hxxps://tmpfiles[.]org/dl/1730310/setup[.]exe

Analysis

max time kernel
214s
max time network
663s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
15/07/2023, 05:50

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://tmpfiles.org/dl/1730310/setup.exe

Score

8^/10

spyware stealer

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Control Panel\International\Geo\Nation	khlrftpaxlucchie.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Control Panel\International\Geo\Nation	khlrftpaxlucchie.exe

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Updater.exe	khlrftpaxlucchie.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Updater.exe	khlrftpaxlucchie.exe

Executes dropped EXE 9 IoCs

pid	Process
2920	setup.exe
5400	khlrftpaxlucchie.exe
5924	khlrftpaxlucchie.exe
6036	khlrftpaxlucchie.exe
3656	setup.exe
5060	khlrftpaxlucchie.exe
6068	cmd.exe
7632	khlrftpaxlucchie.exe
6632	khlrftpaxlucchie.exe

Loads dropped DLL 29 IoCs

pid	Process
2920	setup.exe
2920	setup.exe
2920	setup.exe
5400	khlrftpaxlucchie.exe
5400	khlrftpaxlucchie.exe
5400	khlrftpaxlucchie.exe
5400	khlrftpaxlucchie.exe
5924	khlrftpaxlucchie.exe
5924	khlrftpaxlucchie.exe
5924	khlrftpaxlucchie.exe
5924	khlrftpaxlucchie.exe
5924	khlrftpaxlucchie.exe
6036	khlrftpaxlucchie.exe
3656	setup.exe
3656	setup.exe
3656	setup.exe
3656	setup.exe
5060	khlrftpaxlucchie.exe
6068	cmd.exe
6068	cmd.exe
5060	khlrftpaxlucchie.exe
5060	khlrftpaxlucchie.exe
5060	khlrftpaxlucchie.exe
7632	khlrftpaxlucchie.exe
7632	khlrftpaxlucchie.exe
7632	khlrftpaxlucchie.exe
7632	khlrftpaxlucchie.exe
7632	khlrftpaxlucchie.exe
6632	khlrftpaxlucchie.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Looks up external IP address via web service 5 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
228	ipinfo.io
413	ipinfo.io
414	ipinfo.io
204	ipinfo.io
205	ipinfo.io

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 14 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	khlrftpaxlucchie.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	khlrftpaxlucchie.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	khlrftpaxlucchie.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	khlrftpaxlucchie.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	khlrftpaxlucchie.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	khlrftpaxlucchie.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	khlrftpaxlucchie.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	khlrftpaxlucchie.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	khlrftpaxlucchie.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	khlrftpaxlucchie.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	khlrftpaxlucchie.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	khlrftpaxlucchie.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	khlrftpaxlucchie.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	khlrftpaxlucchie.exe

Enumerates processes with tasklist 1 TTPs 10 IoCs

Process Discovery

T1057

pid	Process
5308	tasklist.exe
6728	tasklist.exe
6220	tasklist.exe
7552	tasklist.exe
5448	tasklist.exe
1260	tasklist.exe
3996	tasklist.exe
8264	tasklist.exe
8968	tasklist.exe
6812	tasklist.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Gathers network information 2 TTPs 20 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command-Line Interface

T1059

pid	Process
1260	NETSTAT.EXE
7680	NETSTAT.EXE
828	NETSTAT.EXE
8344	ipconfig.exe
6596	NETSTAT.EXE
9116	NETSTAT.EXE
856	NETSTAT.EXE
3460	ipconfig.exe
4328	NETSTAT.EXE
7136	NETSTAT.EXE
4760	ipconfig.exe
3984	ipconfig.exe
6936	NETSTAT.EXE
2320	NETSTAT.EXE
9052	NETSTAT.EXE
4992	NETSTAT.EXE
3060	NETSTAT.EXE
8116	NETSTAT.EXE
7528	ipconfig.exe
116	NETSTAT.EXE

Kills process with taskkill 3 IoCs

evasion

pid	Process
5476	taskkill.exe
4972	taskkill.exe
7732	taskkill.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133338738755680866"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3195054982-4292022746-1467505928-1000\{37FCAD8B-D15F-403C-A5DF-87B36AAF1508}	chrome.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3195054982-4292022746-1467505928-1000\{E9A2F188-67D1-4E47-9573-27BC9CEA3704}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings	OpenWith.exe

Runs ping.exe 1 TTPs 5 IoCs

Remote System Discovery

T1018

pid	Process
5652	ping.exe
6772	ping.exe
6440	ping.exe
4904	ping.exe
6748	ping.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1524	chrome.exe
1524	chrome.exe
5400	khlrftpaxlucchie.exe
5400	khlrftpaxlucchie.exe
5400	khlrftpaxlucchie.exe
5400	khlrftpaxlucchie.exe
5400	khlrftpaxlucchie.exe
5400	khlrftpaxlucchie.exe
6036	khlrftpaxlucchie.exe
6036	khlrftpaxlucchie.exe
5400	khlrftpaxlucchie.exe
5400	khlrftpaxlucchie.exe
5396	powershell.exe
5396	powershell.exe
5396	powershell.exe
4800	msedge.exe
4800	msedge.exe
5384	msedge.exe
5384	msedge.exe
4812	powershell.exe
4812	powershell.exe
1992	powershell.exe
1992	powershell.exe
2804	powershell.exe
2804	powershell.exe
1504	powershell.exe
1504	powershell.exe
4132	powershell.exe
4132	powershell.exe
1168	powershell.exe
1168	powershell.exe
3916	netsh.exe
3916	netsh.exe
916	Conhost.exe
916	Conhost.exe
1928	powershell.exe
1928	powershell.exe
6000	powershell.exe
6000	powershell.exe
116	NETSTAT.EXE
116	NETSTAT.EXE
1928	powershell.exe
1168	Process not Found
916	Conhost.exe
4812	powershell.exe
4132	powershell.exe
3916	netsh.exe
1992	powershell.exe
1504	powershell.exe
6000	powershell.exe
2804	powershell.exe
116	NETSTAT.EXE
6404	chrome.exe
6404	chrome.exe
7580	powershell.exe
7580	powershell.exe
7580	powershell.exe
6772	identity_helper.exe
6772	identity_helper.exe
4132	powershell.exe
4132	powershell.exe
4544	powershell.exe
4544	powershell.exe
4544	powershell.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
6404	chrome.exe
6404	chrome.exe
6404	chrome.exe
5384	msedge.exe
5384	msedge.exe
6404	chrome.exe
6404	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
6404	chrome.exe
6404	chrome.exe
6404	chrome.exe
6404	chrome.exe
6404	chrome.exe
6404	chrome.exe
6404	chrome.exe
6404	chrome.exe
6404	chrome.exe
6404	chrome.exe
6404	chrome.exe
6404	chrome.exe
6404	chrome.exe
6404	chrome.exe
6404	chrome.exe
6404	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
5328	OpenWith.exe
5780	cmd.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1524 wrote to memory of 1908	1524	chrome.exe	71
PID 1524 wrote to memory of 1908	1524	chrome.exe	71
PID 1524 wrote to memory of 4000	1524	chrome.exe	87
PID 1524 wrote to memory of 4000	1524	chrome.exe	87
PID 1524 wrote to memory of 4000	1524	chrome.exe	87
PID 1524 wrote to memory of 4000	1524	chrome.exe	87
PID 1524 wrote to memory of 4000	1524	chrome.exe	87
PID 1524 wrote to memory of 4000	1524	chrome.exe	87
PID 1524 wrote to memory of 4000	1524	chrome.exe	87
PID 1524 wrote to memory of 4000	1524	chrome.exe	87
PID 1524 wrote to memory of 4000	1524	chrome.exe	87
PID 1524 wrote to memory of 4000	1524	chrome.exe	87
PID 1524 wrote to memory of 4000	1524	chrome.exe	87
PID 1524 wrote to memory of 4000	1524	chrome.exe	87
PID 1524 wrote to memory of 4000	1524	chrome.exe	87
PID 1524 wrote to memory of 4000	1524	chrome.exe	87
PID 1524 wrote to memory of 4000	1524	chrome.exe	87
PID 1524 wrote to memory of 4000	1524	chrome.exe	87
PID 1524 wrote to memory of 4000	1524	chrome.exe	87
PID 1524 wrote to memory of 4000	1524	chrome.exe	87
PID 1524 wrote to memory of 4000	1524	chrome.exe	87
PID 1524 wrote to memory of 4000	1524	chrome.exe	87
PID 1524 wrote to memory of 4000	1524	chrome.exe	87
PID 1524 wrote to memory of 4000	1524	chrome.exe	87
PID 1524 wrote to memory of 4000	1524	chrome.exe	87
PID 1524 wrote to memory of 4000	1524	chrome.exe	87
PID 1524 wrote to memory of 4000	1524	chrome.exe	87
PID 1524 wrote to memory of 4000	1524	chrome.exe	87
PID 1524 wrote to memory of 4000	1524	chrome.exe	87
PID 1524 wrote to memory of 4000	1524	chrome.exe	87
PID 1524 wrote to memory of 4000	1524	chrome.exe	87
PID 1524 wrote to memory of 4000	1524	chrome.exe	87
PID 1524 wrote to memory of 4000	1524	chrome.exe	87
PID 1524 wrote to memory of 4000	1524	chrome.exe	87
PID 1524 wrote to memory of 4000	1524	chrome.exe	87
PID 1524 wrote to memory of 4000	1524	chrome.exe	87
PID 1524 wrote to memory of 4000	1524	chrome.exe	87
PID 1524 wrote to memory of 4000	1524	chrome.exe	87
PID 1524 wrote to memory of 4000	1524	chrome.exe	87
PID 1524 wrote to memory of 4000	1524	chrome.exe	87
PID 1524 wrote to memory of 3172	1524	chrome.exe	88
PID 1524 wrote to memory of 3172	1524	chrome.exe	88
PID 1524 wrote to memory of 4212	1524	chrome.exe	89
PID 1524 wrote to memory of 4212	1524	chrome.exe	89
PID 1524 wrote to memory of 4212	1524	chrome.exe	89
PID 1524 wrote to memory of 4212	1524	chrome.exe	89
PID 1524 wrote to memory of 4212	1524	chrome.exe	89
PID 1524 wrote to memory of 4212	1524	chrome.exe	89
PID 1524 wrote to memory of 4212	1524	chrome.exe	89
PID 1524 wrote to memory of 4212	1524	chrome.exe	89
PID 1524 wrote to memory of 4212	1524	chrome.exe	89
PID 1524 wrote to memory of 4212	1524	chrome.exe	89
PID 1524 wrote to memory of 4212	1524	chrome.exe	89
PID 1524 wrote to memory of 4212	1524	chrome.exe	89
PID 1524 wrote to memory of 4212	1524	chrome.exe	89
PID 1524 wrote to memory of 4212	1524	chrome.exe	89
PID 1524 wrote to memory of 4212	1524	chrome.exe	89
PID 1524 wrote to memory of 4212	1524	chrome.exe	89
PID 1524 wrote to memory of 4212	1524	chrome.exe	89
PID 1524 wrote to memory of 4212	1524	chrome.exe	89
PID 1524 wrote to memory of 4212	1524	chrome.exe	89
PID 1524 wrote to memory of 4212	1524	chrome.exe	89
PID 1524 wrote to memory of 4212	1524	chrome.exe	89
PID 1524 wrote to memory of 4212	1524	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://tmpfiles.org/dl/1730310/setup.exe
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff984079758,0x7ff984079768,0x7ff984079778
  2⤵
  PID:1908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1772 --field-trial-handle=1880,i,10344180213554074020,15388511951995109938,131072 /prefetch:2
  2⤵
  PID:4000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1880,i,10344180213554074020,15388511951995109938,131072 /prefetch:8
  2⤵
  PID:3172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2208 --field-trial-handle=1880,i,10344180213554074020,15388511951995109938,131072 /prefetch:8
  2⤵
  PID:4212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2988 --field-trial-handle=1880,i,10344180213554074020,15388511951995109938,131072 /prefetch:1
  2⤵
  PID:776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2980 --field-trial-handle=1880,i,10344180213554074020,15388511951995109938,131072 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5272 --field-trial-handle=1880,i,10344180213554074020,15388511951995109938,131072 /prefetch:8
  2⤵
  PID:4432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5288 --field-trial-handle=1880,i,10344180213554074020,15388511951995109938,131072 /prefetch:8
  2⤵
  PID:756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5724 --field-trial-handle=1880,i,10344180213554074020,15388511951995109938,131072 /prefetch:8
  2⤵
  PID:2068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5712 --field-trial-handle=1880,i,10344180213554074020,15388511951995109938,131072 /prefetch:8
  2⤵
  PID:4824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 --field-trial-handle=1880,i,10344180213554074020,15388511951995109938,131072 /prefetch:8
  2⤵
  PID:1364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5772 --field-trial-handle=1880,i,10344180213554074020,15388511951995109938,131072 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5296 --field-trial-handle=1880,i,10344180213554074020,15388511951995109938,131072 /prefetch:8
  2⤵
  PID:1204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5524 --field-trial-handle=1880,i,10344180213554074020,15388511951995109938,131072 /prefetch:8
  2⤵
  PID:1912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5968 --field-trial-handle=1880,i,10344180213554074020,15388511951995109938,131072 /prefetch:1
  2⤵
  PID:964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3268 --field-trial-handle=1880,i,10344180213554074020,15388511951995109938,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:2812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3392 --field-trial-handle=1880,i,10344180213554074020,15388511951995109938,131072 /prefetch:8
  2⤵
  PID:4056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5880 --field-trial-handle=1880,i,10344180213554074020,15388511951995109938,131072 /prefetch:8
  2⤵
  PID:4756

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4988

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x308 0x510
1⤵
PID:4700

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4952

C:\Users\Admin\Downloads\setup.exe
"C:\Users\Admin\Downloads\setup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2920
- C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\khlrftpaxlucchie.exe
  C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\khlrftpaxlucchie.exe
  2⤵
  - Checks computer location settings
  - Drops startup file
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  PID:5400
- - C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\khlrftpaxlucchie.exe
    "C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\khlrftpaxlucchie.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\khlrftpaxlucchie" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1936 --field-trial-handle=1940,i,804314678898241993,11417674933964616333,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:5924
- - C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\khlrftpaxlucchie.exe
    "C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\khlrftpaxlucchie.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\khlrftpaxlucchie" --mojo-platform-channel-handle=2192 --field-trial-handle=1940,i,804314678898241993,11417674933964616333,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:6036
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:2936
  - - C:\Windows\SysWOW64\tasklist.exe
      tasklist
      4⤵
      Enumerates processes with tasklist
      PID:3996
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"
    3⤵
    PID:2032
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "chcp"
    3⤵
    PID:5996
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5196
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5396
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "netstat -r"
    3⤵
    PID:1888
  - - C:\Windows\SysWOW64\NETSTAT.EXE
      netstat -r
      4⤵
      Gathers network information
      PID:4328
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Windows\system32\route.exe" print
        5⤵
        
        PID:4248
      - C:\Windows\SysWOW64\ROUTE.EXE
        
        C:\Windows\system32\route.exe print
        6⤵
        
        PID:1948
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    PID:1504
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1256
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:116
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1992
- - C:\Windows\SysWOW64\ping.exe
    ping 8.8.8.8 -n 1
    3⤵
    - Runs ping.exe
    PID:4904
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1168
  - - C:\Windows\SysWOW64\netsh.exe
      "C:\Windows\system32\netsh.exe" wlan show networks mode=Bssid
      4⤵
      PID:7320
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    PID:916
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    PID:3916
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2804
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1928
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4812
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:6000
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4132
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "netstat -nao"
    3⤵
    PID:732
  - - C:\Windows\SysWOW64\NETSTAT.EXE
      netstat -nao
      4⤵
      Gathers network information
      PID:3060
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    - Modifies registry class
    - Suspicious use of SetWindowsHookEx
    PID:5780
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:7580
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:7528
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4544
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:8080
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6512
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4324
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6908
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "netstat -r"
    3⤵
    PID:7240
  - - C:\Windows\SysWOW64\NETSTAT.EXE
      netstat -r
      4⤵
      Gathers network information
      PID:8116
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Windows\system32\route.exe" print
        5⤵
        
        PID:7320
      - C:\Windows\SysWOW64\ROUTE.EXE
        
        C:\Windows\system32\route.exe print
        6⤵
        
        PID:6020
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5184
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:5340
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    PID:4584
- - C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\khlrftpaxlucchie.exe
    "C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\khlrftpaxlucchie.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\khlrftpaxlucchie" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2676 --field-trial-handle=1940,i,804314678898241993,11417674933964616333,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:6068
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4020
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6904
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "netsh lan show profiles"
    3⤵
    PID:8152
  - - C:\Windows\SysWOW64\netsh.exe
      netsh lan show profiles
      4⤵
      PID:6200
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "ipconfig /all"
    3⤵
    PID:4496
  - - C:\Windows\SysWOW64\ipconfig.exe
      ipconfig /all
      4⤵
      Gathers network information
      PID:7528
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:2216
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1788
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:4792
  - - C:\Windows\SysWOW64\tasklist.exe
      tasklist
      4⤵
      Enumerates processes with tasklist
      PID:6728
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:7460
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:7768
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:8128
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6988
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:7876
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6368
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6968
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:4508
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6800
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:2176
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4220
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:2232
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4100
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6704
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1720
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:7388
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6960
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4248
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1504
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:2724
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4792
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6400
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4992
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1536
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:5360
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3664
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:8116
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6852
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:7108
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:5584
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:7560
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:7484
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6024
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4276
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:7636
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6976
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:8124
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6964
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:220
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1460
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6832
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6152
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5068
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1196
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4856
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6620
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4228
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:5696
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:7620
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:8168
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5396
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6432
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6384
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:7100
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1616
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3984
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:5812
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4000
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:5160
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6316
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3616
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5068
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:8184
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6824
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:7460
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5816
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:7388
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6252
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:7972
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6972
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:2684
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3316
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:7360
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4068
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4432
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:8136
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:7524
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4112
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:7224
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5208
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:7032
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1628
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:2204
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5056
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:5000
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6544
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:4968
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:7664
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4092
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6600
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3232
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:5232
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3264
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4896
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:2260
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6940
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:60
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:5992
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:6068
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:748
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5840
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4500
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4704
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6104
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6356
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:1788
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:7380
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5560
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:7880
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6456
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1084
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4800
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6252
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1648
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5292
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4616
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5272
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:7720
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6780
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3336
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4292
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6196
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6856
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:7780
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6216
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4640
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6104
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:7344
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6356
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6572
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6312
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:216
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6412
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3268
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:8172
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:5820
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:7092
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:2940
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1056
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:5776
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3264
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4720
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:7208
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:7128
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:7908
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4244
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5508
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6284
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3616
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:7384
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:7160
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:7152
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5436
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6824
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4288
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4584
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5944
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6412
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6716
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:5596
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5684
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4328
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1820
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3804
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:760
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:8044
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3336
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1460
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:7780
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3412
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5636
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6744
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:7096
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1164
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:7904
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4916
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:7108
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:856
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6796
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4796
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:7196
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4720
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:2164
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1700
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:8120
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:7880
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6308
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:744
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:7424
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3408
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3312
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:7412
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5192
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:2316
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:7260
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6900
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3568
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6976
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:2172
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1748
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3948
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:7192
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:8020
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:5216
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4736
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6184
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6388
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:7256
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:2200
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6240
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6656
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6308
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6820
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:5344
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6984
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:8168
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3984
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:5212
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6140
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6808
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:7200
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:5528
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:7060
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:2296
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5420
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3912
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4232
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6680
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5048
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:2796
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4636
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:7172
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3944
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:448
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5556
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6312
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:9156
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:5544
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:8560
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:5256
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6652
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4124
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:7424
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:8220
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:8692
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4424
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:744
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:5196
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6772
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4100
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6484
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:5708
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6824
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1284
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3920
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1660
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:8924
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1412
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1084
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:7144
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5828
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6420
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1704
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6992
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3220
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1236
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4828
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:5056
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:624
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3316
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:8340
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4884
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:7664
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:316

C:\Windows\SysWOW64\chcp.com
chcp
1⤵
PID:5712

C:\Windows\SysWOW64\taskkill.exe
taskkill /IM chrome.exe /F
1⤵
- Kills process with taskkill
PID:4972

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5780

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\LICENSES.chromium.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9904b46f8,0x7ff9904b4708,0x7ff9904b4718
  2⤵
  PID:5872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,9315643610398126616,15823548466083334838,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,9315643610398126616,15823548466083334838,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,9315643610398126616,15823548466083334838,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
  2⤵
  PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9315643610398126616,15823548466083334838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9315643610398126616,15823548466083334838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9315643610398126616,15823548466083334838,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:6572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9315643610398126616,15823548466083334838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:6564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9315643610398126616,15823548466083334838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:6552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9315643610398126616,15823548466083334838,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:7232
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,9315643610398126616,15823548466083334838,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4712 /prefetch:8
  2⤵
  PID:516
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,9315643610398126616,15823548466083334838,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4712 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6772

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5328

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost
1⤵
PID:3552

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4432

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2288

C:\Users\Admin\Downloads\setup.exe
"C:\Users\Admin\Downloads\setup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3656
- C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\khlrftpaxlucchie.exe
  C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\khlrftpaxlucchie.exe
  2⤵
  - Checks computer location settings
  - Drops startup file
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks processor information in registry
  PID:5060
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "chcp"
    3⤵
    PID:7488
  - - C:\Windows\SysWOW64\chcp.com
      chcp
      4⤵
      PID:7956
- - C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\khlrftpaxlucchie.exe
    "C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\khlrftpaxlucchie.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\khlrftpaxlucchie" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1960 --field-trial-handle=1964,i,16846067100345316306,2196408112774231069,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:7632
- - C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\khlrftpaxlucchie.exe
    "C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\khlrftpaxlucchie.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\khlrftpaxlucchie" --mojo-platform-channel-handle=2172 --field-trial-handle=1964,i,16846067100345316306,2196408112774231069,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:6632
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:7808
  - - C:\Windows\SysWOW64\tasklist.exe
      tasklist
      4⤵
      Enumerates processes with tasklist
      PID:5308
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F"
    3⤵
    PID:4988
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:916
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /IM msedge.exe /F
      4⤵
      Kills process with taskkill
      PID:5476
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"
    3⤵
    PID:1320
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /IM chrome.exe /F
      4⤵
      Kills process with taskkill
      PID:7732
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:2676
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:7904
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "netstat -r"
    3⤵
    PID:2812
  - - C:\Windows\SysWOW64\NETSTAT.EXE
      netstat -r
      4⤵
      Gathers network information
      PID:7680
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Windows\system32\route.exe" print
        5⤵
        
        PID:5584
      - C:\Windows\SysWOW64\ROUTE.EXE
        
        C:\Windows\system32\route.exe print
        6⤵
        
        PID:6520
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "netstat -nao"
    3⤵
    PID:6240
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:6564
  - - C:\Windows\SysWOW64\NETSTAT.EXE
      netstat -nao
      4⤵
      Gathers network information
      Suspicious behavior: EnumeratesProcesses
      PID:116
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    PID:6660
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3916
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:7100
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    PID:6644
- - C:\Windows\SysWOW64\ping.exe
    ping 8.8.8.8 -n 1
    3⤵
    - Runs ping.exe
    PID:6748
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    PID:7856
  - - C:\Windows\SysWOW64\netsh.exe
      "C:\Windows\system32\netsh.exe" wlan show networks mode=Bssid
      4⤵
      PID:6512
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    PID:6948
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    PID:1068
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    PID:924
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    PID:6252
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    PID:3348
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    PID:732
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    PID:3848
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:7348
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6412
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "netstat -r"
    3⤵
    PID:7484
  - - C:\Windows\SysWOW64\NETSTAT.EXE
      netstat -r
      4⤵
      Gathers network information
      PID:7136
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Windows\system32\route.exe" print
        5⤵
        
        PID:4676
      - C:\Windows\SysWOW64\ROUTE.EXE
        
        C:\Windows\system32\route.exe print
        6⤵
        
        PID:7880
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    PID:7088
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4968
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:208
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "netsh lan show profiles"
    3⤵
    PID:1460
  - - C:\Windows\SysWOW64\netsh.exe
      netsh lan show profiles
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3916
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "ipconfig /all"
    3⤵
    PID:6944
  - - C:\Windows\SysWOW64\ipconfig.exe
      ipconfig /all
      4⤵
      Gathers network information
      PID:4760
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:7340
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3928
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:6556
  - - C:\Windows\SysWOW64\tasklist.exe
      tasklist
      4⤵
      Enumerates processes with tasklist
      PID:6220
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6344
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:7692
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3716
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:960
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6268
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:2164
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:7708
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:7252
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6952
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:7164
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6980
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:2456
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6472
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:7304
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:6988
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1688
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4904
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:7032
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:8072
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:8164
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5608
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:7696
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:7660
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3348
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4324
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:7092
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3860
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:2292
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5812
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:7772
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:7536
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:7764
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3508
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6652
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:7064
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:8080
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1628
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6492
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:7684
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:7980
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:7880
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4276
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:8084
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:7320
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6864
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6800
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:2260
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6400
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:116
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1944
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5388
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:5360
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:7172
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3508
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4504
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:7116
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6848
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6572
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:7768
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:7680
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5344
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1364
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4616
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:5300
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4332
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:8148
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:7992
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6500
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6068
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1168
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5964
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6220
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:8144
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6420
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:7904
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:7508
- - C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\khlrftpaxlucchie.exe
    "C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\khlrftpaxlucchie.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\khlrftpaxlucchie" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=836 --field-trial-handle=1964,i,16846067100345316306,2196408112774231069,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:7696
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6264
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3276
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:7136
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:7660
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:8
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3912
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5808
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6968
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3924
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1888
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6660
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6540
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6232
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:2032
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3116
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3412
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:764
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:5208
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:7160
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:8164
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:8036
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:7684
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:8160
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:5336
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:7424
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:5048
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:2380
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6656
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1600
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3804
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6260
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6568
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4724
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:8128
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6640
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:7192
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3116
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1892
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:7096
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:8100
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5224
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6268
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4224
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6784
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:2520
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6948
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5288
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4276
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3432
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:5980
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4484
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:2076
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:692
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:5124
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3372
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:7312
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:7992
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3004
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6836
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:5644
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4820
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:7080
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:8164
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1164
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6168
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6124
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5312
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:5276
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3276
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6548
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:7404
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:2936
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5176
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1284
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3816
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:7164
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4824
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6820
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5488
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:2368
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5388
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:7212
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4844
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6828
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:368
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6712
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6116
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:7336
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:7508
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6136
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5884
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:2492
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6404
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:2912
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:7412
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4748
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4504
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:2316
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5432
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6496
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:7404
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:2192
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5492
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6392
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:2168
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3212
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:8036
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:7600
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1960
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4484
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:7312
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4832
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:2076
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1952
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1708
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:7296
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:7312
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:7424
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5984
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:7028
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:2824
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6768
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:7404
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3268
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3696
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1320
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1948
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:828
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6640
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6380
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:7736
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1680
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6536
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1756
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6172
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:452
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:2768
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3760
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:7192
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3112
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4148
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4480
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5324
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1748
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6656
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1012
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5320
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:7844
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5028
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:8388
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:8528
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:5696
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1760
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:7972
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6388
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:8904
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:8112
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:2892
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6520
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:5304
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1760
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4244
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:8692
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:5632
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:8908
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:5220
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:8116
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:7476
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6844
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1464
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:8900
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3444
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5696
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6592
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1268
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6988
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:8360
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:7888
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4148
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6312
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1912
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3060
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3440
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:7312
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:7124
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:2796
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:8708
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:7240

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:6404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff975359758,0x7ff975359768,0x7ff975359778
  2⤵
  PID:6436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2020 --field-trial-handle=2452,i,9008712537483287282,8875738299972925638,131072 /prefetch:8
  2⤵
  PID:6148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3188 --field-trial-handle=2452,i,9008712537483287282,8875738299972925638,131072 /prefetch:1
  2⤵
  PID:5128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3156 --field-trial-handle=2452,i,9008712537483287282,8875738299972925638,131072 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1932 --field-trial-handle=2452,i,9008712537483287282,8875738299972925638,131072 /prefetch:8
  2⤵
  PID:6324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1780 --field-trial-handle=2452,i,9008712537483287282,8875738299972925638,131072 /prefetch:2
  2⤵
  PID:6388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4712 --field-trial-handle=2452,i,9008712537483287282,8875738299972925638,131072 /prefetch:1
  2⤵
  PID:1256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4824 --field-trial-handle=2452,i,9008712537483287282,8875738299972925638,131072 /prefetch:8
  2⤵
  PID:7516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4952 --field-trial-handle=2452,i,9008712537483287282,8875738299972925638,131072 /prefetch:8
  2⤵
  PID:7548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5280 --field-trial-handle=2452,i,9008712537483287282,8875738299972925638,131072 /prefetch:8
  2⤵
  PID:7808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4980 --field-trial-handle=2452,i,9008712537483287282,8875738299972925638,131072 /prefetch:1
  2⤵
  PID:7920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4984 --field-trial-handle=2452,i,9008712537483287282,8875738299972925638,131072 /prefetch:1
  2⤵
  PID:7472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 --field-trial-handle=2452,i,9008712537483287282,8875738299972925638,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:7800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5348 --field-trial-handle=2452,i,9008712537483287282,8875738299972925638,131072 /prefetch:8
  2⤵
  PID:7248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5928 --field-trial-handle=2452,i,9008712537483287282,8875738299972925638,131072 /prefetch:8
  2⤵
  PID:3664

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:6900

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:1924

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
1⤵
PID:2288

C:\Users\Admin\Downloads\setup.exe
"C:\Users\Admin\Downloads\setup.exe"
1⤵
PID:7680
- C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\khlrftpaxlucchie.exe
  C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\khlrftpaxlucchie.exe
  2⤵
  PID:440
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "chcp"
    3⤵
    PID:6184
  - - C:\Windows\SysWOW64\chcp.com
      chcp
      4⤵
      PID:1464
- - C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\khlrftpaxlucchie.exe
    "C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\khlrftpaxlucchie.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\khlrftpaxlucchie" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1972 --field-trial-handle=1976,i,2121136003081765932,3823865363330007460,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:2936
- - C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\khlrftpaxlucchie.exe
    "C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\khlrftpaxlucchie.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\khlrftpaxlucchie" --mojo-platform-channel-handle=2164 --field-trial-handle=1976,i,2121136003081765932,3823865363330007460,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:3356
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:7068
  - - C:\Windows\SysWOW64\tasklist.exe
      tasklist
      4⤵
      Enumerates processes with tasklist
      PID:7552
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6656
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:5588
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "netstat -r"
    3⤵
    PID:8028
  - - C:\Windows\SysWOW64\NETSTAT.EXE
      netstat -r
      4⤵
      Gathers network information
      PID:6936
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Windows\system32\route.exe" print
        5⤵
        
        PID:2420
      - C:\Windows\SysWOW64\ROUTE.EXE
        
        C:\Windows\system32\route.exe print
        6⤵
        
        PID:5788
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    PID:7540
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    PID:7980
  - - C:\Windows\SysWOW64\netsh.exe
      "C:\Windows\system32\netsh.exe" wlan show networks mode=Bssid
      4⤵
      PID:6056
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    PID:6980
- - C:\Windows\SysWOW64\ping.exe
    ping 8.8.8.8 -n 1
    3⤵
    - Runs ping.exe
    PID:5652
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    PID:6380
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    PID:7240
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    PID:1628
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1468
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:644
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    PID:8060
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    PID:6508
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    PID:6168
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    PID:2168
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "netstat -nao"
    3⤵
    PID:7416
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5528
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6484
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "netstat -r"
    3⤵
    PID:7636
  - - C:\Windows\SysWOW64\NETSTAT.EXE
      netstat -r
      4⤵
      Gathers network information
      PID:1260
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Windows\system32\route.exe" print
        5⤵
        
        PID:732
      - C:\Windows\SysWOW64\ROUTE.EXE
        
        C:\Windows\system32\route.exe print
        6⤵
        
        PID:7496
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:7216
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3888
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    PID:5320
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1428
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3944
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "netsh lan show profiles"
    3⤵
    PID:7584
  - - C:\Windows\SysWOW64\netsh.exe
      netsh lan show profiles
      4⤵
      PID:7108
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "ipconfig /all"
    3⤵
    PID:3696
  - - C:\Windows\SysWOW64\ipconfig.exe
      ipconfig /all
      4⤵
      Gathers network information
      PID:3984
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:7424
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6180
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:900
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1700
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:7408
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1080
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5860
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:2428
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6480
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:7600
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:2296
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4584
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6580
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6484
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6860
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:7972
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4508
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3848
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6348
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:624
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:7980
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:5808
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4616
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6348
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:5388
  - - C:\Windows\SysWOW64\tasklist.exe
      tasklist
      4⤵
      Enumerates processes with tasklist
      PID:1260
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6024
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4828
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1880
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3948
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3904
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:8692
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:7580
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:7476
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:8728
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:7736
- - C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\khlrftpaxlucchie.exe
    "C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\khlrftpaxlucchie.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\khlrftpaxlucchie" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3016 --field-trial-handle=1976,i,2121136003081765932,3823865363330007460,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:8260
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6312
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3664
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6876
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1536
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4552
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:8504
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5192
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:8996
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:8268
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6980
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:1900
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:2168
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5828
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:2100
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3316
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1968
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:8568
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:2252
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:216
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:7980
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6312
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:8352
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:9016
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4612
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:8736
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:8800
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:7588
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:5000
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5096
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:9068
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:7204
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6468
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:7416
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:5524

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5416
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  PID:2004
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2004.0.321156470\1987790853" -parentBuildID 20221007134813 -prefsHandle 1868 -prefMapHandle 1860 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7dcdcdf0-6928-44c1-915c-0b99b7a68c9c} 2004 "\\.\pipe\gecko-crash-server-pipe.2004" 1948 254b15f0b58 gpu
    3⤵
    PID:2376
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2004.1.417889671\389390963" -parentBuildID 20221007134813 -prefsHandle 2336 -prefMapHandle 2332 -prefsLen 20974 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f8ab186-099e-4d1b-acd8-f09385347a9e} 2004 "\\.\pipe\gecko-crash-server-pipe.2004" 2348 254a4c6fe58 socket
    3⤵
    PID:5428
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2004.2.158522339\502309986" -childID 1 -isForBrowser -prefsHandle 3104 -prefMapHandle 3120 -prefsLen 21077 -prefMapSize 232675 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {60bdf6d4-f24c-4e0b-95f1-39462db23a5a} 2004 "\\.\pipe\gecko-crash-server-pipe.2004" 3096 254b56d6a58 tab
    3⤵
    PID:4432
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2004.3.989000048\1526573843" -childID 2 -isForBrowser -prefsHandle 1244 -prefMapHandle 1120 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a1d8c615-e44f-4be0-a47a-8e51f7c5e2d4} 2004 "\\.\pipe\gecko-crash-server-pipe.2004" 1252 254a4c6a258 tab
    3⤵
    PID:7536
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2004.4.1061147696\1861402357" -childID 3 -isForBrowser -prefsHandle 4428 -prefMapHandle 4424 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1680d66a-fb26-4128-a97f-49a2e3974b6f} 2004 "\\.\pipe\gecko-crash-server-pipe.2004" 4436 254b15f0858 tab
    3⤵
    PID:8108
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2004.7.1965379568\6303593" -childID 6 -isForBrowser -prefsHandle 5416 -prefMapHandle 5420 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {639fa3ef-d1cf-42b9-a869-73db2425edad} 2004 "\\.\pipe\gecko-crash-server-pipe.2004" 5408 254b7347658 tab
    3⤵
    PID:4128
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2004.6.579538093\1786795376" -childID 5 -isForBrowser -prefsHandle 5224 -prefMapHandle 5228 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {027845cc-b85d-48e7-b768-987c643d4d89} 2004 "\\.\pipe\gecko-crash-server-pipe.2004" 5216 254b5641c58 tab
    3⤵
    PID:6132
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2004.5.1576494337\2135382523" -childID 4 -isForBrowser -prefsHandle 5064 -prefMapHandle 5056 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {778d2041-309f-488b-b724-ae005ef5cf2e} 2004 "\\.\pipe\gecko-crash-server-pipe.2004" 5080 254b5641658 tab
    3⤵
    PID:8004
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2004.8.1252270866\1423341804" -childID 7 -isForBrowser -prefsHandle 6128 -prefMapHandle 2724 -prefsLen 26656 -prefMapSize 232675 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {adc94fe1-9a0c-4eaf-840f-d42b67437082} 2004 "\\.\pipe\gecko-crash-server-pipe.2004" 2736 254b4dae858 tab
    3⤵
    PID:7940
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2004.9.54078466\1233555751" -parentBuildID 20221007134813 -prefsHandle 6272 -prefMapHandle 6268 -prefsLen 27133 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a27a8df6-7a57-4525-bb4c-649e19145a57} 2004 "\\.\pipe\gecko-crash-server-pipe.2004" 6336 254b948de58 rdd
    3⤵
    PID:5596
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2004.10.1397307942\519280819" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6388 -prefMapHandle 6384 -prefsLen 27133 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {615061bc-33f3-4509-9b0e-f6947b4e179b} 2004 "\\.\pipe\gecko-crash-server-pipe.2004" 6284 254b948f358 utility
    3⤵
    PID:7504

C:\Windows\SysWOW64\NETSTAT.EXE
netstat -nao
1⤵
- Gathers network information
PID:2320
- C:\Windows\SysWOW64\NETSTAT.EXE
  netstat -nao
  2⤵
  - Gathers network information
  PID:828

C:\Users\Admin\Downloads\setup.exe
"C:\Users\Admin\Downloads\setup.exe"
1⤵
PID:5768
- C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\khlrftpaxlucchie.exe
  C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\khlrftpaxlucchie.exe
  2⤵
  PID:4936
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "chcp"
    3⤵
    PID:6996
  - - C:\Windows\SysWOW64\chcp.com
      chcp
      4⤵
      PID:1952
- - C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\khlrftpaxlucchie.exe
    "C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\khlrftpaxlucchie.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\khlrftpaxlucchie" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1984 --field-trial-handle=1988,i,11754762915045245341,7291074549241798779,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:5564
- - C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\khlrftpaxlucchie.exe
    "C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\khlrftpaxlucchie.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\khlrftpaxlucchie" --mojo-platform-channel-handle=2208 --field-trial-handle=1988,i,11754762915045245341,7291074549241798779,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:2380
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:1080
  - - C:\Windows\SysWOW64\tasklist.exe
      tasklist
      4⤵
      Enumerates processes with tasklist
      PID:5448
- - C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\khlrftpaxlucchie.exe
    "C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\khlrftpaxlucchie.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\khlrftpaxlucchie" --mojo-platform-channel-handle=2564 --field-trial-handle=1988,i,11754762915045245341,7291074549241798779,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:4480
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:3316
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6836
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "netstat -r"
    3⤵
    PID:5568
  - - C:\Windows\SysWOW64\NETSTAT.EXE
      netstat -r
      4⤵
      Gathers network information
      PID:4992
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Windows\system32\route.exe" print
        5⤵
        
        PID:9168
      - C:\Windows\SysWOW64\ROUTE.EXE
        
        C:\Windows\system32\route.exe print
        6⤵
        
        PID:8736
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5552
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:8540
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    PID:5944
- - C:\Windows\SysWOW64\ping.exe
    ping 8.8.8.8 -n 1
    3⤵
    - Runs ping.exe
    PID:6440
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    PID:1900
  - - C:\Windows\SysWOW64\netsh.exe
      "C:\Windows\system32\netsh.exe" wlan show networks mode=Bssid
      4⤵
      PID:7260
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    PID:7540
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    PID:9024
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    PID:4292
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    PID:116
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    PID:4216
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    PID:8104
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    PID:2804
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    PID:3888
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "netstat -nao"
    3⤵
    PID:8460
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5696
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:8728
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "netstat -r"
    3⤵
    PID:7588
  - - C:\Windows\SysWOW64\NETSTAT.EXE
      netstat -r
      4⤵
      Gathers network information
      PID:856
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Windows\system32\route.exe" print
        5⤵
        
        PID:3232
      - C:\Windows\SysWOW64\ROUTE.EXE
        
        C:\Windows\system32\route.exe print
        6⤵
        
        PID:8972
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:7476
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3784
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    PID:4220
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:8976
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:8684
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "netsh lan show profiles"
    3⤵
    PID:7588
  - - C:\Windows\SysWOW64\netsh.exe
      netsh lan show profiles
      4⤵
      PID:2252
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "ipconfig /all"
    3⤵
    PID:8116
  - - C:\Windows\SysWOW64\ipconfig.exe
      ipconfig /all
      4⤵
      Gathers network information
      PID:3460
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:9012
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1736
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:8992
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:8252
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6256
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:7768
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5336
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4416
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6304
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:8280
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:7424
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:8580
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:8996
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:8432
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6108
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:2444
- - C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\khlrftpaxlucchie.exe
    "C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\khlrftpaxlucchie.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\khlrftpaxlucchie" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2780 --field-trial-handle=1988,i,11754762915045245341,7291074549241798779,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:4524
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:2696
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:8340
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5696
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:2676
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:7012
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:2192
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:8508
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:5056
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4124
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6496

C:\Users\Admin\Downloads\setup.exe
"C:\Users\Admin\Downloads\setup.exe"
1⤵
PID:4560
- C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\khlrftpaxlucchie.exe
  C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\khlrftpaxlucchie.exe
  2⤵
  PID:5764
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "chcp"
    3⤵
    PID:5280
  - - C:\Windows\SysWOW64\chcp.com
      chcp
      4⤵
      PID:4444
- - C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\khlrftpaxlucchie.exe
    "C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\khlrftpaxlucchie.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\khlrftpaxlucchie" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1980 --field-trial-handle=1984,i,8951952513345275903,84541854113823161,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:5416
- - C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\khlrftpaxlucchie.exe
    "C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\khlrftpaxlucchie.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\khlrftpaxlucchie" --mojo-platform-channel-handle=2208 --field-trial-handle=1984,i,8951952513345275903,84541854113823161,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:1468
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:6952
  - - C:\Windows\SysWOW64\tasklist.exe
      tasklist
      4⤵
      Enumerates processes with tasklist
      PID:6812
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6652
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6880
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "netstat -r"
    3⤵
    PID:4220
  - - C:\Windows\SysWOW64\NETSTAT.EXE
      netstat -r
      4⤵
      Gathers network information
      PID:6596
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Windows\system32\route.exe" print
        5⤵
        
        PID:3648
      - C:\Windows\SysWOW64\ROUTE.EXE
        
        C:\Windows\system32\route.exe print
        6⤵
        
        PID:7628
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    PID:5424
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6712
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4636
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    PID:7220
- - C:\Windows\SysWOW64\ping.exe
    ping 8.8.8.8 -n 1
    3⤵
    - Runs ping.exe
    PID:6772
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    PID:3220
  - - C:\Windows\SysWOW64\netsh.exe
      "C:\Windows\system32\netsh.exe" wlan show networks mode=Bssid
      4⤵
      PID:8576
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    PID:7436
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    PID:5156
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    PID:2516
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    PID:2796
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    PID:4712
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    PID:3912
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    PID:7044
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "netstat -nao"
    3⤵
    PID:2320
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:9192
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:2720
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "netstat -r"
    3⤵
    PID:8964
  - - C:\Windows\SysWOW64\NETSTAT.EXE
      netstat -r
      4⤵
      Gathers network information
      PID:9052
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Windows\system32\route.exe" print
        5⤵
        
        PID:9076
      - C:\Windows\SysWOW64\ROUTE.EXE
        
        C:\Windows\system32\route.exe print
        6⤵
        
        PID:9108
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:9148
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:8584
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    PID:9140
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5976
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:2836
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6172
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:7328
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:8988
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:9100
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "netsh lan show profiles"
    3⤵
    PID:1948
  - - C:\Windows\SysWOW64\netsh.exe
      netsh lan show profiles
      4⤵
      PID:8300
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "ipconfig /all"
    3⤵
    PID:5436
  - - C:\Windows\SysWOW64\ipconfig.exe
      ipconfig /all
      4⤵
      Gathers network information
      PID:8344
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:9020
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:9124
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:5504
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6412
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6500
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6160
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:924
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1136
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:916
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:392
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6076
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:8824
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:4964
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1896
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:7760
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:7112
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:8028
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6264
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:2320
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:8804
- - C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\khlrftpaxlucchie.exe
    "C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\khlrftpaxlucchie.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\khlrftpaxlucchie" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2776 --field-trial-handle=1984,i,8951952513345275903,84541854113823161,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:1876
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:9104
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:1788
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6236
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:4324
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:2292
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:6268
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:208
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:3332
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
    3⤵
    PID:6536
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      PID:5436

C:\Users\Admin\Downloads\setup.exe
"C:\Users\Admin\Downloads\setup.exe"
1⤵
PID:1012
- C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\khlrftpaxlucchie.exe
  C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\khlrftpaxlucchie.exe
  2⤵
  PID:6984
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "chcp"
    3⤵
    PID:9204
  - - C:\Windows\SysWOW64\chcp.com
      chcp
      4⤵
      PID:5424
- - C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\khlrftpaxlucchie.exe
    "C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\khlrftpaxlucchie.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\khlrftpaxlucchie" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1968 --field-trial-handle=1972,i,14614090551391255174,17709479293974421850,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:8548
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:8612
  - - C:\Windows\SysWOW64\tasklist.exe
      tasklist
      4⤵
      Enumerates processes with tasklist
      PID:8968
- - C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\khlrftpaxlucchie.exe
    "C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\khlrftpaxlucchie.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\khlrftpaxlucchie" --mojo-platform-channel-handle=2196 --field-trial-handle=1972,i,14614090551391255174,17709479293974421850,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:7580

C:\Users\Admin\Downloads\setup.exe
"C:\Users\Admin\Downloads\setup.exe"
1⤵
PID:6796
- C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\khlrftpaxlucchie.exe
  C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\khlrftpaxlucchie.exe
  2⤵
  PID:7952
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "chcp"
    3⤵
    PID:916
  - - C:\Windows\SysWOW64\chcp.com
      chcp
      4⤵
      PID:7872
- - C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\khlrftpaxlucchie.exe
    "C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\khlrftpaxlucchie.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\khlrftpaxlucchie" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1960 --field-trial-handle=1964,i,14794791616386764869,2071493442661383579,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:4336
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:8348
  - - C:\Windows\SysWOW64\tasklist.exe
      tasklist
      4⤵
      Enumerates processes with tasklist
      PID:8264
- - C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\khlrftpaxlucchie.exe
    "C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\khlrftpaxlucchie.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\khlrftpaxlucchie" --mojo-platform-channel-handle=2184 --field-trial-handle=1964,i,14794791616386764869,2071493442661383579,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:4860

C:\Windows\SysWOW64\NETSTAT.EXE
netstat -nao
1⤵
- Gathers network information
PID:9116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:6480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff983349758,0x7ff983349768,0x7ff983349778
  2⤵
  PID:9188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1904 --field-trial-handle=1992,i,9940478918436596162,16164263582951508713,131072 /prefetch:8
  2⤵
  PID:5860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 --field-trial-handle=1992,i,9940478918436596162,16164263582951508713,131072 /prefetch:2
  2⤵
  PID:744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2268 --field-trial-handle=1992,i,9940478918436596162,16164263582951508713,131072 /prefetch:8
  2⤵
  PID:9024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3356 --field-trial-handle=1992,i,9940478918436596162,16164263582951508713,131072 /prefetch:1
  2⤵
  PID:4232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3160 --field-trial-handle=1992,i,9940478918436596162,16164263582951508713,131072 /prefetch:1
  2⤵
  PID:6700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4744 --field-trial-handle=1992,i,9940478918436596162,16164263582951508713,131072 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4940 --field-trial-handle=1992,i,9940478918436596162,16164263582951508713,131072 /prefetch:8
  2⤵
  PID:7844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4676 --field-trial-handle=1992,i,9940478918436596162,16164263582951508713,131072 /prefetch:8
  2⤵
  PID:5592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3492 --field-trial-handle=1992,i,9940478918436596162,16164263582951508713,131072 /prefetch:1
  2⤵
  PID:8068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5612 --field-trial-handle=1992,i,9940478918436596162,16164263582951508713,131072 /prefetch:8
  2⤵
  PID:8476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5600 --field-trial-handle=1992,i,9940478918436596162,16164263582951508713,131072 /prefetch:8
  2⤵
  PID:6076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3352 --field-trial-handle=1992,i,9940478918436596162,16164263582951508713,131072 /prefetch:8
  2⤵
  PID:8836

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:6168

C:\Users\Admin\Downloads\setup.exe
"C:\Users\Admin\Downloads\setup.exe"
1⤵
PID:6000

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

T1059

Persistence

Privilege Escalation

Defense Evasion

Web Service

T1102

Credential Access

Credentials in Files

T1081

Discovery

Process Discovery

T1057

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\5dc932d416868144\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
06beb2b179ed8d7eb726106b134ac0a1

SHA1
3d846505e0eea78a861bb4401dba44e00baa96cc

SHA256
6c5c7555020fef6e7483274ca86461be0e2683744e8bd41e6b5f65af76e89ea6

SHA512
5bbe6a5b2659561dfdbda7261f9fa993fab1b84a4dab8b074178f8cbd1107cdd1955a72a7157b5c088a0e6f9b7a65751b895d71554386c11a17249ca3064c810

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ddac128f4fdf8b7d82629d133fee00c8

SHA1
1db4242906cab3dd5a8fce538981988815db2358

SHA256
c5eae64aabefd35e202d5caa0bf0a8a5615350a0532b5d96c6f32dfe5be5e9eb

SHA512
f7ea33648d80b353df6e3c879f6986702bbf11f1cad83b3f9cd7dc9ca05f325c530dd5f85a450cd890c45ae5af1465ed71bc49720bf9f184c0a4f69a4b714e98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
79d866f1024724af9388648958cfe8b5

SHA1
bd6c6b7138012fbd8a629cb1e6e0f6e064955896

SHA256
8985483d2b3af2d51e7d13086fe292313f702017d8e2afd03228cd5961a08777

SHA512
f9cb0c3ebb4d3031bb0c9447c94a45bf9edcbbdd028b86f9761fd5c7ceb823e21573cf9f102150316571d6e3b4077475e999b8d7a2238aa3614b208a73107718

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe618f7e.TMP

Filesize
2KB

MD5
57d149b666c1d90d13f41f82c2bb6acb

SHA1
1754821cbe627b216092d229fe8a66755faee77c

SHA256
b83be486dc5af47def1cdebe9df42c6976806b091295c9e7cd32cf93bf79f041

SHA512
d5e27b23bf27ac1f8bbc84e644ee6e03bff77aba3f7ed6f12b096b08f67050999db53450789f71d445a9e87522b2db15a3e4b3b5c08abce68072a594a5ee652c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log

Filesize
1.7MB

MD5
c592e650c5bf1df0dd595f7ec9994fd5

SHA1
4cec548ffab82b29c679ba44b8e7b9c0bf9dda9f

SHA256
0975d9db4fed91606365708f96a859209f2b1519b08701959a4f52e2a9a5e1fc

SHA512
7be58b914dabf3addbf9531ff21734b466133c9e0c5662913bbad32956a3783e99429633c807ccd0552fb3b64a7a2534cddfb643a2cc2f29d2b86e5d4e3a1386

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Login Data

Filesize
46KB

MD5
6bc9721a04548688a09dba8b6544d948

SHA1
b89b8394d89eb01db1a086c94338d5ae04ddc81f

SHA256
265fb0db77344e9c70a357711bf99278c4ef24a7415a04c1587aa242d117b7b1

SHA512
a1637d119de09105debc38c36d0c25773b2ad89a78313b2271d3f6efc4674b9fdaaefb2f8551841ed1abb507a2eec33bd6f4830217de439de00232a8a71f6580

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
20KB

MD5
1019ce45ab9407ac00a52c52e6be1eee

SHA1
6aa29d8bdf104bdad35206ee8251bb81be004d91

SHA256
ff941718f39d9e0ef323cf81c32c41277041629522bb1fafa576f9b20a8db578

SHA512
d5f35a1be36f0162718bbc9793c04dc386399e10f5896df997145f3117b2abfdc52a44615e7e153a6f2253f19cbbefb51c8a5eb09f68aca93750b9cb70e9dcd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
9f7c13921eef36d2d73387eacb0f74f5

SHA1
2e05271d8c81b7f09377708fdcf599523e58e098

SHA256
3292a29a0f4557754344e7ebe0925d69c8e8b6cd4a0ea6c45bdf691999dead61

SHA512
4eb38a5b27898b49b05c8b37e5f1b71d4279657ce771445b38ba5b3888f127907014799d1adcf87a0d7d858b4feeb207ac2e70800c2cabc614a80cff7b487066

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
21bd22307def1378b398654db4997d45

SHA1
3d9a9d4179d96933e61c4e3f9644514682601282

SHA256
eecb381c37293984fec7b510aafdc43fb37839850c628bdb1d356f5e0271aadf

SHA512
1dae9d67920517eb1d09f77484629927b46f0f6763143667b8495a66aa51d9912464e52754372596f85b93088af750c65989d9931a8d9b124448d06e7b1bd714

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6dc023fe214ff8317ccd1d62005e0581

SHA1
3dc656677d58f554a2e659df7e4a4447eb5ec210

SHA256
b9c806db05368f8f2c35757c62d0d3bd1a1465fb1f2c6a488a9b34a11c4bf6bb

SHA512
6f4bd956ba40dda2be0d780fd040527f407b076f247baadbdb584f9cdb4328c26940f9661f1d352e656bab6df679e840ef2c8f9d44449ed6dfb406cc5b7037e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7b0fa35ffa45438807c72a95a1377265

SHA1
b73c1f4d8518cc8039639093979497e0221db1ca

SHA256
1b552ee41562864b60ec15f6e3510abc175a071545688b6c135697126725fe18

SHA512
2818c17d4e41bb7375a502d89ed73bedb3c6a2d04b5545b6ea983be4b178919f721638bfd105af5cd5196af9bcb916634157220b6823c86eb03c74fe27535027

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f4173fddd447b2aa1ab41a262bb430b2

SHA1
251b59ebc743a13a69fa8b893efd3ef66c28ab0d

SHA256
a1a2f4e305ce096f4f06154337ee0dd62d6506bcde40f4a1a2b0ee010b1ff6ca

SHA512
a35f0f5ca267c672e296aaeef6e4cec46b0a94e128d849540432341d35ee5b3a5b4365640ac04145f822829d583933b556b99072bb87a3888e37f664676fe560

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
678262da5a68199b4945a39e6d2469a3

SHA1
e1984dffe4979d05c563ea11cf5a06959f4ed032

SHA256
3cb3ae50eb4fe8f924c8dd61c169d5b9b626bba84c0d1a91026c9bffff813969

SHA512
b90f819dc485d757ecdc9f19c2f94d992a29943e18a1a4625b5b00302c3f3e666d3022874a25b0a36a988b5fab36c4ba20a197caac9f067896053b3e6f79fb95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8e520dea9c42fbdeb0b9374eedd85b20

SHA1
d79088115b1426d49fbf2cc9c6e6a99589e62650

SHA256
d928ec68bd1db9fec92ca3a6641393cd11b0a8025dfa9168c7b6dd6baa3917c9

SHA512
b4b3086a47be40271930c3742a689d1157081b727ab4e50c051c61b8de2da86e32c07a7b5f843e2b2ecedc22113f0846d35cab06282429f1bc18ff6c01254b52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
21a44efd295ced8e1dc5fab19dabf4bf

SHA1
c9d4f9e5bf3f9dc605f59f4add0c3678c18aa4d8

SHA256
8f1aad398b2b8840a51fcefce2b6e56e2068aa5d5fafa185359c1a84b5b90d94

SHA512
a018c8f286e70ace19554571cc4aa3b2b5a56bfd6e97f6c46a5e1ba90e37838faa942c276b4be80dad0b11556799ad2eeaec3ecd6ad6749c269e48a2218e658f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
818b5c3e3dedd95439cdab7dff338d9d

SHA1
0c756bc82f96fac6eaf09b28dc5c3c6a3e186710

SHA256
cf2fbbe41fd25019d18b67ea023b8faedcaee1ddaadc22b907b9d8f4494c37bc

SHA512
449c97be91de482f576edf461a67179fa6e9c268dbf2f3e985b4b08d8ad33226ac85b3d6d10dbb25348283c14b296504fb1a02a83ec9076ed4bc24854479036e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
742e1b0d8da713c5b6ad61da5c287ca4

SHA1
ad5bda8b74f47735c04933afb112d7e661a5bb89

SHA256
46f7e9e6a644493be1baab9c17d3273e9d8a7b78c395f3a1409d2aec22974705

SHA512
70b27832dbe0a10b919c3914d7f47040b56600ff1d5af3a13a0f897f40a6fc6b12475c31758f66ca94b9378540a4bfe899f59c764bcf581740e84e1b7705f356

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
66505208e0cbb76024e855c80a757788

SHA1
e1e58329e9f53570cddf2e2c33e8f3cada24447d

SHA256
eb1b6ba2c95871ccba008cc80c9d87b6447700e9de70dbbbdc34d35354ba7ef2

SHA512
f1b2c444b11c03a90a807ead7194bdae0ceaef6a3681890340df0a0550bf5572a62e54550d89fb7d4fb20bd77c2ea19069d3bcd6c601a7e1e373f3497b9ecacb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ceef73cedfc5981ff16fdb73a1fe5aa1

SHA1
93cfff1a62b3b53c5cb6e9b83dc965612a05231a

SHA256
6faf5ab69f10537e700aa6cbb9b9b67586b75a88b2b122832d669c09f31e5755

SHA512
80ad5a2a6f0a9b0b2e2165f9ab236c1cf4bf9615dd3b2e2ec96f93113e7bcfea3bb1f9377df9af70e2b6af58a7c94828ab6c5f4e0c26a8dc7270d9c5e7af1084

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c6b7c92ff65246b17a80b543ce70972f

SHA1
3acf41fc153c0cd85e6ec7490dc79da4d1af2192

SHA256
93b2373eb8bb8dbf4f93fd5812f265f8c1a5316b76eba1e02ea19c96789012e5

SHA512
17582be971762a2ed623e2b250df8ecb42df13381a14457c332a7d1e811a49b98780e804e44bd36c5975b8b0c5ca1a96f7d47fc5ce76d523fbca9b086e4fd926

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
6b25c20bd995cdbb15d44094b1244c20

SHA1
ebeaa4c18d79abad6865a8dd0545fadbb496a83e

SHA256
69daa09958a9bd492711900e465d915dd9c9a56124edc2281bc669ab5dabbf28

SHA512
12d0dfa7cf27e6a7d8edf6b47d45f755273f62d17c4e8bcdfa4560abfe7c615dd041aa76e7be1d194f2c769bea4a0ca49a6e9de4816951b523e8144efa5954cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a3bfd906-9b8a-496d-8041-1fc64cf2b8c7.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\passwords.db

Filesize
46KB

MD5
6bc9721a04548688a09dba8b6544d948

SHA1
b89b8394d89eb01db1a086c94338d5ae04ddc81f

SHA256
265fb0db77344e9c70a357711bf99278c4ef24a7415a04c1587aa242d117b7b1

SHA512
a1637d119de09105debc38c36d0c25773b2ad89a78313b2271d3f6efc4674b9fdaaefb2f8551841ed1abb507a2eec33bd6f4830217de439de00232a8a71f6580

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
175KB

MD5
69a5ab237e951319c94ccbaccc18f7bd

SHA1
a0c65e262037bf8a21b8f6a55c031137a7673086

SHA256
8146ebda19d1c61e2acdcc842396414a918ce129790aed84de21192276a1a269

SHA512
1c27eadeb7464c88e0c7a86e648e67dd0399edd4c6bab3a941d3ac5f4eab0e71e2dccd05da48bf9b3a48a02ba12887943537b7ceefb0e48ab3368d60971643d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
4b6c7d7ecddb1f1b42bd44b534601d82

SHA1
63dac3fd6d50c41d1ab7ced562ee0037ec0e13d1

SHA256
f14b017fcc6de11bce41283aa15f82e11ffade4b386046002ff51de2ce7644b6

SHA512
67e93248c449e05d00ee27585c258e74457702a18e347a5a731268c8f4a6229ebc50e577f8ad0ff3f68c2dac01e766bf2414c33b684b693c3ec5bf22fbe633ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
4b6c7d7ecddb1f1b42bd44b534601d82

SHA1
63dac3fd6d50c41d1ab7ced562ee0037ec0e13d1

SHA256
f14b017fcc6de11bce41283aa15f82e11ffade4b386046002ff51de2ce7644b6

SHA512
67e93248c449e05d00ee27585c258e74457702a18e347a5a731268c8f4a6229ebc50e577f8ad0ff3f68c2dac01e766bf2414c33b684b693c3ec5bf22fbe633ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
91KB

MD5
a44e3c76d988c9a4fad2b15f4829c9f6

SHA1
0429802ab1c25124ab881b5f0d3036f0a05707e9

SHA256
95493a1d082d037677bd5395c85019ff5f0cb70f9a5af6fcc578db153bca6099

SHA512
e8ccc98943f6ad72937d401321090c386f08f0f4755e1965fcc44cf62cd4fbcca58d5c5755370d62dc57470ee74df2a451464186d2415b176d9faa62eae1655a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
114KB

MD5
d41a4e36e42f6f925fd9bad753997c25

SHA1
ab3b619f11133e80054561d9085923ebdbd592a7

SHA256
0c4413f9df4770d94fd24627499cdc88cb8de183ce282bbf1824af1bf48654f2

SHA512
b6157fe49bbc1b227d555b099cf8c730d2a09810c2a5403bbcdccf0ba8a5f220390e069c9435a8b4a91f927a12e180fc30e25a4627136e7872f5b6209deaadb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe586397.TMP

Filesize
110KB

MD5
feca6b0b30db37e68d1c0afb2122cd68

SHA1
8b40b2dce0be60e8aba00662ea53569c263d9776

SHA256
59ef0dcd640b43867d6f9d24efa50532bde87737c56a6e1aca75664f691e6545

SHA512
0cbd3114304daaed72696a6a6f4deca01da96907fa33f348a684e83441c8f39a9202819bee2651fe97bd33cbf6e3cf35ccf51cd22d1e94894685acd3dc55d4af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
bdf103ecadf2098f1a4af55b65cd072a

SHA1
cd0c398d2c35946a65653d8f5be64681dff0ac96

SHA256
3026e82835ee98106040a6da7252950f518e6fb3449bfd2293d7f9abbb19918a

SHA512
ef8ec609de440269cb7597041b3df164a7d83141b038003f26b782de53c0a0de4b985576c862d7a637a6b3d8201267c45c22d726b1d76fd66793a211b81463c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3423d7e71b832850019e032730997f69

SHA1
bbc91ba3960fb8f7f2d5a190e6585010675d9061

SHA256
53770e40359b9738d8898520d7e4a57c28498edddbadf76ec4a599837aa0c649

SHA512
03d5fee4152300d6c5e9f72c059955c944c7e6d207e433e9fdd693639e63ea699a01696d7bbf56d2033fd52ad260c9ae36a2c5c888112d81bf7e04a3f273e65d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
87e4362ec4cadb09af4752e3a06e0db6

SHA1
600fa9fc0b846166b6828c557290f8bf286d6a1a

SHA256
f5891b6a21998505433fdf4f94434536a0ccc0cddbf1cb7866b65a491e039f98

SHA512
ba5d894713555a591301f21189552b76286525db30d3c54ce65e1cd58036b46380fd426b53ef1b3fa3e1284ec23e354baf4fe73aa2db03183c2795596faf801a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
81ce4dd2e62dea1d4eecdd2b568db9ea

SHA1
66d25821074e1d34a601a151f9bca0422838b08c

SHA256
4bbcc0536be6afca25f18cfcfab7360bce9a5299185a2762d97602c88855ac42

SHA512
9bfc1c91379d7cbccfec2401d7d3da5f180e837048bcbe1872bdfe780bbe3b2ba6a28c1df9a32ba9cee1603137d759394f3d3fdd1b6ad085028d5cb91420f741

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
0e78f9a3ece93ae9434c64ea2bff51dc

SHA1
a0e4c75fe32417fe2df705987df5817326e1b3b9

SHA256
5c8ce4455f2a3e5f36f30e7100f85bdd5e44336a8312278769f89f68b8d60e68

SHA512
9d1686f0b38e3326ad036c8b218b61428204910f586dccf8b62ecbed09190f7664a719a89a6fbc0ecb429aecf5dd0ec06de44be3a1510369e427bde0626fd51d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\passwords.db

Filesize
48KB

MD5
349e6eb110e34a08924d92f6b334801d

SHA1
bdfb289daff51890cc71697b6322aa4b35ec9169

SHA256
c9fd7be4579e4aa942e8c2b44ab10115fa6c2fe6afd0c584865413d9d53f3b2a

SHA512
2a635b815a5e117ea181ee79305ee1baf591459427acc5210d8c6c7e447be3513ead871c605eb3d32e4ab4111b2a335f26520d0ef8c1245a4af44e1faec44574

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
1b32e294d79cc0075c2b48004f78ad82

SHA1
2f4a996241840d8d6cd755f04211e7f3e8faac26

SHA256
21bb3d17e4a324ad6b0d417399b11d3510c501ea1c3883bf87761ae02f1b41bd

SHA512
e5cdce6eda23722b303e13daded64f0979bb23d345f77c451384f615a55590beef647c4796e2261b06e86b65676b9a127b709dd880cb9078be354ce61a648d01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Filesize
53KB

MD5
abb45709aaa5bfd6178b909954deb917

SHA1
f7a95fc7fc55c8431e4ac3907deb4a877ee0db08

SHA256
75a7f49bc75c4696aab8cad1217e931c29a25a81765a5cab5a370266bca60166

SHA512
07dd9899df0ded3851ca1e0748f1d2fcf3df7bc798fae662b415d9b6b36f17bec61c9ac2b0f50ad2de26079f8e3f13b00f4bb0a6c07f5ac268adcd7b84325b78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
15KB

MD5
3a941cec5652429d65bb8393789bc5ae

SHA1
1f5ce4af7f69e7e4808f60c08f6bf102458d46f3

SHA256
ce3865d1f2a2551dc20c43b1892afd3b6cf795533ec39c4519fc406147304e2a

SHA512
ffea9bb1f7643b6b25667256cbc1892928e9d214a816f4d7c2db5f04b092cc9dcb688d45d18c6bf00aea533f37ac0951d3a3fc81a4c8c6f750c97671e007498d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ob0k9snf.default-release\activity-stream.discovery_stream.json.tmp

Filesize
149KB

MD5
ace1eaaf6a477f0dad3466a8561f35d2

SHA1
c0df02bac1078c66a5e290245ba476e51cf5dd6f

SHA256
f835bf65cb8d1513e758168224eaed8d8cc76563631f98d712e5cb491fcea6cd

SHA512
4e295827eb811cdc68bdbf382b1d226f712aecf8dadb348dc4437f12f7c9385729f36d366c18df9a20f1eb2970327ca7cad3c9497f8a1ca35dc60245f80e07bd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ob0k9snf.default-release\cache2\doomed\18342

Filesize
8KB

MD5
0b38aaa0a640da4e677ec8de893834d5

SHA1
092624bded0ae5910f883fdd0dfbcfa13e2de8c2

SHA256
79df5b81e85bca94bb52677244bcef15c164f8a9fddb8aadeba03151025b711d

SHA512
98e80dc5a440990a565557fa79c8b3bfe2cce7c297b2cb5fafa7bd6f5e96ffe0289d53689c9393605b37f8e8f06487885b69a2acad5fe42a221fd56f138b0f5b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ob0k9snf.default-release\cache2\doomed\6785

Filesize
8KB

MD5
816db197b437f39e0ef6e720885620d4

SHA1
15eb24f5a7378449c682c47bbdf31874f0c116b0

SHA256
2d60695d433a3c32bd764d042851bad78d27ca3f02caef7d12cc771d9b8ef1b8

SHA512
220ecbe877a1e29b0a3fccf70ebc679f79b92d2b6b2db3c7360f652b47850545e89da3a710822c6a8136f42c9e79b5e66999a2451b34efa019e927628eac7018

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ob0k9snf.default-release\cache2\doomed\9668

Filesize
8KB

MD5
dfd8849c094e18ffe92318a37851ac55

SHA1
df0ca37acc8cd6900f22d0609601f6a23dd5e1d6

SHA256
422cd099b92740f51b8ab529c487e0b66759f8bd874ee3eb121a8998e5c3ec7f

SHA512
4a6e784d11b90db7ea0150aa4964ba5bf6fc50639ee3430685142cbf89244c9750df2499d658eb5bb46ad56488e2d505fc5d7412b5e806b421a373a9e0b7772e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ob0k9snf.default-release\cache2\entries\118BB2BA245AAA64B01692DF29396B97E11FC1A0

Filesize
14KB

MD5
b93fafc24d7484d502fe7765cbd24710

SHA1
b6c5c2016d047df767e8a3ec2be44b729e040e48

SHA256
05124d1b8acbfcf418db17a358fd4df4ad02ca8587a6670afb059dd7a4172624

SHA512
16917dff3b4e600b56349cd3820332b224840f87406264ab1dc3d7c4b15f26f98c8180197d4f349997791dde263f8fcd26c9c27f00fd4a3cff517ab082381930

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ob0k9snf.default-release\cache2\entries\16D9E0C9044ED45C4FDDDCDAB155AAFEACA52711

Filesize
543KB

MD5
b47d189bf85ab5c41d39e65a4b59e789

SHA1
92b229e351dcffdceb636b0d8c902572055e8d6c

SHA256
a41b0b4d437000c34e7c80612371a989757a1726eaba069091b718c39b705df1

SHA512
60b7f3eccb1aaa74b2dcbe1111aa2bb631a3758a404c4124e3eed029b0b0a4012822b5ddecc366b522d0cdb8313dae78b569efbdb3ba70f39a047cb40df2c9c4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ob0k9snf.default-release\cache2\entries\182850302482546C5D22CD8C4E47DD43952B4A28

Filesize
389KB

MD5
d707bd5b0f882002cdc8de5ab5254761

SHA1
cc1b80e8e5471cd5b479cd2bd6669962a2c33905

SHA256
2f933f5fc16e3e9b95f44a2a332b312adfeb9ed15b3bf080032d8e9fb6e7db1d

SHA512
29ae49839417b1b87efbdae930dcb85ebe06a3d65232975455f8c65bc827b251871cd1dd69da936ccd85b94dddf1b87f1744b791c64d27ef951dc3a4458ba507

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ob0k9snf.default-release\cache2\entries\45F9A6E961CFB498744CAD35331AF8FC62AB9390

Filesize
359KB

MD5
308a564b96297ce4a57bac796802f5a5

SHA1
14159cbe28f3bd081171995a580b247df069e424

SHA256
d48c7c3bb92ab29a44ea613654eca366afe6ceedb8bbae6e0ea29f2a5762fb82

SHA512
ce4ecc52962be1c31abba20cbc29d55a1df7870cfa578a9d0c8095cc14ae6bb96c5f6e6142c57d36ff419241dde7033b57395d0e55e8274ad16f243f53f1fbe8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ob0k9snf.default-release\cache2\entries\89DF642BBDA7F81071392E01C9A17A1E0EB86CE8

Filesize
88KB

MD5
3ac55ea963001e6c3ac37be775caf923

SHA1
5a3bf9ec891d268fd974cda81e48b7d3dd2986de

SHA256
eefd65f78041adec33ae665e1483a2ff9584faa49ff53f70ce303d64afff81ee

SHA512
553e4b11cdc398cc363dd758733f55a9fffe5eb337d4439da3af0e7162b511d8920cd2517961d36ae0ff7e9fd27973aea4b0f92288840ac858bab8f8b6f47515

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ob0k9snf.default-release\cache2\entries\C112B14CEC93AE26BC57D74CCFD997FAB59F44F2

Filesize
40KB

MD5
5c262800a0d9e069395b303bfe0f9655

SHA1
e4813ff2e058b5b1e3f0d87f8a05bbe26a94254e

SHA256
20f5db12d8d8f7cd917d17b31655ab1279380740e45be264c4b8c0f2a374f773

SHA512
c5a1459afb720cfaa72238d81a6654fc5ba08eac67a831fd6f4679ca7330ebd0f99d7fdb4cbc441569045b76db556f14bf6814ca0a452e88002adbc886b1c899

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ob0k9snf.default-release\cache2\entries\D8D6FDB6206A92F79F930D0CD1D4C040CBF28543

Filesize
58KB

MD5
549cb6dbbc9d56d2d0db1ac3b6752752

SHA1
183c3752036c467c777f48f87075c8598f77c35f

SHA256
83efc42dec36a3bae059fba57a4a93a8e16a47503de68c9b966c69cca4687c9d

SHA512
f11b39c3e518e7f4abb1feed888990fbae9fb5cdcc16c54bd12d489d766c0bfbe4d76970d2e7cc630bcd1387e9b86ab6c016d1043611b791b1c69cdf0eeda5ec

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ob0k9snf.default-release\cache2\entries\ED9826654AE8BD972BDE17A9E0A449D3F881E430

Filesize
14KB

MD5
a07758b04abc451eaa698e31ac95b8c9

SHA1
4b675c4459c8a0ae3cde30a322077c857aae0f56

SHA256
a8ba239e1d1496cebf2327741c51ae5a6d0ab685750e5831f98a3174be2bf7a1

SHA512
47d324a64e8c391aa9d721040ad378ad7b0088496ab7594149f731f0239d1fd80249d0035f157f11e48dcca1b837c286a28f7c499c615c471fcdcfe095781620

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ob0k9snf.default-release\jumpListCache\_irp_dmI3kpocRC+OIoNJA==.ico

Filesize
609B

MD5
6e62ae713951b6193d202ddc3d2152cf

SHA1
abf75bd80bd84ed39792adf69dddb5a8b3b84bb4

SHA256
e5dc5320473de19e5255f32d0f9f352fcc23a03c254e82511999deac249d91cd

SHA512
8dff4541bb496449c0c0e93a1c60108dff8e8f7cea437b8027ce51bc22881a687597c511df4c32cabdd1c165aeb46b89c410e58563e18c449e84eddbbfa8725b

Download Submit
C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\D3DCompiler_47.dll

Filesize
3.9MB

MD5
3b4647bcb9feb591c2c05d1a606ed988

SHA1
b42c59f96fb069fd49009dfd94550a7764e6c97c

SHA256
35773c397036b368c1e75d4e0d62c36d98139ebe74e42c1ff7be71c6b5a19fd7

SHA512
00cd443b36f53985212ac43b44f56c18bf70e25119bbf9c59d05e2358ff45254b957f1ec63fc70fb57b1726fd8f76ccfad8103c67454b817a4f183f9122e3f50

Download Submit
C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\LICENSE.electron.txt

Filesize
1KB

MD5
4d42118d35941e0f664dddbd83f633c5

SHA1
2b21ec5f20fe961d15f2b58efb1368e66d202e5c

SHA256
5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d

SHA512
3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

Download Submit
C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\LICENSES.chromium.html

Filesize
7.9MB

MD5
312446edf757f7e92aad311f625cef2a

SHA1
91102d30d5abcfa7b6ec732e3682fb9c77279ba3

SHA256
c2656201ac86438d062673771e33e44d6d5e97670c3160e0de1cb0bd5fbbae9b

SHA512
dce01f2448a49a0e6f08bbde6570f76a87dcc81179bb51d5e2642ad033ee81ae3996800363826a65485ab79085572bbace51409ae7102ed1a12df65018676333

Download Submit
C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\chrome_100_percent.pak

Filesize
124KB

MD5
acd0fa0a90b43cd1c87a55a991b4fac3

SHA1
17b84e8d24da12501105b87452f86bfa5f9b1b3c

SHA256
ccbca246b9a93fa8d4f01a01345e7537511c590e4a8efd5777b1596d10923b4b

SHA512
3e4c4f31c6c7950d5b886f6a8768077331a8f880d70b905cf7f35f74be204c63200ff4a88fa236abccc72ec0fc102c14f50dd277a30f814f35adfe5a7ae3b774

Download Submit
C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\chrome_100_percent.pak

Filesize
124KB

MD5
acd0fa0a90b43cd1c87a55a991b4fac3

SHA1
17b84e8d24da12501105b87452f86bfa5f9b1b3c

SHA256
ccbca246b9a93fa8d4f01a01345e7537511c590e4a8efd5777b1596d10923b4b

SHA512
3e4c4f31c6c7950d5b886f6a8768077331a8f880d70b905cf7f35f74be204c63200ff4a88fa236abccc72ec0fc102c14f50dd277a30f814f35adfe5a7ae3b774

Download Submit
C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\chrome_200_percent.pak

Filesize
173KB

MD5
4610337e3332b7e65b73a6ea738b47df

SHA1
8d824c9cf0a84ab902e8069a4de9bf6c1a9aaf3b

SHA256
c91abf556e55c29d1ea9f560bb17cc3489cb67a5d0c7a22b58485f5f2fbcf25c

SHA512
039b50284d28dcd447e0a486a099fa99914d29b543093cccda77bbefdd61f7b7f05bb84b2708ae128c5f2d0c0ab19046d08796d1b5a1cff395a0689ab25ccb51

Download Submit
C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\d3dcompiler_47.dll

Filesize
3.9MB

MD5
3b4647bcb9feb591c2c05d1a606ed988

SHA1
b42c59f96fb069fd49009dfd94550a7764e6c97c

SHA256
35773c397036b368c1e75d4e0d62c36d98139ebe74e42c1ff7be71c6b5a19fd7

SHA512
00cd443b36f53985212ac43b44f56c18bf70e25119bbf9c59d05e2358ff45254b957f1ec63fc70fb57b1726fd8f76ccfad8103c67454b817a4f183f9122e3f50

Download Submit
C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\ffmpeg.dll

Filesize
2.5MB

MD5
1bb0e1140ef08440ad47d80b70dbf742

SHA1
c2e4243bad76b465b5ab39865ac023db1632d6b0

SHA256
c0d9edde3864d9450744f4bc526a98608b629aeed01c6647f600802e1b1cf671

SHA512
29d71e3bd7df7014a03e26ca6ee5b59ff6e3d06096742fae5dec6282abd1f0d2f24c886a503e3a691d38cc68e0da504a7f657dcec4758b640a1a523d3eeaa57a

Download Submit
C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\ffmpeg.dll

Filesize
2.5MB

MD5
1bb0e1140ef08440ad47d80b70dbf742

SHA1
c2e4243bad76b465b5ab39865ac023db1632d6b0

SHA256
c0d9edde3864d9450744f4bc526a98608b629aeed01c6647f600802e1b1cf671

SHA512
29d71e3bd7df7014a03e26ca6ee5b59ff6e3d06096742fae5dec6282abd1f0d2f24c886a503e3a691d38cc68e0da504a7f657dcec4758b640a1a523d3eeaa57a

Download Submit
C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\ffmpeg.dll

Filesize
2.5MB

MD5
1bb0e1140ef08440ad47d80b70dbf742

SHA1
c2e4243bad76b465b5ab39865ac023db1632d6b0

SHA256
c0d9edde3864d9450744f4bc526a98608b629aeed01c6647f600802e1b1cf671

SHA512
29d71e3bd7df7014a03e26ca6ee5b59ff6e3d06096742fae5dec6282abd1f0d2f24c886a503e3a691d38cc68e0da504a7f657dcec4758b640a1a523d3eeaa57a

Download Submit
C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\ffmpeg.dll

Filesize
2.5MB

MD5
1bb0e1140ef08440ad47d80b70dbf742

SHA1
c2e4243bad76b465b5ab39865ac023db1632d6b0

SHA256
c0d9edde3864d9450744f4bc526a98608b629aeed01c6647f600802e1b1cf671

SHA512
29d71e3bd7df7014a03e26ca6ee5b59ff6e3d06096742fae5dec6282abd1f0d2f24c886a503e3a691d38cc68e0da504a7f657dcec4758b640a1a523d3eeaa57a

Download Submit
C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\icudtl.dat

Filesize
10.1MB

MD5
d89ce8c00659d8e5d408c696ee087ce3

SHA1
49fc8109960be3bb32c06c3d1256cb66dded19a8

SHA256
9dfbe0dad5c7021cfe8df7f52458c422cbc5be9e16ff33ec90665bb1e3f182de

SHA512
db097ce3eb9e132d0444df79b167a7dcb2df31effbbd3df72da3d24ae2230cc5213c6df5e575985a9918fbd0a6576e335b6ebc12b6258bc93fa205399de64c37

Download Submit
C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\khlrftpaxlucchie.exe

Filesize
131.9MB

MD5
f9c7b6cb09aa046c9a18228bb3e65a2a

SHA1
0ef99e33e65ec247dbdea8217333b0df6cd5dd86

SHA256
03e7807d548946ebcb30853302ba04a13e7bb85a2ab6ba9275793b44ea0aeada

SHA512
a47a246d3f0daf1f4322927fdd4a0842960da7ef66063d1c7e55af0678d11896f6abfd05771d1ed27bd3b922fd3428ed55c5150e93e8ae2fea96af84e5a8b7b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\khlrftpaxlucchie.exe

Filesize
131.9MB

MD5
f9c7b6cb09aa046c9a18228bb3e65a2a

SHA1
0ef99e33e65ec247dbdea8217333b0df6cd5dd86

SHA256
03e7807d548946ebcb30853302ba04a13e7bb85a2ab6ba9275793b44ea0aeada

SHA512
a47a246d3f0daf1f4322927fdd4a0842960da7ef66063d1c7e55af0678d11896f6abfd05771d1ed27bd3b922fd3428ed55c5150e93e8ae2fea96af84e5a8b7b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\khlrftpaxlucchie.exe

Filesize
131.9MB

MD5
f9c7b6cb09aa046c9a18228bb3e65a2a

SHA1
0ef99e33e65ec247dbdea8217333b0df6cd5dd86

SHA256
03e7807d548946ebcb30853302ba04a13e7bb85a2ab6ba9275793b44ea0aeada

SHA512
a47a246d3f0daf1f4322927fdd4a0842960da7ef66063d1c7e55af0678d11896f6abfd05771d1ed27bd3b922fd3428ed55c5150e93e8ae2fea96af84e5a8b7b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\khlrftpaxlucchie.exe

Filesize
131.9MB

MD5
f9c7b6cb09aa046c9a18228bb3e65a2a

SHA1
0ef99e33e65ec247dbdea8217333b0df6cd5dd86

SHA256
03e7807d548946ebcb30853302ba04a13e7bb85a2ab6ba9275793b44ea0aeada

SHA512
a47a246d3f0daf1f4322927fdd4a0842960da7ef66063d1c7e55af0678d11896f6abfd05771d1ed27bd3b922fd3428ed55c5150e93e8ae2fea96af84e5a8b7b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\libEGL.dll

Filesize
371KB

MD5
e0a5d1a5d55dffb55513acb736cef1c1

SHA1
307fc023790af5bf3d45678de985e8e9f34896f7

SHA256
aa5da4005c76cfe5195b69282b2ad249d7dc2300bbc979592bd67315fc30c669

SHA512
094e23869fd42c60f83e0f4d1a2cd1a29d2efd805ac02a01ce9700b8e7b0e39e52fe86503264a0298c85f0d02b38620f1e773f2ea981f3049aeba3104b04253f

Download Submit
C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\libGLESv2.dll

Filesize
6.4MB

MD5
44f7c21b6010048e0dcdc43d83ebd357

SHA1
d0a4dfd8dbae1a8421c3043315d78ecd84502b16

SHA256
f6259a9b9c284ee5916447dd9d0ba051c2908c9d3662d42d8bbe6ce6d65a37de

SHA512
7e03538dd8e798d0e808a8fc6e149e83de9f8404e839900f6c9535da6aac8ef4d5c31044e547dde34dcece1255fab9a9255fa069a99fcb08e49785d812b3887c

Download Submit
C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\libegl.dll

Filesize
371KB

MD5
e0a5d1a5d55dffb55513acb736cef1c1

SHA1
307fc023790af5bf3d45678de985e8e9f34896f7

SHA256
aa5da4005c76cfe5195b69282b2ad249d7dc2300bbc979592bd67315fc30c669

SHA512
094e23869fd42c60f83e0f4d1a2cd1a29d2efd805ac02a01ce9700b8e7b0e39e52fe86503264a0298c85f0d02b38620f1e773f2ea981f3049aeba3104b04253f

Download Submit
C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\libglesv2.dll

Filesize
6.4MB

MD5
44f7c21b6010048e0dcdc43d83ebd357

SHA1
d0a4dfd8dbae1a8421c3043315d78ecd84502b16

SHA256
f6259a9b9c284ee5916447dd9d0ba051c2908c9d3662d42d8bbe6ce6d65a37de

SHA512
7e03538dd8e798d0e808a8fc6e149e83de9f8404e839900f6c9535da6aac8ef4d5c31044e547dde34dcece1255fab9a9255fa069a99fcb08e49785d812b3887c

Download Submit
C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\locales\af.pak

Filesize
368KB

MD5
7e51349edc7e6aed122bfa00970fab80

SHA1
eb6df68501ecce2090e1af5837b5f15ac3a775eb

SHA256
f528e698b164283872f76df2233a47d7d41e1aba980ce39f6b078e577fd14c97

SHA512
69da19053eb95eef7ab2a2d3f52ca765777bdf976e5862e8cebbaa1d1ce84a7743f50695a3e82a296b2f610475abb256844b6b9eb7a23a60b4a9fc4eae40346d

Download Submit
C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\locales\am.pak

Filesize
599KB

MD5
2009647c3e7aed2c4c6577ee4c546e19

SHA1
e2bbacf95ec3695daae34835a8095f19a782cbcf

SHA256
6d61e5189438f3728f082ad6f694060d7ee8e571df71240dfd5b77045a62954e

SHA512
996474d73191f2d550c516ed7526c9e2828e2853fcfbe87ca69d8b1242eb0dedf04030bbca3e93236bbd967d39de7f9477c73753af263816faf7d4371f363ba3

Download Submit
C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\locales\ar.pak

Filesize
655KB

MD5
47a6d10b4112509852d4794229c0a03b

SHA1
2fb49a0b07fbdf8d4ce51a7b5a7f711f47a34951

SHA256
857fe3ab766b60a8d82b7b6043137e3a7d9f5cfb8ddd942316452838c67d0495

SHA512
5f5b280261195b8894efae9df2bece41c6c6a72199d65ba633c30d50a579f95fa04916a30db77831f517b22449196d364d6f70d10d6c5b435814184b3bcf1667

Download Submit
C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\locales\en-US.pak

Filesize
338KB

MD5
5e3813e616a101e4a169b05f40879a62

SHA1
615e4d94f69625dda81dfaec7f14e9ee320a2884

SHA256
4d207c5c202c19c4daca3fddb2ae4f747f943a8faf86a947eef580e2f2aee687

SHA512
764a271a9cfb674cce41ee7aed0ad75f640ce869efd3c865d1b2d046c9638f4e8d9863a386eba098f5dcedd20ea98bad8bca158b68eb4bdd606d683f31227594

Download Submit
C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\resources.pak

Filesize
5.0MB

MD5
7d5065ecba284ed704040fca1c821922

SHA1
095fcc890154a52ad1998b4b1e318f99b3e5d6b8

SHA256
a10c3d236246e001cb9d434a65fc3e8aa7acddddd9608008db5c5c73dee0ba1f

SHA512
521b2266e3257adaa775014f77b0d512ff91b087c2572359d68ffe633b57a423227e3d5af8ee4494538f1d09aa45ffa1fe8e979814178512c37f7088ddd7995d

Download Submit
C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\resources\app.asar

Filesize
61.5MB

MD5
cf9c54911ba8fc239f7a49e99f620ab8

SHA1
be71298669316ea7d27c2feaf003798b1f20ff5b

SHA256
2761314f8b6055ddc2137a497802bc6ad0f411e063d5a4bfdba692808f0f6995

SHA512
7b45e828c95b605e0c4d3ed644212bd50f6b7fe7c00bb7d5754d363e7497b78e92ba02a14b56f4ccdb3c55bb034677d7919d966f98db40ece7b41bf7a1429a78

Download Submit
C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\v8_context_snapshot.bin

Filesize
511KB

MD5
4f4d00247758c684c295243ddedd2948

SHA1
f8e8fc6c22fde9df1d60c329e38b38a85f96bb69

SHA256
4ea84c4465eea20b46e6ded30f711f1e0d61e15574d861b0210819abd5e895e5

SHA512
2c335672979114bd68ff6f1b1b94235fbf072fe8642cad1f7d61855b92741f0633fa0ccb77cd520be560db2d3ac75f9be08e22806487bf5d3045781e3903ad45

Download Submit
C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\vk_swiftshader.dll

Filesize
4.5MB

MD5
65a5705d95a0820740b3396851ff1751

SHA1
a692a80bafc41ba1b29ef19890f8465b3fb20dcb

SHA256
4c4b935cbb320033f504a89b1eb0a4bcb176bbd46a5981153cb1f54deb146a1c

SHA512
0c5df23b96eaf952c4a498ff6d854df2b62e7631b16c2855ed37ddbadffba3dd52e7450f2e06cf094bec2e0d70d14c87a652150766d90ec8662e03123df5942d

Download Submit
C:\Users\Admin\AppData\Local\Temp\2SQt6TPRJec96gqsTOEHKH4MQOT\vk_swiftshader.dll

Filesize
4.5MB

MD5
65a5705d95a0820740b3396851ff1751

SHA1
a692a80bafc41ba1b29ef19890f8465b3fb20dcb

SHA256
4c4b935cbb320033f504a89b1eb0a4bcb176bbd46a5981153cb1f54deb146a1c

SHA512
0c5df23b96eaf952c4a498ff6d854df2b62e7631b16c2855ed37ddbadffba3dd52e7450f2e06cf094bec2e0d70d14c87a652150766d90ec8662e03123df5942d

Download Submit
C:\Users\Admin\AppData\Local\Temp\3208c40e-c839-488b-8b8c-c91378fa1e25.tmp.node

Filesize
111KB

MD5
36111146d94870c7e0eecf12eb8df042

SHA1
d3cbb35665b294818259a14bac9aed0130ff7eec

SHA256
c4a87cd14d0ad7e692dcbdbe4be9c5dffdc890fbaceca8cb2e55207572d30a7b

SHA512
a4ec76ab856a81b6af48e114ce8818044df867580c09fd576eaec652f52418dfb01960827f5c4a1f662af2683cc6f240565265760a17cfc82dead6a80102e52a

Download Submit
C:\Users\Admin\AppData\Local\Temp\68e77498-95a0-4340-8bda-bc437ca69a38.tmp.node

Filesize
1.3MB

MD5
d8fce01c7765ef87b7a422c223931946

SHA1
593b57eda3416e4102e9c2c2d8de9420206ad8db

SHA256
04698f238ed4a7b864d8f7b8f90e63024aa558105cdba800ea4319a548237d0f

SHA512
ff01de2d38b9eb6ea6298b5acc3dd66f75509e4c5f7d670a394ccdb5b985a88fef49accce7094313f8021a195d285275538ee06c5158948a036d0264672459de

Download Submit
C:\Users\Admin\AppData\Local\Temp\6ba96654-418c-430b-9455-69f5b89f83e4.tmp.node

Filesize
1.3MB

MD5
d8fce01c7765ef87b7a422c223931946

SHA1
593b57eda3416e4102e9c2c2d8de9420206ad8db

SHA256
04698f238ed4a7b864d8f7b8f90e63024aa558105cdba800ea4319a548237d0f

SHA512
ff01de2d38b9eb6ea6298b5acc3dd66f75509e4c5f7d670a394ccdb5b985a88fef49accce7094313f8021a195d285275538ee06c5158948a036d0264672459de

Download Submit
C:\Users\Admin\AppData\Local\Temp\7c57edff-8ba6-4ae2-a28b-a12d85e6aa8f.tmp.node

Filesize
111KB

MD5
36111146d94870c7e0eecf12eb8df042

SHA1
d3cbb35665b294818259a14bac9aed0130ff7eec

SHA256
c4a87cd14d0ad7e692dcbdbe4be9c5dffdc890fbaceca8cb2e55207572d30a7b

SHA512
a4ec76ab856a81b6af48e114ce8818044df867580c09fd576eaec652f52418dfb01960827f5c4a1f662af2683cc6f240565265760a17cfc82dead6a80102e52a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Gbsdsuch_84950b0a-b8b8-446e-b94a-a56aaba2bb47\Cookies\ALL.txt

Filesize
2KB

MD5
757d888622a10547bf5d0f3a2e56900b

SHA1
918be48d22dfa7c0a0dfa3213dd3fe86df969118

SHA256
c76b7569130b6f37ac6a69de1c33b9c3ec8aaecf5efdef49f1f271b4914a8494

SHA512
b8d9922148e551b23c3b8be8741980ef2e70b859b4bb574659e10e1e8853c07476a75d87c0cc5e7593f674526d5b186cc2a6b0cb087bdf66973a9ea6f1f2a995

Download Submit
C:\Users\Admin\AppData\Local\Temp\Gbsdsuch_84950b0a-b8b8-446e-b94a-a56aaba2bb47\Cookies\GOOGLE.txt

Filesize
2KB

MD5
dc0a694fbbdfb5b669913fa05687536a

SHA1
fff23036d99566bed83854d0b59367ceda7264c3

SHA256
6d0dfd9a9c650a07357e5af4bf9529838fcb433e346321a2e608be02602344d2

SHA512
6b6cf7dd090a70b718cf4de5d04032d5ba5c3d0a96b251e4846f082f32bd691d2f23cb14081d28c1628923f8ecace48dfb99ad9a7f285386820812c11eef4d80

Download Submit
C:\Users\Admin\AppData\Local\Temp\Gbsdsuch_84950b0a-b8b8-446e-b94a-a56aaba2bb47\Found Wallets.txt

Filesize
287B

MD5
fdc403afec05173e708b1e1123b9b917

SHA1
9e21d6f8dede7b360b6b2953dea7d12c4d81ea7a

SHA256
b7779f29abc590e914b6456eda14eacb4d90210ab7d1f29873dceef73c10e010

SHA512
6e2f23c5c702587ee19d8e5d0622a1d474b274f5629514378465d465c7715710166783639dd30f7d1e1f972e42621de892202b0d36d93f563947afa8a003eac9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Gbsdsuch_84950b0a-b8b8-446e-b94a-a56aaba2bb47\Network Data.txt

Filesize
24B

MD5
931d292862beaaa29a8c3af5bca99a0d

SHA1
92b66c46853e3b1c428915ceea43ae430310b9ed

SHA256
aa1d14d29ab97bd182ddc02c7e50a3ccb5d033e15fc202ddb8b4ef73a578f24e

SHA512
0ae0037d34e5302fe487e56b4489fd81b82337f02f811ba2a66b962ecc4ce2cb5c2a5f5af840d80890ba5905613e63f3764d49c66162fddee076aac9dc476d61

Download Submit
C:\Users\Admin\AppData\Local\Temp\Gbsdsuch_84950b0a-b8b8-446e-b94a-a56aaba2bb47\WiFi Connections.txt

Filesize
108B

MD5
ce4fd67d9f8c527cd2cf3c3b70e9a3fb

SHA1
a7145da14e5940e176c64f9c3250bdd57b87c6e5

SHA256
7e40742ac42550b407190b5c6a5dc869f1a17dc20f339c5658ee049720d6cbf1

SHA512
6a7bee570e2f3a5efd5de9ec3bc4e784c31e929d7cf9bfe27fa3f22a3ddf6271cd7e7f99df6d5ca05e6be0f94478d58988690465370f07d2074d603612e2ce9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_zinaexdh.b3r.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\caf16afc-0835-430f-8f4d-fa18683b4073.tmp.node

Filesize
74KB

MD5
204aa366794b5456c9ce7ecd00c1ff91

SHA1
74db4e39dab5b0bf1aafb04bc379c12cc6a00865

SHA256
45d69edf5960606f25f05d64aaf0633d30c100c53c8e866ba57293b221cdf88e

SHA512
4e9479724a43729f18d0820f8e11e0b709e762fae88cd071ae01b3bd9bf83ea4608e6f8cbf824ab64419e6805480d73b1529f58dfe710703febc81efd9750c09

Download Submit
C:\Users\Admin\AppData\Local\Temp\f4fb1dbf-d4a3-4e24-bc40-b493fad082ac.tmp.node

Filesize
74KB

MD5
204aa366794b5456c9ce7ecd00c1ff91

SHA1
74db4e39dab5b0bf1aafb04bc379c12cc6a00865

SHA256
45d69edf5960606f25f05d64aaf0633d30c100c53c8e866ba57293b221cdf88e

SHA512
4e9479724a43729f18d0820f8e11e0b709e762fae88cd071ae01b3bd9bf83ea4608e6f8cbf824ab64419e6805480d73b1529f58dfe710703febc81efd9750c09

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\LICENSE.electron.txt

Filesize
1KB

MD5
4d42118d35941e0f664dddbd83f633c5

SHA1
2b21ec5f20fe961d15f2b58efb1368e66d202e5c

SHA256
5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d

SHA512
3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\LICENSES.chromium.html

Filesize
7.9MB

MD5
312446edf757f7e92aad311f625cef2a

SHA1
91102d30d5abcfa7b6ec732e3682fb9c77279ba3

SHA256
c2656201ac86438d062673771e33e44d6d5e97670c3160e0de1cb0bd5fbbae9b

SHA512
dce01f2448a49a0e6f08bbde6570f76a87dcc81179bb51d5e2642ad033ee81ae3996800363826a65485ab79085572bbace51409ae7102ed1a12df65018676333

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\chrome_200_percent.pak

Filesize
173KB

MD5
4610337e3332b7e65b73a6ea738b47df

SHA1
8d824c9cf0a84ab902e8069a4de9bf6c1a9aaf3b

SHA256
c91abf556e55c29d1ea9f560bb17cc3489cb67a5d0c7a22b58485f5f2fbcf25c

SHA512
039b50284d28dcd447e0a486a099fa99914d29b543093cccda77bbefdd61f7b7f05bb84b2708ae128c5f2d0c0ab19046d08796d1b5a1cff395a0689ab25ccb51

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\d3dcompiler_47.dll

Filesize
3.9MB

MD5
3b4647bcb9feb591c2c05d1a606ed988

SHA1
b42c59f96fb069fd49009dfd94550a7764e6c97c

SHA256
35773c397036b368c1e75d4e0d62c36d98139ebe74e42c1ff7be71c6b5a19fd7

SHA512
00cd443b36f53985212ac43b44f56c18bf70e25119bbf9c59d05e2358ff45254b957f1ec63fc70fb57b1726fd8f76ccfad8103c67454b817a4f183f9122e3f50

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\ffmpeg.dll

Filesize
2.5MB

MD5
1bb0e1140ef08440ad47d80b70dbf742

SHA1
c2e4243bad76b465b5ab39865ac023db1632d6b0

SHA256
c0d9edde3864d9450744f4bc526a98608b629aeed01c6647f600802e1b1cf671

SHA512
29d71e3bd7df7014a03e26ca6ee5b59ff6e3d06096742fae5dec6282abd1f0d2f24c886a503e3a691d38cc68e0da504a7f657dcec4758b640a1a523d3eeaa57a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\icudtl.dat

Filesize
10.1MB

MD5
d89ce8c00659d8e5d408c696ee087ce3

SHA1
49fc8109960be3bb32c06c3d1256cb66dded19a8

SHA256
9dfbe0dad5c7021cfe8df7f52458c422cbc5be9e16ff33ec90665bb1e3f182de

SHA512
db097ce3eb9e132d0444df79b167a7dcb2df31effbbd3df72da3d24ae2230cc5213c6df5e575985a9918fbd0a6576e335b6ebc12b6258bc93fa205399de64c37

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\khlrftpaxlucchie.exe

Filesize
131.9MB

MD5
f9c7b6cb09aa046c9a18228bb3e65a2a

SHA1
0ef99e33e65ec247dbdea8217333b0df6cd5dd86

SHA256
03e7807d548946ebcb30853302ba04a13e7bb85a2ab6ba9275793b44ea0aeada

SHA512
a47a246d3f0daf1f4322927fdd4a0842960da7ef66063d1c7e55af0678d11896f6abfd05771d1ed27bd3b922fd3428ed55c5150e93e8ae2fea96af84e5a8b7b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\libEGL.dll

Filesize
371KB

MD5
e0a5d1a5d55dffb55513acb736cef1c1

SHA1
307fc023790af5bf3d45678de985e8e9f34896f7

SHA256
aa5da4005c76cfe5195b69282b2ad249d7dc2300bbc979592bd67315fc30c669

SHA512
094e23869fd42c60f83e0f4d1a2cd1a29d2efd805ac02a01ce9700b8e7b0e39e52fe86503264a0298c85f0d02b38620f1e773f2ea981f3049aeba3104b04253f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\libGLESv2.dll

Filesize
6.4MB

MD5
44f7c21b6010048e0dcdc43d83ebd357

SHA1
d0a4dfd8dbae1a8421c3043315d78ecd84502b16

SHA256
f6259a9b9c284ee5916447dd9d0ba051c2908c9d3662d42d8bbe6ce6d65a37de

SHA512
7e03538dd8e798d0e808a8fc6e149e83de9f8404e839900f6c9535da6aac8ef4d5c31044e547dde34dcece1255fab9a9255fa069a99fcb08e49785d812b3887c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\locales\af.pak

Filesize
368KB

MD5
7e51349edc7e6aed122bfa00970fab80

SHA1
eb6df68501ecce2090e1af5837b5f15ac3a775eb

SHA256
f528e698b164283872f76df2233a47d7d41e1aba980ce39f6b078e577fd14c97

SHA512
69da19053eb95eef7ab2a2d3f52ca765777bdf976e5862e8cebbaa1d1ce84a7743f50695a3e82a296b2f610475abb256844b6b9eb7a23a60b4a9fc4eae40346d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\locales\am.pak

Filesize
599KB

MD5
2009647c3e7aed2c4c6577ee4c546e19

SHA1
e2bbacf95ec3695daae34835a8095f19a782cbcf

SHA256
6d61e5189438f3728f082ad6f694060d7ee8e571df71240dfd5b77045a62954e

SHA512
996474d73191f2d550c516ed7526c9e2828e2853fcfbe87ca69d8b1242eb0dedf04030bbca3e93236bbd967d39de7f9477c73753af263816faf7d4371f363ba3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\locales\ar.pak

Filesize
655KB

MD5
47a6d10b4112509852d4794229c0a03b

SHA1
2fb49a0b07fbdf8d4ce51a7b5a7f711f47a34951

SHA256
857fe3ab766b60a8d82b7b6043137e3a7d9f5cfb8ddd942316452838c67d0495

SHA512
5f5b280261195b8894efae9df2bece41c6c6a72199d65ba633c30d50a579f95fa04916a30db77831f517b22449196d364d6f70d10d6c5b435814184b3bcf1667

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\locales\bg.pak

Filesize
685KB

MD5
a19269683a6347e07c55325b9ecc03a4

SHA1
d42989daf1c11fcfff0978a4fb18f55ec71630ec

SHA256
ad65351a240205e881ef5c4cf30ad1bc6b6e04414343583597086b62d48d8a24

SHA512
1660e487df3f3f4ec1cea81c73dca0ab86aaf121252fbd54c7ac091a43d60e1afd08535b082efd7387c12616672e78aa52dddfca01f833abef244284482f2c76

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\locales\bn.pak

Filesize
883KB

MD5
5cdd07fa357c846771058c2db67eb13b

SHA1
deb87fc5c13da03be86f67526c44f144cc65f6f6

SHA256
01c830b0007b8ce6aca46e26d812947c3df818927b826f7d8c5ffd0008a32384

SHA512
2ac29a3aa3278bd9a8fe1ba28e87941f719b14fbf8b52e0b7dc9d66603c9c147b9496bf7be4d9e3aa0231c024694ef102dcc094c80c42be5d68d3894c488098c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\locales\ca.pak

Filesize
416KB

MD5
d259469e94f2adf54380195555154518

SHA1
d69060bbe8e765ca4dc1f7d7c04c3c53c44b8ab5

SHA256
f98b7442befc285398a5dd6a96740cba31d2f5aadadd4d5551a05712d693029b

SHA512
d0bd0201acf4f7daa84e89aa484a3dec7b6a942c3115486716593213be548657ad702ef2bc1d3d95a4a56b0f6e7c33d5375f41d6a863e4ce528f2bd6a318240e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\locales\cs.pak

Filesize
425KB

MD5
04a680847c4a66ad9f0a88fb9fb1fc7b

SHA1
2afcdf4234a9644fb128b70182f5a3df1ee05be1

SHA256
1cc44c5fbe1c0525df37c5b6267a677f79c9671f86eda75b6fc13abf5d5356eb

SHA512
3a8a409a3c34149a977dea8a4cb0e0822281aed2b0a75b02479c95109d7d51f6fb2c2772ccf1486ca4296a0ac2212094098f5ce6a1265fa6a7eb941c0cfef83e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\locales\da.pak

Filesize
386KB

MD5
1a53d374b9c37f795a462aac7a3f118f

SHA1
154be9cf05042eced098a20ff52fa174798e1fea

SHA256
d0c38eb889ee27d81183a0535762d8ef314f0fdeb90ccca9176a0ce9ab09b820

SHA512
395279c9246bd30a0e45d775d9f9c36353bd11d9463282661c2abd876bdb53be9c9b617bb0c2186592cd154e9353ea39e3feed6b21a07b6850ab8ecd57e1ed29

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\locales\de.pak

Filesize
414KB

MD5
8e6654b89ed4c1dc02e1e2d06764805a

SHA1
ff660bc85bb4a0fa3b2637050d2b2d1aecc37ad8

SHA256
61cbce9a31858ddf70cc9b0c05fb09ce7032bfb8368a77533521722465c57475

SHA512
5ac71eda16f07f3f2b939891eda2969c443440350fd88ab3a9b3180b8b1a3ecb11e79e752cf201f21b3dbfba00bcc2e4f796f347e6137a165c081e86d970ee61

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\locales\el.pak

Filesize
751KB

MD5
9528d21e8a3f5bad7ca273999012ebe8

SHA1
58cd673ce472f3f2f961cf8b69b0c8b8c01d457c

SHA256
e79c1e7a47250d88581e8e3baf78dcaf31fe660b74a1e015be0f4bafdfd63e12

SHA512
165822c49ce0bdb82f3c3221e6725dac70f53cfdad722407a508fa29605bc669fb5e5070f825f02d830e0487b28925644438305372a366a3d60b55da039633d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\locales\en-GB.pak

Filesize
336KB

MD5
d59e613e8f17bdafd00e0e31e1520d1f

SHA1
529017d57c4efed1d768ab52e5a2bc929fdfb97c

SHA256
90e585f101cf0bb77091a9a9a28812694cee708421ce4908302bbd1bc24ac6fd

SHA512
29ff3d42e5d0229f3f17bc0ed6576c147d5c61ce2bd9a2e658a222b75d993230de3ce35ca6b06f5afa9ea44cfc67817a30a87f4faf8dc3a5c883b6ee30f87210

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\locales\en-US.pak

Filesize
338KB

MD5
5e3813e616a101e4a169b05f40879a62

SHA1
615e4d94f69625dda81dfaec7f14e9ee320a2884

SHA256
4d207c5c202c19c4daca3fddb2ae4f747f943a8faf86a947eef580e2f2aee687

SHA512
764a271a9cfb674cce41ee7aed0ad75f640ce869efd3c865d1b2d046c9638f4e8d9863a386eba098f5dcedd20ea98bad8bca158b68eb4bdd606d683f31227594

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\locales\es-419.pak

Filesize
411KB

MD5
7f6696cc1e71f84d9ec24e9dc7bd6345

SHA1
36c1c44404ee48fc742b79173f2c7699e1e0301f

SHA256
d1f17508f3a0106848c48a240d49a943130b14bd0feb5ed7ae89605c7b7017d1

SHA512
b226f94f00978f87b7915004a13cdbd23de2401a8afaa2517498538967df89b735f8ecc46870c92e3022cac795218a60ad2b8fff1efad9feea4ec193704a568a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\locales\es.pak

Filesize
411KB

MD5
a36992d320a88002697da97cd6a4f251

SHA1
c1f88f391a40ccf2b8a7b5689320c63d6d42935f

SHA256
c5566b661675b613d69a507cbf98768bc6305b80e6893dc59651a4be4263f39d

SHA512
9719709229a4e8f63247b3efe004ecfeb5127f5a885234a5f78ee2b368f9e6c44eb68a071e26086e02aa0e61798b7e7b9311d35725d3409ffc0e740f3aa3b9b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\locales\et.pak

Filesize
371KB

MD5
a94e1775f91ea8622f82ae5ab5ba6765

SHA1
ff17accdd83ac7fcc630e9141e9114da7de16fdb

SHA256
1606b94aef97047863481928624214b7e0ec2f1e34ec48a117965b928e009163

SHA512
a2575d2bd50494310e8ef9c77d6c1749420dfbe17a91d724984df025c47601976af7d971ecae988c99723d53f240e1a6b3b7650a17f3b845e3daeefaaf9fe9b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\locales\fa.pak

Filesize
607KB

MD5
9d273af70eafd1b5d41f157dbfb94fdc

SHA1
da98bde34b59976d4514ff518bd977a713ea4f2e

SHA256
319d1e20150d4e3f496309ba82fce850e91378ee4b0c7119a003a510b14f878b

SHA512
0a892071bea92cc7f1a914654bc4f9da6b9c08e3cb29bb41e9094f6120ddc7a08a257c0d2b475c98e7cdcf604830e582cf2a538cc184056207f196ffc43f29ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\locales\fi.pak

Filesize
379KB

MD5
d4b776267efebdcb279162c213f3db22

SHA1
7236108af9e293c8341c17539aa3f0751000860a

SHA256
297e3647eaf9b3b95cf833d88239919e371e74cc345a2e48a5033ebe477cd54e

SHA512
1dc7d966d12e0104aacb300fd4e94a88587a347db35ad2327a046ef833fb354fd9cbe31720b6476db6c01cfcb90b4b98ce3cd995e816210b1438a13006624e8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\locales\fil.pak

Filesize
427KB

MD5
3165351c55e3408eaa7b661fa9dc8924

SHA1
181bee2a96d2f43d740b865f7e39a1ba06e2ca2b

SHA256
2630a9d5912c8ef023154c6a6fb5c56faf610e1e960af66abef533af19b90caa

SHA512
3b1944ea3cfcbe98d4ce390ea3a8ff1f6730eb8054e282869308efe91a9ddcd118290568c1fc83bd80e8951c4e70a451e984c27b400f2bde8053ea25b9620655

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\locales\fr.pak

Filesize
444KB

MD5
0bf28aff31e8887e27c4cd96d3069816

SHA1
b5313cf6b5fbce7e97e32727a3fae58b0f2f5e97

SHA256
2e1d413442def9cae2d93612e3fd04f3afaf3dd61e4ed7f86400d320af5500c2

SHA512
95172b3b1153b31fceb4b53681635a881457723cd1000562463d2f24712267b209b3588c085b89c985476c82d9c27319cb6378619889379da4fae1595cb11992

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\locales\gu.pak

Filesize
858KB

MD5
7b5f52f72d3a93f76337d5cf3168ebd1

SHA1
00d444b5a7f73f566e98abadf867e6bb27433091

SHA256
798ea5d88a57d1d78fa518bf35c5098cbeb1453d2cb02ef98cd26cf85d927707

SHA512
10c6f4faab8ccb930228c1d9302472d0752be19af068ec5917249675b40f22ab24c3e29ec3264062826113b966c401046cff70d91e7e05d8aadcc0b4e07fec9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\locales\he.pak

Filesize
531KB

MD5
6d787dc113adfb6a539674af7d6195db

SHA1
f966461049d54c61cdd1e48ef1ea0d3330177768

SHA256
a976fad1cc4eb29709018c5ffcc310793a7ceb2e69c806454717ccae9cbc4d21

SHA512
6748dad2813fc544b50ddea0481b5ace3eb5055fb2d985ca357403d3b799618d051051b560c4151492928d6d40fce9bb33b167217c020bdcc3ed4cae58f6b676

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\locales\hi.pak

Filesize
900KB

MD5
1766a05be4dc634b3321b5b8a142c671

SHA1
b959bcadc3724ae28b5fe141f3b497f51d1e28cf

SHA256
0eee8e751b5b0af1e226106beb09477634f9f80774ff30894c0f5a12b925ac35

SHA512
faec1d6166133674a56b5e38a68f9e235155cc910b5cceb3985981b123cc29eda4cd60b9313ab787ec0a8f73bf715299d9bf068e4d52b766a7ab8808bd146a39

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\locales\hr.pak

Filesize
413KB

MD5
8f9498d18d90477ad24ea01a97370b08

SHA1
3868791b549fc7369ab90cd27684f129ebd628be

SHA256
846943f77a425f3885689dcf12d62951c5b7646e68eadc533b8b5c2a1373f02e

SHA512
3c66a84592debe522f26c48b55c04198ad8a16c0dcfa05816825656c76c1c6cccf5767b009f20ecb77d5a589ee44b0a0011ec197fec720168a6c72c71ebf77fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\locales\hu.pak

Filesize
446KB

MD5
f5e1ca8a14c75c6f62d4bff34e27ddb5

SHA1
7aba6bff18bdc4c477da603184d74f054805c78f

SHA256
c0043d9fa0b841da00ec1672d60015804d882d4765a62b6483f2294c3c5b83e0

SHA512
1050f96f4f79f681b3eaf4012ec0e287c5067b75ba7a2cbe89d9b380c07698099b156a0eb2cbc5b8aa336d2daa98e457b089935b534c4d6636987e7e7e32b169

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\locales\id.pak

Filesize
365KB

MD5
7b39423028da71b4e776429bb4f27122

SHA1
cb052ab5f734d7a74a160594b25f8a71669c38f2

SHA256
3d95c5819f57a0ad06a118a07e0b5d821032edcf622df9b10a09da9aa974885f

SHA512
e40679b01ab14b6c8dfdce588f3b47bcaff55dbb1539b343f611b3fcbd1d0e7d8c347a2b928215a629f97e5f68d19c51af775ec27c6f906cac131beae646ce1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\locales\it.pak

Filesize
404KB

MD5
d58a43068bf847c7cd6284742c2f7823

SHA1
497389765143fac48af2bd7f9a309bfe65f59ed9

SHA256
265d8b1bc479ad64fa7a41424c446139205af8029a2469d558813edd10727f9c

SHA512
547a1581dda28c5c1a0231c736070d8a7b53a085a0ce643a4a1510c63a2d4670ff2632e9823cd25ae2c7cdc87fa65883e0a193853890d4415b38056cb730ab54

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\locales\ja.pak

Filesize
493KB

MD5
d10d536bcd183030ba07ff5c61bf5e3a

SHA1
44dd78dba9f098ac61222eb9647d111ad1608960

SHA256
2a3d3abc9f80bad52bd6da5769901e7b9e9f052b6a58a7cc95ce16c86a3aa85a

SHA512
c67aede9ded1100093253e350d6137ab8b2a852bd84b6c82ba1853f792e053cecd0ea0519319498aed5759bedc66d75516a4f2f7a07696a0cef24d5f34ef9dd2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\locales\kn.pak

Filesize
988KB

MD5
c548a5f1fb5753408e44f3f011588594

SHA1
e064ab403972036dad1b35abe9794e95dbe4cc00

SHA256
890f50a57b862f482d367713201e1e559ac778fc3a36322d1dfbbef2535dd9cb

SHA512
6975e4bb1a90e0906cf6266f79da6cc4ae32f72a6141943bcfcf9b33f791e9751a9aafde9ca537f33f6ba8e4d697125fbc2ec4ffd3bc35851f406567dae7e631

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\locales\ko.pak

Filesize
415KB

MD5
b4fbff56e4974a7283d564c6fc0365be

SHA1
de68bd097def66d63d5ff04046f3357b7b0e23ac

SHA256
8c9acde13edcd40d5b6eb38ad179cc27aa3677252a9cd47990eba38ad42833e5

SHA512
0698aa058561bb5a8fe565bb0bec21548e246dbb9d38f6010e9b0ad9de0f59bce9e98841033ad3122a163dd321ee4b11ed191277cdcb8e0b455d725593a88aa5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\locales\lt.pak

Filesize
446KB

MD5
980c27fd74cc3560b296fe8e7c77d51f

SHA1
f581efa1b15261f654588e53e709a2692d8bb8a3

SHA256
41e0f3619cda3b00abbbf07b9cd64ec7e4785ed4c8a784c928e582c3b6b8b7db

SHA512
51196f6f633667e849ef20532d57ec81c5f63bab46555cea8fab2963a078acdfa84843eded85c3b30f49ef3ceb8be9e4ef8237e214ef9ecff6373a84d395b407

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\locales\lv.pak

Filesize
445KB

MD5
e4f7d9e385cb525e762ece1aa243e818

SHA1
689d784379bac189742b74cd8700c687feeeded1

SHA256
523d141e59095da71a41c14aec8fe9ee667ae4b868e0477a46dd18a80b2007ef

SHA512
e4796134048cd12056d746f6b8f76d9ea743c61fee5993167f607959f11fd3b496429c3e61ed5464551fd1931de4878ab06f23a3788ee34bb56f53db25bcb6df

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\locales\ml.pak

Filesize
1.0MB

MD5
8b38c65fc30210c7af9b6fa0424266f4

SHA1
116413710ffcf94fbfa38cb97a47731e43a306f5

SHA256
e8df9a74417c5839c531d7ccab63884a80afb731cc62cbbb3fd141779086ac7d

SHA512
0fd349c644ac1a2e7ed0247e40900d3a9957f5bef1351b872710d02687c934a8e63d3a7585e91f7df78054aeff8f7abd8c93a94fcd20c799779a64278bab2097

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\locales\mr.pak

Filesize
843KB

MD5
c0ef1866167d926fb351e9f9bf13f067

SHA1
6092d04ef3ce62be44c29da5d0d3a04985e2bc04

SHA256
88df231cf2e506db3453f90a797194662a5f85e23bbac2ed3169d91a145d2091

SHA512
9e2b90f3ac1ae5744c22c2442fbcd86a8496afc2c58f6ca060d6dbb08af6f7411ef910a7c8ca5aedee99b5443d4dff709c7935e8322cb32f8b071ee59caee733

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\locales\ms.pak

Filesize
381KB

MD5
9b3e2f3c49897228d51a324ab625eb45

SHA1
8f3daec46e9a99c3b33e3d0e56c03402ccc52b9d

SHA256
61a3daae72558662851b49175c402e9fe6fd1b279e7b9028e49506d9444855c5

SHA512
409681829a861cd4e53069d54c80315e0c8b97e5db4cd74985d06238be434a0f0c387392e3f80916164898af247d17e8747c6538f08c0ef1c5e92a7d1b14f539

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\locales\nb.pak

Filesize
374KB

MD5
af0fd9179417ba1d7fcca3cc5bee1532

SHA1
f746077bbf6a73c6de272d5855d4f1ca5c3af086

SHA256
e900f6d0dd9d5a05b5297618f1fe1600c189313da931a9cb390ee42383eb070f

SHA512
c94791d6b84200b302073b09357abd2a1d7576b068bae01dccda7bc154a6487145c83c9133848ccf4cb9e6dc6c5a9d4be9d818e5a0c8f440a4e04ae8eabd4a29

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\locales\nl.pak

Filesize
385KB

MD5
181d2a0ece4b67281d9d2323e9b9824d

SHA1
e8bdc53757e96c12f3cd256c7812532dd524a0ea

SHA256
6629e68c457806621ed23aa53b3675336c3e643f911f8485118a412ef9ed14ce

SHA512
10d8cc9411ca475c9b659a2cc88d365e811217d957c82d9c144d94843bc7c7a254ee2451a6f485e92385a660fa01577cffa0d64b6e9e658a87bef8fccbbeaf7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\locales\pl.pak

Filesize
429KB

MD5
18d49d5376237bb8a25413b55751a833

SHA1
0b47a7381de61742ac2184850822c5fa2afa559e

SHA256
1729aa5c8a7e24a0db98febcc91df8b7b5c16f9b6bb13a2b0795038f2a14b981

SHA512
45344a533cc35c8ce05cf29b11da6c0f97d8854dae46cf45ef7d090558ef95c3bd5fdc284d9a7809f0b2bf30985002be2aa6a4749c0d9ae9bdff4ad13de4e570

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\locales\pt-BR.pak

Filesize
405KB

MD5
0d9dea9e24645c2a3f58e4511c564a36

SHA1
dcd2620a1935c667737eea46ca7bb2bdcb31f3a6

SHA256
ca7b880391fcd319e976fcc9b5780ea71de655492c4a52448c51ab2170eeef3b

SHA512
8fcf871f8be7727e2368df74c05ca927c5f0bc3484c4934f83c0abc98ecaf774ad7aba56e1bf17c92b1076c0b8eb9c076cc949cd5427efcade9ddf14f6b56bc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\locales\pt-PT.pak

Filesize
407KB

MD5
6a7232f316358d8376a1667426782796

SHA1
8b70fe0f3ab2d73428f19ecd376c5deba4a0bb6c

SHA256
6a526cd5268b80df24104a7f40f55e4f1068185febbbb5876ba2cb7f78410f84

SHA512
40d24b3d01e20ae150083b00bb6e10bca81737c48219bce22fa88faaad85bdc8c56ac9b1eb01854173b0ed792e34bdfbac26d3605b6a35c14cf2824c000d0da1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\locales\ro.pak

Filesize
420KB

MD5
99eaa3d101354088379771fd85159de1

SHA1
a32db810115d6dcf83a887e71d5b061b5eefe41f

SHA256
33f4c20f7910bc3e636bc3bec78f4807685153242dd4bc77648049772cf47423

SHA512
c6f87da1b5c156aa206dc21a9da3132cbfb0e12e10da7dc3b60363089de9e0124bbad00a233e61325348223fc5953d4f23e46fe47ec8e7ca07702ac73f3fd2e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\locales\ru.pak

Filesize
687KB

MD5
ab9902025dcf7d5408bf6377b046272b

SHA1
c9496e5af3e2a43377290a4883c0555e27b1f10f

SHA256
983b15dcc31d0e9a3da78cd6021e5add2a3c2247322aded9454a5d148d127aae

SHA512
d255d5f5b6b09af2cdec7b9c171eebb1de1094cc5b4ddf43a3d4310f8f5f223ac48b8da97a07764d1b44f1d4a14fe3a0c92a0ce6fe9a4ae9a6b4a342e038f842

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\locales\sk.pak

Filesize
432KB

MD5
c6c7396dbfb989f034d50bd053503366

SHA1
089f176b88235cce5bca7abfcc78254e93296d61

SHA256
439f7d6c23217c965179898754edcef8fd1248bdd9b436703bf1ff710701117a

SHA512
1476963f47b45d2d26536706b7eeba34cfae124a3087f7727c4efe0f19610f94393012cda462060b1a654827e41f463d7226afa977654dcd85b27b7f8d1528eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\locales\sl.pak

Filesize
417KB

MD5
d4bd9f20fd29519d6b017067e659442c

SHA1
782283b65102de4a0a61b901dea4e52ab6998f22

SHA256
f33afa6b8df235b09b84377fc3c90403c159c87edd8cd8004b7f6edd65c85ce6

SHA512
adf8d8ec17e8b05771f47b19e8027f88237ad61bca42995f424c1f5bd6efa92b23c69d363264714c1550b9cd0d03f66a7cfb792c3fbf9d5c173175b0a8c039dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\locales\sr.pak

Filesize
644KB

MD5
cbb817a58999d754f99582b72e1ae491

SHA1
6ec3fd06dee0b1fe5002cb0a4fe8ec533a51f9fd

SHA256
4bd7e466cb5f5b0a451e1192aa1abaaf9526855a86d655f94c9ce2183ec80c25

SHA512
efef29cedb7b08d37f9df1705d36613f423e994a041b137d5c94d2555319ffb068bb311884c9d4269b0066746dacd508a7d01df40a8561590461d5f02cb52f8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\locales\sv.pak

Filesize
376KB

MD5
502e4a8b3301253abe27c4fd790fbe90

SHA1
17abcd7a84da5f01d12697e0dffc753ffb49991a

SHA256
7d72e3adb35e13ec90f2f4271ad2a9b817a2734da423d972517f3cff299165fd

SHA512
bd270abaf9344c96b0f63fc8cec04f0d0ac9fc343ab5a80f5b47e4b13b8b1c0c4b68f19550573a1d965bb18a27edf29f5dd592944d754b80ea9684dbcedea822

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\locales\sw.pak

Filesize
394KB

MD5
39277ae2d91fdc1bd38bea892b388485

SHA1
ff787fb0156c40478d778b2a6856ad7b469bd7cb

SHA256
6d6d095a1b39c38c273be35cd09eb1914bd3a53f05180a3b3eb41a81ae31d5d3

SHA512
be2d8fbedaa957f0c0823e7beb80de570edd0b8e7599cf8f2991dc671bdcbbbe618c15b36705d83be7b6e9a0d32ec00f519fc8543b548422ca8dcf07c0548ab4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\locales\ta.pak

Filesize
1019KB

MD5
7006691481966109cce413f48a349ff2

SHA1
6bd243d753cf66074359abe28cfae75bcedd2d23

SHA256
24ea4028da66a293a43d27102012235198f42a1e271fe568c7fd78490a3ee647

SHA512
e12c0d1792a28bf4885e77185c2a0c5386438f142275b8f77317eb8a5cee994b3241bb264d9502d60bfbce9cf8b3b9f605c798d67819259f501719d054083bea

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\locales\te.pak

Filesize
942KB

MD5
f809bf5184935c74c8e7086d34ea306c

SHA1
709ab3decff033cf2fa433ecc5892a7ac2e3752e

SHA256
9bbfa7a9f2116281bf0af1e8ffb279d1aa97ac3ed9ebc80c3ade19e922d7e2d4

SHA512
de4b14dd6018fdbdf5033abda4da2cb9f5fcf26493788e35d88c07a538b84fdd663ee20255dfd9c1aac201f0cce846050d2925c55bf42d4029cb78b057930acd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\locales\th.pak

Filesize
792KB

MD5
2c41616dfe7fcdb4913cfafe5d097f95

SHA1
cf7d9e8ad3aa47d683e47f116528c0e4a9a159b0

SHA256
f11041c48831c93aa11bbf885d330739a33a42db211daccf80192668e2186ed3

SHA512
97329717e11bc63456c56022a7b7f5da730da133e3fc7b2cc660d63a955b1a639c556b857c039a004f92e5f35be61bf33c035155be0a361e3cd6d87b549df811

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\locales\tr.pak

Filesize
401KB

MD5
3a858619502c68d5f7de599060f96db9

SHA1
80a66d9b5f1e04cda19493ffc4a2f070200e0b62

SHA256
d81f28f69da0036f9d77242b2a58b4a76f0d5c54b3e26ee96872ac54d7abb841

SHA512
39a7ec0dfe62bcb3f69ce40100e952517b5123f70c70b77b4c9be3d98296772f10d3083276bc43e1db66ed4d9bfa385a458e829ca2a7d570825d7a69e8fbb5f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\locales\uk.pak

Filesize
688KB

MD5
ee70e9f3557b9c8c67bfb8dfcb51384d

SHA1
fc4dfc35cde1a00f97eefe5e0a2b9b9c0149751e

SHA256
54324671a161f6d67c790bfd29349db2e2d21f5012dc97e891f8f5268bdf7e22

SHA512
f4e1da71cb0485851e8ebcd5d5cf971961737ad238353453db938b4a82a68a6bbaf3de7553f0ff1f915a0e6640a3e54f5368d9154b0a4ad38e439f5808c05b9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\locales\ur.pak

Filesize
602KB

MD5
ff0a23974aef88afc86ecc806dbf1d60

SHA1
e7bae97cbb8692a0d106644dfaa9b7d7ea6fcef0

SHA256
f245ab242aafeef37db736c780476534fad0706aa66dcb8b6b8cd181b4778385

SHA512
aabe8160fac7e0eb8e8eb80963fe995fa4a802147d1b8f605bc0fe3f8e2474463c1d313471c11c85eb5578112232fdc8e89b8a6d43dbe38a328538ff30a78d08

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\locales\vi.pak

Filesize
476KB

MD5
3fe6f90f1f990aed508deda3810ce8c2

SHA1
3b86f00666d55e984b4aca1a5e8319ffa8f411ff

SHA256
5eebb23221aebcf0be01bfc2695f7dd35b17f6769be1e28e5610d35c9717854b

SHA512
9aa9d55f112c8b32aa636086cfd2161d97ea313cac1a44101014128124a03504c992ac8efd265aba4e91787aef7134a14507a600f5ec96ff82df950a8883828c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\locales\zh-CN.pak

Filesize
345KB

MD5
20f315d38e3b2edc5832931e7770b62a

SHA1
2390bd585dec1e884873454bb98b6f1467dcf7bb

SHA256
53a803724bbf2e7f40aab860325c348f786eeca1ea5ca39a76b4c4a616e3233f

SHA512
c338e241de3561707c7c275b7d6e0fb16185a8cd7112057c08b74ffce122148ef693fe310c839ff93f102726a78e61de3e68c8e324f445a07a98ee9c4fdd4e13

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\locales\zh-TW.pak

Filesize
341KB

MD5
524711882cbfb5b95a63ef48f884cff0

SHA1
1078037687cfc5d038eeb8b63d295239e0edc47a

SHA256
9e16499cd96a155d410c8df4c812c52ff2a750f8c4db87fd891c1e58c1428c78

SHA512
16d45a81f7f4606eda9d12a8b1da06e3c866b11bdc0c92a4022bfb8d02b885d8f028457cf23e3f7589dfd191ed7f7fbc68c81b6e1411834edfcbc9cc85e0dc4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\resources.pak

Filesize
5.0MB

MD5
7d5065ecba284ed704040fca1c821922

SHA1
095fcc890154a52ad1998b4b1e318f99b3e5d6b8

SHA256
a10c3d236246e001cb9d434a65fc3e8aa7acddddd9608008db5c5c73dee0ba1f

SHA512
521b2266e3257adaa775014f77b0d512ff91b087c2572359d68ffe633b57a423227e3d5af8ee4494538f1d09aa45ffa1fe8e979814178512c37f7088ddd7995d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\resources\app.asar

Filesize
61.5MB

MD5
cf9c54911ba8fc239f7a49e99f620ab8

SHA1
be71298669316ea7d27c2feaf003798b1f20ff5b

SHA256
2761314f8b6055ddc2137a497802bc6ad0f411e063d5a4bfdba692808f0f6995

SHA512
7b45e828c95b605e0c4d3ed644212bd50f6b7fe7c00bb7d5754d363e7497b78e92ba02a14b56f4ccdb3c55bb034677d7919d966f98db40ece7b41bf7a1429a78

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\resources\elevate.exe

Filesize
105KB

MD5
792b92c8ad13c46f27c7ced0810694df

SHA1
d8d449b92de20a57df722df46435ba4553ecc802

SHA256
9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37

SHA512
6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\snapshot_blob.bin

Filesize
214KB

MD5
916127734bc7c5b0db478191a37fc19a

SHA1
f9d868c2578f14513fcb95e109aec795c98dbba3

SHA256
e19ed7fb96e19bb5bfe791df03561d654ea5d52021c3403a2652f439a8d77801

SHA512
d291b26568572d5777b036577ddf30c1b6c6c41e9d53ef2d8af735db001ea5c568371f3907fbffc02feee628f0f29afb718ae5deb32ff245a37947a7b1b9c297

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\v8_context_snapshot.bin

Filesize
511KB

MD5
4f4d00247758c684c295243ddedd2948

SHA1
f8e8fc6c22fde9df1d60c329e38b38a85f96bb69

SHA256
4ea84c4465eea20b46e6ded30f711f1e0d61e15574d861b0210819abd5e895e5

SHA512
2c335672979114bd68ff6f1b1b94235fbf072fe8642cad1f7d61855b92741f0633fa0ccb77cd520be560db2d3ac75f9be08e22806487bf5d3045781e3903ad45

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\vk_swiftshader.dll

Filesize
4.5MB

MD5
65a5705d95a0820740b3396851ff1751

SHA1
a692a80bafc41ba1b29ef19890f8465b3fb20dcb

SHA256
4c4b935cbb320033f504a89b1eb0a4bcb176bbd46a5981153cb1f54deb146a1c

SHA512
0c5df23b96eaf952c4a498ff6d854df2b62e7631b16c2855ed37ddbadffba3dd52e7450f2e06cf094bec2e0d70d14c87a652150766d90ec8662e03123df5942d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\7z-out\vulkan-1.dll

Filesize
786KB

MD5
a947c5d8fec95a0f24b4143ced301209

SHA1
ebf3089985377a58b8431a14e22a814857287aaf

SHA256
29cb256921a1b0f222c82650469d534ccdf038d1f395b3aaa9f1086918f5d3fa

SHA512
75f5e055f4422b5558fc1cb3ea84fb7cbeaae6f71c786cc06c295d4ab51c0b1c84e28a7c89fe544f007dbe8e612bed4059139f1575934fe4bac8e538c674ebd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb4756.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\AppData\Local\Temp\nszD902.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nszD902.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nszD902.tmp\app-32.7z

Filesize
68.6MB

MD5
c2436a18ff96c9ad1a56fa5de6947915

SHA1
7755831459e387498c71f3402a22c9a50d1291c0

SHA256
2b8b4a2063d1ead1cadd49e1b74a8a26e51c95676969f19f27b126227df5b0db

SHA512
04a2d01d35db054506c75107968fa2b62deed738d51d25ea4d2b5a4da97588c67dfbb22dcf1bcb78f6e783e44b5b95d5e1bb0deba858407d80c58e1582c8739d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nszD902.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Gbsdsuch_75cff685-f3ad-4547-a490-4b2710349963\Passwords\ALL.txt

Filesize
384B

MD5
4d14bd86816a3bc0d8f40bdf8ff694aa

SHA1
e46b60bf72daca94e3ad9c305b423a414cd5d5de

SHA256
480cc6470f4ee99cf965cb2f2c903843863ce97779ca59f2c7e135fd9dcd62bb

SHA512
a74952d12cc40d02b062c64e7078c70fe1236d0425fd75989b417fd2a8eab39eae5c2b5aca6aaf75241fc7f102161230fc5f4b2347e39afb0702e5c899f39202

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ob0k9snf.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ob0k9snf.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ob0k9snf.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ob0k9snf.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ob0k9snf.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ob0k9snf.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ob0k9snf.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ob0k9snf.default-release\prefs-1.js

Filesize
9KB

MD5
8fda2d32e8f218edc028708412063a6c

SHA1
d1b9e3a5db321383eb9c15b503baba3cee0d2be2

SHA256
219c09c452fc44e62ee2f12872af893788e290ea3f4bc344a198aff7c8d4dbf1

SHA512
cc63ac6dfe27eda5a9b19de3a04cc98f343c71aee463f9a1b0a2b391f2ff19eee68ddaddaf6929212811719e10a46db60078b048d3ab0e26c829a1007f5810df

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ob0k9snf.default-release\prefs-1.js

Filesize
7KB

MD5
d9152776ef8a4017dd9a52880660b174

SHA1
1741bdbcc60f0b733d84f7784b894268e7d56c90

SHA256
accc199216511fd6e407f4e65f486ccb13bcecf4e998caaf9581e60dba2f4f8d

SHA512
7f34025bc98b41529327c83a4eacac322576b6644d205ec4fd2ea326656496ee56005ea247ed94623998d67642f52801227b1722d7e68b2f2ebcc56fb88abc48

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ob0k9snf.default-release\prefs-1.js

Filesize
6KB

MD5
9cf8b4b63a74c6181f74bf1503f724c4

SHA1
8acb6835515943b1cb86a4aaf0bace23999a9910

SHA256
73a36cc00e9705d1c0c78da04db133edc3623ebac22a641848af67dab42d6828

SHA512
e63354f3029599dd47ae50de2e07f09bc1df59a8c5b961212f47865449e8ca19491663fb4d1cda1b63332aace3c32a5bb6681c65711bc3da7e805d90c9fa3744

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ob0k9snf.default-release\prefs-1.js

Filesize
10KB

MD5
71395a686a1eef2961438dea5718b657

SHA1
9ae7f9ba6130681673ed2aeb259e56f895e4261a

SHA256
893b123cb12df09db58038de52fcfb45a5eb7aae85084db09935ef4081b3a271

SHA512
cbedc5253e87c9da34018fe33696de9870b2a3b62cc099af516a35cc59ccc983771b9017846343a774fede2a057799c200f7dd8d7458b23d7f097a2519bb8596

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ob0k9snf.default-release\prefs.js

Filesize
6KB

MD5
8c8fe0d70d5e5aa083fc3a51246456b0

SHA1
b99638da2d3a5f2d4cc83066d225bd19246b6bf4

SHA256
960ed7dbbe8539ffb2080949c030cf2120870056621537c59a0aed78cbe0f8e4

SHA512
2fd0da96b22c6febcc5618b79312d99fe605326d71a888fdc038709d74b6b1cbc1699d03189c55e7260ebccf4df1e76475932984c17bea764efb7a6b13ec4018

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ob0k9snf.default-release\prefs.js

Filesize
7KB

MD5
69290471f5d21ff166d15e67f8e51a99

SHA1
1f2021b0b66cd31d2092e7c34baaca9f5a1890df

SHA256
2fde79765cd9683115f061852c4388f39c09a5945ed0fe15059fa755d6a5fa39

SHA512
bcf5edf830a10d50e9ee3cac45b7b1e979fc88b4465bb71771d0e0c33e9515d8aef25ed2981bf53e9c840c99f25e5243f66f10abfda66d0de16b6747b6159886

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ob0k9snf.default-release\prefs.js

Filesize
6KB

MD5
09d71fd71564a7e603333d60cbe7cdcb

SHA1
78982ae7f7a78102caf1671c44e769e17cbe15d3

SHA256
e11d9ae3db1b54710a4d055f699f74151fab6ca7a69e8fdd4ab1be975a70e05f

SHA512
9e0c38f6cac67cd02f1d966b98c521d2dba397bb5aae0d82c31f79860bbc2b1368bcca57593879b5565b1705c740f19d571e79a1f91db626dde676cf5d16b309

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ob0k9snf.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
462c1849a52cc53789379bb427b6b0a0

SHA1
9b7ad5f45c0e61e512f7260cd7e4ec173f009d54

SHA256
0909dfa30c0a2b81fc2852453abf42364a99978ac21d262064a4300b9072b1bc

SHA512
1c7b10a1d1979e13e306e816b2501b5e28c2a0cd80b28fbb6861b9df3b6edaa1b231780dad0ca610868b117ab9a0f055c19e12326034e7441167b81a34107564

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ob0k9snf.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
22KB

MD5
4371cb5fbd07bfe98d9ded7ed372708b

SHA1
4529b85999088b614fdaeadd216d814f197bc2b8

SHA256
776bd66939ecb12e581a92530d9c74ecb8e38164c1c6f6b1a33c25d79749d700

SHA512
102efe6bc3df1d72009e425d7d4f4ea10c4721bc7c8715faa22f333c2589adc86401628a5d23d135f6ab8346d67f9eb72d48c9d5068fc7a8f320991db9e7bbaf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ob0k9snf.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
19KB

MD5
b1dcf9dda7e15394516db66e0e8be39d

SHA1
6d5e6f05e14786b05a40e881b422e729a999f0f6

SHA256
19e6141998ee2064a8449e376889bad311aaca0bca56730775a11c8c948a94e8

SHA512
b238c640c7611dd8ba3c43c12fe3dfe198441b460de78d3e68177c115d2943184999b6e0531570815b4634a29de090e294be9a1e04e605ad3ac0efd0ae07cb3e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ob0k9snf.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
19KB

MD5
74f301943f1d380eee901653622d345f

SHA1
0614b10d3ba643c48cd73f45131150ef771b2fc0

SHA256
44b8f79b9e2cc30944edac69ec15e4222be25a152a96ff5abcebc480df58b4e7

SHA512
52f45f29386806ef9ff7a7ac512cb1e1402cc3e71bc82c9a4db9f5ac66ce8ec0d15c3b4a44f7d742d577e46cc4c3f2e793577251c0fbb8c4ab47c4165e13ecaa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ob0k9snf.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
20KB

MD5
ee772248e83f87f804b2c6926f431be8

SHA1
a40ab4e9f3e2ab31565a442dd635c45e4964f97d

SHA256
39468e4ef1158b80598e40271468adbb0617f9e1f16350af651e49ec13238104

SHA512
b14878bf49b3270c32a50761da8d99c45d926d6449c68fdf3438ec6f74a1d439743b75b8cc54ce3d498c0cdd4b7f5bfdfec4bcc3e5f1b6dc78ec5b2d8c193948

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ob0k9snf.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
19KB

MD5
8b516ff321e6e2c9e109486a419f5737

SHA1
dce5d62a9421fb79c9274571132ab9cbb0210c26

SHA256
07f588ff5d9d25c7dfe5a92e10e68aea73c7ce56944ca1544638db9c13c72d19

SHA512
4101f5eabe94efd8eb3a0c8b2fe3928ed198adb6a0e814322a874c7680acad32d2edbcda808818af7678fe50856152fdf4e65c50aad89bceeacc100bf3f5faed

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ob0k9snf.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
19KB

MD5
a02bbd1f91c215b61ff6338e5cf86751

SHA1
b8023caabd112720ff785d1e508637b478b19a8c

SHA256
74a7030ba0766ad8b347d4de1b593289995d76833ae701f98b5826c78b324fcb

SHA512
77c240a394ad9f2446376f24bba615ae39234244b87f84174b6b6504aa5a79acd8c1cc6a2d8a5052333df4f56c8dc12bfca39701a001f7d985dd92cb7a7d2828

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ob0k9snf.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
800KB

MD5
645015ec4455cc6d570d611869017ffc

SHA1
dc4027b00bbe1b68593231d72061121160a96a03

SHA256
eb6dcc1804833cccc64a5e3e44ded8c19bcc3699204c0c66bd46d9d361e410df

SHA512
cebb0ee523b9462e816dd2586c823b09fbf1b9292f7b6326237464b5f8fef346ff70e4535e12a9e4a6de48aa7203926a779bad88e2712119be14370dc730e5ce

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ob0k9snf.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
7.1MB

MD5
7b707526d25ebe862cb702461bfea4d5

SHA1
4b5685743e019bcb4b0f105ac37e9156ece9d459

SHA256
76d4872f8840004b4cfcf92672b9cfac88c36a890965399b5c4a16f3a1df473b

SHA512
52ee2f01914101456b435e8f8ce3f6f54e10fa58a261e6be9ba77c8837751ec455bc48046fc4c96d4354d58f20685da40009bd18d2facf5f7da9d6c920d0571a

Download Submit
C:\Users\Admin\Downloads\setup.exe

Filesize
68.9MB

MD5
1c8549abfef3f886424da97e603bc24e

SHA1
7a659d360323669a39c369341324dfa2ad4f9964

SHA256
3cd73a3514de1eb14713ad2557dae92ac04a6c01bce418659dce9f6518825b0e

SHA512
b9579ce790868292481a482e7e139fd13ea6e8d67f46fa395c0cb6be5cd2495f376841c11dceeec36e880b44ee9898ab80fd4b1c9fdd8c862c3ef90ed31e3dae

Download Submit
C:\Users\Admin\Downloads\setup.exe

Filesize
68.9MB

MD5
1c8549abfef3f886424da97e603bc24e

SHA1
7a659d360323669a39c369341324dfa2ad4f9964

SHA256
3cd73a3514de1eb14713ad2557dae92ac04a6c01bce418659dce9f6518825b0e

SHA512
b9579ce790868292481a482e7e139fd13ea6e8d67f46fa395c0cb6be5cd2495f376841c11dceeec36e880b44ee9898ab80fd4b1c9fdd8c862c3ef90ed31e3dae

Download Submit
C:\Users\Admin\Downloads\setup.exe

Filesize
68.9MB

MD5
1c8549abfef3f886424da97e603bc24e

SHA1
7a659d360323669a39c369341324dfa2ad4f9964

SHA256
3cd73a3514de1eb14713ad2557dae92ac04a6c01bce418659dce9f6518825b0e

SHA512
b9579ce790868292481a482e7e139fd13ea6e8d67f46fa395c0cb6be5cd2495f376841c11dceeec36e880b44ee9898ab80fd4b1c9fdd8c862c3ef90ed31e3dae

Download Submit
memory/116-1270-0x0000000005080000-0x0000000005090000-memory.dmp

Filesize
64KB

Download
memory/116-1274-0x000000006FC00000-0x00000000703B0000-memory.dmp

Filesize
7.7MB

Download
memory/116-1364-0x000000006FC00000-0x00000000703B0000-memory.dmp

Filesize
7.7MB

Download
memory/916-1247-0x000000006FC00000-0x00000000703B0000-memory.dmp

Filesize
7.7MB

Download
memory/916-1265-0x0000000004CD0000-0x0000000004CE0000-memory.dmp

Filesize
64KB

Download
memory/916-1334-0x0000000004CD0000-0x0000000004CE0000-memory.dmp

Filesize
64KB

Download
memory/1168-1206-0x00000000054C0000-0x00000000054D0000-memory.dmp

Filesize
64KB

Download
memory/1168-1272-0x000000006FC00000-0x00000000703B0000-memory.dmp

Filesize
7.7MB

Download
memory/1168-1200-0x00000000054C0000-0x00000000054D0000-memory.dmp

Filesize
64KB

Download
memory/1168-1331-0x00000000054C0000-0x00000000054D0000-memory.dmp

Filesize
64KB

Download
memory/1168-1332-0x00000000054C0000-0x00000000054D0000-memory.dmp

Filesize
64KB

Download
memory/1504-1166-0x000000006FC00000-0x00000000703B0000-memory.dmp

Filesize
7.7MB

Download
memory/1504-1167-0x0000000002D00000-0x0000000002D10000-memory.dmp

Filesize
64KB

Download
memory/1504-1342-0x0000000002D00000-0x0000000002D10000-memory.dmp

Filesize
64KB

Download
memory/1504-1341-0x000000006FC00000-0x00000000703B0000-memory.dmp

Filesize
7.7MB

Download
memory/1928-1258-0x000000006FC00000-0x00000000703B0000-memory.dmp

Filesize
7.7MB

Download
memory/1928-1260-0x0000000005450000-0x0000000005460000-memory.dmp

Filesize
64KB

Download
memory/1928-1337-0x0000000005450000-0x0000000005460000-memory.dmp

Filesize
64KB

Download
memory/1992-1346-0x00000000050D0000-0x00000000050E0000-memory.dmp

Filesize
64KB

Download
memory/1992-1344-0x00000000050D0000-0x00000000050E0000-memory.dmp

Filesize
64KB

Download
memory/1992-1168-0x000000006FC00000-0x00000000703B0000-memory.dmp

Filesize
7.7MB

Download
memory/1992-1169-0x00000000050D0000-0x00000000050E0000-memory.dmp

Filesize
64KB

Download
memory/1992-1343-0x000000006FC00000-0x00000000703B0000-memory.dmp

Filesize
7.7MB

Download
memory/1992-1333-0x00000000050D0000-0x00000000050E0000-memory.dmp

Filesize
64KB

Download
memory/2288-2652-0x0000013399A30000-0x0000013399A31000-memory.dmp

Filesize
4KB

Download
memory/2288-2633-0x0000013399A30000-0x0000013399A31000-memory.dmp

Filesize
4KB

Download
memory/2288-2649-0x0000013399A30000-0x0000013399A31000-memory.dmp

Filesize
4KB

Download
memory/2288-2651-0x0000013399A30000-0x0000013399A31000-memory.dmp

Filesize
4KB

Download
memory/2288-2643-0x0000013399A30000-0x0000013399A31000-memory.dmp

Filesize
4KB

Download
memory/2288-2653-0x0000013399A30000-0x0000013399A31000-memory.dmp

Filesize
4KB

Download
memory/2288-2654-0x0000013399A30000-0x0000013399A31000-memory.dmp

Filesize
4KB

Download
memory/2288-2650-0x0000013399A30000-0x0000013399A31000-memory.dmp

Filesize
4KB

Download
memory/2288-2632-0x0000013399A30000-0x0000013399A31000-memory.dmp

Filesize
4KB

Download
memory/2804-1271-0x000000006FC00000-0x00000000703B0000-memory.dmp

Filesize
7.7MB

Download
memory/2804-1340-0x0000000004B10000-0x0000000004B20000-memory.dmp

Filesize
64KB

Download
memory/2804-1165-0x0000000004B10000-0x0000000004B20000-memory.dmp

Filesize
64KB

Download
memory/3916-1314-0x0000000006B80000-0x0000000006BC4000-memory.dmp

Filesize
272KB

Download
memory/3916-1336-0x0000000003200000-0x0000000003210000-memory.dmp

Filesize
64KB

Download
memory/3916-1335-0x0000000007FF0000-0x000000000866A000-memory.dmp

Filesize
6.5MB

Download
memory/3916-1273-0x000000006FC00000-0x00000000703B0000-memory.dmp

Filesize
7.7MB

Download
memory/3916-1250-0x0000000003200000-0x0000000003210000-memory.dmp

Filesize
64KB

Download
memory/4132-1163-0x0000000002ED0000-0x0000000002EE0000-memory.dmp

Filesize
64KB

Download
memory/4132-1162-0x000000006FC00000-0x00000000703B0000-memory.dmp

Filesize
7.7MB

Download
memory/4132-1329-0x000000006FC00000-0x00000000703B0000-memory.dmp

Filesize
7.7MB

Download
memory/4132-1330-0x0000000002ED0000-0x0000000002EE0000-memory.dmp

Filesize
64KB

Download
memory/4132-1164-0x0000000002ED0000-0x0000000002EE0000-memory.dmp

Filesize
64KB

Download
memory/4132-1339-0x0000000002ED0000-0x0000000002EE0000-memory.dmp

Filesize
64KB

Download
memory/4524-12201-0x000000000EC40000-0x000000000EC41000-memory.dmp

Filesize
4KB

Download
memory/4524-12205-0x000000000EC40000-0x000000000EC41000-memory.dmp

Filesize
4KB

Download
memory/4524-12206-0x000000000EC40000-0x000000000EC41000-memory.dmp

Filesize
4KB

Download
memory/4524-12208-0x000000000EC40000-0x000000000EC41000-memory.dmp

Filesize
4KB

Download
memory/4524-12207-0x000000000EC40000-0x000000000EC41000-memory.dmp

Filesize
4KB

Download
memory/4524-12191-0x000000000EC40000-0x000000000EC41000-memory.dmp

Filesize
4KB

Download
memory/4524-12204-0x000000000EC40000-0x000000000EC41000-memory.dmp

Filesize
4KB

Download
memory/4524-12190-0x000000000EC40000-0x000000000EC41000-memory.dmp

Filesize
4KB

Download
memory/4524-12203-0x000000000EC40000-0x000000000EC41000-memory.dmp

Filesize
4KB

Download
memory/4812-1338-0x0000000000E90000-0x0000000000EA0000-memory.dmp

Filesize
64KB

Download
memory/4812-1473-0x0000000000E90000-0x0000000000EA0000-memory.dmp

Filesize
64KB

Download
memory/4812-1161-0x0000000000E90000-0x0000000000EA0000-memory.dmp

Filesize
64KB

Download
memory/4812-1160-0x000000006FC00000-0x00000000703B0000-memory.dmp

Filesize
7.7MB

Download
memory/4812-1328-0x000000006FC00000-0x00000000703B0000-memory.dmp

Filesize
7.7MB

Download
memory/4812-1326-0x0000000006E50000-0x0000000006EC6000-memory.dmp

Filesize
472KB

Download
memory/5396-1155-0x000000006FC00000-0x00000000703B0000-memory.dmp

Filesize
7.7MB

Download
memory/5396-1107-0x0000000005660000-0x0000000005C88000-memory.dmp

Filesize
6.2MB

Download
memory/5396-1150-0x0000000006A40000-0x0000000006A62000-memory.dmp

Filesize
136KB

Download
memory/5396-1130-0x0000000006520000-0x000000000653E000-memory.dmp

Filesize
120KB

Download
memory/5396-1119-0x0000000006030000-0x0000000006096000-memory.dmp

Filesize
408KB

Download
memory/5396-1113-0x0000000005D90000-0x0000000005DB2000-memory.dmp

Filesize
136KB

Download
memory/5396-1106-0x0000000005020000-0x0000000005030000-memory.dmp

Filesize
64KB

Download
memory/5396-1149-0x00000000069F0000-0x0000000006A0A000-memory.dmp

Filesize
104KB

Download
memory/5396-1151-0x0000000007B30000-0x00000000080D4000-memory.dmp

Filesize
5.6MB

Download
memory/5396-1152-0x0000000007620000-0x00000000076B2000-memory.dmp

Filesize
584KB

Download
memory/5396-1148-0x00000000074E0000-0x0000000007576000-memory.dmp

Filesize
600KB

Download
memory/5396-1118-0x0000000005F90000-0x0000000005FF6000-memory.dmp

Filesize
408KB

Download
memory/5396-1104-0x0000000004F40000-0x0000000004F76000-memory.dmp

Filesize
216KB

Download
memory/5396-1105-0x000000006FC00000-0x00000000703B0000-memory.dmp

Filesize
7.7MB

Download
memory/6000-1186-0x00000000017C0000-0x00000000017D0000-memory.dmp

Filesize
64KB

Download
memory/6000-1363-0x000000006FC00000-0x00000000703B0000-memory.dmp

Filesize
7.7MB

Download
memory/6000-1444-0x00000000017C0000-0x00000000017D0000-memory.dmp

Filesize
64KB

Download
memory/6000-1441-0x00000000017C0000-0x00000000017D0000-memory.dmp

Filesize
64KB

Download
memory/6000-1172-0x00000000017C0000-0x00000000017D0000-memory.dmp

Filesize
64KB

Download
memory/6000-1170-0x000000006FC00000-0x00000000703B0000-memory.dmp

Filesize
7.7MB

Download
memory/6068-2255-0x000000000EE90000-0x000000000EE91000-memory.dmp

Filesize
4KB

Download
memory/6068-2254-0x000000000EE90000-0x000000000EE91000-memory.dmp

Filesize
4KB

Download
memory/6068-2244-0x000000000EE90000-0x000000000EE91000-memory.dmp

Filesize
4KB

Download
memory/6068-2242-0x000000000EE90000-0x000000000EE91000-memory.dmp

Filesize
4KB

Download
memory/6068-2251-0x000000000EE90000-0x000000000EE91000-memory.dmp

Filesize
4KB

Download
memory/6068-2256-0x000000000EE90000-0x000000000EE91000-memory.dmp

Filesize
4KB

Download
memory/6068-2243-0x000000000EE90000-0x000000000EE91000-memory.dmp

Filesize
4KB

Download
memory/6068-2253-0x000000000EE90000-0x000000000EE91000-memory.dmp

Filesize
4KB

Download
memory/6068-2250-0x000000000EE90000-0x000000000EE91000-memory.dmp

Filesize
4KB

Download
memory/6068-2249-0x000000000EE90000-0x000000000EE91000-memory.dmp

Filesize
4KB

Download
memory/7696-3697-0x000000000EFE0000-0x000000000EFE1000-memory.dmp

Filesize
4KB

Download
memory/7696-3698-0x000000000EFE0000-0x000000000EFE1000-memory.dmp

Filesize
4KB

Download
memory/7696-3693-0x000000000EFE0000-0x000000000EFE1000-memory.dmp

Filesize
4KB

Download
memory/7696-3694-0x000000000EFE0000-0x000000000EFE1000-memory.dmp

Filesize
4KB

Download
memory/7696-3695-0x000000000EFE0000-0x000000000EFE1000-memory.dmp

Filesize
4KB

Download
memory/7696-3699-0x000000000EFE0000-0x000000000EFE1000-memory.dmp

Filesize
4KB

Download
memory/7696-3701-0x000000000EFE0000-0x000000000EFE1000-memory.dmp

Filesize
4KB

Download
memory/7696-3702-0x000000000EFE0000-0x000000000EFE1000-memory.dmp

Filesize
4KB

Download
memory/7696-3704-0x000000000EFE0000-0x000000000EFE1000-memory.dmp

Filesize
4KB

Download
memory/8260-11288-0x000000000ED00000-0x000000000ED01000-memory.dmp

Filesize
4KB

Download
memory/8260-11282-0x000000000ED00000-0x000000000ED01000-memory.dmp

Filesize
4KB

Download
memory/8260-11283-0x000000000ED00000-0x000000000ED01000-memory.dmp

Filesize
4KB

Download
memory/8260-11285-0x000000000ED00000-0x000000000ED01000-memory.dmp

Filesize
4KB

Download
memory/8260-11287-0x000000000ED00000-0x000000000ED01000-memory.dmp

Filesize
4KB

Download
memory/8260-11292-0x000000000ED00000-0x000000000ED01000-memory.dmp

Filesize
4KB

Download
memory/8260-11289-0x000000000ED00000-0x000000000ED01000-memory.dmp

Filesize
4KB

Download
memory/8260-11290-0x000000000ED00000-0x000000000ED01000-memory.dmp

Filesize
4KB

Download
memory/8260-11291-0x000000000ED00000-0x000000000ED01000-memory.dmp

Filesize
4KB

Download