Analysis Overview
SHA256
5bb1c8a8390c284e9a4634c04eee34dfd08759d66d2b613b0631ab10e2f1f3d9
Threat Level: Known bad
The file amazing-game was found to be: Known bad.
Malicious Activity Summary
Epsilon Stealer
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Enumerates VirtualBox registry keys
Looks for VirtualBox Guest Additions in registry
Looks for VMWare Tools registry key
Downloads MZ/PE file
Modifies Installed Components in the registry
Blocklisted process makes network request
Checks computer location settings
Executes dropped EXE
Identifies Wine through registry keys
Loads dropped DLL
Reads local data of messenger clients
Checks BIOS information in registry
Reads user/profile data of web browsers
Looks up external IP address via web service
Legitimate hosting services abused for malware hosting/C2
Checks installed software on the system
Adds Run key to start application
Enumerates connected drives
Drops file in System32 directory
Checks for VirtualBox DLLs, possible anti-VM trick
Enumerates physical storage devices
Opens file in notepad (likely ransom note)
Checks processor information in registry
Modifies registry class
Suspicious use of WriteProcessMemory
NTFS ADS
Enumerates system info in registry
Suspicious behavior: AddClipboardFormatListener
Kills process with taskkill
Checks SCSI registry key(s)
Detects videocard installed
Suspicious use of SetWindowsHookEx
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Modifies registry key
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies Internet Explorer settings
Suspicious use of AdjustPrivilegeToken
Enumerates processes with tasklist
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-15 18:47
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-15 18:47
Reported
2024-04-15 18:59
Platform
win10v2004-20240412-en
Max time kernel
614s
Max time network
706s
Command Line
Signatures
Epsilon Stealer
Enumerates VirtualBox registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxGuest | C:\Users\Admin\AppData\Local\Temp\2f93wCg5iNrZCbyTZcnM8I0tVpv\UnityLibraryLinker.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxMouse | C:\Users\Admin\AppData\Local\Temp\2f93wCg5iNrZCbyTZcnM8I0tVpv\UnityLibraryLinker.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxService | C:\Users\Admin\AppData\Local\Temp\2f93wCg5iNrZCbyTZcnM8I0tVpv\UnityLibraryLinker.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxSF | C:\Users\Admin\AppData\Local\Temp\2f93wCg5iNrZCbyTZcnM8I0tVpv\UnityLibraryLinker.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxVideo | C:\Users\Admin\AppData\Local\Temp\2f93wCg5iNrZCbyTZcnM8I0tVpv\UnityLibraryLinker.exe | N/A |
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\RSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\2f93wCg5iNrZCbyTZcnM8I0tVpv\UnityLibraryLinker.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\2f93wCg5iNrZCbyTZcnM8I0tVpv\UnityLibraryLinker.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\FADT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\2f93wCg5iNrZCbyTZcnM8I0tVpv\UnityLibraryLinker.exe | N/A |
Looks for VirtualBox Guest Additions in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions | C:\Users\Admin\AppData\Local\Temp\2f93wCg5iNrZCbyTZcnM8I0tVpv\UnityLibraryLinker.exe | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
Downloads MZ/PE file
Looks for VMWare Tools registry key
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools | C:\Users\Admin\AppData\Local\Temp\2f93wCg5iNrZCbyTZcnM8I0tVpv\UnityLibraryLinker.exe | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\2f93wCg5iNrZCbyTZcnM8I0tVpv\UnityLibraryLinker.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\Users\Admin\AppData\Local\Temp\2f93wCg5iNrZCbyTZcnM8I0tVpv\UnityLibraryLinker.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\2f93wCg5iNrZCbyTZcnM8I0tVpv\UnityLibraryLinker.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\2f93wCg5iNrZCbyTZcnM8I0tVpv\UnityLibraryLinker.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\2f93wCg5iNrZCbyTZcnM8I0tVpv\UnityLibraryLinker.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\DiscordSetup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe | N/A |
Executes dropped EXE
Identifies Wine through registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Wine | C:\Users\Admin\AppData\Local\Temp\2f93wCg5iNrZCbyTZcnM8I0tVpv\UnityLibraryLinker.exe | N/A |
Loads dropped DLL
Reads local data of messenger clients
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Discord = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\Update.exe\" --processStart Discord.exe" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WindowsUpdater = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\Windows\\0\\WindowsUpdater.exe" | C:\Windows\system32\reg.exe | N/A |
Checks installed software on the system
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF | C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe | N/A |
Checks for VirtualBox DLLs, possible anti-VM trick
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\VBoxMiniRdrDN | C:\Users\Admin\AppData\Local\Temp\2f93wCg5iNrZCbyTZcnM8I0tVpv\UnityLibraryLinker.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName | C:\Windows\explorer.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 | C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz | C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 | C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString | C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 | C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString | C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz | C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 | C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe | N/A |
Detects videocard installed
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "152" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202 | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Discord\URL Protocol | C:\Windows\SysWOW64\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\ApplicationFrame\Microsoft.Windows.PeopleExperienceHo = 6801000088020000 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "56" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4084619521-2220719027-1909462854-1000\{25DA144C-A906-44DC-9518-C38DA9FCC4A4} | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "23" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\ApplicationFrame\Microsoft.Windows.PeopleExperienceHo = 6801000088020000 | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "185" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Generic" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "185" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "23" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.search | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "56" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "23" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Discord\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\app-1.0.9041\\Discord.exe\" --url -- \"%1\"" | C:\Windows\SysWOW64\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Discord\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\app-1.0.9041\\Discord.exe\" --url -- \"%1\"" | C:\Windows\SysWOW64\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "152" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "23" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Windows\explorer.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 38363.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\NOTEPAD.EXE | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\UnityLibraryLinker.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\tasklist.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\2f93wCg5iNrZCbyTZcnM8I0tVpv\UnityLibraryLinker.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\2f93wCg5iNrZCbyTZcnM8I0tVpv\UnityLibraryLinker.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\amazing-game.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff95f4d46f8,0x7ff95f4d4708,0x7ff95f4d4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,13600922035042225071,16190582410777938329,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,13600922035042225071,16190582410777938329,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,13600922035042225071,16190582410777938329,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13600922035042225071,16190582410777938329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13600922035042225071,16190582410777938329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,13600922035042225071,16190582410777938329,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,13600922035042225071,16190582410777938329,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13600922035042225071,16190582410777938329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13600922035042225071,16190582410777938329,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13600922035042225071,16190582410777938329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13600922035042225071,16190582410777938329,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13600922035042225071,16190582410777938329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13600922035042225071,16190582410777938329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13600922035042225071,16190582410777938329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13600922035042225071,16190582410777938329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13600922035042225071,16190582410777938329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13600922035042225071,16190582410777938329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13600922035042225071,16190582410777938329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2116,13600922035042225071,16190582410777938329,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6148 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,13600922035042225071,16190582410777938329,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6520 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13600922035042225071,16190582410777938329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13600922035042225071,16190582410777938329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3956 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13600922035042225071,16190582410777938329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13600922035042225071,16190582410777938329,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13600922035042225071,16190582410777938329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13600922035042225071,16190582410777938329,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13600922035042225071,16190582410777938329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2116,13600922035042225071,16190582410777938329,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6684 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,13600922035042225071,16190582410777938329,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6320 /prefetch:8
C:\Users\Admin\Downloads\DiscordSetup.exe
"C:\Users\Admin\Downloads\DiscordSetup.exe"
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
"C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
C:\Windows\SysWOW64\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\SquirrelTemp\SquirrelSetup.log
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\DiscordSetup.exe
"C:\Users\Admin\Downloads\DiscordSetup.exe"
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
"C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe" --squirrel-install 1.0.9041
C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe
C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\discord /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\discord\Crashpad --url=https://f.a.k/e --annotation=_productName=discord --annotation=_version=1.0.9041 --annotation=plat=Win32 --annotation=prod=Electron --annotation=ver=28.2.10 --initial-client-data=0x534,0x538,0x53c,0x530,0x540,0x8a9900c,0x8a99018,0x8a99024
C:\Users\Admin\AppData\Local\Discord\Update.exe
C:\Users\Admin\AppData\Local\Discord\Update.exe --createShortcut Discord.exe --setupIcon C:\Users\Admin\AppData\Local\Discord\app.ico
C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1948 --field-trial-handle=1952,i,510757152749000439,2175565494270446255,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2
C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --mojo-platform-channel-handle=2176 --field-trial-handle=1952,i,510757152749000439,2175565494270446255,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Discord /d "\"C:\Users\Admin\AppData\Local\Discord\Update.exe\" --processStart Discord.exe" /f
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /ve /d "URL:Discord Protocol" /f
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /v "URL Protocol" /f
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\DefaultIcon /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe\",-1" /f
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\shell\open\command /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe\" --url -- \"%1\"" /f
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,13600922035042225071,16190582410777938329,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3500 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13600922035042225071,16190582410777938329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13600922035042225071,16190582410777938329,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13600922035042225071,16190582410777938329,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6672 /prefetch:1
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Users\Admin\AppData\Local\Temp\Temp1_AmazingGame.zip\AmazingGame.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_AmazingGame.zip\AmazingGame.exe"
C:\Users\Admin\Downloads\AmazingGame\AmazingGame.exe
"C:\Users\Admin\Downloads\AmazingGame\AmazingGame.exe"
C:\Users\Admin\Downloads\AmazingGame\UnityCrashHandler64.exe
"C:\Users\Admin\Downloads\AmazingGame\UnityCrashHandler64.exe" --attach 3896 2090326560768
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4fc 0x33c
C:\Users\Admin\AppData\Local\Temp\UnityLibraryLinker.exe
"C:\Users\Admin\AppData\Local\Temp\UnityLibraryLinker.exe"
C:\Users\Admin\Downloads\AmazingGame\UnityCrashHandler64.exe
"C:\Users\Admin\Downloads\AmazingGame\UnityCrashHandler64.exe" "3896" "2090326560768"
C:\Users\Admin\AppData\Local\Temp\2f93wCg5iNrZCbyTZcnM8I0tVpv\UnityLibraryLinker.exe
C:\Users\Admin\AppData\Local\Temp\2f93wCg5iNrZCbyTZcnM8I0tVpv\UnityLibraryLinker.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic CsProduct Get UUID"
C:\Windows\System32\Wbem\WMIC.exe
wmic CsProduct Get UUID
C:\Users\Admin\AppData\Local\Temp\2f93wCg5iNrZCbyTZcnM8I0tVpv\UnityLibraryLinker.exe
"C:\Users\Admin\AppData\Local\Temp\2f93wCg5iNrZCbyTZcnM8I0tVpv\UnityLibraryLinker.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\UnityLibraryLinker" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1676 --field-trial-handle=1884,17293116597667039721,7216161415967317385,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Users\Admin\AppData\Local\Temp\2f93wCg5iNrZCbyTZcnM8I0tVpv\UnityLibraryLinker.exe
"C:\Users\Admin\AppData\Local\Temp\2f93wCg5iNrZCbyTZcnM8I0tVpv\UnityLibraryLinker.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\UnityLibraryLinker" --mojo-platform-channel-handle=2004 --field-trial-handle=1884,17293116597667039721,7216161415967317385,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Users\Admin\AppData\Local\Temp\2f93wCg5iNrZCbyTZcnM8I0tVpv\UnityLibraryLinker.exe
"C:\Users\Admin\AppData\Local\Temp\2f93wCg5iNrZCbyTZcnM8I0tVpv\UnityLibraryLinker.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\UnityLibraryLinker" --app-path="C:\Users\Admin\AppData\Local\Temp\2f93wCg5iNrZCbyTZcnM8I0tVpv\resources\app.asar" --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2384 --field-trial-handle=1884,17293116597667039721,7216161415967317385,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Users\Admin\AppData\Local\Temp\2f93wCg5iNrZCbyTZcnM8I0tVpv\UnityLibraryLinker.exe
"C:\Users\Admin\AppData\Local\Temp\2f93wCg5iNrZCbyTZcnM8I0tVpv\UnityLibraryLinker.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-data-dir="C:\Users\Admin\AppData\Roaming\UnityLibraryLinker" --mojo-platform-channel-handle=2980 --field-trial-handle=1884,17293116597667039721,7216161415967317385,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"
C:\Windows\system32\taskkill.exe
taskkill /IM chrome.exe /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\Software\Valve\Steam" /v SteamPath"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKCU\Software\Valve\Steam" /v SteamPath
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM DiscordSetup.exe /F"
C:\Windows\system32\taskkill.exe
taskkill /IM DiscordSetup.exe /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM Discord.exe /F"
C:\Windows\system32\taskkill.exe
taskkill /IM Discord.exe /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Users\Admin\AppData\Local\DiscordSetup\Update.exe --processStart DiscordSetup.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List"
C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe" --squirrel-firstrun
C:\Windows\System32\Wbem\WMIC.exe
wmic /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"
C:\Windows\System32\Wbem\WMIC.exe
wmic path win32_VideoController get name
C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe
C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\discord /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\discord\Crashpad --url=https://f.a.k/e --annotation=_productName=discord --annotation=_version=1.0.9041 --annotation=plat=Win32 --annotation=prod=Electron --annotation=ver=28.2.10 --initial-client-data=0x508,0x510,0x514,0x504,0x518,0x8a9900c,0x8a99018,0x8a99024
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "cmd /c chcp 65001>nul && netsh wlan show profiles"
C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1892 --field-trial-handle=1896,i,13702126474531939972,16490824485655069271,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2
C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip --mojo-platform-channel-handle=2432 --field-trial-handle=1896,i,13702126474531939972,16490824485655069271,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=0 --gpu-device-id=0 --gpu-sub-system-id=0 --gpu-revision=0 --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2840 --field-trial-handle=1896,i,13702126474531939972,16490824485655069271,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /ve /d "URL:Discord Protocol" /f
C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip --app-user-model-id=com.squirrel.Discord.Discord --app-path="C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --autoplay-policy=no-user-gesture-required --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3100 --field-trial-handle=1896,i,13702126474531939972,16490824485655069271,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:1
C:\Windows\system32\cmd.exe
cmd /c chcp 65001
C:\Windows\system32\chcp.com
chcp 65001
C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip --mojo-platform-channel-handle=3128 --field-trial-handle=1896,i,13702126474531939972,16490824485655069271,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
C:\Windows\explorer.exe
explorer.exe
C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip --mojo-platform-channel-handle=3500 --field-trial-handle=1896,i,13702126474531939972,16490824485655069271,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /v "URL Protocol" /f
C:\Windows\system32\netsh.exe
netsh wlan show profiles
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\DefaultIcon /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe\",-1" /f
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\shell\open\command /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe\" --url -- \"%1\"" /f
C:\Users\Admin\AppData\Local\Temp\2f93wCg5iNrZCbyTZcnM8I0tVpv\UnityLibraryLinker.exe
"C:\Users\Admin\AppData\Local\Temp\2f93wCg5iNrZCbyTZcnM8I0tVpv\UnityLibraryLinker.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\UnityLibraryLinker" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAIAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3260 --field-trial-handle=1884,17293116597667039721,7216161415967317385,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-f2g3yb.xpbhk.jpg" "
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1ns59lh.cnc8.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsUpdater /t REG_SZ /d C:\Users\Admin\AppData\Local\Microsoft\Windows\0\WindowsUpdater.exe /f"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsUpdater /t REG_SZ /d C:\Users\Admin\AppData\Local\Microsoft\Windows\0\WindowsUpdater.exe /f
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES57BE.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCCC993AB2F043476BB3AC241CFCC0A995.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-f2g3yb.xpbhk.jpg"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES5916.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC58D044FDA26A4384A1AFE7BDB0F53E5C.TMP"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-p6umig.w86ma.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-p6umig.w86ma.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1hmrlp6.xm7n.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1hmrlp6.xm7n.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-jb29h.uiai7d.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-jb29h.uiai7d.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-5vmoq4.2uagq.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-5vmoq4.2uagq.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-3dl54i.up5pu.jpg" "
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-3dl54i.up5pu.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1grn6tr.d07q.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-7gcytu.q04l6.jpg" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1grn6tr.d07q.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-7gcytu.q04l6.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-s2gih0.oxsq.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-s2gih0.oxsq.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-15ormqc.ktrc.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-gvs1i8.ma3ro.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-e8mvjo.f3i8v.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-gvs1i8.ma3ro.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-e8mvjo.f3i8v.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1e56et3.e50r.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-15ormqc.ktrc.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-fvm8hq.nfw1j.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1e56et3.e50r.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1ht5195.vg7.jpg" "
C:\Windows\explorer.exe
explorer.exe
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-fvm8hq.nfw1j.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1iswlff.noxx.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1ht5195.vg7.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-115ghs4.2bd9.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1iswlff.noxx.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1qhh937.o0zc.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1qhh937.o0zc.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-115ghs4.2bd9.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1hsn0p7.fq0w.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1erugbx.dgvdk.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1hsn0p7.fq0w.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-9y7u7e.i7q8.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1erugbx.dgvdk.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-2faurg.7xeis.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-2faurg.7xeis.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-9y7u7e.i7q8.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-108jlg4.ytte.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-jlgqze.23ew.jpg" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-jlgqze.23ew.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-um6kid.utxp.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-108jlg4.ytte.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1n8jbb0.2nlu.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-19imblr.ajnl.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-um6kid.utxp.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1n8jbb0.2nlu.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-19imblr.ajnl.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1sxnuif.wxo2.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1sxnuif.wxo2.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1dervg9.8w7.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-6kdmsg.g8nnf.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1dervg9.8w7.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-6kdmsg.g8nnf.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-7whbp0.j9zlm.jpg" "
C:\Windows\explorer.exe
explorer.exe
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-7whbp0.j9zlm.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-dquzqt.pfgjr.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-ivyhl.5phpz.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-dquzqt.pfgjr.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-ivyhl.5phpz.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-101orc4.1dkq.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-101orc4.1dkq.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-gb5ulq.bim19.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-gb5ulq.bim19.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-11o9mow.jsuy.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-11o9mow.jsuy.jpg"
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-tkls4w.7lkxi.jpg" "
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe" -ServerName:InputApp.AppX9jnwykgrccxc8by3hsrsh07r423xzvav.mca
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-tkls4w.7lkxi.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-txdnv2.4ckza.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-txdnv2.4ckza.jpg"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-wgh818.e6vi.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-wgh818.e6vi.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1y38wjs.gizl.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1y38wjs.gizl.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1aa3tjy.c39w.jpg" "
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1aa3tjy.c39w.jpg"
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1c3zdgv.eshm.jpg" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1c3zdgv.eshm.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1d8hqpi.prtw.jpg" "
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k appmodel -p -s camsvc
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-h8xc91.hkm34.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1d8hqpi.prtw.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-h8xc91.hkm34.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1ihgot3.1cerk.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1ihgot3.1cerk.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1mdyafl.73pt.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1mdyafl.73pt.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-17o87br.oft0g.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-17o87br.oft0g.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-zkvvkv.efocf.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-zkvvkv.efocf.jpg"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-5oegs.lg1fpo.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-5oegs.lg1fpo.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-10p53ii.tke1.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-10p53ii.tke1.jpg"
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1fr28vx.og31.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1fr28vx.og31.jpg"
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-mv90be.cfmpj.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-mv90be.cfmpj.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1bky4qw.5kam.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1bky4qw.5kam.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-vt6cd4.e3fl.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-vt6cd4.e3fl.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-r6tbw1.aejqp.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-r6tbw1.aejqp.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-q1bmam.46z5i.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-q1bmam.46z5i.jpg"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-z98txj.gdofk.jpg" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-z98txj.gdofk.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-10gf51g.a60a.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-10gf51g.a60a.jpg"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-m7rvix.s038r.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-m7rvix.s038r.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1uyjnlx.9emq.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1uyjnlx.9emq.jpg"
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-umwqe7.binjq.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-umwqe7.binjq.jpg"
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-nd8rdj.0g7gi.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-nd8rdj.0g7gi.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-183fdxm.hjq2.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1uuuid1.9633.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1uuuid1.9633.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-183fdxm.hjq2.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1tp1nnq.q9md.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1tp1nnq.q9md.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-hcpdty.gtyk5.jpg" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-hcpdty.gtyk5.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1nhiebt.cd4b.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1nhiebt.cd4b.jpg"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1iqra70.9mpq.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1iqra70.9mpq.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1mpxj0i.2o4j.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1mpxj0i.2o4j.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1fp4ore.ht3w.jpg" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1fp4ore.ht3w.jpg"
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1tp79xn.gin9.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1tp79xn.gin9.jpg"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-18inx7y.toxi.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-18inx7y.toxi.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-frylm1.t0019.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-frylm1.t0019.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-txhzon.w0xm.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-txhzon.w0xm.jpg"
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1ughchm.243b.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1ughchm.243b.jpg"
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-i1743u.anu9.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-i1743u.anu9.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-likw5i.vwz2.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-likw5i.vwz2.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-m0cvwl.axjmg.jpg" "
C:\Windows\system32\BackgroundTaskHost.exe
"C:\Windows\system32\BackgroundTaskHost.exe" -ServerName:BackgroundTaskHost.WebAccountProvider
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-m0cvwl.axjmg.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1sfjydy.vak7.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1sfjydy.vak7.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-3211eh.t2nh4.jpg" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-3211eh.t2nh4.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-meahk8.3hh07.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-meahk8.3hh07.jpg"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-keo6qt.fjyai.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-keo6qt.fjyai.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-a2nomz.ybbei.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-a2nomz.ybbei.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1ewybp1.its5.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1ewybp1.its5.jpg"
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-a6etm7.r8zsc.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-a6etm7.r8zsc.jpg"
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-fnfm8n.js2ov.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-fnfm8n.js2ov.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-h5v137.8c43h.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-h5v137.8c43h.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1bja1y6.rbkm.jpg" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1bja1y6.rbkm.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1cqwjub.g25j.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1cqwjub.g25j.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-gmqcn3.590ip.jpg" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 580 -p 1028 -ip 1028
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-gmqcn3.590ip.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1psg6ty.wb7ri.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1psg6ty.wb7ri.jpg"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1jrkhgc.g4al.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1jrkhgc.g4al.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-yr7ffb.339a.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-yr7ffb.339a.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1b6mar.0iy8i.jpg" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1b6mar.0iy8i.jpg"
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-16w19dz.tp5of.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-16w19dz.tp5of.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1f5yzbh.lrez.jpg" "
C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1628 --field-trial-handle=1896,i,13702126474531939972,16490824485655069271,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1f5yzbh.lrez.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1c8wzdr.6h6j.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1c8wzdr.6h6j.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-10agyzz.me59k.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-10agyzz.me59k.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-56w6o.gckvjl.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-56w6o.gckvjl.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1dy54n2.1s98.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1dy54n2.1s98.jpg"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1nywxqy.a0iq.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1nywxqy.a0iq.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-105rsgt.wmst.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-105rsgt.wmst.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-nklmam.1c92j.jpg" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-nklmam.1c92j.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1r727or.sj8y.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1r727or.sj8y.jpg"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1lupxao.fb56f.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1lupxao.fb56f.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-ahe71q.303gf.jpg" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-ahe71q.303gf.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-tv2fr2.tml.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-tv2fr2.tml.jpg"
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-pvw7c7.a16j.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-pvw7c7.a16j.jpg"
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-18b0gnn.jmnr.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-13c3z4v.91dg.jpg" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-18b0gnn.jmnr.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-13c3z4v.91dg.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-flyr11.bq9jn.jpg" "
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2404 -s 3552
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-flyr11.bq9jn.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1do8iz2.0ad3.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1do8iz2.0ad3.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-eijptr.5ne9b.jpg" "
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 4292 -s 3808
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-eijptr.5ne9b.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-aewzeu.qhmq.jpg" "
C:\Windows\explorer.exe
explorer.exe
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-aewzeu.qhmq.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-ak5x0w.opg1.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-ak5x0w.opg1.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1ll9eop.2i8f.jpg" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1ll9eop.2i8f.jpg"
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1h9fwrx.x5e4.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1h9fwrx.x5e4.jpg"
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-kvmx6f.jer7s.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-kvmx6f.jer7s.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-uk2a0m.u5yw.jpg" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-uk2a0m.u5yw.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1u8v6oo.qtg.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1u8v6oo.qtg.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-4p20pt.3e7bf.jpg" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-4p20pt.3e7bf.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1phezig.gddpj.jpg" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1phezig.gddpj.jpg"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 572 -p 5984 -ip 5984
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-14fuzlm.gsdz.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-14fuzlm.gsdz.jpg"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1gwwbty.rwplf.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1gwwbty.rwplf.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-vkkiwu.hab5.jpg" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-vkkiwu.hab5.jpg"
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-102aufy.1zlo.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-102aufy.1zlo.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-tftzqt.bkik.jpg" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-tftzqt.bkik.jpg"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1is4oda.4elp.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1is4oda.4elp.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-16crtkg.njzn.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-16crtkg.njzn.jpg"
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-jme053.zgys.jpg" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-jme053.zgys.jpg"
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1xph64r.c2s7.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1xph64r.c2s7.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1x99w95.6l2h.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1x99w95.6l2h.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-mbxpk6.q3lxg.jpg" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-mbxpk6.q3lxg.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-cxe0i7.vqgcd.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-cxe0i7.vqgcd.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-t2hwrx.dfi9.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-t2hwrx.dfi9.jpg"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 636 -p 4744 -ip 4744
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-183xrqq.c0zj.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-183xrqq.c0zj.jpg"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-ozpra1.dasth.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-ozpra1.dasth.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-x8xs9z.hzzv.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-x8xs9z.hzzv.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1hae6sc.kgmxk.jpg" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1hae6sc.kgmxk.jpg"
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-8qjhhu.b35jg.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-8qjhhu.b35jg.jpg"
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1mo90d5.1mnr.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1mo90d5.1mnr.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-np48j7.s3px9.jpg" "
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 416 -p 1408 -ip 1408
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-np48j7.s3px9.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-19xa05k.872e.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-19xa05k.872e.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-68o2by.63s19.jpg" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-68o2by.63s19.jpg"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 416 -p 2148 -ip 2148
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1uxy6x2.g6p6.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1uxy6x2.g6p6.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1dwlwoa.szfsf.jpg" "
C:\Windows\explorer.exe
explorer.exe
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1dwlwoa.szfsf.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1sir785.4rkp.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1sir785.4rkp.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-197q2o.n5iws.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-197q2o.n5iws.jpg"
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-4y1ypo.py428.jpg" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-4y1ypo.py428.jpg"
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1b52we2.ejzo.jpg" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1w3wdcr.iloh.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1b52we2.ejzo.jpg"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 368 -p 4188 -ip 4188
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1w3wdcr.iloh.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1rcxegi.kfx.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1rcxegi.kfx.jpg"
C:\Windows\system32\BackgroundTaskHost.exe
"C:\Windows\system32\BackgroundTaskHost.exe" -ServerName:BackgroundTaskHost.WebAccountProvider
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 4188 -s 3584
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-13nlg00.jizs.jpg" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-13nlg00.jizs.jpg"
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe" -ServerName:InputApp.AppX9jnwykgrccxc8by3hsrsh07r423xzvav.mca
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-pbw678.y0xtq.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-pbw678.y0xtq.jpg"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 664 -p 3272 -ip 3272
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1c8bdv5.wbhc.jpg" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1c8bdv5.wbhc.jpg"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1a0jv6v.m63vf.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1a0jv6v.m63vf.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-jlu9i6.ctlbj.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-jlu9i6.ctlbj.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-157f0ts.yz73.jpg" "
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-157f0ts.yz73.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-h1ddcv.j2mi.jpg" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-h1ddcv.j2mi.jpg"
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-jfw5pc.yqczp.jpg" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-jfw5pc.yqczp.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-180trrg.mjoc.jpg" "
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 512 -p 4528 -ip 4528
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-180trrg.mjoc.jpg"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 4528 -s 3584
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-e3au39.w14qd.jpg" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-e3au39.w14qd.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-7s2nas.rlek3.jpg" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-7s2nas.rlek3.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-170kq20.8ux8.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-170kq20.8ux8.jpg"
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe" -ServerName:InputApp.AppX9jnwykgrccxc8by3hsrsh07r423xzvav.mca
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1hl2c25.8hbk.jpg" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1hl2c25.8hbk.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1ixas00.s1l8.jpg" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1ixas00.s1l8.jpg"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1b55krf.13qgh.jpg" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1b55krf.13qgh.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-13tpps8.5s3h.jpg" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-13tpps8.5s3h.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1p0hg58.1my4k.jpg" "
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1p0hg58.1my4k.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1k2oail.x46g.jpg" "
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1k2oail.x46g.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-11vs4.t7ti9w.jpg" "
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 632 -p 1728 -ip 1728
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-11vs4.t7ti9w.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-6ph21x.d0i9n.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-6ph21x.d0i9n.jpg"
C:\Windows\system32\BackgroundTaskHost.exe
"C:\Windows\system32\BackgroundTaskHost.exe" -ServerName:BackgroundTaskHost.WebAccountProvider
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-4rhyxf.86k06.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-4rhyxf.86k06.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1me6hfb.wgzdj.jpg" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-4368-1me6hfb.wgzdj.jpg"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\explorer.exe
explorer.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,13600922035042225071,16190582410777938329,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3592 /prefetch:2
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 692 -p 736 -ip 736
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 736 -s 3544
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 684 -p 5648 -ip 5648
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 772 -p 6064 -ip 6064
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 660 -p 3916 -ip 3916
C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip --mojo-platform-channel-handle=3376 --field-trial-handle=1896,i,13702126474531939972,16490824485655069271,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 784 -p 4924 -ip 4924
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 740 -p 4696 -ip 4696
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 3780 -s 6056
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 780 -p 1088 -ip 1088
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1088 -s 3584
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 752 -p 5952 -ip 5952
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe" -ServerName:InputApp.AppX9jnwykgrccxc8by3hsrsh07r423xzvav.mca
C:\Windows\explorer.exe
explorer.exe
C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=3164 --field-trial-handle=1896,i,13702126474531939972,16490824485655069271,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 5936 -s 1948
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1632 -s 6076
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 21.114.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 23.62.61.185:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 185.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ostanton.itch.io | udp |
| US | 173.255.250.29:80 | ostanton.itch.io | tcp |
| US | 173.255.250.29:80 | ostanton.itch.io | tcp |
| US | 173.255.250.29:443 | ostanton.itch.io | tcp |
| US | 8.8.8.8:53 | 29.250.255.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.itch.io | udp |
| US | 104.26.8.198:443 | static.itch.io | tcp |
| US | 104.26.8.198:443 | static.itch.io | tcp |
| US | 104.26.8.198:443 | static.itch.io | tcp |
| US | 104.26.8.198:443 | static.itch.io | tcp |
| US | 104.26.8.198:443 | static.itch.io | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.8.26.104.in-addr.arpa | udp |
| US | 20.231.121.79:80 | tcp | |
| BE | 2.17.107.226:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | img.itch.zone | udp |
| US | 104.26.8.198:443 | static.itch.io | tcp |
| BE | 2.17.107.242:443 | img.itch.zone | tcp |
| BE | 2.17.107.242:443 | img.itch.zone | tcp |
| BE | 2.17.107.242:443 | img.itch.zone | tcp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | itchio-mirror.cb031a832f44726753d6267436f3b414.r2.cloudflarestorage.com | udp |
| US | 104.18.8.90:443 | itchio-mirror.cb031a832f44726753d6267436f3b414.r2.cloudflarestorage.com | tcp |
| US | 8.8.8.8:53 | itch.io | udp |
| US | 173.255.250.29:443 | itch.io | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 2.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.8.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 33.200.250.142.in-addr.arpa | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.136.232:80 | discord.com | tcp |
| US | 162.159.136.232:80 | discord.com | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 232.136.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | assets-global.website-files.com | udp |
| US | 8.8.8.8:53 | global.localizecdn.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 18.165.160.45:443 | assets-global.website-files.com | tcp |
| US | 104.18.5.175:443 | global.localizecdn.com | tcp |
| GB | 216.58.212.234:443 | ajax.googleapis.com | tcp |
| GB | 216.58.212.234:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | d3e54v103j8qbb.cloudfront.net | udp |
| GB | 18.165.158.112:443 | d3e54v103j8qbb.cloudfront.net | tcp |
| US | 8.8.8.8:53 | assets.website-files.com | udp |
| GB | 13.224.81.115:443 | assets.website-files.com | tcp |
| GB | 13.224.81.115:443 | assets.website-files.com | tcp |
| GB | 13.224.81.115:443 | assets.website-files.com | tcp |
| GB | 13.224.81.115:443 | assets.website-files.com | tcp |
| GB | 13.224.81.115:443 | assets.website-files.com | tcp |
| GB | 13.224.81.115:443 | assets.website-files.com | tcp |
| US | 8.8.8.8:53 | 175.5.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.160.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.10.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.158.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.81.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 172.64.155.119:443 | geolocation.onetrust.com | tcp |
| US | 8.8.8.8:53 | 119.155.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 216.58.212.238:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 238.212.58.216.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| GB | 13.224.81.115:443 | assets.website-files.com | tcp |
| GB | 216.58.212.234:443 | ajax.googleapis.com | udp |
| GB | 18.165.158.112:443 | d3e54v103j8qbb.cloudfront.net | tcp |
| US | 8.8.8.8:53 | dl.discordapp.net | udp |
| US | 104.18.52.172:443 | dl.discordapp.net | tcp |
| US | 8.8.8.8:53 | 172.52.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 170.253.116.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| US | 8.8.8.8:53 | 233.129.159.162.in-addr.arpa | udp |
| N/A | 127.0.0.1:50849 | tcp | |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | 192.186.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:53 | panelweb.equi-hosting.fr | udp |
| US | 104.21.40.54:443 | panelweb.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | panelweb.equi-hosting.fr | tcp |
| US | 8.8.8.8:53 | whoevenareyou.equi-hosting.fr | udp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 8.8.8.8:53 | 54.40.21.104.in-addr.arpa | udp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 8.8.8.8:53 | 119.176.67.172.in-addr.arpa | udp |
| US | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | cb138796dbfb37877fcae3430bb1e2a7 |
| SHA1 | 82bb82178c07530e42eca6caf3178d66527558bc |
| SHA256 | 50c55ba7baeebe1fa4573118edbca59010d659ea42761148618fb3af8a1c9bdd |
| SHA512 | 287471cccbe33e08015d6fc35e0bcdca0ec79bebc3a58f6a340b7747b5b2257b33651574bc83ed529aef2ba94be6e68968e59d2a8ef5f733dce9df6404ad7cc5 |
\??\pipe\LOCAL\crashpad_792_WAODFLTEKVMJPHRM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a9519bc058003dbea34765176083739e |
| SHA1 | ef49b8790219eaddbdacb7fc97d3d05433b8575c |
| SHA256 | e034683bc434a09f5d0293cb786e6a3943b902614f9211d42bed47759164d38b |
| SHA512 | a1b67ccf313173c560ead25671c64de65e3e2599251926e33ce8399fde682fce5cb20f36ee330fcd8bb8f7a9c00ef432da56c9b02dfd7d3f02865f390c342b53 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f4f0f3385709bfc15db4e9b380e0e349 |
| SHA1 | e72da33ad285e909492389ec11737ca89dd00afa |
| SHA256 | 70e7f2d1cf1f79252de5727e1eb1e02386743b7968ba5a58480439bc6edd7b56 |
| SHA512 | b2c534a96c4c0846bd3bfe5a2009926137c0d71ea49e8bc89fd6d41582a940e63593cdd0ed74519faa72141cacded25b0ab5b73d307357aa5561c413da4b8793 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 155f60871ae9a4700c862c1c665c251d |
| SHA1 | f1ebf29205fd504839054e93e61525b4f2f1eb74 |
| SHA256 | d966581b3db0a1c98e3a31187d1d8dc1c085ccc75de203f1d515243b88fca56f |
| SHA512 | 72304a5eebd551ae23500da171671289ccdd990467b4a81829134cdc1bf691a85a8b4a0becd4a2288e3b75aff1d08662d4d5837134b98ab69cdef50356e33f04 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ee97507fe675c1843decee4ff99a5eb4 |
| SHA1 | c8f17a769d80664326b53317991150b80c3f5b20 |
| SHA256 | afe66c75927722fc5e36ab41a96b7eed96b185568acbb0f7058c882eb795fc97 |
| SHA512 | c4b28b01dfcb6ed273b639309fef59524bacb54b2691f509b75a97e01e54ca3605a02d68fa82db7359f374a5f6f52f921d1c098cecb0a8edbdca2ad98d61dd4a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3b37e5fea444ccdfe15024d66ec9cf73 |
| SHA1 | 3ca167618ebc9a7b15ee7348fd740f8670eedc23 |
| SHA256 | b2a7328cfae565176ce00c9138519d02ff7c12d3521cfb73a3c5789682f6b0de |
| SHA512 | a490dc43b05333535cb56245d06126a3f5bfabfd15f00ace2a72da324dbbf320660a44600eb134b6114691c1573840da6ac39f9f0ef34fed39792e4a6c739c97 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | abd58b5c04322e064e995a739a052c86 |
| SHA1 | 751596df7611d2959b17a4a889006d10819953b2 |
| SHA256 | e912a16d9f3e82e242b1d21c15147712c292ba2aca77a3ddcb6d21a364d9902c |
| SHA512 | 6c96bd9122a2acf5672ce2ce033c9dbdbe464793d3829686cb51638f937ca07c2518846e53cda71baf8e6d079bdfb917187d13607fb64231e7fa7fe2d678b390 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580d78.TMP
| MD5 | de62a66f789779a15767dfe1ff409851 |
| SHA1 | a9badf39cbbb5334ae014109baec1daa37b2fcb5 |
| SHA256 | 1f9f837cbbd4ea472d69d2da820fb1275d8602017c745e3aa27d9fdb855db6dc |
| SHA512 | 5e289764d2edd3d21b989f0832b49bef40f22d959063866d8b4933263db736846029ec685bca860da6911025e7be5f29461d5009a2d31c30c8baea6b2bc586cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 835c12182b5f51c8e4990f63c58da685 |
| SHA1 | ef80018bbf006e301457eca91f085a0c26635ebb |
| SHA256 | 1622b029fc7c65a1cdf320fb1150f9adb5785c5a96cfbbbd6f9c953d4080ee2b |
| SHA512 | 9086078d4dc3732bf6a9d29fdedec2640f5691013927a6d16002abcd0b19c388f1b7f1ccefba41f499c17aba1fa8c3b5307b4e5f248e9e9596a2a0f6c7a34c4d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 092b098683e13e59c8d0da510f84cad0 |
| SHA1 | 8903a0fdcfa9de5a41ceb1317162c8b2977c33cd |
| SHA256 | b19d47007b91e5262070f66d6a29e9613a1cbb36b7b4efd20b72ee90cb511794 |
| SHA512 | 1cb846d84ff2cdb74cdce66a3a89e3f3623ca90844b96c7bb36e0d94264700045fd03ef174762d9d966504200c01ceebe3c968270077a1abff8b71c60dbbd0c8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 79e9b9095373dbc21110c24540e99a00 |
| SHA1 | feba48c6cfac406655c44a2defa1ca49dfa45eb8 |
| SHA256 | aae3d0dac3ebf68eed518d1904e754c3f7a56d02f9f1170621ccafa4464d8272 |
| SHA512 | db94661a0bf2af41554879f48b44842b071f484c14b4847c6d41df88f5fa02596eff82ad53a30e5dfd04375544a1523610d178f35edb4e1ad69694958867e060 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 929c7ca69e7d0a0ca5f9f1520101148e |
| SHA1 | 1e7567e10c3f4b0cfea080de1f31777e90ac2677 |
| SHA256 | 79b0a0f9870d79413b7ae4de202d54e4288646d45d6dc7314edae3b03f675403 |
| SHA512 | 357eb61e8aa3c11fc9bdb152bbebb984c3ef94c6b44d5f4e2ec15d6cb2b24ea41aed8861ca58454a4a17f6ea8581577bc026c10676abb04fc239fa6399e81065 |
C:\Users\Admin\Downloads\DiscordSetup.exe
| MD5 | 3271ee796cb2c120bbf629e1a3efa0e7 |
| SHA1 | 8ac997d812b6697be081c7705658337953eaf996 |
| SHA256 | 29c0226a5ac5e77ad4ed5d892c9630656b368ab9a94a005a2c2db22a12cb12ba |
| SHA512 | 500071d66d6102b077b801e2b68290d38e12a6177995d7a4f7369967ac806555b5c8a1c19249d36ed19aa32b02d12aeec35523dbe2107afb7cb1f19e5feaf932 |
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
| MD5 | fd988e2394d4059658b3d8a7e1cd8ab0 |
| SHA1 | 69d723757a09037ad86315f50a108e9691639b8a |
| SHA256 | a6fbc7feaacd4f26db275871e82adb6a211a0cadf8ef885a448f0a7dfabcbe36 |
| SHA512 | 7533cfcb75e9a86020e958ed8a7bbb12a45fc9920a92b72bece6e81e1ceb22129eaec64489f2c76bacc37ef3bff1025d346c29cc1cfd4c912d867f47cfacdd66 |
memory/636-418-0x0000000000E60000-0x0000000000FD6000-memory.dmp
memory/636-419-0x0000000074290000-0x0000000074A40000-memory.dmp
memory/636-420-0x0000000005A60000-0x0000000005A70000-memory.dmp
C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES
| MD5 | b71b21a55e4c2df7f59b859ad53df8ca |
| SHA1 | 7ada856dff2f674bcccf15631d52c6810566001a |
| SHA256 | a7e593dc9d0650c80b1bf832f1f3e4e9dd90bbc1a72542b365b465fc2a9ab9ca |
| SHA512 | 162427d5d28c3d57a1ffc6868f7dec11477e449e65bccaaccab92bf51a20570974823cc2018b00b192ea90566a5de78ba9d86315ced63c0db2ee2b29beb96c56 |
C:\Users\Admin\AppData\Local\SquirrelTemp\Discord-1.0.9041-full.nupkg
| MD5 | a21fe91ed2f33eadfa91b90e0d059e7f |
| SHA1 | 0aaca1dee7e20f7128a8ad80df591e226cd0f15c |
| SHA256 | d2a8905caebf3eebd1dcd65e2355a9e7ee0907db1ecd76bf684d2d043f3c0529 |
| SHA512 | dc7ed2cc159a8730822278a42c72619ad5a11d69d922e8fe60f758a548890a8158f3b88467768e3bf6da274a2d76c5575821ba1c0ee01f0c199c11efdb6c6999 |
memory/636-590-0x0000000008190000-0x0000000008198000-memory.dmp
memory/636-591-0x0000000008210000-0x0000000008248000-memory.dmp
memory/636-592-0x00000000081E0000-0x00000000081EE000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\50afecf7-4702-4cdd-8667-0c499eb8ceab.tmp
| MD5 | c02d4469c6e6d278feb120b024e1877b |
| SHA1 | c25e54c0e3219b254f74d0a60b74c6a9d4255b88 |
| SHA256 | fa3529db7aa9e1b4b7226ed390ef892abd08357bf3c34b6a0bcf15659bd052f8 |
| SHA512 | 10f68ee7806a2d813c01c5798632baa6ced3b0f604da29617a0dadc8f1f8f907beaceba8a0662d381b2e32ea337bd19e2db17fe519fc282cfab077ca06913eac |
memory/636-599-0x0000000074290000-0x0000000074A40000-memory.dmp
C:\Users\Admin\AppData\Local\SquirrelTemp\SquirrelSetup.log
| MD5 | e80121dd59d9133878d9273ebccb81a5 |
| SHA1 | c132fc66c159d077d6efccea7d6e1d63082a0f03 |
| SHA256 | 8493a1cfd16e919d1984955a20041f9e83d98a1edbfb5d44a0db54d5f8d44a82 |
| SHA512 | c3bd9cbfd4efc1c6b07ae507d571dba2159d876772c2ea842ca6172a2233932b5ca50b02cd5329b72cb5900bb8fd1fd276019972770a4305ed77d30aa9ee36f9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a7f73c6a0a1fb6011dc194cb508107de |
| SHA1 | 7df8bdb3657ef17190bd35d9b06e5b2ed1c88cac |
| SHA256 | 0d9ddf56c6c33f212891305b9bd7a98b552716776a5656a79f5e5d17d5e2b3e4 |
| SHA512 | 4572daf93f9429870492c3b649b7bbaa94b35c03be991d755369840689db30ece077c5cfe7a4f83cc6d5ab3a74b8916359fbbe06ba179bde600d2ab59236b62b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 46ef9358c13dcf42c749cb400de82c20 |
| SHA1 | 672b30b018f63314421d2f159a0a88aa2637cf38 |
| SHA256 | a2c4dfaf12073cab831c06906cac9813a44aafd5ca4936402de879a77cda3958 |
| SHA512 | 2884f0864c5398f90633fb545b8bdf622fd960d04ec1e1e3cc857ecd5894620ff3e43458db7bad898ca32a9b3a29a8ee76f5d2d3cc1674c2fb177521fcfd4120 |
C:\Users\Admin\AppData\Local\Temp\SquirrelSetup.log
| MD5 | b226fc53ef7c9647dc4afbce9c03dd61 |
| SHA1 | d07960ff351e5112c5ed83d6f496cf7f7f64b308 |
| SHA256 | 9d21a1ecc5c75108e77e1da43a323fd496bd88a1a3926f140a8d039216754db7 |
| SHA512 | 56caf080c7286bbd0f964caaeb64838edccedca7a1a80ef3a11c053f4408046beac12f7e1f2077fd93a90d027a18e9051a6557d30c0a2f23c2de20f0c154de7a |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Update.exe.log
| MD5 | e3152798ee190e4fc7411c64955c7eed |
| SHA1 | 5e6ceb9361df35a5a0fac32b604d3fdd9f65c650 |
| SHA256 | bd13a78aa4b2084742da4adf1f239308081ec9f6e47c8ffb070c4a2c0d39a569 |
| SHA512 | bdee879b69e620c7927caee863cb7f93fdfad14236b667aef59e1f1c01550fe6d09940ef36961014e8426b8accd91b8ab0c1ff72e492cc745525a652a8833758 |
memory/5056-649-0x0000000074290000-0x0000000074A40000-memory.dmp
memory/5056-651-0x0000000004F00000-0x0000000004F10000-memory.dmp
C:\Users\Admin\AppData\Local\tmplhoezpke.uxf\app-1.0.9041\lib\net45\vk_swiftshader.dll
| MD5 | 126f5812842c5d4f7a3b872c7ee5b298 |
| SHA1 | e234ac7db5d6e127bad92a959d68cd284d6eb6a4 |
| SHA256 | 53d9e8e3cee7e04ccec3e417e70a2f436760db2d326a9ccc66f38489aca95450 |
| SHA512 | 4b0643a9f13e519879323c6fdf90b4ce53010f1cb6c0409edb2195f5bd86001fab7cc9e64c788417f9b3c039fc3cc0bd22bfb8e9efe656cd3cadd91fbb10d838 |
C:\Users\Admin\AppData\Local\tmplhoezpke.uxf\app-1.0.9041\lib\net45\v8_context_snapshot.bin
| MD5 | 5e59b98c444e66f981b8605636e88efd |
| SHA1 | 78ce5d12ef8d76e5de09873eec59657a5b3964ee |
| SHA256 | 457167b96cf7cb9d80bf5f74976314b465439adb0563ed820be15d848f3daf66 |
| SHA512 | 9401047fb86cd7d9b9aeea72bc3b7981b834e914d7ecc19ef2f787ccf946548a95241b89d508372caad6a7cc157e2be6fa931d952f836404b7c0c5abe4ca614b |
C:\Users\Admin\AppData\Local\tmplhoezpke.uxf\app-1.0.9041\lib\net45\updater.node
| MD5 | d0022b55cd5b4851fb702462a8eaa7a6 |
| SHA1 | 3d2beba92170afa3acfcc7ed3f84c97df88f05fa |
| SHA256 | 0092e5aa0e286b7afaf15114b81a8bbb4f14b89bf78b683e7f8f5e38c8b757d1 |
| SHA512 | 4b4ffee9ccf8cbe14695655925b2016f1eebc897b3664c6228b3417010c2662f05942bc5a49bec511bc765c755adb46590f30cd3c38380bd566e82706e0b65d1 |
C:\Users\Admin\AppData\Local\tmplhoezpke.uxf\app-1.0.9041\lib\net45\snapshot_blob.bin
| MD5 | a7af86bfeb3117a95c0a8fe916181561 |
| SHA1 | 1187747899fd63c3965f490228fb94553b50dc0d |
| SHA256 | e0e7d2ec67b93b6f801d01a81632a7f26038f3e249c3b9c8c6625dde40a7a9e0 |
| SHA512 | e969bde343ebe92a6ff983745f2520855a545c871c4f8f438cb0c082ea06a2feb9226b585b6ee1e0d410bf83792207726f3e242724aa0e480b215f0d7719e294 |
C:\Users\Admin\AppData\Local\tmplhoezpke.uxf\app-1.0.9041\lib\net45\resources.pak
| MD5 | e9056386a2b4edac9f0ffa829bc0cfa0 |
| SHA1 | f8d4b8289ebb088c9997a1fde1c2f12aedd6c82e |
| SHA256 | 546456d9a1328836a99876824f3beb7279f38403cd001515f5d9eb204939e57c |
| SHA512 | c49e832e5c16a1846ea882395e83f9cbe9f4f6b44be9f0c7276d0a4495b88091bd95593c5e167dba853834058d7ca823db60d2fac73434ed952b7064b2daf6da |
C:\Users\Admin\AppData\Local\tmplhoezpke.uxf\app-1.0.9041\lib\net45\libGLESv2.dll
| MD5 | 793c32d65a356607ba89088ff0808060 |
| SHA1 | 48e1fbf8a9004029cdbe04c1afee3f83cc80a249 |
| SHA256 | a19881a4876955ee223d884a5d04d85c04e54de900ae5c22b7cd4ac60ba17a81 |
| SHA512 | dd5e4941f513d6910412cd1eb9325edd16dadf32f0c38a6906cf38a0c96511191278695d79be112005fd391307e4a3988342093d160f65b68d8c163d7aa72184 |
C:\Users\Admin\AppData\Local\tmplhoezpke.uxf\app-1.0.9041\lib\net45\libEGL.dll
| MD5 | 506aaa6d5798dac2b553db4b077382dc |
| SHA1 | 042a7b20ba2395aa26d30d7b8bad13e7ff3d9e66 |
| SHA256 | 06a8c0b8e526d1f777310f3dfded4214846bf2e2394d5cbad954c96e58a8de7b |
| SHA512 | ff000f535117989e8ecdd3931d353403874eadf6c8c225056bfb22edaf8bde7cdd8ef72e428c48a94bb73783f4fec068cde48ffa70575ec20c0ee37930c51a40 |
C:\Users\Admin\AppData\Local\tmplhoezpke.uxf\app-1.0.9041\lib\net45\installer.db
| MD5 | f06caf21749e5481af997ed50b4f24db |
| SHA1 | db8c5a303638c0ee7ca5d0b9d3d7b122d33d0b9a |
| SHA256 | 6d62eef02a366bafdcb8f45e222f04d4a94bffbb4b6563b2363deaf4e060f755 |
| SHA512 | d2bfc7ba0c74799a63785427dd05fd8fce5532bec5e1d14f6135b625d786757e676a79d12e1e083f7a7e857c1832aef9fdefb9f76170180080b5541b620c806e |
C:\Users\Admin\AppData\Local\tmplhoezpke.uxf\app-1.0.9041\lib\net45\icudtl.dat
| MD5 | e0f1ad85c0933ecce2e003a2c59ae726 |
| SHA1 | a8539fc5a233558edfa264a34f7af6187c3f0d4f |
| SHA256 | f5170aa2b388d23bebf98784dd488a9bcb741470384a6a9a8d7a2638d768defb |
| SHA512 | 714ed5ae44dfa4812081b8de42401197c235a4fa05206597f4c7b4170dd37e8360cc75d176399b735c9aec200f5b7d5c81c07b9ab58cbca8dc08861c6814fb28 |
C:\Users\Admin\AppData\Local\tmplhoezpke.uxf\app-1.0.9041\lib\net45\ffmpeg.dll
| MD5 | e25a4f69815d61632c43a7dacd33636d |
| SHA1 | f1cd2eb38828e86e5c0a3192bfc0e0e0fb90b214 |
| SHA256 | 3247c0cc44863845734bb76acddcb7f8bbc1a6ec76fc484db54f683b6392354c |
| SHA512 | 36cbb8da287a124ebfda5e5da908e2a9fb494fc3d74a91455cd4986e31b545d2783268aca93501a7243a1306c9bbb4d1cc80e2b241c538b4170df57479d0c24c |
C:\Users\Admin\AppData\Local\tmplhoezpke.uxf\app-1.0.9041\lib\net45\Discord.exe
| MD5 | 8967de355a2817125d1bba42ff6aec5e |
| SHA1 | 75caee8ae01a39ae586ae9b5fbe54e27241abe7e |
| SHA256 | 08d785f01b9b79e1f988d486536b6433f9825cabe4ab6ac7f9bb74954f3ae13e |
| SHA512 | 59e408dc3609478ce196178056f20d1fb006a9707ccbec072b76b069686a67fd738f04d1e24f15a5222bb62d997fe913c0b7cfeb137ed7a2029b172468001b89 |
C:\Users\Admin\AppData\Local\tmplhoezpke.uxf\app-1.0.9041\lib\net45\d3dcompiler_47.dll
| MD5 | 08ac37f455e0640c0250936090fe91b6 |
| SHA1 | 7a91992d739448bc89e9f37a6b7efeb736efc43d |
| SHA256 | 2438b520ac961e38c5852779103734be373ee2b6d1e5a7a5d49248b52acc7c4d |
| SHA512 | 35a118f62b21160b0e7a92c7b9305da708c5cbd3491a724da330e3fc147dde2ca494387866c4e835f8e729b89ee0903fd1b479fcc75b9e516df8b86a2f1364c8 |
C:\Users\Admin\AppData\Local\tmplhoezpke.uxf\app-1.0.9041\lib\net45\chrome_200_percent.pak
| MD5 | 47668ac5038e68a565e0a9243df3c9e5 |
| SHA1 | 38408f73501162d96757a72c63e41e78541c8e8e |
| SHA256 | fac820a98b746a04ce14ec40c7268d6a58819133972b538f9720a5363c862e32 |
| SHA512 | 5412041c923057ff320aba09674b309b7fd71ede7e467f47df54f92b7c124e3040914d6b8083272ef9f985eef1626eaf4606b17a3cae97cfe507fb74bc6f0f89 |
C:\Users\Admin\AppData\Local\tmplhoezpke.uxf\app-1.0.9041\lib\net45\chrome_100_percent.pak
| MD5 | 4fc6564b727baa5fecf6bf3f6116cc64 |
| SHA1 | 6ced7b16dc1abe862820dfe25f4fe7ead1d3f518 |
| SHA256 | b7805392bfce11118165e3a4e747ac0ca515e4e0ceadab356d685575f6aa45fb |
| SHA512 | fa7eab7c9b67208bd076b2cbda575b5cc16a81f59cc9bba9512a0e85af97e2f3adebc543d0d847d348d513b9c7e8bef375ab2fef662387d87c82b296d76dffa2 |
C:\Users\Admin\AppData\Local\tmplhoezpke.uxf\app-1.0.9041\lib\net45\app.ico
| MD5 | 084f9bc0136f779f82bea88b5c38a358 |
| SHA1 | 64f210b7888e5474c3aabcb602d895d58929b451 |
| SHA256 | dfcea1bea8a924252d507d0316d8cf38efc61cf1314e47dca3eb723f47d5fe43 |
| SHA512 | 65bccb3e1d4849b61c68716831578300b20dcaf1cbc155512edbc6d73dccbaf6e5495d4f95d089ee496f8e080057b7097a628cc104fa8eaad8da866891d9e3eb |
C:\Users\Admin\AppData\Local\tmplhoezpke.uxf\app-1.0.9041\lib\net45\resources\build_info.json
| MD5 | 2f27f5cafc72ffc221daaf89a1518c09 |
| SHA1 | ef8c63f368b9a7d77d7d85d29fa13d0e3bbd873d |
| SHA256 | 5d8b039e0fbd4a675ab5fd6eaf9c301cab7b3ee2d13393e29cebb45fe9dd2977 |
| SHA512 | 2846ef41ea6f0f5da24dc690998ec657d8e99aedf878e6f16417ae3372cf054693ac96a4dbab42a634cd18cc42a86efb50c1bd11f05012c10914b35f45d6713d |
C:\Users\Admin\AppData\Local\tmplhoezpke.uxf\app-1.0.9041\lib\net45\resources\app.asar
| MD5 | 18c82fef289b0aa9fff73ce8489c69f5 |
| SHA1 | 76999d747423ef5cd9cc0a1fa039a7fad6c89763 |
| SHA256 | c5e9c322296f97c42132aa29cf9e94e372e9de3b83e2fd1266340ab476b2d821 |
| SHA512 | 529bb2a0c8c399b4815740928a1b74bbce23d04f9cffeb2be2d12b46f3d3aad00d4498ba95fad0e8d82e52850f6b5395041b65931c63123ab5c95c15d5a82a26 |
C:\Users\Admin\AppData\Local\tmplhoezpke.uxf\app-1.0.9041\lib\net45\resources\tzdata\zoneinfo64.res
| MD5 | 06451ed2cf5ed42024d36bda20fbb03f |
| SHA1 | 86965cd7e896544360e4e98dd5285d9eb35074f7 |
| SHA256 | fd3393a05a33710148a15c87f789fd34b29a358690ece2c14ee3435766ffa6d2 |
| SHA512 | 27cc74c3fd0cf7315a88f62412edc1628f4fbe9c660289d5c4a60457d0b6ca9610b271516d41c2529c49fb4da1d519f4328a1074dbcedd91972785f3d0e00a82 |
C:\Users\Admin\AppData\Local\tmplhoezpke.uxf\app-1.0.9041\lib\net45\resources\tzdata\windowsZones.res
| MD5 | 8e98286772b65ffcfaa0ba6e1e22fff1 |
| SHA1 | 69e54c1b79e36c2b56df24f1b338ef44257d0fa9 |
| SHA256 | 784edc13cc73767b3d8dc3ac6d796c9df0b4bf60e5e6723ee8c76a82639dba9b |
| SHA512 | fc3fd304b2b2e3a12862dbb6cd2205bf2fd492e3e65e98bcf0e1aae5c77e85e4e2227bc0d520debbe220714cf6488b62abb13163525dbecad8ce80a32f262399 |
C:\Users\Admin\AppData\Local\tmplhoezpke.uxf\app-1.0.9041\lib\net45\resources\tzdata\timezoneTypes.res
| MD5 | b86b784b8504b003ab3c68340d5dacc2 |
| SHA1 | 8f4ef0cc5ac7183d3db1b17cf4538b4861806b65 |
| SHA256 | e2890a9c82369d5957e927e013ddfeadce8e76eae066968be9defe80b03eb2c5 |
| SHA512 | e1607b3f2dd5e758f997fddaac1788333d57d572e8e9a7132a79591644a5bc708ec25701887b9bcd03835111f229db726846aed68b4a9e1f8252c9b6dc198c27 |
C:\Users\Admin\AppData\Local\tmplhoezpke.uxf\app-1.0.9041\lib\net45\resources\tzdata\metaZones.res
| MD5 | e2b1eb129d146a3edf84f062656fafbf |
| SHA1 | b12ecec20314ed8d60f1ec354e5175208604c831 |
| SHA256 | 0c0a0c5e79b7ee5885eec3c856079c08e6d4af5753c8d4988fe386e787f48d0d |
| SHA512 | 2c5cbe82bfec1fe21b4636abe646f5edf2a1558f425338a6adc8a82ff86eb906c32f222d1d38455eca980e857e79828ccc1e71ba74296ad09a6bfd224fcbed13 |
C:\Users\Admin\AppData\Local\tmplhoezpke.uxf\app-1.0.9041\lib\net45\resources\bootstrap\manifest.json
| MD5 | 8370571bc90d74e5deb8781eca6f2dd3 |
| SHA1 | dd1d408e7581a01c82b5341e70a2b1533470d912 |
| SHA256 | 4e0e3e30704c0e52bc23214f4f2e6eb4fec749643978d36d9d18317dc4d49a01 |
| SHA512 | 9728dc10315eeaa1ea6392e679eea176c1d764726009af182878daad4c574e79085cc6301ed9db26c643e2ec8986424ee758792f67b3afe600445e85cc639a10 |
C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\vulkan-1.dll
| MD5 | ee8cf6b77c8d769af64160a28f2c15c0 |
| SHA1 | 938fcd66aa0709b89c3c7b0124d4a7f1b83bdfc0 |
| SHA256 | dd169b3e79817dab2698a25c11abe5e05c33011322b8b43d2c10f36d65aab943 |
| SHA512 | 85a6787b7aeff6be6bfff6b55f1aaecdecc99b53badf7be02b20a476c8fee14390f744991ac4f45ec99fb90dd44a5aa183e5406b3a1b407bbabe00e973d14b6a |
C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
memory/5056-860-0x0000000004F00000-0x0000000004F10000-memory.dmp
memory/1292-866-0x0000000074290000-0x0000000074A40000-memory.dmp
memory/1292-867-0x0000000004B20000-0x0000000004B40000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
memory/1292-917-0x0000000074290000-0x0000000074A40000-memory.dmp
memory/5056-941-0x0000000074290000-0x0000000074A40000-memory.dmp
memory/5056-944-0x0000000004F00000-0x0000000004F10000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 545e2a7ed16e4ddf87efaa1721ba7f58 |
| SHA1 | 5e76c16ec330a04ec39398a6c75d04eb8fe490d9 |
| SHA256 | 06b7f2411b57750d74028714fd2a21a7475ec6e0a927af7ec27015e2ba9f6e9a |
| SHA512 | 9a979b50a2fc9bc4481e1ab77dd6f4a333583d6a76cb5946f0f703b016982af9dd9d89b11e03c35cee4c0decb664f3b24901aab28e7a148df56a6475aac59b03 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5af4fff55eb42d9a1b7acb44b401178a |
| SHA1 | 076b42c247257f82f0c8f9ff2560733dda791fdf |
| SHA256 | 96bfdeb353026d122cd608dadb26d64879aa676b5afdcd468ed11b49cab068fb |
| SHA512 | a6b5502a99191b58927ae2e421d703307ec62aba9311a7ff9dcd1a31b5d63e6cf140a20c7588c131b90875a6f858f509f90c05d54e0c56a3a5faa05a0eca8567 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 2ea22130ac4b4cab74663128a7c78353 |
| SHA1 | ac5cb25ea092ecce189debc85e3c2d4f2ce4eada |
| SHA256 | fa14973fb68c69f0cca95ea73a36cf51a2404746dc8f068fa644b51c547b7a84 |
| SHA512 | 249e31a56b4d06d1929fb3f752d4977303a9aad8e2bafe5c8b0e36522b2873ee96175e04f280793f53bcb04d52e30a7b76e17283e1ab97cc31b80cfe37b30cc0 |
memory/3712-1007-0x000001A0C7E70000-0x000001A0C7E71000-memory.dmp
memory/3712-1006-0x000001A0C7E70000-0x000001A0C7E71000-memory.dmp
memory/3712-1005-0x000001A0C7E70000-0x000001A0C7E71000-memory.dmp
memory/3712-1011-0x000001A0C7E70000-0x000001A0C7E71000-memory.dmp
memory/3712-1013-0x000001A0C7E70000-0x000001A0C7E71000-memory.dmp
memory/3712-1012-0x000001A0C7E70000-0x000001A0C7E71000-memory.dmp
memory/3712-1014-0x000001A0C7E70000-0x000001A0C7E71000-memory.dmp
memory/3712-1015-0x000001A0C7E70000-0x000001A0C7E71000-memory.dmp
memory/3712-1016-0x000001A0C7E70000-0x000001A0C7E71000-memory.dmp
memory/3712-1017-0x000001A0C7E70000-0x000001A0C7E71000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e9af3643-3131-4a16-bf6e-bdb2c999eaa3.tmp
| MD5 | 512b20e42990f0bf1ad1d1eb8bc02de3 |
| SHA1 | 7ada8b68f045272557c05e55e87215786675e377 |
| SHA256 | be2d196f823c635fab714afce72b92fbd836aa6452a54a946f16f7ee48a9849b |
| SHA512 | 438319b457b110e0d48995a1deddbdb44c23f04beb413dd64267e30beb3b2e91e079e366f2aad0f74d7e621e739dd529537b8cd36bfd96778723a2d5fa391711 |
C:\Users\Admin\AppData\Local\Temp\2f93wCg5iNrZCbyTZcnM8I0tVpv\chrome_100_percent.pak
| MD5 | 9c1b859b611600201ccf898f1eff2476 |
| SHA1 | 87d5d9a5fcc2496b48bb084fdf04331823dd1699 |
| SHA256 | 53102833760a725241841312de452c45e43edd60a122546105ab4020ccef591b |
| SHA512 | 1a8ec288e53b9d7e43d018995abe4e3d9c83d329d0561fbb7d022e8b79ffecf033e995b9bc6af352a71c646a1e8afba4addb54deab7455f24b7a279a3dd7c336 |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\chrome_200_percent.pak
| MD5 | b51a78961b1dbb156343e6e024093d41 |
| SHA1 | 51298bfe945a9645311169fc5bb64a2a1f20bc38 |
| SHA256 | 4a438f0e209ac62ffa2c14036efdd5474b5ecaa7cbf54110f2e6153abdfb8be9 |
| SHA512 | 23dedde25ad9cb5829d4b6092a815712788698c2a5a0aefb4299675d39f8b5e2844eabd1ea42332a0408bd234548f5af628e7e365ab26f3385ebfa158cdd921d |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\d3dcompiler_47.dll
| MD5 | 7641e39b7da4077084d2afe7c31032e0 |
| SHA1 | 2256644f69435ff2fee76deb04d918083960d1eb |
| SHA256 | 44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47 |
| SHA512 | 8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5 |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\ffmpeg.dll
| MD5 | 12cb29b61007fd6cd166882635241038 |
| SHA1 | 31bacefd2d7238fb5ac77f728bb39a27b400dbb0 |
| SHA256 | 2e60bc5a05d3e98d12d2bd577d63b6dc77bd1b3734633259fcaf50fa3688ca9c |
| SHA512 | cbfab7708a01fe47904facfdf9604025d6f1c680e40ada0b4c1b1ef35a4eab7de5de96c22d0491c6d202175d2c66693216efab6cfab73e316d466811d834b126 |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\icudtl.dat
| MD5 | 599c39d9adb88686c4585b15fb745c0e |
| SHA1 | 2215eb6299aa18e87db21f686b08695a5199f4e2 |
| SHA256 | c5f82843420fa9d144e006b48d59ba7ef95f7e6cb1ea95b27fcdd2c97f850859 |
| SHA512 | 16194186a8407b29f799d4b02f5674e4fbd5d91163fad9f8dce6ceedd865b754a681aa960d0f3f1b62cb21d5443879f1b8e9b691c19c5802d5bdfe4ed645b8bc |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\libEGL.dll
| MD5 | 979b72ca6e98fc7fdcfcc50d77906fb5 |
| SHA1 | dc4b874f495ed73c90b39feb566a48a081371c4b |
| SHA256 | 73d1f5880980a2ccb8e5a15e285a4a11fccd80754829e85aa9a3b8ffecf39dd9 |
| SHA512 | bd4d25a591d1c52d9a4a850a5bccbbf5ec8d174f5f093c0fd611a18af8d337b918464220a4f9591d03582aadf1c9cb392596a5449fb7d0a928889b0f65f8c619 |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\libGLESv2.dll
| MD5 | 5300049a47fd88310ef94f9e37eeb247 |
| SHA1 | 89672d16382a75781eeca002c850c17cfc46e851 |
| SHA256 | 33863ea4047e4eaae8f24bfa3491bb809d4c3d44489ae2bbe5e3af9e5cc1fe50 |
| SHA512 | b38ef83cb40923654ae1efcdb8af63e1fb47f640a0cbeac350b97f24da1365da23d757cacef1f9e994ace0b076b4bc1408644347aec3c94995bb27d184a93c09 |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\LICENSE.electron.txt
| MD5 | 4d42118d35941e0f664dddbd83f633c5 |
| SHA1 | 2b21ec5f20fe961d15f2b58efb1368e66d202e5c |
| SHA256 | 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d |
| SHA512 | 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63 |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\LICENSES.chromium.html
| MD5 | df37c89638c65db9a4518b88e79350be |
| SHA1 | 6b9ba9fba54fb3aa1b938de218f549078924ac50 |
| SHA256 | dbd18fe7c6e72eeb81680fabef9b6c0262d1d2d1aa679b3b221d9d9ced509463 |
| SHA512 | 93dd6df08fc0bfaf3e6a690943c090aefe66c5e9995392bebd510c5b6260533b1522dc529b8328dfe862192e1357e9e98d1cdd95117c08c76be3ab565c6eea67 |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\resources.pak
| MD5 | 2db0729cb0a452b13400e0ad97a46a8e |
| SHA1 | 2aaaa7e0e932e7b46958214cce81d60099cfc2a0 |
| SHA256 | af41c2d4484ee3b86b63bde75f150bf67f78a6257d91b397b6b15d47b041e177 |
| SHA512 | 967bcac22315ecbe76c5a1cec4439523a92710791ea6112aedeb2d294419714e7aab5526f868898c6c2cb83886dc98c694dddd314766c2ae373f55f3529a65fb |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\snapshot_blob.bin
| MD5 | 19f1e25cc7c427dbfb519ce6dc2c7e64 |
| SHA1 | 5578aa048412482650bb51b04ccbf038155f5c8b |
| SHA256 | b6531c8ff3a288d00e4625cfc5019ccdac9cb8a53e723792616aace3b27f90c3 |
| SHA512 | ef07c82a8a3f36bc8492d0c0a964ee57c3bae3188c7c67eb555b9d117739b5a09e44183dbf9f2cf17ac386d7d777b62b534b2f55edec977c75ec3d6b5b535620 |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\vk_swiftshader.dll
| MD5 | 37bba2c66e2364a5b3e6666864f3b604 |
| SHA1 | f2ecffd48760482ba055aa50cd78c5ac02d09ba2 |
| SHA256 | 23e6927733549be11d506b862cc7148b7b08b50b4387837db522ec9380babc46 |
| SHA512 | 6e7835fce0e988c997049796125b4f2ef83cb9c2e326edeb54d4bad77fa31bf4b4227aeb1db445d3ee21e6cb959d65310a1bbda2d14e567d4123cf6544a947ea |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\v8_context_snapshot.bin
| MD5 | c384ae622a7a6c7ec328678af12922c2 |
| SHA1 | 25165dcaf78d3d29a16e4f979370e0b009ede240 |
| SHA256 | 977a027c50bd79e93ec015fbebaccfaaa8885b88c76f7e5a2c33337d6d5173c3 |
| SHA512 | d0571f5e18dcf14a591a76243d52094bb843b0779630f31cbb66fd738c1c35d10bb7ef751eb01a953305ee19f2777f4d3ca6f9b132199b2af357c0b03185d9a7 |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\UnityLibraryLinker.exe
| MD5 | 3f07334dc5144f7e22b4aca05223502b |
| SHA1 | 77d8ac3a2706a27ef4d93b84c855d145cf01c75d |
| SHA256 | 7d9ed7ca12f61c1095af46fb7d33dd66c437553eafa4c088a9d88c40a77e61fb |
| SHA512 | bd9234a6969ffb121a5875c72e4dc446e6923d6944e7d7d7b6c989ba65c0bf96a352307d7b392a9bddb0eefa13bd4b83272b5fdd7ff184caebbf2b48cb2bcccb |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\vulkan-1.dll
| MD5 | ad4a5dcf631afd553b4fed8a269c7897 |
| SHA1 | f1bded0b28ee8aed4a52a6d19d871eba4828e0f2 |
| SHA256 | 3141825bfa3a8cecf8b59767e8b6ac41c20685932d6000b9c6cd0e40ddca12db |
| SHA512 | 8e01379201f2a907cff7f32dfbac6b1eb8ee014312755884b35e4065477d8a8069e3188086d7cced11d437b461211bca6abb6e582e98473883cf35faad41eae2 |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\locales\am.pak
| MD5 | b319cd4192f5bd03bab4644ee51e4ebc |
| SHA1 | 49c52f43f542022a97d2ae18a56a266deb901496 |
| SHA256 | ab1d0f3bedb5806fa7268773b6193928cdb40e641d8563c14df1bf962434d5f2 |
| SHA512 | 3fe8284422bb7de7f2e3e121b8657b7686586d597b4d453b2e38f119fd25bddd61c1218f22cc8e4bbf37f393411bb866c0d6c166207b5bbfeb45f5459e29e370 |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\locales\bg.pak
| MD5 | 8448caa7a70f74dc0c6e453e7487bedb |
| SHA1 | a7f67df94ee9532d26c6e6e827d61414f4516d0c |
| SHA256 | 19f49a247dfa1328799a1be9a556d940618ceefc04a5dfd813e5c023d086a41a |
| SHA512 | 337293839e64f514152c7558f2d1cbb301730675936ecfc11242d1346c9da535896dddaa8ad563a40303cdc8884f80af679c324b31325d40b7141a8738ab14bf |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\locales\ar.pak
| MD5 | d7eecfb7cc52b3dfb69d8047dc6aa12d |
| SHA1 | fa5e4e98395c4bb14259c2e3c36fc84b55f0c3d5 |
| SHA256 | e38cd21fb917db4671ab331ee505948e109e2a0c6a2f3ad0e64d09863efb7df8 |
| SHA512 | 2ebc6f7749e50bb3a9c27d2235be1478fc2d58a7b6f5c4cbbda09ad4f28ee3873881dda16ea668eeb63dd259a23ac68c73e4ab4295d51a22c36284d9c8667ed1 |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\locales\bn.pak
| MD5 | 124d35950327fec461c07dfb6dde72eb |
| SHA1 | f3d7791dd6bdf88f65a62ec2e8170ee445b6a37a |
| SHA256 | def934201f35a643c8b097be42fe86f2a08cef5523cb61e2d94cb33ae373f502 |
| SHA512 | 05a993c9ba52083b8a7f0b3662eb8e4a873d23f309d334cb4e4088fa5e33d8503fdc6d19f247c4920cdd91a165995c514b2a061c26fc44f89e864516ffdde9b6 |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\locales\ca.pak
| MD5 | 90d8b16ace2fc684d0ddde0d71f64831 |
| SHA1 | ead7dbeffb3c102d3547c8c256135991b547ade9 |
| SHA256 | 020350f4a902c79e0f1f5366e209b2c309ac51b6e72d9ccf51cdde2fab756e3e |
| SHA512 | bfeec65e7c001d7a29c18e6bfc2b4c6688c828419d0e9823d524a7b35c24a3303c1cfb8f14a98d965d4ab41c5110842ec64cb7a2928309b0bd31291e85b168b7 |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\locales\cs.pak
| MD5 | 2c9e55ed46954a8eaa27105f3f074ca2 |
| SHA1 | bb4a36964cd1e8f140c9937586b5215fbd7a9632 |
| SHA256 | 86f1847450d5c341893fa097fa6d4e0964963c0c2466a985d014dab0b65f34e6 |
| SHA512 | cf7141a3db9d44c0940e88ded1f326b5ca4031d18f8a8236b313c6a6c41289e9dfd12c3367181edcbd5425deb584b082df004bd6db0ca55a1da151703af575bf |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\locales\de.pak
| MD5 | 8e560e240bb79e453167f70409226619 |
| SHA1 | bde183d2191d42797a300f0c4cd83e1db278c928 |
| SHA256 | 61c4a4b5c309128ba86a5345db04798be0680905543c6986f7b3cc4b1ba72729 |
| SHA512 | 5564555eb203fe86e9630dc223e4012c7e3501d68554b6b7138a3c6064d39b868e7e2e0e8b994169e918e9c6f67066440b89c7ab10f48731a84fab84c2e7ff82 |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\locales\da.pak
| MD5 | 66e780528890dc0f484a3d6938ac281a |
| SHA1 | 5f46f7915cf101b88d29213b457f37e24d5a083e |
| SHA256 | e698945093c1f562d0e591c03d9670a9b01d0eaa56a2c80c1d12d91d88b7b407 |
| SHA512 | 9cbc2b054bd3f9d39050a4a189fcf0127a43b9991ecdc9453679c53b38cf8a25138057648a756e01fc9b4825c009a8894ef68b94faca83cd35d268fb05556af1 |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\locales\es.pak
| MD5 | 09e0feb85585bb4a220a3ab3f21adb9b |
| SHA1 | e564afb37d5f5305585ad1081a26b34ebee73ccf |
| SHA256 | cf7ea140dceac78042e0d35da45a4fe732eb04e1d2b138bee4cc2dc5e7e9a0fa |
| SHA512 | 8317bd2b4f509edabac1a74ec32bcfd54b14598799537d90178ec349cd71fe967d5c677403c85e305a6f2e94722c20a83e65c0bdb29a6265c5355683856f4ade |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\locales\es-419.pak
| MD5 | f9958dd6ce0ce1acea070bbf317b1160 |
| SHA1 | 0dbc4020e505a053cdbe6a0a9506829498a8a25c |
| SHA256 | ea868929f537d48e846f86020762c59c77a0ec67765c3af22e08fcc853f94c2e |
| SHA512 | 35a6e5fdff6b4e3a076eea70b7c551f1d303b4db4e63aabbbde54b4fefe40d750a03440bed7851f12750661ff8b87c5ce3382b0c71d0e171f729a7a82f968cf6 |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\locales\en-US.pak
| MD5 | b58cb46758c6bc8fe4385ec2ce4e50b7 |
| SHA1 | 34026e96e02220cea46a31c2319f695ca2e0a914 |
| SHA256 | e34c459684971971765943e8b5b2d1751b329a9502f0fd6649679823f725b8c3 |
| SHA512 | 702384f9d6d77da08fc8c49a5f65957c56e363e1ad37f9d0611092d248db1f79636a6cf336e55669e002194f589f584b5663b4d77e54fa95e18f84eb4864d7f5 |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\locales\et.pak
| MD5 | 3ca246cd997a68bb4a6daa8b3b81908d |
| SHA1 | 842bf5f6bdd29ccccb24ea412497acdb37a5f805 |
| SHA256 | 25c1e1306160779466d8c039ea296db65d12dcf21d2ad794a36ab62b1a7901fe |
| SHA512 | 32135a0c29bf666833292b557634d4510c185f711d7ad8625e981811ea082dca0d1714f481c9c8ce8b3acefd18469093d48fc05bc0160ffb87d1e2b90f4cba1c |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\locales\en-GB.pak
| MD5 | 05f7b55019ba0a9da84073cec0a954c3 |
| SHA1 | b46462fa8c614161ec42fa791e4ce3163c92ea8c |
| SHA256 | a690e642a6b781efc3da2e8c83e554d6e8b9ae6ac34f6f0a4f327dd9ea7cb7f1 |
| SHA512 | 30e93503db60b8c7a8dc902efa960583316cb83337eca102f0bdafc47d3b59ad5ea1eb99b5b9deb0ff66345d551485963e4c61ce555298880aafcd298057fd34 |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\locales\el.pak
| MD5 | b3724a4dcb17bd341da403acfdff0bf5 |
| SHA1 | 05fc9eb29381f1befbafb937c564a87205779264 |
| SHA256 | 0adb6e5173572ab4a3df5671cf053196f158294bc1e07275a7e6fb6d8da81b06 |
| SHA512 | 3ccd57eb43840573bbd7e6d8b24028213acf58040b2795a975ca4750e4a9500d8af74bebac1b47f2d9b87204c68707d53b0d927c0aeac1fa1bfdb1c899e66f37 |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\locales\fa.pak
| MD5 | 46412682e8d0743714fc28a520aeb35d |
| SHA1 | dc6bd723efd460a56d205bc199e3be4c98698ba4 |
| SHA256 | 9861d5260b98b384603ef02e97dac0295fd255e550b57fd427bbef24b1cd7b17 |
| SHA512 | c77c5344c6a7af4035f865aa7e3a3aaab39b11c4a3bdd94aa99f15dbc6ec7cf4b6057ff48fd55e2ff41041728fecf80dcd488578dc1db249ab1b7598fa438f14 |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\locales\fi.pak
| MD5 | a3b5292c5e2e981dc4ce9504f638a542 |
| SHA1 | 6cf480f3d7cb5df71bdd4089a1821f2eb2dacecc |
| SHA256 | f4f2438a3810ccda4740442cdd964e43883cdeb820715cbd7be03cfa6b1e55ed |
| SHA512 | 6ed819896e2aa72d73bd2af731f7f714119fbe7d1fce5909d1a9d9ecb99c6369505e6d33f1f9ebadcb0da608f9aec365bc6cb5f6e22373d577cced7e317772c4 |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\locales\fil.pak
| MD5 | 7c3df3c13393e1b24e4e96f2b9082a6a |
| SHA1 | caae1c99b589e14184e9f2c89f698a2558f4ec3c |
| SHA256 | 27196aee4a6248bee44ea2b5a3de90ccc2cd53f8ce1beeb796aa4d7e25bd43ae |
| SHA512 | 2d85d37d9560cd6ff460e32c3c569851ae28d794b5319ce74c010cad527c4004e54c993d5440bd22d6e51d86c4c4683f8db03c38abca4839a10e2efe46ae35e4 |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\locales\fr.pak
| MD5 | a17cca5f1db7cedccda9c5a7784bebd0 |
| SHA1 | c5e0a0d24a14a535406886c00ad10d20638341b4 |
| SHA256 | e8da96855f7238a6ee3162b08d46e5ab84d98179dabf535060ef5fccdb36bc79 |
| SHA512 | 0bb2217e44f1c8cd9e4cc2127454e1fd137c6fa101914bd230b9089d6317f599c9dfdddafe3d5cbc0fdc036e7b4f6e5cb528bddc572b5e26c8e0322f1a7d0b97 |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\locales\gu.pak
| MD5 | 10c1dc999bc7ab62e1f26b0497afa7bb |
| SHA1 | 68da1055b8acdf016b152a2f401322d3d76885b5 |
| SHA256 | b9690f3c550deb0827e409015abf3bcaab01c9acd33e96932e85ac84ff4c7831 |
| SHA512 | c10a956fdfab446b74f1dd2a169201f0b7ddc4ff1d7a635b9c81f07942ea0d34ea327e2e7f07e3a672ac85c8b8ce7a0e871d02946da4fb5e8e75713e56cbce61 |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\locales\he.pak
| MD5 | 5db44f8dc63c819b0ae2a5458e36447f |
| SHA1 | 6b440ad4bdef6acd31ca8be5d085db26a49a209b |
| SHA256 | bee5f133cc85f8ca280f9f41df6790aa65161fe8dac8dea7e26fc609240e84a1 |
| SHA512 | cd0d104597c5c926480443b5d1a16526ec0e48c3d6dca6233ec7cfa63f01f2f5674d9ac9a86a45b789a94fcb3b63aeaf92351bac2f4920a25dd8d4fcd1edce19 |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\locales\hi.pak
| MD5 | 815dfb3eeb9a69919ecf2562b6d4ad34 |
| SHA1 | 2d0fb4c2a19b7a991974783b51b13c7b3610b686 |
| SHA256 | a480e95a5cf338a90f7d077e4147f45696db9ad6e8cae1765ccc5ef05fb48505 |
| SHA512 | 0e6c8374ed7f6f3b523c2dd5455b598ab0650da8ce3a8243a1a42c6327db9a694947a508a90edf95685c84120cc73964a16c7ec49835ea398dcc6186d08ef1b0 |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\locales\hu.pak
| MD5 | 4b5fea4bd49738337ab10bb3f1e6bda4 |
| SHA1 | 0f27220019e099b658a9c563995dc2b022fb1d68 |
| SHA256 | e526c9c9a8c4d27c432d3cc30766fbdec6c536b696a7ccb7e9376f0e55147b90 |
| SHA512 | 4e271f8ca0028ff5b8a86e8610174739d2d2b7a267381562bbac3543d03f6895b3361c2f6fcfbcaea6f5aad1690e878ae0de5c905de12b213c2c5c396caafa66 |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\locales\hr.pak
| MD5 | ebdf0ad52e9a0f8c8735614775ff5a94 |
| SHA1 | 787feb9f703daa094814464b090aa5d36725e007 |
| SHA256 | b9c21e5187e8649157f5e49e014b8c285866ec839638344a31234b60a17e7d47 |
| SHA512 | e2853884687393fa2b0f8e4b27af5664c223fd5bb2862e5ef788f912771eb9d61e7ca1fc39f29ab679f49986b5a95b9da44727c69c99dfd3bb8ea2f4e974ada3 |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\locales\id.pak
| MD5 | 39378b548f712608903ee8aa25db212d |
| SHA1 | 7f5a3466a4c8609c6bab7ed3dbc9fed52cfe1e62 |
| SHA256 | 426a302448ec17e313724b38bda9ad4d5c031da48a1ed3690b547b51a06229a2 |
| SHA512 | 7d2d823445316f5a63df286af2f1e28b90b8e3a04aabc835020b17f690d95f7ba2d0261876495345876cf826fc57dd0a9577e79af7e609adb8c71b8b4ff03550 |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\locales\it.pak
| MD5 | 5b03bfc915b62aceb06b9c670fb77e33 |
| SHA1 | 9c88ef98dea5a7d7be8571354ad3c033033a40b8 |
| SHA256 | 1f9a38c852c05577aba397c388b35037eec6b9d90593800b5b57bac437b42684 |
| SHA512 | b22c4db0b56c136e9263a15bb2a31a9213ac20321b189cb0572bd1f0b0b9989a7e698d94750d9c5d01557f4b247abf9a8cff1940bab03fdb737a8276d96ed1d0 |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\locales\ja.pak
| MD5 | 640bb80728453be0104566caeeb8eb82 |
| SHA1 | 362b46036c58421f4b0f9b2f714b21e244aeee44 |
| SHA256 | 1bfb337c19c9d04bc53df2d2eca6b73c11df33b6fd07a6a3fce5427ef0f38cd4 |
| SHA512 | 1bd764ec56166ac59fd2acb1ac81140bab2ba7f326c0bbdc9cd30ff6246fcdd98e49310b0528fb0d8a9256ac06ca3e145a3906a1815dbe395d989443650f81b0 |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\locales\kn.pak
| MD5 | 5a599f47d2e2ff1aaf4c8ccf8bafd10c |
| SHA1 | 32aa52f2e90348725eb619187272e9c5a7396bd9 |
| SHA256 | e55425a4ab6425f60a9389e5c19dcd5bf437816ae09a21cd53750819040143d2 |
| SHA512 | 7ecb69b70d5782e22ef9047fbfa29c0778e894c5cd987d33d65e68616ba2a42a133abe16f2af70aee4fdcb34c7e8e3d3bc3c556c754a010132610628516ad456 |
C:\Users\Admin\AppData\Local\Temp\2f93wCg5iNrZCbyTZcnM8I0tVpv\locales\ko.pak
| MD5 | e2a95b73f9081efce223a180b7791c16 |
| SHA1 | addd6ac05707597b917ff9f7c3f7524be26df7ca |
| SHA256 | afac9566a4e1fdb2be75faee46bf9182f81b85373d60cb583f1051b12d9719e9 |
| SHA512 | 70eb91347c21f0e648e9fcf82ffbef5e3eeb6c0268f85fddc7ad4eaea2e22eadeab653476196240a75361505f40b0bdf8602b0f414faaa77354f0fe76ba4e09c |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\locales\lt.pak
| MD5 | 720c1b3c95e8613f2cd9e40f3d160ed6 |
| SHA1 | 1ea62b51f1a2c80b92e3348de260032427a9c79f |
| SHA256 | 51027bfd566fa26cd561f9bbfd2b4a6d2e41e0ddd786b7338cecc43423b3e6d5 |
| SHA512 | 32ad5243df09d642e058550d2ec58a8a8de00cc442da551c195958a95af7c82c4d2b63b27d474a065b0ced5680d3e005b2a36301d02fca09413e165089f47822 |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\locales\lv.pak
| MD5 | fe9ff0063f35ba05d27cba720e2e69d5 |
| SHA1 | 16a87c24f027eda9865df7090ac8023c7ae5b57b |
| SHA256 | 43bf3b7181b607d8769da6c2cf671e2a429439aee253dd774ab5bf5aa5fedde0 |
| SHA512 | 794b1b87ca400798574be56cf8da9adef78f1f9f91dd42fb23e6355caf0455f8d982f2b3d9bc252673704375eb4ccf32d58ed1cbbadf8780590e5777ef41c035 |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\locales\mr.pak
| MD5 | da44d4ade4c258629118dbf534f0c2cb |
| SHA1 | d93756c9d2d2db7755b4b7d47042a451435cca7d |
| SHA256 | fcf1d938863cbc4d4a1d62de0eacbfd17fee4a0f5a9fcc09627bc22a98e268c4 |
| SHA512 | 827c291ccfea31799e2fd48ee35aa179006a7bb3420c0346b5f1291abb4560f84b952a2bae820ef129ad77719edb16873328e7f0d030f9e2970e0c620fe59328 |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\locales\sk.pak
| MD5 | 3ee3730ba0f6894f2651e4e1be37a214 |
| SHA1 | 3a3adb77fcb6d0514a221e6671d815a1cb7a2c35 |
| SHA256 | 23c8d9722e0a2e22fbc8ae1bebb9cff456fe026c986a211565fa9398376e64af |
| SHA512 | 000928407693007645230ab593a6055e6005e6c2cb362057ce8a1915ad96030a03b134ee20e3197daac9920c69df188867d3c5a603a3e36c2eccb0bdcd549206 |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\locales\ru.pak
| MD5 | d269143626296c69906523810139e9af |
| SHA1 | 43abe13a4837892644774bf06eb89cafec49ac95 |
| SHA256 | b1bd2d1cc678784ab73a691d4a3dc876be78eee0a30661ac2666a9b8ab864ecf |
| SHA512 | 76b0cc1841dba7d4b4175b0c10d6c36c7f3e8ea4ad0b4e4c091391e2754913cb6c02f0285b73372d604a395b23995998090a0c68b607b4106226b7ac67ceff23 |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\locales\te.pak
| MD5 | 1eccb7be373fc3144ada2df9e493cc07 |
| SHA1 | eef3e05afdf910671a046cf90291c17731bdb378 |
| SHA256 | bd0a936ab62ab6ab172a192b7c082b824706f6b3d88580a6b6be32809354fc2a |
| SHA512 | ea30d14fb7c2ad54263e12eb8469e6b058afb30448900b55d944aa87e266d735f2a04d2f29303087f2d13f379483d681285182e6ad2bb25bf36e311828e2a08f |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\locales\th.pak
| MD5 | 1a66feba0d44231b935d83a7f36a09a0 |
| SHA1 | 3e674234b10350ebec218c904a9c90f3edd29711 |
| SHA256 | 11fd04f3b33d09041d646d34e61fa15b96c12dbc62e229b64306356de6155cac |
| SHA512 | b7617094a6d27670c0720dc5dade4a866ecdd68c45c1b9e6dfe1c3074dd1957bd7459210d111ef33727122666b24c2449cce9f3e903aae59dcbe438b38c8a021 |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\locales\ta.pak
| MD5 | 3dcd0523ccad674f2e93de57ad0082fe |
| SHA1 | fd4a28ee288a1f33ee7260ae80df93aae9718039 |
| SHA256 | 72ef4527f01018c90c583e48f37d20bfa684012bc00cb9ab5ffa3e222b9c7f3a |
| SHA512 | 2ec95b89051b019e98e6a1852e5e89e1c985a10998af1cb2603e5766698a2880355d8e6b959e60e9edb84354e99d0286708027c39a8add816c172ad1efe35b49 |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\locales\sw.pak
| MD5 | 89c5dce32ff87d5fb2b8e815f7e4cbab |
| SHA1 | ca3138ea6103a5ba39e35c53e980b44c9889d386 |
| SHA256 | ca8d57f632880f7b736ef7f8c5f35ddc867e50919b1f7d835bae76f823ebed13 |
| SHA512 | 9e3ded0e33f9441f31e95317ac6a7a140ee5c63bea8b1bf8c03952804fb6783e61e7971d5cbe1c698d3c4067233b78bf37099054fcfe38b091829f5435e6d435 |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\locales\sv.pak
| MD5 | 007d56b78104f7e245f7c84f07949f25 |
| SHA1 | 8e3104a8c26f8418f44e19640d9babcd68a640c1 |
| SHA256 | e6c9329d7184190a0282f6440dcad5531f9656514a37b7dcb5a510ef17f3793c |
| SHA512 | 30c492d48aff33af8a0290cbe29864ff5c7d46dc50f5c4c6d5c96e6aa273926840b28b78958070e1534038e66c0142ab65153d32d28b56fb5dca28844370a946 |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\locales\sr.pak
| MD5 | 0cf9aea120b76672d2b5e30e928459c5 |
| SHA1 | 0219aaa5d84847fe86762baa82b7b8b301239c9d |
| SHA256 | b6aeb180462d8f312762a419b45c910929e2322d45bbf2b84b0871ccf7838945 |
| SHA512 | e79a0800571ab7b64602db4941b689231edb20d65a89272b7dcae53426b7811791df8f6ef174c83680a6adf931efc3d47f133b971254c139e8b04953b8a10979 |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\locales\sl.pak
| MD5 | c20064c5c0dae644ce4ccc0a2234c128 |
| SHA1 | a50411c1431ae1f4fac74a34f1716809a0623380 |
| SHA256 | 576891a9a61b9cd50024e507e93d32476332977db8e29ef3d46427015d4d26e6 |
| SHA512 | 04f979cfc813c6b1d3a5d9b3b306c415529a1fb72e415e2742ee25ccebf04bbe3abca91bd66aa3633a97a1383f3c4b915319b8d0b25c0ef6eb8c2e08312dc01e |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\locales\ro.pak
| MD5 | 1ab0cbe10cb7c3d5beadc7b04a881885 |
| SHA1 | eca1fe3842b4a1b070a0f9ba1a27fd3e6284ba80 |
| SHA256 | 9a80b326b712debc0d6e9639b45352fed1c4a49ec37490b49b8506c636fd2947 |
| SHA512 | 581e42422db7ead773990036ce49a5d2589f3af610604582a4820dcee1c37d2923fbace738a42cb8b87407915e1693bbca6a2234a0716c7c8d875ca30915289b |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\locales\pt-PT.pak
| MD5 | b7598cb8f05f465909ddb0045d60162e |
| SHA1 | b794c944dd5287e550a3e46bc9a0584d3d753eb1 |
| SHA256 | c338f6de946cca52c457d236037cf1c9f13b6c73796b713f390524f321b401d6 |
| SHA512 | a53e9d6af760c4aebd418de134ba23ebc27076b02082e9eb1afb1bb7ec93a45ea22a4961c49023d7ca8b2d3aa99462ec35180797982a481ae823ac19b4b96f84 |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\locales\pt-BR.pak
| MD5 | 7b7bf21b01ccfb27af8cd37d738f1106 |
| SHA1 | da1db09ee88c005610ed08dcde1b2cd73bcebd84 |
| SHA256 | 1feb01da1f443fee8ff01c3b585d8f0ebe6a5e242483cf6f0f93088e76913e76 |
| SHA512 | ea0bf1357616fd33b41c7189eafd2948324bbfdedb043974dcd0f78693fe868a4d37ee2c0e979d9795cad63cbe70fba0794641beece737886cf92bc29622e464 |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\locales\pl.pak
| MD5 | def25f809c246d15d8a2f41a78b504c9 |
| SHA1 | 4462b50e5613b1519987584d974fa0efd1812ced |
| SHA256 | 165005f81f071a315d0c4183fb3bc899e464c4cbf2dc450ffa09ae6bb5d517d2 |
| SHA512 | e6f17d5426ba98348209a51632db0cfe19287baf3752948bd76acb77b7eca51aae905adf7c316b17cc44856231d034f044cc056b0e0f1ce3b4999dea29597cc9 |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\locales\nl.pak
| MD5 | 6e404adeb945cb7952a8c4129e098759 |
| SHA1 | a870715beab03f3a53c74b5aac2f314b517184b3 |
| SHA256 | 7531e450f725f7ac75ceaeceb09155786d367a4456f4e71e7523af9219748434 |
| SHA512 | 30917740d923ca25fb9f3c32bca100d58388f5c6d3516a29f3a39d1ca8ab3e4058b271224c8b9554479d91718cca3dc1c9cb08b38b19ccc36a0d57ed0146ab70 |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\locales\nb.pak
| MD5 | 23d5480b833f65f1f55cc3bbfbdf53c0 |
| SHA1 | 639eff4556e4d6c879abf305176f23c014927042 |
| SHA256 | 7ce821732e743c2da1f81527355226df11a21eec137940a034afeb34618c5daa |
| SHA512 | b46b25a4dc294dab0f34e5ec733dfe7e1c73c6ce2817640a620e9a0c196292a7a4737f0f10806efba4d5831d5a2f0833925083983927b0d74cbc5c46e9c8b953 |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\locales\ms.pak
| MD5 | 63c4977a1e8f5ab37881705d084b47ca |
| SHA1 | f716932d886b8a5441397dd6a8625cef88e85bcb |
| SHA256 | 8b18fef24ad28663e4dc5a5113a35111a78b848d70ea7fef4156ad75bdb4fea9 |
| SHA512 | 3afd4f8db5a0880319b13009bcdc14892b8710b2ac91dea8641f1f632866ac564791f1d302e1208aeeb9977e613fefd6bc7c0a0fd5cb5d031a768362bc0d85ed |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\locales\ml.pak
| MD5 | a66617706e80fd5ff8ab6ba8dadafef8 |
| SHA1 | 3718d0afa1bff72ad7164e41cb46981811583422 |
| SHA256 | 51b2c600046abfa5774b85665d4c882daa3c90bad5559185f9335ff61f04fede |
| SHA512 | 4de6fabef9db34791d0d165b5064e68ffa19630482219e4c72e6dc0f9e9e56b1941297862bb2e267cc02c3d3327193a233f642b11cf74e1892270721a2d7dc74 |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\locales\tr.pak
| MD5 | 2bcae092530d06fba9b23492ac4a1d6a |
| SHA1 | 4114af7364210a4bcd10099911083de2abc25d40 |
| SHA256 | 65105386d6b52445fdc7660648259b43a04849a05035d749858d9f64d4209836 |
| SHA512 | e87778246b98d87f2f29e2abb02290b829cdcb753fd9b184fec61b0523452e262527432b73a11eba86d547ffce2ce00b4180ae8367419e2174b825ed290345b3 |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\locales\uk.pak
| MD5 | ba2462d8b3b975bb265bcce6a3410cf6 |
| SHA1 | 3caba82b3e14350a33711db68d98e6d211ac9fe5 |
| SHA256 | 1dc63c538f6b96cf4e70284c078a6e18f58f599db2a2ec594da23b244944c9cc |
| SHA512 | a46441e2c97032928dfc19b178cd3261887b7076917a4fe829083151c8298703c3921001cd62c630b35504444f069973605b487c954623ce16682491fccb7d50 |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\locales\vi.pak
| MD5 | 806b7d282e74565b95264ebbe6794d48 |
| SHA1 | 3aabe2d802283fb9b3ef43932c1b7638ef6a1053 |
| SHA256 | 7b4bf97b78a07422359b709ea17d1d6aa038e12ec420cd0fc7dce4b313fe4af7 |
| SHA512 | 7380b7a2b239932d1167f194f81a1c867983fe318a1e48d246470de0c94837edd6c0a641e06f888e36ff5041fc2a69d19cf1a46bef816d07fd3ecda42b84e524 |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\locales\zh-CN.pak
| MD5 | c82a124cc6e87ad403a67007b9c1fdb0 |
| SHA1 | 1d4f1c0a3cda7d4a75a0f4035bc6d2718102f09c |
| SHA256 | f597245963ca7b42b2a7e5e80af5258972002fd4bcd3a21c875e4051df3eb1a9 |
| SHA512 | 5e45df31658039144316299879b4f1de7eb157fb830d08e8d93d3ccc2e033b1f8e2f59d29e11785ac8346988d5ba2afc373c01bc4a58ba3cc4439d9aff1ada87 |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\locales\zh-TW.pak
| MD5 | ad19e8ac7f2b5e5f67b9f5671299d19e |
| SHA1 | 4a6936a4971c2b9a414f40de3eb5dafe1b5b3e52 |
| SHA256 | e30d22153e0860246c8c37855a385471ad1e74e1eadf56476a1ea980f9204d86 |
| SHA512 | 4f283deaad6ef0327baf7cdfef063293d27c1746431261553a6c7925832fe77c8017c6d11f36c5ec657ecd3b563099c9e35bd2cbe52c12ee734f4bef9bffe077 |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\resources\app.asar
| MD5 | db35f35fc23eec378c92e258c5fd538c |
| SHA1 | 586a500300a8b13edf687acdbb5cf031f5ae6f6f |
| SHA256 | 2912d455163467bc13d8ac1b64fbb20998dbb995ee175e4694581be4f183f5d4 |
| SHA512 | 73dbe2787c3a53f2a76c195c695fdfd13e6b093f7175f7b1014a69df746f69ed80246b7140e71a638207cd79640ee4780fc0a97a783e7ccb93fa4d8062706496 |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\resources\elevate.exe
| MD5 | 792b92c8ad13c46f27c7ced0810694df |
| SHA1 | d8d449b92de20a57df722df46435ba4553ecc802 |
| SHA256 | 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37 |
| SHA512 | 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40 |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\app.manifest
| MD5 | 8951565428aa6644f1505edb592ab38f |
| SHA1 | 9c4bee78e7338f4f8b2c8b6c0e187f43cfe88bf2 |
| SHA256 | 8814db9e125d0c2b7489f8c7c3e95adf41f992d4397ed718bda8573cb8fb0e83 |
| SHA512 | 7577bad37b67bf13a0d7f9b8b7d6c077ecdfb81a5bee94e06dc99e84cb20db2d568f74d1bb2cef906470b4f6859e00214beacca7d82e2b99126d27820bf3b8f5 |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\index.js
| MD5 | d226502c9bf2ae0a7f029bd7930be88e |
| SHA1 | 6be773fb30c7693b338f7c911b253e4f430c2f9b |
| SHA256 | 77a3965315946a325ddcf0709d927ba72aa47f889976cbccf567c76cc545159f |
| SHA512 | 93f3d885dad1540b1f721894209cb7f164f0f6f92857d713438e0ce685fc5ee1fc94eb27296462cdeede49b30af8bf089a1fc2a34f8577479645d556aaac2f8e |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.bat
| MD5 | da0f40d84d72ae3e9324ad9a040a2e58 |
| SHA1 | 4ca7f6f90fb67dce8470b67010aa19aa0fd6253f |
| SHA256 | 818350a4fb4146072a25f0467c5c99571c854d58bec30330e7db343bceca008b |
| SHA512 | 30b7d4921f39c2601d94a3e3bb0e3be79b4b7b505e52523d2562f2e2f32154d555a593df87a71cddb61b98403265f42e0d6705950b37a155dc1d64113c719fd9 |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\swiftshader\libGLESv2.dll
| MD5 | 41d3387761bbb79d4820e8d242561027 |
| SHA1 | 27dfda8ce933af12578fb64f3171f40f56bace55 |
| SHA256 | ed005ae1d388e0256e9ae304933980897ec2cfa957ed5babab6ae2a5dcf5c5f5 |
| SHA512 | cc396d0c2a94c31b8a42697f456f74e8ede1ad1fbc7eb1e4983544166041ff878048f60af9b1525320770ee477c63d6c466746c2c33fd30bc2d7ec903f8af944 |
C:\Users\Admin\AppData\Local\Temp\nsj2E3C.tmp\7z-out\swiftshader\libEGL.dll
| MD5 | 2ffc36c5555a36a4f26c1aa7a8108b4a |
| SHA1 | 2ec38b17a0e9d5b0a4c397921aa4430607d32edc |
| SHA256 | f8b8b96cc384171268cbd543d9486a97b2f2066d45ac118421ff974baf18d2e5 |
| SHA512 | 0df87d336e223ade77eecaee88d8af2832f1cec3b5681699646e0be933b3f0acdb3765492e9d8fd713453dea2a7fd38d46c201c96313a06a484f23a78a716cfe |
C:\Users\Admin\AppData\Roaming\UnityLibraryLinker\Code Cache\js\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Roaming\UnityLibraryLinker\Local Storage\leveldb\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Roaming\UnityLibraryLinker\Local Storage\leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
memory/3996-1595-0x00007FF96C6D0000-0x00007FF96C6D1000-memory.dmp
memory/5056-1675-0x0000000005C40000-0x0000000005CD2000-memory.dmp
memory/5056-1681-0x0000000074290000-0x0000000074A40000-memory.dmp
memory/2252-1688-0x000000000F780000-0x000000000F781000-memory.dmp
memory/5100-1708-0x000000000F1D0000-0x000000000F1D1000-memory.dmp
C:\Users\Admin\AppData\Roaming\discord\bc506b03-4fe7-4020-85d2-1af66183b192.tmp
| MD5 | 58127c59cb9e1da127904c341d15372b |
| SHA1 | 62445484661d8036ce9788baeaba31d204e9a5fc |
| SHA256 | be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de |
| SHA512 | 8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a |
memory/5100-1726-0x000000000F1D0000-0x000000000F1D1000-memory.dmp
memory/5100-1738-0x000000000F1D0000-0x000000000F1D1000-memory.dmp
memory/2252-1739-0x000000000FFC0000-0x000000000FFC1000-memory.dmp
memory/2252-1740-0x000000000FFC0000-0x000000000FFC1000-memory.dmp
memory/5100-1741-0x000000000F1D0000-0x000000000F1D1000-memory.dmp
memory/2252-1742-0x000000000FFC0000-0x000000000FFC1000-memory.dmp
memory/5100-1743-0x000000000F1D0000-0x000000000F1D1000-memory.dmp
memory/2252-1745-0x000000000FFC0000-0x000000000FFC1000-memory.dmp
memory/5100-1744-0x000000000F1D0000-0x000000000F1D1000-memory.dmp
memory/2252-1749-0x000000000FFC0000-0x000000000FFC1000-memory.dmp
memory/5100-1748-0x000000000F1D0000-0x000000000F1D1000-memory.dmp
memory/2252-1751-0x000000000FFC0000-0x000000000FFC1000-memory.dmp
memory/5100-1750-0x000000000F1D0000-0x000000000F1D1000-memory.dmp
memory/2252-1753-0x000000000FFC0000-0x000000000FFC1000-memory.dmp
memory/2252-1754-0x000000000FFC0000-0x000000000FFC1000-memory.dmp
memory/2252-1755-0x000000000FFC0000-0x000000000FFC1000-memory.dmp
memory/2252-1756-0x000000000FFC0000-0x000000000FFC1000-memory.dmp
memory/2252-1757-0x000000000FFC0000-0x000000000FFC1000-memory.dmp
memory/2252-1758-0x000000000FFC0000-0x000000000FFC1000-memory.dmp
memory/2252-1759-0x000000000FFC0000-0x000000000FFC1000-memory.dmp
memory/2252-1762-0x000000000FFC0000-0x000000000FFC1000-memory.dmp
memory/2252-1763-0x000000000FFC0000-0x000000000FFC1000-memory.dmp
memory/2252-1760-0x000000000FFC0000-0x000000000FFC1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\epsilon-Admin\Credit Cards\All Credit Cards.txt
| MD5 | dec2be4f1ec3592cea668aa279e7cc9b |
| SHA1 | 327cf8ab0c895e10674e00ea7f437784bb11d718 |
| SHA256 | 753b99d2b4e8c58bfd10995d0c2c19255fe9c8f53703bb27d1b6f76f1f4e83cc |
| SHA512 | 81728e3d31b72905b3a09c79d1e307c4e8e79d436fcfe7560a8046b46ca4ae994fdfaeb1bc2328e35f418b8128f2e7239289e84350e142146df9cde86b20bb66 |
memory/5100-1806-0x000000000CB30000-0x000000000CB31000-memory.dmp
memory/5100-1807-0x000000000CB30000-0x000000000CB31000-memory.dmp
memory/5100-1808-0x000000000CB30000-0x000000000CB31000-memory.dmp
memory/5100-1812-0x000000000CB30000-0x000000000CB31000-memory.dmp
memory/5100-1813-0x000000000CB30000-0x000000000CB31000-memory.dmp
memory/5100-1814-0x000000000CB30000-0x000000000CB31000-memory.dmp
memory/5100-1815-0x000000000CB30000-0x000000000CB31000-memory.dmp
memory/5100-1816-0x000000000CB30000-0x000000000CB31000-memory.dmp
memory/5100-1817-0x000000000CB30000-0x000000000CB31000-memory.dmp
C:\Users\Admin\AppData\Local\D3DSCache\93e7f05821b87c7e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
| MD5 | f49655f856acb8884cc0ace29216f511 |
| SHA1 | cb0f1f87ec0455ec349aaa950c600475ac7b7b6b |
| SHA256 | 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba |
| SHA512 | 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8 |
C:\Users\Admin\AppData\Local\Temp\epsilon-Admin\AutoFill Data\All Autofill Data.txt
| MD5 | 810ae82f863a5ffae14d3b3944252a4e |
| SHA1 | 5393e27113753191436b14f0cafa8acabcfe6b2a |
| SHA256 | 453478914b72d9056472fb1e44c69606c62331452f47a1f3c02190f26501785c |
| SHA512 | 2421a397dd2ebb17947167addacd3117f666ddab388e3678168075f58dc8eee15bb49a4aac2290140ae5102924852d27b538740a859d0b35245f505b20f29112 |
memory/640-1853-0x00000000003E0000-0x00000000003EA000-memory.dmp
memory/640-1860-0x00007FF951B30000-0x00007FF9525F1000-memory.dmp
memory/5048-1867-0x00007FF951B30000-0x00007FF9525F1000-memory.dmp
C:\Users\Admin\AppData\Roaming\discord\Cache\Cache_Data\data_1
| MD5 | d0d388f3865d0523e451d6ba0be34cc4 |
| SHA1 | 8571c6a52aacc2747c048e3419e5657b74612995 |
| SHA256 | 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b |
| SHA512 | 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17 |
C:\Users\Admin\AppData\Roaming\discord\Cache\Cache_Data\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Roaming\discord\Cache\Cache_Data\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Roaming\discord\Cache\Cache_Data\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
memory/4116-1876-0x00007FF951B30000-0x00007FF9525F1000-memory.dmp
memory/3796-1880-0x00007FF951B30000-0x00007FF9525F1000-memory.dmp
memory/2508-1883-0x00007FF951B30000-0x00007FF9525F1000-memory.dmp
memory/2508-1886-0x00007FF951B30000-0x00007FF9525F1000-memory.dmp
memory/5504-1887-0x00007FF951B30000-0x00007FF9525F1000-memory.dmp
memory/5504-1891-0x00007FF951B30000-0x00007FF9525F1000-memory.dmp
memory/400-1892-0x00007FF951B30000-0x00007FF9525F1000-memory.dmp
memory/4088-1895-0x00007FF951B30000-0x00007FF9525F1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\2024315-4368-1grn6tr.d07q.jpg
| MD5 | eaaf6eb700da486bb56223fb82f8e0ec |
| SHA1 | eecb8f863c2477b306c64df50f6e04a27ba9f461 |
| SHA256 | 18168a34f34b7b2258ccca6092846fda7a4e8e908eb02b3b746050f7ef818151 |
| SHA512 | 12779338a985560afca80fc96629bdd4899020174ee02f146d0bd342c037bc86eadfacae2607077107047b68748efe2a828137627317cff216110665e9820959 |
memory/400-1896-0x00007FF951B30000-0x00007FF9525F1000-memory.dmp
memory/4088-1899-0x00007FF951B30000-0x00007FF9525F1000-memory.dmp
memory/1880-1900-0x00007FF951B30000-0x00007FF9525F1000-memory.dmp
memory/1880-1905-0x00007FF951B30000-0x00007FF9525F1000-memory.dmp
memory/4376-1907-0x00007FF951B30000-0x00007FF9525F1000-memory.dmp
memory/640-1911-0x00007FF951B30000-0x00007FF9525F1000-memory.dmp
memory/4416-1912-0x00007FF951B30000-0x00007FF9525F1000-memory.dmp
memory/4376-1917-0x00007FF951B30000-0x00007FF9525F1000-memory.dmp
memory/4416-1918-0x00007FF951B30000-0x00007FF9525F1000-memory.dmp
memory/2076-1919-0x00007FF951B30000-0x00007FF9525F1000-memory.dmp
memory/5792-1924-0x00007FF951B30000-0x00007FF9525F1000-memory.dmp
memory/6032-1927-0x00007FF951B30000-0x00007FF9525F1000-memory.dmp
memory/2076-1925-0x00007FF951B30000-0x00007FF9525F1000-memory.dmp
memory/4384-1930-0x00007FF951B30000-0x00007FF9525F1000-memory.dmp
memory/4384-1937-0x00007FF951B30000-0x00007FF9525F1000-memory.dmp
memory/6032-1936-0x00007FF951B30000-0x00007FF9525F1000-memory.dmp
memory/1864-1940-0x00007FF951B30000-0x00007FF9525F1000-memory.dmp
memory/400-1946-0x00007FF951B30000-0x00007FF9525F1000-memory.dmp
memory/3296-1950-0x00007FF951B30000-0x00007FF9525F1000-memory.dmp
memory/400-1949-0x00007FF951B30000-0x00007FF9525F1000-memory.dmp
memory/3296-1953-0x00007FF951B30000-0x00007FF9525F1000-memory.dmp
memory/5456-1956-0x00007FF951B30000-0x00007FF9525F1000-memory.dmp
memory/4260-1960-0x00007FF951B30000-0x00007FF9525F1000-memory.dmp
memory/5456-1959-0x00007FF951B30000-0x00007FF9525F1000-memory.dmp
memory/4260-1965-0x00007FF951B30000-0x00007FF9525F1000-memory.dmp
memory/5720-1968-0x00007FF951B30000-0x00007FF9525F1000-memory.dmp
memory/5260-1973-0x00007FF951B30000-0x00007FF9525F1000-memory.dmp
memory/5260-1976-0x00007FF951B30000-0x00007FF9525F1000-memory.dmp
memory/2536-1983-0x00007FF951B30000-0x00007FF9525F1000-memory.dmp
memory/5696-1982-0x00007FF951B30000-0x00007FF9525F1000-memory.dmp
memory/5988-1986-0x00007FF9542A0000-0x00007FF954D61000-memory.dmp
memory/5988-1989-0x00007FF9542A0000-0x00007FF954D61000-memory.dmp
memory/2976-1997-0x00007FF9542A0000-0x00007FF954D61000-memory.dmp
memory/5284-1996-0x00007FF9542A0000-0x00007FF954D61000-memory.dmp
memory/1864-1995-0x00007FF951B30000-0x00007FF9525F1000-memory.dmp
memory/2976-1990-0x00007FF9542A0000-0x00007FF954D61000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\0EW0N8AZ\microsoft.windows[1].xml
| MD5 | fd6c4a9882a80899b842ec0123e96af9 |
| SHA1 | c3f02fac5650fddae0c8fa80fc9d96189814b55e |
| SHA256 | aed8da23b28d108a00874fb6096984b792aaf9f4e0d87636ef5559f7e37a20ce |
| SHA512 | ab18e5d810d9e7970332d695c424e7e2665a8af5e0f723ef84a36194caaa949fafa21d7766b368f71a36de955dc36e6b68bcf0914c37c64a38912859522de568 |
C:\Users\Admin\AppData\Local\Temp\2024315-4368-18inx7y.toxi.jpg
| MD5 | 1cd6a71a7bd69635106eff526f03b0fb |
| SHA1 | 7f89f07e6bd3e13758c3957b5b7bbc853cb98cb7 |
| SHA256 | 7b84952063438e7634bda1de7c44f2571ba3d090eb8e792cb8b02f8ce61d4980 |
| SHA512 | 90dc5e43cf5161f3eb6c9e26a4d6c0a202f3e70b02ebe06891f59ab4f7afe0f29702329c8eb375a5d471cbd31b5ec3bc1cbb4e548e5171ad6e57f5a19d6058ed |
C:\Users\Admin\AppData\Local\Temp\2024315-4368-3211eh.t2nh4.jpg
| MD5 | 420224de54b19a5cf5ca6803e3848960 |
| SHA1 | 47d2a71f41198853e89a2cf1c194052098bd5540 |
| SHA256 | 53ce3e48b09fc656d0985c214191e3dfc3d4a339a6aec6d1c170236cf2d01c5b |
| SHA512 | 3320e224cd646cc0234db3578a58d2767ef6420de02d6ca6f859154f1184a45a2aea509cd10bbd8009eaf7eed2277688e0dd77ad766d5fe9faa4c331c42a449a |
C:\Users\Admin\AppData\Local\Temp\2024315-4368-gmqcn3.590ip.jpg
| MD5 | 444f45ac6924eaa470afecc4a7a9d87d |
| SHA1 | a8db11fc8099e48e6fd995914241abe68c87cfb8 |
| SHA256 | d33648fa8c73d1cf40954a3a8bdafe42daabe18d5bd136f980a87d097b2ce7d7 |
| SHA512 | 1442660602e4944b9a90f182e314953da95794c98018d558d56e27cd7d33309613f6c39f364b6f54dc599a8ff587a6285f592a5937236beccd6b1ecbb8f834a0 |
C:\Users\Admin\AppData\Roaming\UnityLibraryLinker\Network\Network Persistent State
| MD5 | a71c74ccafc99a349007cda743f41b89 |
| SHA1 | 9007bfc453c41431a92ec8d4a6c2e9e6cc093773 |
| SHA256 | ba96cd214367523faac7829bdf2e5729264b03bcaa596de5582dee2a4e702884 |
| SHA512 | 133f22e240585ab5c2c8d15b297d23749dd67ec2fd8f81492ef5de5ca620202c54eb05df2045db721616bf0f3db82c16e43144a90ea9020fb59597bc95947fba |
C:\Users\Admin\AppData\Roaming\UnityLibraryLinker\Network\Network Persistent State~RFe605f2b.TMP
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
C:\Users\Admin\AppData\Local\Temp\2024315-4368-1is4oda.4elp.jpg
| MD5 | 54c17c5d6e332e99303a6325c7b37d8c |
| SHA1 | 6bf3d4f21aebe76032f26c5910c599e59e857a19 |
| SHA256 | bfae1c3db6e73e794a4a7eceb83a2e241d89af7c587e152d9402019720eb120c |
| SHA512 | 7b38c8922b9e945a861c78b0727ad940551cae5ed52f566ce549c92c4950c418d7bc1dfc790e167a93fa80a10325f321df87901841228b46e25f069b3d5ed2da |
C:\Users\Admin\AppData\Roaming\discord\Network\Network Persistent State
| MD5 | 83eb204b858c73cfa41b4ca713afd375 |
| SHA1 | 47a6f83620bbdceeeae65cabd76fe24488060f61 |
| SHA256 | 4c8e1704521e05ecc6270a0244f9f3510e1bdf2ec87d2da9d920323a4552d4fc |
| SHA512 | 0edd1725eb090041b119bcfa6e93ff55851de41b172e7a78acc9696bfa4b4742ee9777fdf5b6a44a51bedd57dd16d19fd9bc39679a3a1d3b57368d4bdd3e5f27 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000003
| MD5 | fc97b88a7ce0b008366cd0260b0321dc |
| SHA1 | 4eae02aecb04fa15f0bb62036151fa016e64f7a9 |
| SHA256 | 6388415a307a208b0a43b817ccd9e5fcdda9b6939ecd20ef4c0eda1aa3a0e49e |
| SHA512 | 889a0db0eb5ad4de4279b620783964bfda8edc6b137059d1ec1da9282716fe930f8c4ebfadea7cd5247a997f8d4d2990f7b972a17106de491365e3c2d2138175 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000009
| MD5 | 8feb503d057a1dfc7121b0aa2c7cc10f |
| SHA1 | 0d25b47e8482de37b7f615205b8a45162e1049d4 |
| SHA256 | e816b1086f600fa2096189c847f34de90dabd33b899de28ce199682eaf17c713 |
| SHA512 | a193f820d8719a47d6f52ff9ff2bf76c27ea3611e87a582543c8a55595af25cb3d1bb00913f8c2a4f2ed027ea2749717faf84d75e887f32610dce4d6ce105595 |
C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity
| MD5 | 8eab75b02127299b3e0a2c6fed2e48a5 |
| SHA1 | 0948ccd6c28c2e870fda5927583e9338d6df67ee |
| SHA256 | 818f0e01600fd85b6039510933d9669a2a01f93f04bf1dcdc1acdbd0197401e1 |
| SHA512 | d8f41b6de6a4b18e2ae74a22b9f87b9ad34371e2d7572359a5712610eb68e48642351ffda42180227c54e228e4707bfd8815655a1b3823c1cf253d2badd6f29e |