d3d64 |
| SHA512 | bc3e1bd82807df401273b9ee09dbe1a33d2e617769fc1105f8ecaa2fceeb032e279f5892c425600517fe348996eb64d483665473ae968755b1dea6fa1f38ac1a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b83423a19c02f4aae32ed624a564a4bd |
| SHA1 | 52c22f8a3c4dcde86cea6c321227d1758c3b081c |
| SHA256 | 0636b9be78b354615935a4f98ce40f84cac1ffcb6c5be25b253e564d8e158065 |
| SHA512 | 8133f3d9df74adeeb84ff4bbf196a8cd1325c031f4c81b75f05c4278b21e45892f3ee0f17b495efb5c2d445759a989265b545d4bbc673b9bc4822d01e4b49347 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 29190449745052e7e32f44fd92dc2222 |
| SHA1 | 2d886fd2e67dc34b9d17baebffeb8fe06b71295c |
| SHA256 | 449241d6aaccd4c2af4ae5c097ed85620d5dac2fbb0adcfb468df85b6a6ef313 |
| SHA512 | 495fa4a94eb88b9e646207589319d2c88fbafdeff94bd7d698813c51e23a285dced93e68445d59cbae3cb8df3d5f3fccd549909e0c689df572f302f0e90a2a1b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 337f9fa37ff0684f1d030d5a3d63ea49 |
| SHA1 | 58748faabbebdbb0cff9db4e9b2ec86b2e05e5d5 |
| SHA256 | 9ac7930b2a158c4c008e19ee542e50cac1d7912b7048bf5ce00507a63225c30e |
| SHA512 | d033c400e8d9ac247176decc5eddeef7f17fe3dc9cce7cac9fdd289ae2b559e4bcfe146ff6b6ac39bb82e4472f2dd3634a1ec2aebda888affe486a1c73aeee09 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5a9694.TMP
| MD5 | 46386886259ae9ab6dca3ad111ff5904 |
| SHA1 | f3ccc2d451f0f1e5c534803bd01df2cbbed147fd |
| SHA256 | 26f790beaebb05b620ca7d89e05d5e5fd6dc8d0e745c93f07cf3fe0349a600c2 |
| SHA512 | 75d774e58a006d5fd73247319c35ba52b3eb3f32875618fe2390126dade04adfc7ce875951ffa9738a72741b33282cbe58c95381a6b8ec34d360435d4297cd49 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1ffea99e89245769d9d6446d2ef52b46 |
| SHA1 | ca7d41bdd51f3cc8393439645cb1a285e03b8e88 |
| SHA256 | d194eb60d969c20aaa084b82857cd9a40545035218658e8e38bbe2c3a79905cc |
| SHA512 | dcafa23f14f83ecc7581401864e6c2e88053337961af4117e07a9844cd3e6c6ca9f1214bc347b61bd3c67113a3d0bbd8bf3e6218938f7ba624d29774f39ba06b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3b9ae65ace35e02a4d6156157bfe7c3e |
| SHA1 | 25ea590ffb8d8961591e1eb396d1a7e4ab69c662 |
| SHA256 | ba9d96625e4b278629b505e7cbe09a358982eaf203066f0b2201eeaefee00b36 |
| SHA512 | 76c107194abff94d15a1370190f0700c0e5b20a0a79b15e479fc4f98188f3f471236cd727638f527bc695c7c265d8a90329255c6298fd49a6db19bb643dc94d5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | e1bede21620163d8cd3bac73ad00e565 |
| SHA1 | d2c596f410e0323bdd7bbfeba9856868c9252463 |
| SHA256 | abb589fa11e42463913b434153bb1e96ebf46593b373b2ade1f7adcf6d87eeef |
| SHA512 | b67178a93602469f5e0276fd6bee7d3d123e527ec93de97cc995783ef52db43fcaa9495b1795ca62d012b8c3629b9ddc4d28a9e333b21c47f5794c9d870ec6f8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f8fb15a3b4c7d8c37a0282628df6ab52 |
| SHA1 | 81e118f4f129ded1f02b242e829095a5776ef917 |
| SHA256 | 5925c57dd1ca44c4950b3d9f672e64f00aad3327ac3cdd84f324a93a81cd3a8f |
| SHA512 | a08117dffb36560de180f3997ab1f4fecab486373d731027bd6f2ec57ffb4f6ac0edce0a3a853b0a84a06887b0cf79f57ab3baf5dd50d84bff0ac04fb9ab0997 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 77d063b2c1aaebc224041a924194c87e |
| SHA1 | e55a995c517e0ff01436dc253e474c14986d92e3 |
| SHA256 | 65ee4eeeffba802676ff8e1f193e246cc114400f8213c452b0a2a64c93d96f4b |
| SHA512 | e50189e4480fa24aa5fe61b3ff2185172bbfe13d53fd71fd13e3046bd257cf4e40dfecda8dbe07e7f3faed6244bb9a69ba06f964cd0a5a21f6a0663740e9cf4e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 06e48577243890cd2546d1cc97afb8f5 |
| SHA1 | a0b8754c008646506543cfac0e2068a021f8088b |
| SHA256 | 6723174cb8c29ad73f70614882865f5ed7093a71aeae8dd8f96348bc35394eb6 |
| SHA512 | 507d1c19aacc9e8891f2fac32aca69eac91f98a6f43a1b8b515c7fdda1d99ce186efa45bdd769233753c6a8efaf175293f87a4703977cc56924c27ba9effda24 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 97aaa6add5341b5210322ad01f3e97f6 |
| SHA1 | 6f97eddc59229f235f4013ef40d698246a070139 |
| SHA256 | 2ce6bae3360aa48ae0593137cdbdf830de84aecf889b1cf1edd765d3c7b27a6b |
| SHA512 | 3dce25808a6a723a6a2ebe92caf3d24486dbd0e55c2e4a8d7f197c92486f335018a0ba1e938e50bd4b63e7d584b01e58af4db33c5a2c8678521040175ae6d0b2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 17ef476f42a5bca4154933e587529e5e |
| SHA1 | ef41c655716feceb2f13c1370df72cd60df267ad |
| SHA256 | 706e36e295e572eda50206517c7491ec9357001590521c9c3c387095b8855897 |
| SHA512 | b7051334c4d9a8e13ef6b7479ade2ca52d2d47f7174a0e2f3c64f0da1e57295afa44fbbd0d1827509de74819b40b056a70af9e1e9bec4ca435bb9a3533dbc874 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b7881b586a664beeb03ed1500dc82d88 |
| SHA1 | b3296043d8681c52cf8482c82ffce9534c79b6b2 |
| SHA256 | 9473d732622d8a8e5792786cf290a55e2dff559ff345cc1227ab1dce6a0db04b |
| SHA512 | 762467aed9c03b891fb755a20dd46cbb84a9bd64a5ba17b9d966f8833c49d62de55c040f40ad23e985ad566dafa0516f5a0fee42f4f1c4d49e4b91aeb1a57840 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 2aef410d8b8211eabc87347c7e7d173a |
| SHA1 | 97e4316a371d8c7bf1240e38841275d978394635 |
| SHA256 | 96aea285dbd1b3b8e759f456cee60421e2ffe76ca2746b437cc4e9199074f959 |
| SHA512 | fe9830c18de384be6f982d0448c6c275b9af72206d602a0e5a5da4287c42f63814875f2a2d297e8a28247a20a57a9ba1059e2f95b1fc52aeb7b0915453a9bee8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | dc1dd8909a7a0bc623c582559ea1f0b0 |
| SHA1 | f176e8a738c9251d0b7448f83bf01eeb1bf0dcf0 |
| SHA256 | cef250058100378cb59255745d84a9cd0e2414390cf96cc5a5484dc909f059c1 |
| SHA512 | 728dfacc446763a79ace6c252d0b7619106eb87ab6787591cbcb1640163dfc85dcdb0afa6edbe8f611333d58fb75d76c4b19033e652c964e04f0ae6ed903f8dc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 95c72d450156c5c38949486c1b2a4132 |
| SHA1 | bb06267543314e1494cec4810c6ae11989b04ceb |
| SHA256 | 842193a1e8fd50d17d2c7a2dd78d532adb2d20376f70d27109efa5340e40a49d |
| SHA512 | 27f3776c43af3ed274560fe0abc77f46a62a01b3b9c1f61a8138b203fef219b70a45cada223f895ced37f96db32f782da10e2ae19d9c1c38133a1de3735e288d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 47f7732687e10a7692cc28721a4422fa |
| SHA1 | baaf022ba6602c02e38094b9923df05b8865febf |
| SHA256 | ee5b17144ab4a0e22919cc823295178c465b24b86b4c0c45ce983e5f2aeb2b13 |
| SHA512 | cab5d345cb5470487d843ce5211d242b1fd57151aadfa799c989d9e9b8f2a48dff586311e9f0257bda5b2a92c87391b81a18458eb301a3109fb0ec5a48d7cbcd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f5fd61261b925ff2461b858d79bd3654 |
| SHA1 | 08ac41b03acb5f4f0dda5ff7f687f78af005ffae |
| SHA256 | 00c2fc1c3856a1746860e1c7fe972010f993b6ac0fdf5e4433bf4acbd4c9f0dc |
| SHA512 | 740e2bde808ad76a68646f6cdadabb4b71e208ed1319bbff2b06a27e668615b6395bb50fc11ab661a98da2a03e29dce5906ae6eb9ac5b46ad5fef2308446adf4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 47665f06589a0de80896afe718da796d |
| SHA1 | 6cf012ce9409078443b33678bfa29af39f394320 |
| SHA256 | 67697a03f8f8e55134784c4d9acd73d3b8065b46fc38e119b9e2f6d44fc78f75 |
| SHA512 | 0d63852a176f5d7a7d9f1e46e83dfc020366fb7aeac70bc98a76420089bb345138ea5ccacef85bd117184d0f0a500f1254696145c61980386a6073e2d226527f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 2ff25b0a11d1e7dad44bc44c5342db54 |
| SHA1 | 6f263100842b46225bfaac94ab326eb3777014cd |
| SHA256 | 233aa32cebafdaf303766c9bd574ae4e2985f53fea5ec379dc106cc018908376 |
| SHA512 | ab59af45488d1a9fa1d435bb22f2c3444a0c98a0ac159fa2e4cb50c0b3daaada2ce1e5307f9f33c2fc1c4f58f49f07fbece674232abd48e48554bbdf701fba5d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | a810301b578ebd1b1f721d6c0a5afb59 |
| SHA1 | b9c9e58a38d16eb48c54664d8c34ec178b67277f |
| SHA256 | c0036a4e8c0c6d3d0e2cc55bfa9a51bcd957be4475f79b4c4551e32242c10c37 |
| SHA512 | ea8d561988ad6701d8895799f279cdecab0f4a779f49b017694e04d2a8400d2446c972c9c80b1fa4dee2f8d2ce4b3e34d639db25201a63975b7cddc0570a6e21 |
C:\Users\Admin\Downloads\ValorantLoading0.exe
| MD5 | 528c7fa8598ab0f0cf3ace973391a991 |
| SHA1 | 1bb881224b1b5400204b1493d1920ad7750064fe |
| SHA256 | 2db50e843ecb7e518b6dbf29192158e0b2c3bfacdbe2257be98ad45319bba568 |
| SHA512 | 5996f3f55f5d77fa877f7377a978c4b132e72311861fabf04dc086f3d8fd6bcc4c5412128ce8cdbd6db349c4587e45c86ed40284aba8e0bbb5fc0ce4da5d3cf1 |
C:\Users\Admin\AppData\Local\Temp\nse6CF.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
C:\Users\Admin\AppData\Local\Temp\nse6CF.tmp\nsis7z.dll
| MD5 | 80e44ce4895304c6a3a831310fbf8cd0 |
| SHA1 | 36bd49ae21c460be5753a904b4501f1abca53508 |
| SHA256 | b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592 |
| SHA512 | c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000059
| MD5 | 98c235091178b3a88be7c52c350fff41 |
| SHA1 | dde07f9104b150520a280da73353c80a46777f21 |
| SHA256 | d7a1df8dc206bf52894aea31d846d5ac413fdd92e36b01fe0817fe5af60bdadd |
| SHA512 | 3f5821ddc197b2cc8e64f6cd4388de169a1fc9548201386fc251c14443e2175a33e0b701890a405fc2fd30c3d2ab8d695ac3294f4f729e1a2ef6476412e9f412 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | db6cb8a78efd8210abccbe5244f59ea5 |
| SHA1 | b8780870a81bddff9360ae0deafa55d5942a8447 |
| SHA256 | 7d6734bbb98b6ea72917e5024e0bbc6b938050b4b4ac9349c2df7ba970439f1f |
| SHA512 | 3c979cbc4cfa7283467aa6ee8e0ac2562761d75a71a9a32046bb47afaf775f840c6478343d8e53c9412de30d3b87cd9e955bfbc09db0a96ee6b6fc3039785cd3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6f68f787679d68835dd811366f854ab2 |
| SHA1 | 8a8be493bd9200703e16ed38f90a34ff24f1baa6 |
| SHA256 | 6ef5e2e0a59c166f1c77c6fe0e64bdf5c34e07a18471eed8aa4ab619e508dc6e |
| SHA512 | 613444ad3170e1d8486117e02f1e199213e2546e4bc3f8b5a68281223922b4f79d51f6f9d15847c6d008cdcfa3a6d2147a97972a9fb1e047f71fd42bd317c8fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 35894b3201a10faf0809097c0d3b6979 |
| SHA1 | 1ed4150b42f3bcb43928df58396dc5f78766ed83 |
| SHA256 | 9d0a210973a8f6ec8feb6d569376ca72e0ffbe845f6714231c728bd795451398 |
| SHA512 | 091a466d32dcfaa708d477cf51b29fac7379066211f5eede7dea4a92dc6dba015f5106a690631be48fef19c301e58cb76df3f3fa710142d5188d1844fd3b8c38 |
C:\Users\Admin\AppData\Local\Temp\nse6CF.tmp\app-32.7z
| MD5 | 8896e4db1b06c6d916750bf2dbe06b81 |
| SHA1 | 29bf45e3e7d7dcc990ac9e166950a905f0107c4d |
| SHA256 | 32a63dfb84e89def4920aedeb4fd3ae96d359a5d035ba0f8a8338876954f0e74 |
| SHA512 | c5216d9c1f075354fbc6f05c0ffdac2c4aca70240b53756be63ae179eb78635ae769ee2a0a9850e007b2753d1969674bdcb8e5c87992d26af263a74f22176c2f |
C:\Users\Admin\AppData\Local\Temp\nse6CF.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 590032388a9c06f668c7e9e95e1f6af7 |
| SHA1 | ccd88e3bfda0d3d2a146381b5f0d9a92a9ed4315 |
| SHA256 | a5e10c47564e671f14fba0f724fc76e75a1dc0e9e52ebce6793198d782985ad6 |
| SHA512 | c79ae8196822da5d543f91d7f6f479d6cbaf65f7febf4a9f89286d7f4c183d86b663c1bdc05e1b4dbc2f8a655160f57994d306ff2ffb2efd01004a87516e6d85 |
C:\Users\Admin\AppData\Local\Temp\76fc0578-d0ae-4d1f-b789-016fe3d294b2.tmp.node
| MD5 | aa7eb1ed50471e76e52494e9ecf56e88 |
| SHA1 | b5cdfc7ca8fdfae7be282852d206966dcb88700d |
| SHA256 | 1544875269095605b5ef42195f86e785972cb6bef187a39fc388f46b6beb2ba2 |
| SHA512 | 37b5714542b4cafc88646e535f8b55b5a0d0afeb5aa4c39624494d37727c9763f903a24c7844c03736aabede062f226bd90e8c99edfd657742a9f61379d5ecff |
C:\Users\Admin\AppData\Local\Temp\c1246ab6-f178-4f8a-96e4-352d29ef9754.tmp.node
| MD5 | 566b70feb8fce14caa4c18c08ce7f5f2 |
| SHA1 | f2ebbadcf5914860f0041cae0e0562879d3e8af5 |
| SHA256 | 66bcc5fb47acb03d1d4e6d37553d80bc087b92e405c4392631d8c5e34d773097 |
| SHA512 | 35d63d6cd0c1cfe9b58037bc382f84247a762994e2a09eb9e8a2a4c622845c5ada8c7874d3ebc25f3e59faca6f3052897a81394e07e17b71ddc4686e2df9925d |
C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\01fa3cf7-09ba-4467-9494-5bbe85e93cce.tmp
| MD5 | 2f4a943b721fbe003f59e03ad40ec552 |
| SHA1 | cf9d3e3f47b907a1d244e5c5533ee87581d78a00 |
| SHA256 | 4a47066a0eaf5e2d39253ca0ab598b60a7d6c8966b5f8a406960dd0013e3f485 |
| SHA512 | 10bb36be9c08ace3b825758ee3f215850ab3c71cdbc6149a6568f1fb6c0ba409b8750b48810f68664fd82ade0a558787d361b95ac072e448ef4c2c5c5f91fdb0 |
C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\TransportSecurity
| MD5 | 9593f06cca6207ec57fe6bf060d79d41 |
| SHA1 | 5f61def6d592e7e2886ca5318fada2998d2c31b5 |
| SHA256 | fec8cf8a3a164987d8f4a38456daa8d65f0387172b07ada85a180648a5b5b66d |
| SHA512 | 0620d04fe032a9d31ce455b4814affddcd1a92486f880641d174e22f92f7b44fa6aff481815a5bd09158651c03e93733e628053230455d0073cc42a117235e4b |
C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\Network Persistent State
| MD5 | 1da0ca36b753c46b152b368f57b9d852 |
| SHA1 | 3e48979ab80284cce14b1a9c153aa7600d3496af |
| SHA256 | 2c280c55aa1b18a3ee95e8e20b413f6c138097f864cd44b3d59c979decc7892b |
| SHA512 | 966cf8cc817a1b5760a890cb831076a60da1fc9aa1b962e3c921bd12dfee648a8784bea6428746800fbdde407ae6fe1dcc109b0f62cbc9d8018b38f680de5665 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 97d77c1a95146344eb98cfaf625d530c |
| SHA1 | 3303264e52869e5fad87d76dc93308916efc3f7b |
| SHA256 | b5413937dd6f5d3e15bb669e70b0f52860373009115de4816ecd03793d95b24a |
| SHA512 | a44dbbdd2c56cb94e2d64fe651a1edf5028ff5616bd2eee381c88c196aa10a45df7cfd6eb7fea33a35567d097a5a04087026a9b2fe919624e3b94266f5557819 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 0c2374d08e45490a794b5042f7c0b2e0 |
| SHA1 | b3915637108cfa27d558e23855c83d2926bc8374 |
| SHA256 | 764249e82fbcf79d15ce9d50d39046fe94a08455153a5c0241afeb73f21452f3 |
| SHA512 | e35fc80fe1ce84519d5e32afe44d2a3c063ae69d22a155eb3642487eb9cae0ff8360e60535d1b941e1eb816ab3b11371c1702d8e8694c3bb3ab806a83eb45a66 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000064
| MD5 | a87c36d1a3dddc5a08c471677af0fbc8 |
| SHA1 | 323ef631fc1311fe867817b43aafd14d738db4d4 |
| SHA256 | 7ec3e0e66c4aa93ece2d74df9cdf419f2d1f1b38eb38a393f29b4537ad48ad02 |
| SHA512 | ca66efb3b9af99ab7bca293f330bbf86a0f6c0e9ec058116a7b7f2fbad689e00e6c2bec9577abc1aba3002625afba3535d5493981724c549452857ad4b7b4255 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000065
| MD5 | c797a129e6b807c9a068a403e3c8da50 |
| SHA1 | dd63f00e2807421a7e8bdd81042612c493890383 |
| SHA256 | 2b8b16b5d7e7de628458ab63bf308e9acb65795a9bc08a06e8603c80edb9e24d |
| SHA512 | ae4b0fd2c001f7492a57c72148de0257f8248a9a4c37995bb8741a74f9d874fbea5494cc8cfcde25b299a08d2f1fc17db9b1331a8b6311a4a232ae271a6011ce |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a1c7750d-80b0-45f8-9bc3-bd6d3366349f.tmp
| MD5 | 6c2549709316a7bb11821311d0c327d9 |
| SHA1 | a7cc153f026c2d0e23a2d07bb197fe3deab876de |
| SHA256 | a3dbbe609fb8450d543fb1d30125a577321f242f5d58cf1fff16cf419653acb0 |
| SHA512 | 1316732264f8ec24904245206a9e97c671b8e1c1ea9914416abbaa81bff335540bfa9bea006d93e3054c1ce0ced38d88b9d7943e6450fb30fa62d19b594fb231 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 38f5ee64ab4051651303732110154174 |
| SHA1 | 86340732db47c467f6f52f070953a2cfd5a4cd49 |
| SHA256 | 7ff4c5926dc80f1d56f4104e0467f28043097e3652340f91e58e9754a0fb3d0b |
| SHA512 | b4e449aa04e83ea70a32fb9fc34e1786dcd4c5d707a2027cfaea1a07bb55982808ef155adac0518364f9f74dd61ec8e7819708691181f2ba043fc106bb515ecd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9f78bd9b420a6ac45508eb52ccbd26e7 |
| SHA1 | 63760f582d138a126a367a7f191a349b1afa59d6 |
| SHA256 | ad892de321f4a954ba0f42f72d950f7a4d29424f13e3cb40f1c16a39ed8c6d90 |
| SHA512 | a0a25833f7fb43330104a96f33c38c5510439e0338e09bb97c6031029e9de5d4a88c899a8da2319323f712614f46d23fbed74d08bc4a4de36ec80be435e23439 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 019b45c4ba7cc08e37240e8b5bba6b1e |
| SHA1 | dfd7337c7a35c82e7179f2d3897d5c99989bbce5 |
| SHA256 | 1a187cc2276716b9e887e1a41441af322e00c1c2b9f77f553468d53aef69d5fa |
| SHA512 | 1fb981d18bf0e17677a9ec055b0b2593224cfbbcb783a05074ebad8a612e6d5d559e6b63b6be4dde42bf54731dd72dd3e10ac408714e13879a66423639d20419 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9f4c4830bfe0eeb3aa782b536cb42c53 |
| SHA1 | a68ca1c2271a5895319dfa85423d4315109075da |
| SHA256 | 5264fc76dd713908e324dc6207430c7976b1efa871633871634b287c98f5a51b |
| SHA512 | c164034e71b287d7cd92213357f4bc668ddd98e4c3138346fc688041d594e9f76e23de1291336b03f8ef4b5f113ca5660e2d41b42fa724aedd606a49aea2f908 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 82659f0014d86b4685c7f9dbb62ae904 |
| SHA1 | 47a2984d6dcfb5f803ce4466670452ef8f815743 |
| SHA256 | 9728775ff8bac9196a89fb5f5e03951e9c164705001c2b638c7862b351d4d5c7 |
| SHA512 | 86b8711a8395e4a7f161aeab9876da3a005c13b0d1dd10344bf0e3e02fc5e8445736d8c118adb83ae01db80612d6cb78c8ff6409ca2cb968dd202488366f4cf7 |
C:\Users\Admin\Downloads\ValorantCrashFix.exe
| MD5 | 90a846872e9407bd87f26bcb0ac4795e |
| SHA1 | 42e3f60794f0a70dd5baf29460c0b83516358c34 |
| SHA256 | 0af3cadfcc64053a939c71f2a95648cc7a5cf6078656703e1de32acc69657b03 |
| SHA512 | 9d3120f6ba61164917612394c6212fc5eca4c0b756f5af7373d314920dbdedc11783d31b47ec646479eab58940a7dcd807e81f49da005c340c1e04c23d289a76 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 70fdda17e8fe08bad83a2f18ca2eb6c9 |
| SHA1 | 82f6ee104fe3c144e3f7ae250e980c7f85fda175 |
| SHA256 | 164bfe5dfc0661c28a4a30e416c734de1404fac7ebbffe625bb2f0383f5f619e |
| SHA512 | 9df682d38a9eb5d0531f419c5fd7bb4ca12f0eeb114fe5163d80a15e974b7291c2d7a2f5017b4239c18b7a5c790b05bbc9aae0152cc506f25a2b1c74e6ca1c89 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | fd17000d8c8eeec07e48dfb2fc266387 |
| SHA1 | 8dabf50e36ff433e4d72d10ef8fea04a75c5794d |
| SHA256 | 0ca55ad9194968c3aa1f3d143fc62f53ad7ec95bd700362f6ab1d84d02c54b7a |
| SHA512 | df07bdb51759436c0631ed36998eabb9625888d5dc4b0c9c8dffe47ba85807bc3c605408499bb58a39589b2ca54db709c585d4fecb779a0207c5ab5e260f9574 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ba457a40020c4cf1fd068e532b942534 |
| SHA1 | 09023fb008dd1ef9dd8d3f14813bbcee58dacdce |
| SHA256 | 8d5061e0031ebd2a3c87e68efc4eb5643c9adcb65c991c9b7c6e4de3a9893798 |
| SHA512 | 4e9af53bb942d5dab2b972bda259296962d79e426c6a6d5fc000b3bf1ddce01c2acc39f60d4be8f0bfceda511a4d213f20a348d39bf356f0c37114c921898359 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 7f60e79a216769e2f09cea350552366d |
| SHA1 | afe5b6e17f7d2f3b1764ddfd9efced95c9162a6c |
| SHA256 | 91cec80d9407eea79ef4fdc6e2aaf6119a7b9a6e011ac51661edcb0e025fc233 |
| SHA512 | a09be93fd4aa734faee1d78535779fba7650d8e1e227ca1e87b596707e50651afad69ded74b24fb597fe9ac29bae78ac6cfa4f6eccc83083a793b0e2f601fe8a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | e32334641c93eb5231b41f8dedb25ade |
| SHA1 | 01d515a9f0e1bea04932d58334611da0483d347c |
| SHA256 | 417d91b8af8f3316e4397d91b4388de32404e81d8ae4eb757c09285a458df0e6 |
| SHA512 | 5eeda24e422f3b27be53a3d2db3215c7a9605bfd6e5f906b4548b3cd1bbfec19c94f4684dad954b452c5b9a8cfc0bf9183a58977f70290a98ec1dfcd26f71f76 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 6f9b0a9bd1bc19f418581274027bc568 |
| SHA1 | 882251abdee827d9ff302f0964f42434cabf5812 |
| SHA256 | f01120cc910a0b2ce956252223df12b0e55d14e3cd24be2bb14ac5347c3de619 |
| SHA512 | e334570852a614b7c0408291208a6e881645bb4efd53f79c2f99959bcfb571f028d61b489cfad8fd2a9b1220701f0d4468119ebfc914a5c4b43556531f62665b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | fc1a6bcb321272645ebb445eb6c5e6a8 |
| SHA1 | 480c20e69dca1183c5c58c2525b963840cad0458 |
| SHA256 | 75fb258844e0e57a3255d3e0adce3dceb3a2f4bd406286cea2f0209dad3e28a0 |
| SHA512 | 1d44bed2cf135bdc913aaefa341ec32d38898aeb2da1b3f45f0fa669b6c703c1330fcef605d7f04a8a2e2e45b4d9561b14a52998b493babba03506a3fbc59699 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 503f86681c6930ff7961b4a97dbd1707 |
| SHA1 | c13da2368275e2f177d5f60a7e71032ba8f3703c |
| SHA256 | 54194af965b38eb380f873af48d1eba45984f5275bf2540eccb3eac951be0254 |
| SHA512 | 0723be79b2347623e5f6b045135a582e09651acb58b10a9e0eb5704710c96071164c5c5c6077d9c845332d16fc757e715d7c2661beda9d30e8016204a521a023 |
C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\TransportSecurity
| MD5 | eff50464ee002c3dd1ab3c103f9b7a0c |
| SHA1 | c3473d419eb9a966e2599fc57d9ea35e9b5fa4d8 |
| SHA256 | 821ff6609c1cc485cb6f538e754a0ef84ccbaf1fb737ab1159ece6274c1e9ceb |
| SHA512 | 604360943a5702413171b09d194febcb8e0168272d0cf2ade8d8412e521b5d955752cad0336ca5e8c26b65fc01cfa7796e24087e37d8bb7b17248a9a8455e7be |
C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\TransportSecurity
| MD5 | 6ea1daae0d48fedc857a8c413ed91c01 |
| SHA1 | 69030715b7fb9ed863fdf2a0c59ffc18c4590454 |
| SHA256 | 214e8cf740eac59e06c5da416c91bc097cccfab2fe3262f410913a1a4986b5bf |
| SHA512 | 17a7f94d1351ca5ce9386cf9e7b63b6055a460dc509d068875eade52249f400b6c348d06b1232082f44cca3e1562cc47d6db86ab332491903d76240e9af5724b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Login Data.bby
| MD5 | 95ee64819829aa20da92dc2516b02d53 |
| SHA1 | e1e81fa60dbb73eaa92fbaef2821d2bb124566a9 |
| SHA256 | 9f7de5163137ae938b6a343c40d1d45dee23184831efdebe08ef56a142261665 |
| SHA512 | e3a265e3b9f0af84d77b222e6af28aba5abb21c139c53e059bfdef95aac0e5ab6ae71e2a7ebd966eaeba22ac750cae3718f81dac8f80eb96d6be3d86858df03c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data.bby
| MD5 | d1a6d25ec5801fad5bb43e51fe4cdbc4 |
| SHA1 | f3876c3f19ff446b3d070676bf3c954aa8cc0560 |
| SHA256 | 13d3f0368adc88ffecc9fe7d865375489657ab904931baee6a6decc7b8256ceb |
| SHA512 | abab9375d5a60b07f73fab6998a7bc071849fb077fd6a9045b33284cd64198dc28f058c842318c2b180fda3ec91e2cf92da8dc73961401f811fdbc6d555cc97d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies.bby
| MD5 | 95e444b390eaf786f32031596b47f8e9 |
| SHA1 | 020e63e8537d8149833b1d717de738369ce3b334 |
| SHA256 | a16375c1332eca60de3e4c227da940ba9c7785a461aa80d6c43d3e3345ed0534 |
| SHA512 | fcce361de17dcd486d7dc76dd8cdedfca87d66155e4a41e05a2e211c86b7bc5f9e8542e672e2dabe59073d8ed760bfce005a26e372eeaca5c647774e28f044f7 |
C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\TransportSecurity
| MD5 | 29023c62f5f6e0678cf61365b460682e |
| SHA1 | beb8ef06c872cb28402e9caaf75c5f173c0dc9ca |
| SHA256 | 57ca669e400ebc017c9966ecef04712a12d2b064fb5ee5e7d559f88c23755505 |
| SHA512 | 233e1c65b3d81bcdc9c86d32382d17959748daaaba0210cc92f22c91743900d1e136f93f1a36f01d094ecf32217d74677ce46d023fa172785c32bccd0b2b702e |
C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\TransportSecurity
| MD5 | c5bd1e4a39bcea45d656c6dcf9648fe8 |
| SHA1 | 217db9b8cb1cfd63c25bd932cbd86c64a252185f |
| SHA256 | db91e40a9f7b03a778ce2582c5ea139c399b317e3d817143fce49da76aff789e |
| SHA512 | 8531cd4cbd6d26a7be02b47f8e3075b5521c489e8de8f73f9edae98930cb222c23e9a0ed968fb27bd4d1b07622d21acda50253000c1e2906c67acfe57b8c0302 |
C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\Network Persistent State
| MD5 | 27d6693482ded47d2acf8f49975269be |
| SHA1 | 398e36d224acb906ec9c29ed34879e72eab0d7ef |
| SHA256 | afa0bc3502caebfefa1d34e8fadf06b7c1ceb8af4f2caccf0bb1835a90fb4506 |
| SHA512 | 64c00a084b989637809a617ab38b10a9efd3d72cfb13d08f6ff4b787b7e60d08958bee4d6055f6b745078c673e112b2ad630ecd89d15b45499ceed6520d328dd |
C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\TransportSecurity
| MD5 | 8e8e747bcabfaeff67611470d4d77333 |
| SHA1 | ecb29ae42d3e569b3c2803aaecc106c9ac9c564d |
| SHA256 | c93a5ac0ed9e89de3d0c90941c20586d06d48ba4751aea588515a929b2ea639c |
| SHA512 | bf2f5c891132239db42ecd9c36d1da7763281fcb8d6cc18463042c03cb667d5f9047877c3d0b9b157df8fde4c768a7cb5679baa1dc8b83e1e822c51837cd1c0d |
C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\Network Persistent State
| MD5 | 2fe6f54e957fb0cc90094a62864a2936 |
| SHA1 | 145e8b83c8bba7fc9dad4e1ac5b24f1276ef76b3 |
| SHA256 | 56f6a20c741f46d919a453d567a6f690718a5494f3fd6258955bdf780f4cc2f0 |
| SHA512 | bab9d5f9a0b93fed59e4f70affa31bb5394179e28f6c71b9385c507df1b21bc2ac003b3cfed4077d22c3d5ee24cba3a185c39c52d5b55d3afffab2ec7fa837e4 |
C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\Network Persistent State
| MD5 | 174b145fef092e6e698b7d16359f3445 |
| SHA1 | f07202d2d55f656ca41f3b4c232685c2f94e4eee |
| SHA256 | 45b17482943150229cd664b91e7551231ebb39f2e559e0ab93d65454a4456eb5 |
| SHA512 | 044b4ab98a4ac5bf453a998a17a74f419de73a491aed20e1c963e2cd97031906c36e70def25672ce78bf4dccb65544170766df13beffb9ee94147cc0d5cc0dac |
C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\TransportSecurity
| MD5 | 94743594d95ed4a77ef7e93843b6b24e |
| SHA1 | 0a91851bbd95c04e4cec399cb3a15992b8360abb |
| SHA256 | 9d9ef6ca7a7627db2f139ca49928b88a0aa30723bbe9563fcd7eea774fedbffd |
| SHA512 | eeae12f5e6a8c43cb934d4b9334509bb107b4c6ed216b193d608c4749172dd2a6b0acfa809c3a7cc0862990264ce381f8b8f78c69ba519dd0de0baa0ba92444e |
C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\Network Persistent State
| MD5 | 3ed179e5b7e68e12fa9dfae3147ec497 |
| SHA1 | b8621442128c9e3175714ddcc6852d86c84c2c77 |
| SHA256 | 8c9a09afff80d62de64e5df043e7778fdecfd995e9c8ca2789d4f83344db0889 |
| SHA512 | 0d17fc4cb55f3a58a6cf45976946962e0582ce330ff877ca3cef6cd4abe8f5e7c7d88849eb80cb91d8f9de92beb15deae46eb717e2b0ea7f598876b30d485554 |
C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\Network Persistent State
| MD5 | 20a4db120a740f73984f80e9ff97e7d8 |
| SHA1 | abf7ec4c54efa6b49333bf660f2fff30dd4d96df |
| SHA256 | f62a0f9c97f8f5e16228674d8f89d4237f70a20dfc2c29e2ec789d138e86ca13 |
| SHA512 | 9f4ab8d3ba5e6143db8a12549225b4c12302023c43348b06ed367eb0834640b5928a1ed1556068dc06baf598827fc77bc936667c44cbd617f6214ac40d3a8094 |
C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\TransportSecurity
| MD5 | aa7c6e42c8797b60e71b43962daf7326 |
| SHA1 | c2062c5d06f842f026ca9271a84789eddf2b20b7 |
| SHA256 | 3a82fca04db1fe93db8b13e2c91ffd57b74977799aea266ec708345695e33e3b |
| SHA512 | b79fb9d5c4666f00ea2a5d0dae14d204e043d83b928d0553f973f32c0f37c12811abc535bad056881cccdbe3132035bb6cf4ae3e6e88258817b82d892cc12850 |
C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\Network Persistent State
| MD5 | 7fdd9241fc705731ad360d1293d73612 |
| SHA1 | 96bb5ce605866299d104a66d43eae35d9bd43c3f |
| SHA256 | be2ab64715e5e9ce6fbf1ce29d20c2dcddb3590bc12d0937e429a1290ccef1b1 |
| SHA512 | 85a893174e4cf6b204b6a6f6e8913b92277d68ee4ec15724fc57d3280a883c77b7c37b66115906fd464736c5ef03302b55b108a458bbe249261b1e83d1ac57ea |
C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\TransportSecurity
| MD5 | 01075f46417ed3cc826fb999df42afff |
| SHA1 | 248bd70d9b68e10502ecfc92ef627a74bb072e37 |
| SHA256 | 7bbe142e41920ba7987b87e5b6f48352ed2133fbcd4f06e9d58efc2a12a1a8af |
| SHA512 | cf0c5bba0a9728b2f2e46ba24efe943360f703efb2bce50fc6ed250d7717e8faddc29a2eb72e400424b24ef999835981ea153a91ba638c59cf4d3ab291e2d00b |
C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\TransportSecurity
| MD5 | 3f261dbb23bdbf3d4dff87280f862321 |
| SHA1 | 94ebc969ef86165daf4d011ff56310e25e660aef |
| SHA256 | bd798cb11598ebc1ceac5280aa87e5cf2730239ba689325b6de4985bb148b2c2 |
| SHA512 | 5fc0f2269f7de8316755a044c0c3ccdcdbd35efd215873d2f970f83188d9d7d30572ea3e2941c71d003f6123d1f8d92f09f05ee3528a22b1d41fe56c18251832 |
C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\Network Persistent State
| MD5 | 9b79fc14adf80d9b8be06a6eebad83b9 |
| SHA1 | 2b0a91ed152b6fd47c195efa41fd204b049bd28c |
| SHA256 | 08d411b3d4652cdc2d50e1a6c11602c2c4804c3fa0d532573bbd03e9b1b38d24 |
| SHA512 | b9d9d55c57169f5540dc84a897fb1e65b7af1a027a86031fa0c61ebbb6b9c10af8864081345396474ecc37ea488e4ce402485610a31da3cfc8b8b1657bcc1273 |
C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\Network Persistent State
| MD5 | 6bf7abfaa162a1ab0f5ecc69d935505d |
| SHA1 | 7e7c4cd2e5178c44a410ac1dcd9ccc3db9cc9c1c |
| SHA256 | 4416d370b54d87c1904d2581ea7d2757a08d73a05460734207da1306db68f2ed |
| SHA512 | 443e234f7df3592a444bf473235eff5372fc26222ccd37a1de7e85441df2ca659540ab8c8aa3b23e5259f8f61876040d015264533735a738b247a58471f955ca |
C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\Network Persistent State
| MD5 | 47e1bfa5e59f1cf64abe541852e077a4 |
| SHA1 | 89d387532a133bcf3a24eb78c73d5bf44689b677 |
| SHA256 | 7e71bc73ff2b48bb79cf5a8a135382fd17aba97e83a1d7b1552cddca2517ec3c |
| SHA512 | a599fc4a549628444111bbbb9a620477b7fd97edf4e0407a1467afd32a6323f3b5f52ada8e279a7655f8596518211a17660a4c38ea506f5b115b394448cb1325 |
C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\Network Persistent State
| MD5 | fa53b6b6b2a306d5bd8c98f73f7ce572 |
| SHA1 | 521fd37d152c0a4867345d1f8f091ff47fd900a8 |
| SHA256 | 2a71d2b54acf30d9361a4c429793d3d99a6585c2b66a5c5b49149d0044f13a75 |
| SHA512 | 893fb410aa8f2e70ebd2d2dda33731a102720cc3d3d57a058a206efd6d152f6021430cd6e8d377c6553e658511e1c7d93205479ff68a19a14a89d33e81facb9e |
C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\TransportSecurity
| MD5 | 8ac2b5883b73f67569164819664b5408 |
| SHA1 | 6b62ef8d1dc76be2c840c57e4ae268a63a5a9444 |
| SHA256 | 97e99dc519c243b9c7289927d870efa90038ffde10473cb2fa71eb711732ee34 |
| SHA512 | 77a873b9c5e0f107ed00701bc578026870030a2ae746c0a179ff90b38b055b64785f30a425a0204283e5ad9a6498692f69dce30a401cef2db002865700dc91cb |
C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\Network Persistent State
| MD5 | 7fbf2040e923cc4ad053f4adaf04a177 |
| SHA1 | bee684599f2f37f25a4d3d590703636949ea58a5 |
| SHA256 | 914d662e30041fcc5ae06807895f2f71de65a08ed7a1c5f539e23ffced0a2077 |
| SHA512 | 9b5c573e3d03c2df1fc910405c9fb7f6ab2e754b41572528771a71c2f5be883c3f55bb19ea41387d12a8f7410a1d84dac0a1443bfde3034a1a1a818a4eea05d9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | d5370b0b76ae9718ecd93ff7a79390fe |
| SHA1 | 8d84f08e66b23a0a9edbf70baed332df34dad3a6 |
| SHA256 | 8499a1a7d755244cb8a3a704779cd5e7d4a2b881844a2a540335a75181f6ce2a |
| SHA512 | bff77237ca099d197eb7c67f4eea828081bf82e15e4803d6607e7521f27efaa19fd7f11eeb853d00a7ab76e31e869c28174564bf2b9a025b20ad6b9f42bf4ee2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version
| MD5 | 9eae63c7a967fc314dd311d9f46a45b7 |
| SHA1 | caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf |
| SHA256 | 4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d |
| SHA512 | bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 0edc55455692b43c5ea850c68560220e |
| SHA1 | 2634b0ab8ff2fa4757659d8ad05d2c6f4d63c767 |
| SHA256 | ac1b320a5ef6ed7eba60b9f3457b90bc671144aa277a52d31979d54d76f335e6 |
| SHA512 | 71199aebe2fe21a2496d173c9234bd2e8adb74be1c51c8edce1755acc6d7e1ed61746ab29ab824210312f692bfed9f9b45fa65f1cd4fbdda07b454e33e21938e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 66308781fbb1366f74cabbc332817cce |
| SHA1 | 283db737e8fd2ceaaffb45e3bb0e44c065d56504 |
| SHA256 | e7db5a79549b7d174b617f5b526c27d4078ea44f4fb5a7e3c9a3fd7861d6fddb |
| SHA512 | ac32d1f84b957fd9dc990a9156970d9a5e6fa7be5a3ac586eee2b69756e7bbc862a2d366d788bfc8f4ab1d37f28bc8157107618c84254f23ecc42475c7d6c08a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1ff84e9cf3dc72098ecdac45c57c5ba6 |
| SHA1 | 7b0c494d69551698115d48f3515da6506b98b7bb |
| SHA256 | 41c332a44f71c2c538af8c92231a46a4b57784b380d0aef4e70b5c01e583894a |
| SHA512 | 1d969d50fa19c2cb6dff25cf118425d84b7f0fddca694f2b63cff46ab261f421d881be707f3b5d18a1e695ca66c454976d858d2dd5ac098b246ba75a9adfb68e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 36a1e2d4672325d1508b57a341c2d4ec |
| SHA1 | 760a8da90052a8b4d244a0b4fe7c2c1b659c1f77 |
| SHA256 | 73c7670215f99a6f83fe5dfb232ee45f1a8784bc27d4c6e815871afe08630d53 |
| SHA512 | be27b26dc2155691d846b4b0ac638b7f71dddd65b687593caa0b7eeb7de5911f509401e47361f3ae5d525d8b7583534ed10c66a76cb403a3243d3d1eb17fe7f0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 68718af4bbc2d6210f651ad45613f623 |
| SHA1 | a2273425076d78a06017e57d831961376a2f566f |
| SHA256 | ebde3bb4d9075c355e02555712923c6fa6aa2cce7e096d1779a5c7be92f0aba4 |
| SHA512 | 977384b3aa20d46dbc1ae18a96fb8b2b8d0e081030d1e2576884e83f546c71db0d1f309cbb7b70673633b60dbbf01258ad63267cb84cc0a77b27e7cdfef06b0c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 317ecdcebb891f64fe65d059930b66d4 |
| SHA1 | 52b571b66f0bc3d205a231e51115292814c5beb7 |
| SHA256 | 9593d3afe2626d13ad39f8122f2606516fda055222385c8900af3597ef834588 |
| SHA512 | db8393fe72262f1659fd20bdf46ceb070727353ee1d68576f97dded18d5aefec9b9713995ebc5dd1f99e337d9ec30a9a653dcdada739e1534f3187ecd8508ab8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 14ba6363499a302a4ed2ddce3491b92d |
| SHA1 | ae050c130f5ad96a8f7ba46cc3cedbb5e00b1f86 |
| SHA256 | ffe81ff44d039b7ec1c62f387c7bbac099c578d2dd26cbaae14facc0b95b00de |
| SHA512 | 6d8c87d0d7484bf99e2d18f82fe79ec62227f054574d1825842679ade611f7ab7a54bef47b49711dc7dd5fcf64575a79bda7b7fd820e01875e1f156054762b97 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 661645d76e6f041d09328a055ec8ecc3 |
| SHA1 | c9fb67b7d1ea402e792db4f0ac052987a5cb4c0e |
| SHA256 | 9883c7c78669c75631953b9db4765c055efc4e86654b0a23a233049546f176a6 |
| SHA512 | a4d4b48a5d477f225f1af7410b7b45b3c1491d24f5bae3e69542eb2da12aba4120f67f1eca55b2a2a6278984adc2611183ff7a8c80c570eb97f71f9581b595f1 |
C:\Users\Admin\Downloads\ValorantCrashFix (2).exe
| MD5 | 07ce2697ceb03120226d424cded06601 |
| SHA1 | 875db06d8fdb61cc1d48494cc2d59da6c2b66076 |
| SHA256 | ee5f14e41bd53408bfdbc2c130d2d486b428209fe71a1103e5ef0485f1493c28 |
| SHA512 | 808747792837b9af280eea05c27c672f7f0cb589a3cb0d6a5a4329d6b435b7a3216ba0206fa13674831064d7f77949fd82950c2c3ec3c822ea3a9824a44c9249 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 946c0f00d9ec252f9cacf8c258232d27 |
| SHA1 | 131544a37525e1d778ef13a03f044fe1eafc2573 |
| SHA256 | 3741ed6e4a230df992c8b70890b12c6034ee0ba61c1df139fdaeba9d380ff991 |
| SHA512 | 417f07cec1f5d27a33d8205d63d0e7699f53df28242e41b60e8b2882e07cfae9c91cd8e6b2cba6f77433a7f9db1e6b4f414fbbe52d7a954127f115e7a2a6ae16 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | efce261d1662da728828ed28ed185c74 |
| SHA1 | 8c6f06ea2e5eba015401a0c390a65abcd8c03f1f |
| SHA256 | e74c575c24d6070e2e4b43b6888fa32d2d1d1b5ceedd811067701b7728139a60 |
| SHA512 | 94141abaca423f2011fbe8913b55f23d9975f9bb56b484209f05960e4749998ffa395320dce9ad497736a87251d51162eb4bce99f6af7b35c7a136d0d7a9ef77 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | b5520133cc376e618e4407850f50b74c |
| SHA1 | eab90cda858734e49661e27408732ca82519ebea |
| SHA256 | fd992213601be6d9719f9b8786f5729a569420155b50b47d4d3fcdc6fdd66b5f |
| SHA512 | 3030b34d750d31805983f66a7854f86d48b477441060408331c0e48f40cc02b87460eb03ccbb97c85b2d229c659948ea0ef10bb18c82e8d120e8aa96ee2956f3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | c2e2147542e295575ebacbfe06be3d56 |
| SHA1 | 77d505ab15d24bc97a93e94fd9f7ad74f8ac2bf1 |
| SHA256 | 0de26924770825456f6aa79e9eec7385557ce4b88f261aa54740edd80beef90f |
| SHA512 | 714db1386619bcb0ca98ae5254c52c19adcb063f9e3d414d3dbf472db0df591b9de5bca734c1d2c283406546c1e5d75bf0f00405bfb2c6b3b49c970e758e3cd7 |
C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\412d9d56-484e-4129-914e-417c39523603.tmp
| MD5 | 71ac520f3849c8dc11ef166e968d051b |
| SHA1 | c65e07d4bf81d15bbe934ff3bb6b164dbe0d98c3 |
| SHA256 | ee3d4dd70fbca40343528944622aad59afc0e284ba9cda36fb084dfb40a82281 |
| SHA512 | c2be4206bc069fbfe27ee3f89dcea148cd27ad16f6dd950ce33606348d4e5a6af114e631573a6c78e0cd33e5680e4a40155769d28cad138623e10ad5204ce2c0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | d8b8961104542a3250e6e0e9ad2e8d1b |
| SHA1 | 6104fb8befbb796d84206b20298ded7f9202f0bb |
| SHA256 | 384251375acce7718cd0101e7cca638a1ee8272f24ef126c118896cccf87ea03 |
| SHA512 | a88ce5bcba9e62c6e95e030cf1f14bbbc373c6fa933b896ee50c25242e78d02c30f4551ffd4b11143c639612e2062b29855b733aa2f09d66a497fe3e44318749 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d8469433202cba36c73a31223232df1d |
| SHA1 | ec78a4c248bf1cff999572863cc75c5add5df4e4 |
| SHA256 | b1de2e775dbc04052be687caf49c75498b5c455e7946ddaf6bcfc4fcdccbfbb4 |
| SHA512 | 128a31608333791aebccce9a4a12efb852b5b1a6ad062373900ab929cc088e0d9c2f1b5853d27cb4eed17ffc37636f5411719ba695461849436928f1253ca0ac |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\58e0e1f5-7e59-401f-a56a-66123191223a.tmp
| MD5 | 2c069dbb78c4d550576faedc776ded45 |
| SHA1 | 80c8fb16b047af661f3bf1bc4a0d0c38a13e8655 |
| SHA256 | c0e3142c593f29baed83ccbab1135c73d9c66920e73d1b725b4edd2afc51f5a8 |
| SHA512 | 0129dda09a71140fcc2caf218a69296150154e0773300dc50bbd5f71c9990f46698d67e8ae58e86d4c342ebd0bf7d907104d61bf91db9fd1515320cbf48447df |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 4f9eb83da549858b5461daaa07a14165 |
| SHA1 | 95bb3bdde89c43a8344a6a0013e5cb1f46782007 |
| SHA256 | 3f307376459080bb66668dda2ec7df4dc74cf01369d7976ac701abe0f94ccbe3 |
| SHA512 | 976d17bc547d291020d91a73aacef3a4f0c9234d95761bd16c10693b078a7310a9817d8a8825c030a275acd9bd6d4c474c3d4972c2f6f7e8cf1ea4c537677531 |
C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\Network Persistent State
| MD5 | 50567d058fea38f23b56f6bf645bd891 |
| SHA1 | bdb97d76e96d0d3e8c8ea28518fe017616d611ae |
| SHA256 | 083efc83469947d5b6dc91d748076b6c7e12de12c04a1bacc51141d250cb4a1f |
| SHA512 | c1b634e1927f19f7fada2eb76f77f071e9f077bf8b54fd3ff84caf6a98263227e4253e047677eaa1511c5fdab20d9cfb77c1bd4d61558c2637c5d5f520a03370 |
C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\Network Persistent State
| MD5 | 738722f405e9916933d7b42d80265090 |
| SHA1 | 31579b16d079ee3cad03e0f1851199f28ca61b0c |
| SHA256 | 3a2d296c844b0de8179ac7c4e209bd1cbe6d423de2ec9099da162e3cc5188c35 |
| SHA512 | bf954b2bd809ba209671677a7c8698b4b13b5068425dd47b24850c0a57e78d25e1e55221e0f010a5746297d19692ab037c2f02d53ace5e5e7d1b4866909874a3 |
C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\TransportSecurity
| MD5 | f9b7efb3435dcb2cc7fd92fea63bc3e8 |
| SHA1 | 2f286b1f0eefeeb6e2959f582af1a6ee8894f503 |
| SHA256 | 9fa63bcac4ded17520ede3378cdd2f3ce26383c80b6bc5955981560a3f1fce5a |
| SHA512 | 00563294a4c917f62e4dd04cde6d5ee11d4c15c63e74a00087d58c5e9b4ec819afac9bab46373234086d6ca44c6ee733d5db350b736041c15ff2d579a40c29f5 |
C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\TransportSecurity
| MD5 | 31b1cbcc2b6103a3f68d97a8c09fcbfb |
| SHA1 | 3231a62300be858d15a12fddce4e50f3d144ba14 |
| SHA256 | a9f9aaed338f1fbb7f7d1cd2c0d97ff2ad8c96594a0213cc80b661ac98cbc0b2 |
| SHA512 | 37575c1cb759325a36340d95a0fbf0c887f500b2cb04c4e59cc1ddb533de79a341e7d35a5dc1c9b18826f6e455cb812b5d044fef1dac38230472d356cc4d3a89 |
C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\Network Persistent State
| MD5 | c3fc6ae788b21614f818d722e01ec2eb |
| SHA1 | 9418e19df0ab157b34e36862904d8e1b40ad217b |
| SHA256 | ec3abbf99c84ec902e60012c23536aa89fa99742ac37faeac041c4039d9b19b1 |
| SHA512 | e1e5b0c0f49b3927c8b76bf89f5bc38832c130da6c8148a82eaf5192ba253ed0315a0e8b2a22356dbe881f742ba459fc3e1a81cc0ee45d0f6e63cede1027d2e4 |
C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\Network Persistent State
| MD5 | a8716fb84dd21bce90bf3245f0355a23 |
| SHA1 | 664f8f7de487e56172b367e7bdf28d8552d6378c |
| SHA256 | 7a3a3a71fac526ea2b903256021674af4911b2d3b3ca98df61033dfd392f82ce |
| SHA512 | f2b7d5d4db3c54f8c5832e5c598fd969034ecf5cc37963436d1f05b607db2b24e5cf158eafe099e1bc1fff4ac6dd86b2f31c6618ee6a58ca61d009090bb9a080 |
C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\TransportSecurity
| MD5 | 62a3d19dbed46a1f7aaa89c89b8affd6 |
| SHA1 | cb8c64ab560958d9aceeee649af193e513311a93 |
| SHA256 | 9bc53dc5511f72ebd1cc1f2a9dd06c3345c02ad766a9b476ec5093a1e987ca57 |
| SHA512 | 4f477caed87ae54e984eb79b1c438a2a481a32d50122b9d2ce9d9c705fe118f999797232e464ba038579925505a0fff37bd544cec461ace2e6f6913d9a51bb10 |