eternity | 642fefcd427816d35ac72bd7cb542293df83c5b649b927cdf95b3e1718e4ddb7

Analysis

max time kernel
742s
max time network
932s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
04-07-2024 19:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

GrowHack.exe
Size

1001KB
MD5

b8d1446878c406d108dc8e4952010a4a
SHA1

2276d53b8f5437ac70d66639181ff6a89a5a9b6e
SHA256

642fefcd427816d35ac72bd7cb542293df83c5b649b927cdf95b3e1718e4ddb7
SHA512

858b0e4d51ca2c5a481f0f2711f35f4430d8b90ebe52686c0c9d485889c2b44f64b53d32ab97147b91f0918b1d3bd5656bd52738ef10b4a9a485c76c6cd8dba0
SSDEEP

24576:QwT7rC6qWbGbQ/JX3R//yGJYXz2P9fNoiA:xrC6qW6SJXB//2XClfuF

Score

10^/10

eternity discovery evasion spyware stealer trojan

Malware Config

Signatures

Contains code to disable Windows Defender 3 IoCs

A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

resource	yara_rule
behavioral1/memory/4112-1-0x0000000000470000-0x0000000000566000-memory.dmp	disable_win_def
behavioral1/files/0x00050000000301b8-6972.dat	disable_win_def
behavioral1/memory/5548-7071-0x0000000000CA0000-0x0000000000D8E000-memory.dmp	disable_win_def

Detects Eternity stealer 3 IoCs

stealer

resource	yara_rule
behavioral1/memory/4112-1-0x0000000000470000-0x0000000000566000-memory.dmp	eternity_stealer
behavioral1/files/0x00050000000301b8-6972.dat	eternity_stealer
behavioral1/memory/5548-7071-0x0000000000CA0000-0x0000000000D8E000-memory.dmp	eternity_stealer

Eternity
Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
eternity

Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs

evasion trojan

Modify Registry

T1112

Windows Service

T1543.003

Disable or Modify Tools

T1562.001

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1"	Nightfarm.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1"	Nightfarm.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1"	Nightfarm.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1"	GrowHack.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1"	GrowHack.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1"	GrowHack.exe

Blocklisted process makes network request 4 IoCs

flow	pid	Process
564	5196	Growtopia.exe
565	5196	Growtopia.exe
566	5196	Growtopia.exe
567	5196	Growtopia.exe

Downloads MZ/PE file

Drops startup file 3 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nightfarm.exe	Nightfarm.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nightfarm.exe	Nightfarm.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nightfarm.exe\:Zone.Identifier:$DATA	Nightfarm.exe

Executes dropped EXE 11 IoCs

pid	Process
5108	dcd.exe
4624	GrowtopiaInstaller.exe
5820	vc_redist.x64.exe
4260	vc_redist.x64.exe
5196	Growtopia.exe
5548	Nightfarm.exe
5792	dcd.exe
1540	dcd.exe
2736	dcd.exe
3808	dcd.exe
3664	dcd.exe

Loads dropped DLL 10 IoCs

pid	Process
4624	GrowtopiaInstaller.exe
4624	GrowtopiaInstaller.exe
4624	GrowtopiaInstaller.exe
4260	vc_redist.x64.exe
5196	Growtopia.exe
5196	Growtopia.exe
5196	Growtopia.exe
5360	Nightfarm.exe
5360	Nightfarm.exe
5360	Nightfarm.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops desktop.ini file(s) 3 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Temp\Save-0gwdu5vKVS\FilesGrabber\desktop.ini	Nightfarm.exe
File opened for modification	C:\Users\Admin\AppData\Local\Temp\Save-0gwdu5vKVS\FilesGrabber\desktop.ini	Nightfarm.exe
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	GamePanel.exe

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
425	api.ipify.org
426	api.ipify.org

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
5196	Growtopia.exe
5196	Growtopia.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	GamePanel.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	GamePanel.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_QEMU&PROD_HARDDISK\4&215468A5&0&000000	GamePanel.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	GamePanel.exe

Checks processor information in registry 2 TTPs 16 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Collects information from the system 1 TTPs 1 IoCs

Uses WMIC.exe to find detailed system information.

Data from Local System

T1005

pid	Process
3812	WMIC.exe

Detects videocard installed 1 TTPs 1 IoCs

Uses WMIC.exe to determine videocard installed.

System Information Discovery

T1082

pid	Process
3720	WMIC.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings	firefox.exe

NTFS ADS 3 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\Nightfarm.zip:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\GrowtopiaInstaller.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\Nightfarm.exe:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
504	powershell.exe
504	powershell.exe
504	powershell.exe
3824	powershell.exe
3824	powershell.exe
1136	powershell.exe
1136	powershell.exe
1136	powershell.exe
3824	powershell.exe
1136	powershell.exe
1968	powershell.exe
1968	powershell.exe
1528	powershell.exe
1528	powershell.exe
4892	powershell.exe
4892	powershell.exe
3776	powershell.exe
3776	powershell.exe
4620	powershell.exe
4620	powershell.exe
3824	powershell.exe
4412	powershell.exe
4412	powershell.exe
740	powershell.exe
740	powershell.exe
5104	powershell.exe
5104	powershell.exe
4616	powershell.exe
4616	powershell.exe
4424	powershell.exe
4424	powershell.exe
1528	powershell.exe
4892	powershell.exe
3776	powershell.exe
5104	powershell.exe
4424	powershell.exe
4616	powershell.exe
4892	powershell.exe
1968	powershell.exe
4424	powershell.exe
4616	powershell.exe
1528	powershell.exe
4620	powershell.exe
4412	powershell.exe
740	powershell.exe
5104	powershell.exe
3776	powershell.exe
4412	powershell.exe
1968	powershell.exe
1968	powershell.exe
4620	powershell.exe
4620	powershell.exe
740	powershell.exe
5196	Growtopia.exe
5196	Growtopia.exe
5316	powershell.exe
5316	powershell.exe
5316	powershell.exe
6100	powershell.exe
6100	powershell.exe
4636	powershell.exe
4636	powershell.exe
3872	powershell.exe
3872	powershell.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4112	GrowHack.exe
Token: SeDebugPrivilege	504	powershell.exe
Token: SeIncreaseQuotaPrivilege	504	powershell.exe
Token: SeSecurityPrivilege	504	powershell.exe
Token: SeTakeOwnershipPrivilege	504	powershell.exe
Token: SeLoadDriverPrivilege	504	powershell.exe
Token: SeSystemProfilePrivilege	504	powershell.exe
Token: SeSystemtimePrivilege	504	powershell.exe
Token: SeProfSingleProcessPrivilege	504	powershell.exe
Token: SeIncBasePriorityPrivilege	504	powershell.exe
Token: SeCreatePagefilePrivilege	504	powershell.exe
Token: SeBackupPrivilege	504	powershell.exe
Token: SeRestorePrivilege	504	powershell.exe
Token: SeShutdownPrivilege	504	powershell.exe
Token: SeDebugPrivilege	504	powershell.exe
Token: SeSystemEnvironmentPrivilege	504	powershell.exe
Token: SeRemoteShutdownPrivilege	504	powershell.exe
Token: SeUndockPrivilege	504	powershell.exe
Token: SeManageVolumePrivilege	504	powershell.exe
Token: 33	504	powershell.exe
Token: 34	504	powershell.exe
Token: 35	504	powershell.exe
Token: 36	504	powershell.exe
Token: SeDebugPrivilege	3824	powershell.exe
Token: SeDebugPrivilege	1136	powershell.exe
Token: SeDebugPrivilege	1968	powershell.exe
Token: SeDebugPrivilege	1528	powershell.exe
Token: SeDebugPrivilege	4892	powershell.exe
Token: SeDebugPrivilege	3776	powershell.exe
Token: SeDebugPrivilege	4620	powershell.exe
Token: SeDebugPrivilege	4412	powershell.exe
Token: SeDebugPrivilege	740	powershell.exe
Token: SeDebugPrivilege	5104	powershell.exe
Token: SeDebugPrivilege	4616	powershell.exe
Token: SeDebugPrivilege	4424	powershell.exe
Token: SeIncreaseQuotaPrivilege	1136	powershell.exe
Token: SeSecurityPrivilege	1136	powershell.exe
Token: SeTakeOwnershipPrivilege	1136	powershell.exe
Token: SeLoadDriverPrivilege	1136	powershell.exe
Token: SeSystemProfilePrivilege	1136	powershell.exe
Token: SeSystemtimePrivilege	1136	powershell.exe
Token: SeProfSingleProcessPrivilege	1136	powershell.exe
Token: SeIncBasePriorityPrivilege	1136	powershell.exe
Token: SeCreatePagefilePrivilege	1136	powershell.exe
Token: SeBackupPrivilege	1136	powershell.exe
Token: SeRestorePrivilege	1136	powershell.exe
Token: SeShutdownPrivilege	1136	powershell.exe
Token: SeDebugPrivilege	1136	powershell.exe
Token: SeSystemEnvironmentPrivilege	1136	powershell.exe
Token: SeRemoteShutdownPrivilege	1136	powershell.exe
Token: SeUndockPrivilege	1136	powershell.exe
Token: SeManageVolumePrivilege	1136	powershell.exe
Token: 33	1136	powershell.exe
Token: 34	1136	powershell.exe
Token: 35	1136	powershell.exe
Token: 36	1136	powershell.exe
Token: SeIncreaseQuotaPrivilege	3824	powershell.exe
Token: SeSecurityPrivilege	3824	powershell.exe
Token: SeTakeOwnershipPrivilege	3824	powershell.exe
Token: SeLoadDriverPrivilege	3824	powershell.exe
Token: SeSystemProfilePrivilege	3824	powershell.exe
Token: SeSystemtimePrivilege	3824	powershell.exe
Token: SeProfSingleProcessPrivilege	3824	powershell.exe
Token: SeIncBasePriorityPrivilege	3824	powershell.exe

Suspicious use of FindShellTrayWindow 14 IoCs

pid	Process
744	firefox.exe
744	firefox.exe
744	firefox.exe
744	firefox.exe
5196	Growtopia.exe
5196	Growtopia.exe
5196	Growtopia.exe
5196	Growtopia.exe
5196	Growtopia.exe
3652	firefox.exe
3652	firefox.exe
3652	firefox.exe
3652	firefox.exe
3652	firefox.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
744	firefox.exe
744	firefox.exe
744	firefox.exe
5196	Growtopia.exe
5196	Growtopia.exe
5196	Growtopia.exe
5196	Growtopia.exe
5196	Growtopia.exe
3652	firefox.exe
3652	firefox.exe
3652	firefox.exe
3652	firefox.exe

Suspicious use of SetWindowsHookEx 15 IoCs

pid	Process
744	firefox.exe
744	firefox.exe
744	firefox.exe
744	firefox.exe
744	firefox.exe
744	firefox.exe
744	firefox.exe
744	firefox.exe
744	firefox.exe
744	firefox.exe
5196	Growtopia.exe
3652	firefox.exe
3652	firefox.exe
3652	firefox.exe
3652	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4112 wrote to memory of 5108	4112	GrowHack.exe	73
PID 4112 wrote to memory of 5108	4112	GrowHack.exe	73
PID 4112 wrote to memory of 5108	4112	GrowHack.exe	73
PID 4112 wrote to memory of 504	4112	GrowHack.exe	74
PID 4112 wrote to memory of 504	4112	GrowHack.exe	74
PID 4112 wrote to memory of 1136	4112	GrowHack.exe	77
PID 4112 wrote to memory of 1136	4112	GrowHack.exe	77
PID 4112 wrote to memory of 1528	4112	GrowHack.exe	78
PID 4112 wrote to memory of 1528	4112	GrowHack.exe	78
PID 4112 wrote to memory of 3824	4112	GrowHack.exe	80
PID 4112 wrote to memory of 3824	4112	GrowHack.exe	80
PID 4112 wrote to memory of 3776	4112	GrowHack.exe	81
PID 4112 wrote to memory of 3776	4112	GrowHack.exe	81
PID 4112 wrote to memory of 4892	4112	GrowHack.exe	85
PID 4112 wrote to memory of 4892	4112	GrowHack.exe	85
PID 4112 wrote to memory of 1968	4112	GrowHack.exe	87
PID 4112 wrote to memory of 1968	4112	GrowHack.exe	87
PID 4112 wrote to memory of 740	4112	GrowHack.exe	88
PID 4112 wrote to memory of 740	4112	GrowHack.exe	88
PID 4112 wrote to memory of 4620	4112	GrowHack.exe	89
PID 4112 wrote to memory of 4620	4112	GrowHack.exe	89
PID 4112 wrote to memory of 4412	4112	GrowHack.exe	92
PID 4112 wrote to memory of 4412	4112	GrowHack.exe	92
PID 4112 wrote to memory of 5104	4112	GrowHack.exe	94
PID 4112 wrote to memory of 5104	4112	GrowHack.exe	94
PID 4112 wrote to memory of 4616	4112	GrowHack.exe	97
PID 4112 wrote to memory of 4616	4112	GrowHack.exe	97
PID 4112 wrote to memory of 4424	4112	GrowHack.exe	99
PID 4112 wrote to memory of 4424	4112	GrowHack.exe	99
PID 5052 wrote to memory of 744	5052	firefox.exe	110
PID 5052 wrote to memory of 744	5052	firefox.exe	110
PID 5052 wrote to memory of 744	5052	firefox.exe	110
PID 5052 wrote to memory of 744	5052	firefox.exe	110
PID 5052 wrote to memory of 744	5052	firefox.exe	110
PID 5052 wrote to memory of 744	5052	firefox.exe	110
PID 5052 wrote to memory of 744	5052	firefox.exe	110
PID 5052 wrote to memory of 744	5052	firefox.exe	110
PID 5052 wrote to memory of 744	5052	firefox.exe	110
PID 5052 wrote to memory of 744	5052	firefox.exe	110
PID 5052 wrote to memory of 744	5052	firefox.exe	110
PID 744 wrote to memory of 4584	744	firefox.exe	111
PID 744 wrote to memory of 4584	744	firefox.exe	111
PID 744 wrote to memory of 5036	744	firefox.exe	112
PID 744 wrote to memory of 5036	744	firefox.exe	112
PID 744 wrote to memory of 5036	744	firefox.exe	112
PID 744 wrote to memory of 5036	744	firefox.exe	112
PID 744 wrote to memory of 5036	744	firefox.exe	112
PID 744 wrote to memory of 5036	744	firefox.exe	112
PID 744 wrote to memory of 5036	744	firefox.exe	112
PID 744 wrote to memory of 5036	744	firefox.exe	112
PID 744 wrote to memory of 5036	744	firefox.exe	112
PID 744 wrote to memory of 5036	744	firefox.exe	112
PID 744 wrote to memory of 5036	744	firefox.exe	112
PID 744 wrote to memory of 5036	744	firefox.exe	112
PID 744 wrote to memory of 5036	744	firefox.exe	112
PID 744 wrote to memory of 5036	744	firefox.exe	112
PID 744 wrote to memory of 5036	744	firefox.exe	112
PID 744 wrote to memory of 5036	744	firefox.exe	112
PID 744 wrote to memory of 5036	744	firefox.exe	112
PID 744 wrote to memory of 5036	744	firefox.exe	112
PID 744 wrote to memory of 5036	744	firefox.exe	112
PID 744 wrote to memory of 5036	744	firefox.exe	112
PID 744 wrote to memory of 5036	744	firefox.exe	112
PID 744 wrote to memory of 5036	744	firefox.exe	112

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\GrowHack.exe
"C:\Users\Admin\AppData\Local\Temp\GrowHack.exe"
1⤵
- Modifies Windows Defender Real-time Protection settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4112
- C:\Users\Admin\AppData\Local\Temp\dcd.exe
  "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
  2⤵
  - Executes dropped EXE
  PID:5108
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell" Get-MpPreference -verbose
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:504
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -DisableArchiveScanning $true
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1136
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -DisableBlockAtFirstSeen $true
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1528
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -DisableIOAVProtection $true
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3824
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -DisablePrivacyMode $true
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3776
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -DisableScriptScanning $true
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4892
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -HighThreatDefaultAction 6 -Force
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1968
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -LowThreatDefaultAction 6
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:740
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -MAPSReporting 0
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4620
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -ModerateThreatDefaultAction 6
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4412
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -SevereThreatDefaultAction 6
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:5104
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -SignatureDisableUpdateOnStartupWithoutEngine $true
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4616
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -SubmitSamplesConsent 2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4424

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4652

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5052
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:744
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="744.0.1846012336\88625018" -parentBuildID 20221007134813 -prefsHandle 1744 -prefMapHandle 1736 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e413cd36-0ce1-4220-a405-d20ade1a2e56} 744 "\\.\pipe\gecko-crash-server-pipe.744" 1828 198ef606b58 gpu
    3⤵
    PID:4584
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="744.1.1240659676\47656717" -parentBuildID 20221007134813 -prefsHandle 2168 -prefMapHandle 2164 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {371e705d-b043-4d63-94b9-fd2de004f7c1} 744 "\\.\pipe\gecko-crash-server-pipe.744" 2180 198e3472258 socket
    3⤵
    - Checks processor information in registry
    PID:5036
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="744.2.640336478\1820296004" -childID 1 -isForBrowser -prefsHandle 2820 -prefMapHandle 2696 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {86b9a1bb-4f15-4932-a5f7-dcb90fea462f} 744 "\\.\pipe\gecko-crash-server-pipe.744" 2680 198ee45e158 tab
    3⤵
    PID:2356
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="744.3.1882134735\473130974" -childID 2 -isForBrowser -prefsHandle 3412 -prefMapHandle 3484 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {356b0d2d-1e29-4fd4-a5a6-350bd02b9e84} 744 "\\.\pipe\gecko-crash-server-pipe.744" 3496 198f0cdfa58 tab
    3⤵
    PID:3772
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="744.4.1544654345\1390821116" -childID 3 -isForBrowser -prefsHandle 4112 -prefMapHandle 4128 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {181712ec-b609-48e2-96a9-28450b2b6d63} 744 "\\.\pipe\gecko-crash-server-pipe.744" 4144 198f455c158 tab
    3⤵
    PID:1100
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="744.5.651229061\1837641435" -childID 4 -isForBrowser -prefsHandle 4840 -prefMapHandle 4824 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4e4bdd14-36ce-4288-8d39-d48bb639b0c1} 744 "\\.\pipe\gecko-crash-server-pipe.744" 4880 198f4b1d358 tab
    3⤵
    PID:3360
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="744.6.1550577376\104581499" -childID 5 -isForBrowser -prefsHandle 5096 -prefMapHandle 5100 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1df49018-6fc9-4b05-be4e-8504ead9c233} 744 "\\.\pipe\gecko-crash-server-pipe.744" 5084 198f5531658 tab
    3⤵
    PID:4520
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="744.7.2037923357\137853036" -childID 6 -isForBrowser -prefsHandle 5276 -prefMapHandle 5280 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {be4a83f4-90ac-4a82-a35b-4f6c2da24219} 744 "\\.\pipe\gecko-crash-server-pipe.744" 5268 198f552f258 tab
    3⤵
    PID:3948
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="744.8.1242204977\1410990521" -childID 7 -isForBrowser -prefsHandle 5788 -prefMapHandle 5796 -prefsLen 29483 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c86c865a-fb94-41f3-9ebd-a0466debc251} 744 "\\.\pipe\gecko-crash-server-pipe.744" 5804 198f79e4c58 tab
    3⤵
    PID:2880
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="744.9.2044699048\1082927896" -childID 8 -isForBrowser -prefsHandle 6624 -prefMapHandle 6628 -prefsLen 29658 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3d34d20c-e739-4cda-9c8e-fc200656fdad} 744 "\\.\pipe\gecko-crash-server-pipe.744" 9952 198fb88ee58 tab
    3⤵
    PID:5112
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="744.10.91595946\1199597846" -childID 9 -isForBrowser -prefsHandle 6496 -prefMapHandle 6600 -prefsLen 29658 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {47528611-e672-4df9-8c23-01f7ba64631e} 744 "\\.\pipe\gecko-crash-server-pipe.744" 6472 198fbd49a58 tab
    3⤵
    PID:204
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="744.11.1176312967\2114555942" -childID 10 -isForBrowser -prefsHandle 9828 -prefMapHandle 9824 -prefsLen 29658 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e0778b3d-b2d0-4031-8d05-8e3d7a7f241f} 744 "\\.\pipe\gecko-crash-server-pipe.744" 6456 198fbd48e58 tab
    3⤵
    PID:1584
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="744.12.230690397\1845394232" -childID 11 -isForBrowser -prefsHandle 9656 -prefMapHandle 9652 -prefsLen 29658 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {561f61f9-7dfd-4309-b7c9-eba7360d3b5a} 744 "\\.\pipe\gecko-crash-server-pipe.744" 9664 198fbd4a658 tab
    3⤵
    PID:2648
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="744.13.547468167\1796047138" -childID 12 -isForBrowser -prefsHandle 4712 -prefMapHandle 4684 -prefsLen 29833 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {52dc12e9-6ee2-4d16-a976-487bf76c27a1} 744 "\\.\pipe\gecko-crash-server-pipe.744" 5700 198f5531c58 tab
    3⤵
    PID:5336
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="744.14.1196942557\1067277957" -childID 13 -isForBrowser -prefsHandle 4300 -prefMapHandle 4276 -prefsLen 29833 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4bdc4bac-175d-48b0-865c-7b025f9eb2c5} 744 "\\.\pipe\gecko-crash-server-pipe.744" 4312 198e3471c58 tab
    3⤵
    PID:5544
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="744.15.1160038845\1693569841" -childID 14 -isForBrowser -prefsHandle 9280 -prefMapHandle 9332 -prefsLen 29833 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b3067a23-551b-4623-9592-a178e08b780a} 744 "\\.\pipe\gecko-crash-server-pipe.744" 4300 198f7537858 tab
    3⤵
    PID:5656
- - C:\Users\Admin\Downloads\GrowtopiaInstaller.exe
    "C:\Users\Admin\Downloads\GrowtopiaInstaller.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4624
  - - C:\Users\Admin\AppData\Local\Growtopia\vc_redist.x64.exe
      C:\Users\Admin\AppData\Local\Growtopia\vc_redist.x64.exe
      4⤵
      Executes dropped EXE
      PID:5820
    - - C:\Users\Admin\AppData\Local\Growtopia\vc_redist.x64.exe
        
        "C:\Users\Admin\AppData\Local\Growtopia\vc_redist.x64.exe" -burn.unelevated BurnPipe.{13CC0221-1C43-4138-A192-8AB956A72616} {63462B00-9516-4FA9-BA01-790801BF13FD} 5820
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4260
  - - C:\Users\Admin\AppData\Local\Growtopia\Growtopia.exe
      "C:\Users\Admin\AppData\Local\Growtopia\Growtopia.exe"
      4⤵
      Blocklisted process makes network request
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of NtSetInformationThreadHideFromDebugger
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of SetWindowsHookEx
      PID:5196

C:\Users\Admin\AppData\Local\Temp\Temp1_Nightfarm.zip\Nightfarm.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Nightfarm.zip\Nightfarm.exe"
1⤵
- Loads dropped DLL
- Drops desktop.ini file(s)
PID:5360
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "hostname"
  2⤵
  PID:5496
- - C:\Windows\system32\HOSTNAME.EXE
    hostname
    3⤵
    PID:6000
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "hostname"
  2⤵
  PID:6024
- - C:\Windows\system32\HOSTNAME.EXE
    hostname
    3⤵
    PID:6052
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions""
  2⤵
  PID:1636
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions"
    3⤵
    PID:5636
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "wmic csproduct get uuid | more +1"
  2⤵
  PID:3532
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic csproduct get uuid
    3⤵
    PID:5372
- - C:\Windows\system32\more.com
    more +1
    3⤵
    PID:5416
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "wmic OS get caption, osarchitecture | more +1"
  2⤵
  PID:5336
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic OS get caption, osarchitecture
    3⤵
    PID:2356
- - C:\Windows\system32\more.com
    more +1
    3⤵
    PID:6032
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "wmic cpu get name | more +1"
  2⤵
  PID:5288
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get name
    3⤵
    PID:5328
- - C:\Windows\system32\more.com
    more +1
    3⤵
    PID:5724
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "wmic PATH Win32_VideoController get name | more +1"
  2⤵
  PID:5116
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic PATH Win32_VideoController get name
    3⤵
    - Detects videocard installed
    PID:3720
- - C:\Windows\system32\more.com
    more +1
    3⤵
    PID:1148
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "wmic computersystem get totalphysicalmemory | more +1"
  2⤵
  PID:2760
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic computersystem get totalphysicalmemory
    3⤵
    PID:3272
- - C:\Windows\system32\more.com
    more +1
    3⤵
    PID:4368
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "wmic logicaldisk get size | more +1"
  2⤵
  PID:4916
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic logicaldisk get size
    3⤵
    - Collects information from the system
    PID:3812
- - C:\Windows\system32\more.com
    more +1
    3⤵
    PID:4740
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall""
  2⤵
  PID:2204
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
    3⤵
    PID:4332
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall""
  2⤵
  PID:1580
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
    3⤵
    PID:2436
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip""
  2⤵
  PID:4644
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip"
    3⤵
    PID:504
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook""
  2⤵
  PID:2780
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook"
    3⤵
    PID:2640
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager""
  2⤵
  PID:3492
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager"
    3⤵
    PID:4736
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx""
  2⤵
  PID:1916
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx"
    3⤵
    PID:3660
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime""
  2⤵
  PID:3344
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime"
    3⤵
    PID:424
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore""
  2⤵
  PID:1804
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore"
    3⤵
    PID:3872
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40""
  2⤵
  PID:3316
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40"
    3⤵
    PID:5096
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data""
  2⤵
  PID:6100
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data"
    3⤵
    PID:3780
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX""
  2⤵
  PID:4580
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX"
    3⤵
    PID:5460
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData""
  2⤵
  PID:5848
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData"
    3⤵
    PID:5708
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack""
  2⤵
  PID:4936
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack"
    3⤵
    PID:5252
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 105.0.3 (x64 en-US)""
  2⤵
  PID:5932
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 105.0.3 (x64 en-US)"
    3⤵
    PID:5888
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService""
  2⤵
  PID:5536
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService"
    3⤵
    PID:1108
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2""
  2⤵
  PID:696
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2"
    3⤵
    PID:2608
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us""
  2⤵
  PID:1924
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us"
    3⤵
    PID:1124
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent""
  2⤵
  PID:508
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent"
    3⤵
    PID:5496
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VLC media player""
  2⤵
  PID:5144
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VLC media player"
    3⤵
    PID:2648
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC""
  2⤵
  PID:4988
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC"
    3⤵
    PID:972
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}""
  2⤵
  PID:4700
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}"
    3⤵
    PID:6092
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00}""
  2⤵
  PID:6108
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00}"
    3⤵
    PID:1256
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}""
  2⤵
  PID:5124
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}"
    3⤵
    PID:5260
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}""
  2⤵
  PID:5688
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}"
    3⤵
    PID:4980
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{64A3A4F4-B792-11D6-A78A-00B0D0180381}""
  2⤵
  PID:5400
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{64A3A4F4-B792-11D6-A78A-00B0D0180381}"
    3⤵
    PID:5716
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{662A0088-6FCD-45DD-9EA7-68674058AED5}""
  2⤵
  PID:5632
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{662A0088-6FCD-45DD-9EA7-68674058AED5}"
    3⤵
    PID:5228
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}""
  2⤵
  PID:656
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}"
    3⤵
    PID:2872
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{77924AE4-039E-4CA4-87B4-2F64180381F0}""
  2⤵
  PID:6116
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{77924AE4-039E-4CA4-87B4-2F64180381F0}"
    3⤵
    PID:5412
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE}""
  2⤵
  PID:5420
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE}"
    3⤵
    PID:5340
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE}""
  2⤵
  PID:1400
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE}"
    3⤵
    PID:5296
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE}""
  2⤵
  PID:5872
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:2356
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE}"
    3⤵
    PID:5320
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB0836EC-B072-368D-82B2-D3470BF95707}""
  2⤵
  PID:2140
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB0836EC-B072-368D-82B2-D3470BF95707}"
    3⤵
    PID:1416
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}""
  2⤵
  PID:1232
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}"
    3⤵
    PID:5532
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:644
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:2348
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5424
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:3856
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5668
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5704
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:1796
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5444
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5516
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:956
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:3876
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:1688
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:1136
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:3056
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:3068
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:3376
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:3780
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5232
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:6048
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5932
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5116
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:4980
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:688
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:1540
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:4160
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5564
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:6128
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:6140
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:4092
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5760
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5088
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:2276
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:2292
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:692
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:6004
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:880
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:1824
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5476
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:1208
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:2172
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5368
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5620
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:3208
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:4484
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:2068
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:3520
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5724
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5080
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5840
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:1968
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:860
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:752
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:2696
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5188
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:3996
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5108
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5136
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:2736
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5028
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:2932
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:2644
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5824
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:3600
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5284
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5264
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:1416
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5640
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:4676
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:6076
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:1892
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5748
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:1304
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:2608
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:2652
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:4620
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:2480
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5468
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:6132
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:6104
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:1848
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:1216
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:3936
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5088
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:4244
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:2292
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:4764
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:880
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:2576
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5612
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:2360
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5176
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5280
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:3252
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:3780
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5728
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:748
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:516
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:4016
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:6032
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:4624
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:4964
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:4348
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:3100
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5996
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5580
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:3400
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5492
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:3024
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:2120
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:3348
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:3616
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5028
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:4616
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5860
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5100
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:1440
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:6116
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5380
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:668
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5276
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:4736
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:3664
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5628
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:3948
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:2748
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5632
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5240
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:2480
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:4648
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:6132
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:356
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:1420
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:1796
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:1396
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:2076
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:3040
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:1824
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:1528
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:1416
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:68
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:4676
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:672
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:4516
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:2868
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5932
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5256
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:1404
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5064
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5776
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5048
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:2344
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:4968
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:1340
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:6128
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:3256
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:1636
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:692
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5096
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:4356
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5772
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:1428
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:2904
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:1824
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:1032
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:4260
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:4704
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5680
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:4484
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:1256
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:6060
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:4084
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:4684
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5064
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:1404
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5048
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5776
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:4968
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:2344
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:2736
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:2632
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:1636
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:3256
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5096
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:692
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5772
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:4356
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:3492
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:3148
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:1032
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:1824
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:4704
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:4260
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:4484
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5680
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:6060
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:1256
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5152
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5932
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:3816
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:2924
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5776
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5048
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:4404
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:1420
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:2632
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:2736
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:3256
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:1636
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:4196
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:4996
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:696
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:2644
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5556
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:2904
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:3940
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5300
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:1400
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5796
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5680
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:4484
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:2908
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:2880
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5664
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:1708
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:3816
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:4240
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5776
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:2232
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:1444
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:2196
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:2760
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:1796
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5352
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:4764
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:880
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5096
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:216
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5280
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5268
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5220
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:1032
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:1020
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:4704
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5080
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:4052
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5076
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:4064
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:3076
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:3932
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5200
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5412
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:4520
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5208
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:4680
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:4892
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:2164
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:2076
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5516
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:3312
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:588
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5888
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5712
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:3780
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:4344
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:3208
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5640
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5244
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:6076
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5988
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:3812
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:1900
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:192
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5820
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5348
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5068
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:1848
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:4220
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:856
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5792
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:2324
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:956
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:3860
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5696
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5336
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5284
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:3256
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:4700
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:3428
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:3800
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:4068
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:676
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:4820
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:6116
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:3520
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:4972
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:2916
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:3964
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5724
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:6088
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:2208
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5416
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5164
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:2344
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5424
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5512
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5868
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5520
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:392
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:3608
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:148
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:2736
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5780
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:2360
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:1472
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:1012
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:1528
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5452
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5176
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5388
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:3472
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:6000
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5092
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5400
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5080
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5668
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:2608
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5976
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:3688
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:400
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:3540
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5048
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:1924
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:32
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:1340
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:196
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:3024
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:3516
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5132
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5856
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:4916
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:2736
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:3256
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:2360
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:3428
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:404
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:2644
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5452
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:2240
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:668
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:740
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:4396
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5004
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5028
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:4088
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:504
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:96
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5740
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:4500
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:936
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:4648
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:1584
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5376
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:4028
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:3860
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:1796
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:2076
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:1544
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:2300
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:4636
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:1944
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:1528
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5100
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:4976
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5968
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:3940
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5936
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5744
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:3668
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:6068
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:1788
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:3060
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:192
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:96
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:504
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:4500
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5740
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:2052
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:4092
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5160
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5504
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:3860
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:4028
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:2076
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:1796
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:2300
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:1544
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5692
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:1136
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:4580
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:424
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5544
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:1824
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:3940
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:2904
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5744
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5080
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:4380
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:1172
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5348
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5764
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:1848
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:3624
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:3400
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:4148
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:2324
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:3852
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:2640
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:1444
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:3516
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:4004
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5972
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:376
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:4196
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:2140
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5168
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5772
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:1616
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5404
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:2204
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:2916
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:4076
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5540
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5080
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5744
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:1172
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:4380
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5764
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5348
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:3624
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:1848
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:4148
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:3400
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:4308
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:4336
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:2860
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:3676
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:6012
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:1232
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:3056
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5284
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:6120
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:224
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:2868
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5968
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:236
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:1148
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5300
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5452
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5668
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:1688
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:2696
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:1900
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:3100
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:2148
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:2880
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:1236
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:968
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:3884
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:656
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:196
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5860
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5332
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:1996
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:3648
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5460
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:2320
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5096
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:3800
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5176
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:4628
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:1528
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:4820
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:3500
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:4052
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:4084
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:6088
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:1168
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5152
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:2304
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5028
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:4520
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5444
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5776
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:4956
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5520
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5304
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:196
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:656
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:3896
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5032
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5920
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:4552
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5156
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:1544
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:3800
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5096
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5024
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:3208
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5996
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:696
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5116
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:4976
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:2916
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5092
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:6064
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:4396
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:3504
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5064
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5868
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:1708
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:400
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:3892
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:168
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5552
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5160
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:1584
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:1208
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:4916
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:4112
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:6012
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:3056
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5768
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:2616
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:3004
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:4972
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5172
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:236
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:348
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:3964
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:2924
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:4960
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5988
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:1172
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5872
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:2900
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:1924
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:4500
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:4512
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:2120
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:4312
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:32
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:4920
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:4336
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:4696
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:1444
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:2860
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5368
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:1232
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:1280
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5268
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:3780
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5568
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5384
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5736
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5544
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5584
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:4240
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5632
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:4084
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:1436
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5592
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:4988
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:4400
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:2304
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:3992
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:4012
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:2236
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5068
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5124
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:4944
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:3552
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:2772
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5588
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:3676
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:1232
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5368
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:4356
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:1032
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:1304
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:1136
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5172
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5356
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:4332
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5984
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:4064
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:4624
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5200
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:792
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:1804
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:3532
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:3624
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:1336
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:4648
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:6052
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:2764
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:2324
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:2808
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:4920
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:692
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:1108
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:1432
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:3608
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5768
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5052
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:6048
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:3004
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:6116
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:6108
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5564
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:348
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5056
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:2924
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:2928
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:860
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:4164
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5992
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5704
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5364
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5376
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:712
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5932
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:96
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5136
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5188
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:3556
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:32
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:3648
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:2448
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5784
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5168
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:1356
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5844
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5856
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:1480
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:3252
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:1692
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:2140
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:1136
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:696
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5736
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:4872
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:4052
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:3504
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:4392
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:1708
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5412
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:4892
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:400
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:4512
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5696
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5308
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:2756
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:3516
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:1472
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:1580
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5456
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5612
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:1348
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:216
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:2940
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:3800
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:2360
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:6120
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:4952
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5380
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:6048
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:6116
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:3520
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:4980
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:1616
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:4968
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:4368
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:1924
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:2072
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:2680
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:2888
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:3532
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:4504
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:3400
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5576
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:4764
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5932
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:1236
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:4028
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:4920
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:2780
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:1996
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:3860
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5184
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:6012
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:1792
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:1784
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:1480
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:3500
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:3528
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5320
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:4516
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:3512
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:4132
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:1296
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:1256
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:4164
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5040
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:4312
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5400
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5468
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5628
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5652
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5188
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5136
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:656
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:428
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:4336
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:1108
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:1972
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5460
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5796
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5272
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:3360
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:4628
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:4344
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5236
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5164
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5532
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:3280
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:1048
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:192
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:3512
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:3100
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5700
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:6132
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5364
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5592
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:2120
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5376
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:4504
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5776
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:3904
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5088
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5740
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:2196
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:4028
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5156
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:3316
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:2868
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:2436
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:1524
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:6012
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:68
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5372
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5176
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:3668
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:2648
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:2916
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:860
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5736
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:4516
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:3076
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:1296
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:4228
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:168
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:4388
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:2172
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5928
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:3632
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:3532
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:1936
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:96
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5780
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5288
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:2728
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5964
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5784
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5588
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:4904
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:640
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:6104
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5272
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:3360
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:3028
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5996
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:3940
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:3688
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5420
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:2964
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:1048
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:4332
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:3512
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5200
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:2072
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5364
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:196
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5868
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:2120
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5376
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:2236
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:3400
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:980
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5932
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:3176
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:3856
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:3556
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:588
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5156
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5276
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:4196
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:1524
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5004
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:3780
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:204
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:4484
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:1480
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:1612
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5948
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:860
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:6068
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:4516
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:4708
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:1296
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:1336
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:2756
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:196
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5036
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:712
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:2300
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:744
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:1536
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:980
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:1996
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:3176
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5964
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:2360
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5724
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5116
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5768
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5460
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:1892
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:1792
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:3360
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:1136
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:4500
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5064
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:5880
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:5948
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:644
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell Get-Clipboard
    3⤵
    PID:6068
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
  2⤵
  PID:3100

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3a8
1⤵
PID:4248

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5112
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:3652
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3652.0.179170258\69721426" -parentBuildID 20221007134813 -prefsHandle 1556 -prefMapHandle 1544 -prefsLen 23692 -prefMapSize 233979 -appDir "C:\Program Files\Mozilla Firefox\browser" - {119a5055-0a4a-4ecd-bb55-a25f1c1182ac} 3652 "\\.\pipe\gecko-crash-server-pipe.3652" 1652 2350c2e8b58 gpu
    3⤵
    PID:4464
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3652.1.1152337006\1260694795" -parentBuildID 20221007134813 -prefsHandle 2004 -prefMapHandle 2000 -prefsLen 23737 -prefMapSize 233979 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {917a253f-a81c-4d82-a9c5-b8eb23b97f9c} 3652 "\\.\pipe\gecko-crash-server-pipe.3652" 2016 2357fee1458 socket
    3⤵
    - Checks processor information in registry
    PID:1540
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3652.2.1825596951\598258604" -childID 1 -isForBrowser -prefsHandle 2700 -prefMapHandle 2696 -prefsLen 24198 -prefMapSize 233979 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c291e49-dc52-48d5-ae3a-2c1d426abd6f} 3652 "\\.\pipe\gecko-crash-server-pipe.3652" 2712 2350c765658 tab
    3⤵
    PID:192
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3652.3.1178484935\1092376270" -childID 2 -isForBrowser -prefsHandle 3192 -prefMapHandle 3184 -prefsLen 29376 -prefMapSize 233979 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {84fa46ff-6c38-4727-b54a-d2779c0698f1} 3652 "\\.\pipe\gecko-crash-server-pipe.3652" 3340 235103a2158 tab
    3⤵
    PID:2240
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3652.4.539962013\1087083880" -childID 3 -isForBrowser -prefsHandle 3408 -prefMapHandle 3396 -prefsLen 29376 -prefMapSize 233979 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a81fdd29-c2a3-4a69-abd8-bb01eb9304e7} 3652 "\\.\pipe\gecko-crash-server-pipe.3652" 3412 23510faca58 tab
    3⤵
    PID:3336
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3652.5.773410947\469318913" -childID 4 -isForBrowser -prefsHandle 4188 -prefMapHandle 4172 -prefsLen 29376 -prefMapSize 233979 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8edcdd7b-6e78-4356-97a8-aa93738c8153} 3652 "\\.\pipe\gecko-crash-server-pipe.3652" 4220 23512721b58 tab
    3⤵
    PID:2764
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3652.6.1874060031\965017133" -childID 5 -isForBrowser -prefsHandle 4572 -prefMapHandle 4420 -prefsLen 29376 -prefMapSize 233979 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d7515a2-c559-447e-a7a0-5b79c9bb2456} 3652 "\\.\pipe\gecko-crash-server-pipe.3652" 4580 23512746758 tab
    3⤵
    PID:588
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3652.7.390018309\1841485343" -childID 6 -isForBrowser -prefsHandle 4716 -prefMapHandle 4720 -prefsLen 29376 -prefMapSize 233979 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a98396d-b0af-4d49-9250-63320a00d036} 3652 "\\.\pipe\gecko-crash-server-pipe.3652" 4708 23512746a58 tab
    3⤵
    PID:1924
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3652.8.696024629\2060277632" -childID 7 -isForBrowser -prefsHandle 5452 -prefMapHandle 5416 -prefsLen 29376 -prefMapSize 233979 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c9e2deb1-5742-4b91-a454-ccb6f966091b} 3652 "\\.\pipe\gecko-crash-server-pipe.3652" 5444 2351436be58 tab
    3⤵
    PID:5748
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3652.9.1040642548\37201180" -childID 8 -isForBrowser -prefsHandle 5588 -prefMapHandle 5592 -prefsLen 29376 -prefMapSize 233979 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3911e1c0-a190-4d43-b576-b134db6ad0dd} 3652 "\\.\pipe\gecko-crash-server-pipe.3652" 5580 235143a9158 tab
    3⤵
    PID:5688
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3652.10.1083108131\9827969" -childID 9 -isForBrowser -prefsHandle 3520 -prefMapHandle 3532 -prefsLen 29376 -prefMapSize 233979 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1027bdc4-f990-4d4b-9f0b-7d2cee4e3516} 3652 "\\.\pipe\gecko-crash-server-pipe.3652" 3508 2351009f658 tab
    3⤵
    PID:216
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3652.11.934126664\1452221899" -childID 10 -isForBrowser -prefsHandle 3336 -prefMapHandle 5416 -prefsLen 29376 -prefMapSize 233979 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a26751c-8e21-4ee8-b4d0-d4a584234030} 3652 "\\.\pipe\gecko-crash-server-pipe.3652" 3200 23514117358 tab
    3⤵
    PID:2132

C:\Users\Admin\Downloads\Nightfarm.exe
"C:\Users\Admin\Downloads\Nightfarm.exe"
1⤵
- Modifies Windows Defender Real-time Protection settings
- Drops startup file
- Executes dropped EXE
PID:5548
- C:\Users\Admin\AppData\Local\Temp\dcd.exe
  "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path="C:\Users\Admin\AppData\Local\Growtopia\save.dat"
  2⤵
  - Executes dropped EXE
  PID:5792
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell" Get-MpPreference -verbose
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5316
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -DisableArchiveScanning $true
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6100
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -DisableBlockAtFirstSeen $true
  2⤵
  PID:3492
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -DisableIOAVProtection $true
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4636
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -DisablePrivacyMode $true
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3872
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -DisableScriptScanning $true
  2⤵
  PID:5972
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -HighThreatDefaultAction 6 -Force
  2⤵
  PID:3312
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -LowThreatDefaultAction 6
  2⤵
  PID:5988
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -MAPSReporting 0
  2⤵
  PID:2208
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -ModerateThreatDefaultAction 6
  2⤵
  PID:688
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -SevereThreatDefaultAction 6
  2⤵
  PID:740
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -SignatureDisableUpdateOnStartupWithoutEngine $true
  2⤵
  PID:908
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -SubmitSamplesConsent 2
  2⤵
  PID:4084
- C:\Users\Admin\AppData\Local\Temp\dcd.exe
  "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path="C:\Users\Admin\AppData\Local\Growtopia\save.dat"
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Users\Admin\AppData\Local\Temp\dcd.exe
  "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path="C:\Users\Admin\AppData\Local\Growtopia\save.dat"
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Users\Admin\AppData\Local\Temp\dcd.exe
  "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path="C:\Users\Admin\AppData\Local\Growtopia\save.dat"
  2⤵
  - Executes dropped EXE
  PID:3808
- C:\Users\Admin\AppData\Local\Temp\dcd.exe
  "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path="C:\Users\Admin\AppData\Local\Growtopia\save.dat"
  2⤵
  - Executes dropped EXE
  PID:3664

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
PID:2988

C:\Windows\System32\GamePanel.exe
"C:\Windows\System32\GamePanel.exe" 000000000005025C /startuptips
1⤵
- Drops desktop.ini file(s)
- Checks SCSI registry key(s)
PID:1300

C:\Windows\System32\bcastdvr.exe
"C:\Windows\System32\bcastdvr.exe" -ServerName:Windows.Media.Capture.Internal.BroadcastDVRServer
1⤵
PID:3616

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Growtopia\Growtopia.exe

Filesize
39.8MB

MD5
eaca97167873094e5561a7a8c270edb0

SHA1
039be5d64c9fed35ba20e3bc049ff7a80d8bd69b

SHA256
ef525f5c3ae61a24e99fa290043e6a41b4bbe73fbec799addf7545538814044d

SHA512
912ea2fbf9e85f4828424d86535f3f86275b86865cd861ce7709321cd29cfd7828f32478e00b5cd938e3131f6f0fc2c7981d7c7fa7e2d90255f289dc91f0e6bb

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\anzu.dll

Filesize
3.6MB

MD5
259a32af5b652b64addf145b389f6b60

SHA1
fe51dbf8bc1e4d8dbc3dc6dfcc48b54775b8e924

SHA256
d869244c77decc4b15dc20ba3207d9286cd67fd4599e8219a3df80edf66f7279

SHA512
f90dc7f0ef44fcbe14f08ee9addbc5c405f0b8dc8527aed7822d33f82a969a0d89fde8f6aa73bf9e5666658e682081aafd563758817c3358921a400c69829e09

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\audio\click.wav

Filesize
18KB

MD5
477c1e4d4ba5c340c13a77fd52a03cd9

SHA1
fc05d5b94d33a9f472133c7c47f52aabd3bc1edb

SHA256
e46278f894d538b366acc40925db83b8ac4daea030e98276cba5ab179ffe563f

SHA512
3322db0bd62a56f7c70799553390f6d38e263a8222ff709316da11c4cc3523dd940f8d6789d7d870d37c9e2954c0b7e67ba9dcbaea689c108183aebd8a49f825

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\game\gui_box.rttex

Filesize
529B

MD5
d70d128e0d20aedbe2a0cb488e77b0ca

SHA1
a3fa6f1214cb74ab711813cd92052f47ae3d87c1

SHA256
306710de94944683c093bcfeb3ccc588230e9c950fc6d26cb2ebcd54930a2dd2

SHA512
bb405c6b1ae95d8bb7ebc04cfa1843bbe1e4dcc417dcf9befe43c569676684a26cefd7e463eced7791d5ed616d63419ecbb7e9fb1b04461253fadcb030839a8d

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\game\gui_box_white.rttex

Filesize
500B

MD5
f4715cfff579b5d89d412e788e29b126

SHA1
d4937ad1d75b80bd56b1aca5c6440f95abe2a59c

SHA256
b241e30e6cac259326c4e5a450c7f7364380a0a813cb7f0729fdaddb35210a5a

SHA512
9f85ca23d316dd0155ad876f2f74a013a61a239588fe43542f8770b758efe47b0910660f365f386f957fe3b68604c92d5cd6111b493227afff3baeafe83e4173

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\game\hills1.rttex

Filesize
11KB

MD5
b679e2d7f84f309806256e68e83964d1

SHA1
9be8657b2634457e9e4fe20e1ef4c96293f803ee

SHA256
410c970ae0fd75227521e96c61f6e6e1a1d8e20e4ee0e0690658c1e563ddde0e

SHA512
2e72f18682d491531fc31d295bd7c4ecba12710a30bdaeb0c532c6b125328a450f09f2b10a0bfb8090bae6bfcaf3080a2b5c258c37c8227b564b1a70d5b5a0dc

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\game\hills2.rttex

Filesize
16KB

MD5
f98e85342f4ba4e029825343d2edc82a

SHA1
addc9a7c89d5e2e8941e1ff285977c11e427bf95

SHA256
ff6cf5f5c793164477194bce42a553cd1eb9692b2159787bd52f92355bc5c400

SHA512
e4ac471c62cc1af92ea9bd18a3f900a6528bbc1338c8ba32bb2b1adf48329c4fa3caf926dd702fceb31b3d30ef6f498e4418272fc1b4ddb379e0dc87f73b9eea

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\game\hills3.rttex

Filesize
19KB

MD5
1f698b5c5fdcc605929421328202e196

SHA1
7271f8ea43582522f42cdc67688e099c1b438ff2

SHA256
694863f01093c74f89ebc77812dcc5a9ebcc07574b658ac783fbbf59ad124caa

SHA512
bee8e7df9a31c0099d6ca0bd104dae60ffe422f6b62c1f9467787aea435821091bd740e91f4d3ddb581c5bc40b51f2fc3489fd27c574e0ec253a2544cbdd440d

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\game\sun.rttex

Filesize
6KB

MD5
09dae892f07dc20c3192a03ca8cada1e

SHA1
28f1e09a28eae0586cb82915753814b85eba09b8

SHA256
43bff2cf3ec876b887b0c42a35d64f4b1434fc95d308241cfafa16dc825d41b1

SHA512
72d7ac5c37ffc192b2644ba857abf87d314738fd4e29849a8b26af5d33252e09e90f1e52bdce68d5d9c32a9aa14db9e00b66e528eed114596e950ef57ade5639

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\interface\currencies.json

Filesize
1KB

MD5
f0bd1fc33690fdab5368c6cf128ce7ec

SHA1
c7d72977a9189687625c1f8b3bce4d6f6329426b

SHA256
6bb20302f6215d609e8c9ef970d02218861dea9662f942be5cabec1cba3d6052

SHA512
faa209662895eca79e2c0be92ce6c6fdae8bd2dff69254355e95a10de2d62c998b5ceccc9a87b5f29e613a56dd8e6726ce1a60543ece412a9dab316d132ca651

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\interface\font_century_gothic_bigx2.rtfont

Filesize
108KB

MD5
c8a90412bbdaa39a814d27a10b7670ff

SHA1
fb5784b59adb4831bb5c693a6c2834d5ca94c01c

SHA256
bb51befa9db4d2a891804f4e750c89025db89a2ae033c9ec56aa591ae94978e5

SHA512
a1bafaf82bc3a05738a6f51f87b836cfe556f191cf5363e31739ff06c32bbe4db310a9856884a3de3af28114ef620ed6dd542f0a328688bcb5fa6ed48662ec6e

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\interface\font_century_gothicx2.rtfont

Filesize
35KB

MD5
b89c4ccbd3180f627cd3e2ae2336733f

SHA1
d9481a501fca4ff2e9b732d1d24e9bffc9e9bc06

SHA256
be0bad0e4b3688573c2fd97a47869d624ef4651f7042ce2362752bc95295561e

SHA512
24e0f62cdb9ddbd800d72063745314946562a439257554d4e7c96b88dce51698deb145e05cfc5959090700bd8a96bc81a8abc457c3ce26cfaf5aabd5b15ffe50

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\interface\iapFallbacks.json

Filesize
9KB

MD5
a5b62eca5732ae853ec51b453cdef5a3

SHA1
f11cf164411bc891ce74a4301ce66ec8d8b66de5

SHA256
0d18ad6bb57a4ca065648fc3f97594dd60fa77183f0a11b417e864cc6da9ebd5

SHA512
ac7d7e6bc53008dbd7ed1d04b0af7ac725791ea810cffc412cfe7dfa6ee631165886eef5df67d59ea7e22b43607ca636c67639110d078e40af3f97125c9f1388

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\interface\large\az_4x3_adv1.rttex

Filesize
67B

MD5
1896385b19daa70f512320ba52a1fdf6

SHA1
63f2954b2cd949e45d02c4f1d4c3f35063aec757

SHA256
71fa2aa665788dff80d37cc26db1f6845685d7542bcdac61779a95a51bf95309

SHA512
f23b50c201e0cf1ff42e4e543e6ae856573cec3e11fa6cec66a8ca661fe69f3cbb4728b3d0e4e2762cd9f2b98e44297d9969ba1a93224dedf8e8e044d37febc1

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\log.txt

Filesize
823B

MD5
2a13174aad7eb3e308f943e8969f54ca

SHA1
2c89b0650b5132b48b9b059fc01a45f6a4015537

SHA256
a0b3a0d6ce30795fc6756412988113375fef3fc3ad552036a658844d0ad3f75b

SHA512
9a01bddb1ffae22dc8fbb22adc20a5905919fbdbd3f7fe57895a9c212c466ecc676beef4336ccb46ed4817198562bd2e193f66ef3c9503c7baac0708f3d46905

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\log.txt

Filesize
964B

MD5
b9dfd183b76cc735b44f9689700332ac

SHA1
641c607a4dde3dc4150d0827a166bbd67a224e34

SHA256
f771f34b2c2494981aa8b42928d7203c8f99d1b5432a3ca132fdb53ece37b006

SHA512
e6d00a89d77f1eb196d17d36b143504d6db98f1032e4b5368ac653803f3ebd59b2172f3df3754edee6f0b75876988958daff6ba8511fb1974bd0091d1234e159

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\log.txt

Filesize
1KB

MD5
877987a11e13d83fccb61446384122c3

SHA1
776171645862e8a3587da133ebb9dda63a326d91

SHA256
8a7cef1a0570e34f5312b56a6b5dbfa909650e77c77558442cf2d64b674e24e6

SHA512
f2a232343e29128bd7ff28fe588a6aaece381462be5f1b28e7aaebb09d40161b46dc3691ab8f3b12756ae97ee638d801eca8a21009896d673f922bea6bbd31c0

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\log.txt

Filesize
1KB

MD5
0d7868b6cd3365e404eabccf3040d318

SHA1
4546cc34d064ca6b26815c016c9033ef260fac66

SHA256
800b0dd51f3cadf2be3596fa563ea1b110a01b69a6f2ee3e74aff3efc57634d0

SHA512
528abc73dff7c7805ff81edd5a69db8701daff7fa5fe2c69719292116523435369f79cda83b54bfd29b225eb355f7517ec9e752566fc1ad5e918556c2b4461aa

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\log.txt

Filesize
1KB

MD5
63ac6b5cf2e746afec417b854f2bd06b

SHA1
203433b257ce0f511d54710c89009afff47203cb

SHA256
8efc5b20d8aeaffa5133719f88b2fe92e58e687bbbff2705e1c66a3571f0baf5

SHA512
054e28312fdac7385ad03532947fe2164573731d67e861ad82822ea2320d1aad48263418e00c31a0aec5feda08987d700d235912bd6419e34b87d8e88f36cc53

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\log.txt

Filesize
2KB

MD5
43cde1df00720f719d4b6ba0616a6288

SHA1
5aa4e24c1d8ab313ea3c66a700e9507d094be275

SHA256
11df11a065ccb611a01bb15cd55b8f74b01ae8d4a17345361fffa510ba24f271

SHA512
c3519107f05a18533a03c1382d717a83f43d2a28f7d51f157325a11fad65c5a4667e11e206a10fb1373da51619aebdfd8293dc004524aaf3af469d45e9e1b6a9

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\log.txt

Filesize
2KB

MD5
2c61319f43eea08e73b9def86e262716

SHA1
47180e57065257fc3d64532dd5258f103185641f

SHA256
8de4e18cf90ddd988cfa3be7d6233a9a8fabba94a6ccc0e5828d16564fdfc8dd

SHA512
76ba4ff2b8ad3d75332bbabf69ca3363a9f41858b7b1cc39632bd1b75706fb6e489ebbc33a33d9db83e25f9f7451a146a3e45b4cab05203c52439c68cf8fbdff

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\log.txt

Filesize
2KB

MD5
37418a3b35786621bf26a92343a0750c

SHA1
30665d1bc9a0395979ce79a8bf5d087f079c494b

SHA256
bb0355b2bd086369de537dab80c0989f6b49b467bd26dc1bf7f8428658ba0d31

SHA512
564009b3eaa93713b7126414424c1915e65cfb5249da5fa8c16d5f2db57320cc7087fa790a7547ebaffb56abf485acfa837e94678c2b55b80b4efc09b4e7413a

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\log.txt

Filesize
4KB

MD5
be3720baf067bd603a598849b5011d47

SHA1
2ec5566d177de899626fcd8d2317b72f29f8d6b0

SHA256
62d3bbb1daa87d0a190b6c828abd1256cb77e93ac3799454d2dab6c096d8005b

SHA512
8022dd65779faf95f013838e99ea0eb74c5c9508a36f7b41d0ba2287d7edb66a40acdc8547f6dc4bb0d7e1eb36174f5ccb95a8b380e4758e055ea4c2d5a12604

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\log.txt

Filesize
301B

MD5
cd30ba244fd532f8d49f91624e982a6e

SHA1
56389553a74401decbf5a26cefacf05c921cfe99

SHA256
68715b3dad4b3fb9ea3ac0a7b45b249e71591beb02fb080065373e4fa6c8b49b

SHA512
f5b8eed43a860679df17c60c0db1765d46278ed5492995f4201ea2f4ddabe4dad3102e16c1b823aff70e340cc90190a12061cfc2bed94208a9bcaf8c1201a9c8

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\shaders\windows\dx9\ColorFill.fs.bin

Filesize
185B

MD5
2490b24610d47d01abd21d533fea6cf2

SHA1
0601b600014e594f28ad3c11b155224375cf5509

SHA256
990ff2a6ae6a46b69ae41783abc8b4282f43e008d1fff7761257f6eb5cacc394

SHA512
ae88495bcf99fe3cf27d7beba65b25c3d63f10440f12f7aea7530e45adc6a711a6088a3fca2096ed0592f02d08420efe2f4d7ccd09f6a8316ca7d7ec3c0530d5

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\shaders\windows\dx9\ColorFill.vs.bin

Filesize
285B

MD5
194766f9fae6fa806a7381b75c77fcd0

SHA1
f7eccd5b802964fffc69291cac8224cfd7eba2d7

SHA256
8ad817a915116c4e14458ad946c325feee7806a5d2d9df138131846435c59be5

SHA512
eecc509f60d7773cf8c38b5fa79b9b4dc5d9f8df21b4586fdd03624f2fbb6b8cbfaa93c7e0cf817f010145e3341d26dcab49adb6329786c4635939622d48ca07

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\shaders\windows\dx9\ColorFillAlpha.fs.bin

Filesize
361B

MD5
d54d62508a41510b22829411d7ba056b

SHA1
229619a0ca1cd953304446d89dc7ac19006dae77

SHA256
d79d5a8d142daf4c381ff098f025dfcefa176cc0021bbece76dbcd4eaee0f6f9

SHA512
f8944c85d591ef6bae39dee28372506e0c2285fc478e4bfff95a3ab1f96923a66d46e182ad0201c1d3ea0c9b707e902754b27fd9d5020b17c553cf34159fe943

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\shaders\windows\dx9\ColorFillAlpha.vs.bin

Filesize
321B

MD5
961353ad14b394a14b22175f2f455fce

SHA1
9e66f9225a7811e339c10c403e7aa6e3ac39ab58

SHA256
57a02d45cd858acc8b0fd9fe7f16229224afc4c9db7c63633ebcb5384a3b65cd

SHA512
ff4f6f872b6474aeccf254fd05043e9cb7c5ca1dd11d9e52077377af26146138a2cf6e86b1c22b83f3200c2371f76b66843492d73a0b89b03a0f34b0f0921ba4

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\shaders\windows\dx9\ColoredTexture.fs.bin

Filesize
576B

MD5
9aaefce5e0e153b233a35bac46877af1

SHA1
b84aa4dc962e0abc7b4663259262be8851ed01f1

SHA256
ac39c7b02778e3c77bbff0f02c6e3f94b5d427486936a68ea75daabccae21779

SHA512
d3b19e186362d2397f26c8b68f92404815b251e749245aae91b21766f08b980344ed84365f7ca539146a0c503ec1d8cf3369df6f7413e7933fd719bb63e43da8

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\shaders\windows\dx9\ColoredTextureAnzu.fs.bin

Filesize
297B

MD5
474fc16185173461e5a6e18dc8c4917c

SHA1
3b424efc9d23e7e771e8c2d45c4182ecd028870e

SHA256
25708f9ea71cceaa172caa8a2b94b17c3d502bdf939c9b84551d373531221fde

SHA512
ad57c45f366d1193b79c4c8e82a669528bfbd1f322c158d6c0f498418a880a0b828d1b85bef526552ee998939f8d7fb16ab98813ba8ea1a2561312d13c8e84b4

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\shaders\windows\dx9\ColoredTextureAnzu.vs.bin

Filesize
422B

MD5
79e035efb884a7cd9f1375647da79beb

SHA1
c7638e5f3b7f700697e643f8e8d02da0119a92dd

SHA256
b37917a965e437b7662fe279a825896ff72f3a92d472d3ffd77900e933902cd5

SHA512
794ee993652493a7d3f540a60b3a4734c7c8353675ed5d47edf3e720bd2a58c2101f72c8803c9c7be2a43b259c5b2fa6378c911876133ee6d75f8ebdc4fa29c3

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\shaders\windows\dx9\NormalTexture.fs.bin

Filesize
990B

MD5
456bddf60219d3e690caa9a5d00b2080

SHA1
477a17c205ede060eb44f217f0fbfeba603f9060

SHA256
7d344c9c2e8978a31d790278e0f55b945bcd0b75b71bf93cefe22119e4d4f176

SHA512
27d21390139ad507fe6e508d19676bae86fad34d3f976ef3eddefc1337147293f279b3d001d8e013a328886015374d57913c2877caa6fdb4a1ab01116e9bd66a

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\shaders\windows\dx9\NormalTexture.vs.bin

Filesize
543B

MD5
eaaf03bd658d094184315c849c9c97c3

SHA1
73e1af5b673a91498013b33669575cc183643c36

SHA256
9a8a94921ff59a86df7a498aa823f9f4f2872a6680700da139de78ebcd70e21e

SHA512
bff34a336815d8b3cc687e169949c4485c34cc59e14a3fd9332904830dc1d73a01936e51f05b91c52701b112c69715310c30f1cc43526f66960128cff72885e6

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\shaders\windows\dx9\VertexColoredTexture.fs.bin

Filesize
530B

MD5
3bb5cdf656f942b87d7bde085745aa06

SHA1
d4ad9f694cf03dff976191cf78b48abfdc4fe32f

SHA256
ccb251b1d2b8560891e5e0d8a2f71ecde2839b144c5fcda4b423988453b5a153

SHA512
3de185eda05fd2a6d0e5bceb35c9740fe8225eddae9226717b3dd0b5575587c515af7638f5ce1f8b9fc40cd4e7803674111580a9b5feb1826a56d97ec7c3b5e8

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\shaders\windows\dx9\VertexColoredTexture.vs.bin

Filesize
357B

MD5
0add8827ff49dc83639bd943813abbfd

SHA1
ed7c72df1adddb6e7f62c128661831cf7e5479e7

SHA256
2590528de3747576416f751bc3ec5e399987b2e07431e828872962f7e7aa6e33

SHA512
ba0ac2424015c849f8977e0d82db60b5cf091665fe3d7cdaab22e7de92a8f7d06a1caa6c70b637f581a016c368c3e66556172161b99ad3a7965a8ef0f0d02004

Download Submit
C:\Users\Admin\AppData\Local\Growtopia\vc_redist.x64.exe

Filesize
13.9MB

MD5
27b141aacc2777a82bb3fa9f6e5e5c1c

SHA1
3155cb0f146b927fcc30647c1a904cd162548c8c

SHA256
5eea714e1f22f1875c1cb7b1738b0c0b1f02aec5ecb95f0fdb1c5171c6cd93a3

SHA512
7789eabb6dd4a159bb899d2e6d6df70addb3df239bda6f9ead8c1d2a2ac2062fce3a495814b48a3c2bec12f13800ad0703e2c61c35158b0912011b914f098011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
3KB

MD5
ad5cd538ca58cb28ede39c108acb5785

SHA1
1ae910026f3dbe90ed025e9e96ead2b5399be877

SHA256
c9e6cb04d6c893458d5a7e12eb575cf97c3172f5e312b1f63a667cbbc5f0c033

SHA512
c066c5d9b276a68fa636647bb29aea05bfa2292217bc77f5324d9c1d93117772ee8277e1f7cff91ec8d6b7c05ca078f929cecfdbb09582522a9067f54740af13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
31047f58a598f3a174161c6c57dbbb36

SHA1
9db9c3c2e0b76f6392cc6e47041dedcd4dd37c55

SHA256
114b2af97ea5f59413fb51c1b74296d9d5fc3f641f936fee0af7dd5b1eaae688

SHA512
14cfbee299a05607e41c5c4a5267209d921f1a144eee9cf6e8170ee1df56211b307c4170ae77028e5ace9575ddc4e977efdb1ada9ee4779e8d1d1c389cfe62e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
e00f9ee0eaf4e5fa87582c8243038d26

SHA1
199e583cc25ebccc7736dffc6750a55b437e595e

SHA256
6b3bec870615ef1b250ae1fe977b91f83472e5ae14bc4eba1d20413c8343c31e

SHA512
6c1bdfb0b01c81708acabae53fe225b39de9b764d9ff86940b3d96a56fcd3fa68790ccd3da6bb6a90b7d5a633450e2a69d224e14e2f4aaf475a11e4a12f301b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
b4a794f17e24e772a2a98ed31a7ac515

SHA1
8658c9840604c375bde03a6c7e00603468a8a40b

SHA256
95199da030b50eb77638507055fd1e626c360815d876ca5a07ddf17eb212dafa

SHA512
a62b6868375947f4fa009370a033701c877f3dd1d5541934115ad2264cbbdcefea9e09a4615a600deacf7cb0e04a8f27212a4ba8340a8a93adc68f2273b6ded8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
2c9ce1c5b53c662dad4471ee17908918

SHA1
116ae307506c73f376a2c5343a2a48c5cb6046e3

SHA256
8c928991ec0382353699514a39858baccc6accf17a8cbe6f848dac423e35fe94

SHA512
a33049571db4d57b4a8535f160b5407ad48000db818265743b016cd8da35bef42a550256940fd0abb7f306f12a31e51d1a785628a736707825836c3d5d37d39b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
ee2c3a8f12366d18dd585549bab8fd28

SHA1
8441d95e3d73015b4214490bc5b4c38819e9acbb

SHA256
8ffc5fd3a3448511032950a6fb6411d9cbfc7b451591d1bc6689b4aa2c9b071c

SHA512
f1129dfe3abc79f93377a0a1a89699de53872e8579494d64ed221fee1b51b03153c3d16f45d064e5413baf59a18fa1c2ec69c93a64dfb7f77655bbb1953d42e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
d4896d5fc9676e35f45be2ced3fbcf50

SHA1
1f09fbb23206e20ec1bec862e3a6257278ac794c

SHA256
ca027846a90fdbe3fa70eaac9029e7ca3f9cecc62a4cc8a8170b291769975664

SHA512
9eca3f6af952a6038aa27812fed1f3b41b9d31faa4b29ce1b638c5909f7d5e8cf0fe8fee7c0aa17161ae59785381bdccb7d784705509e5df1219e22823c127db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
eb2556d8318f645f623d32770e0dde00

SHA1
31f90ff5adf78f9fc239c79752a5facb0e1ba59e

SHA256
f7854cd4413af38826f371eda77f974a80e6a153664c0b8fcd394daa2ac98f22

SHA512
6c3b3abe8e5407408640dcd1c31f8bc24dc0188f87a364f9a584b2c80b464ec80d3f7fe509fce20bc0b4a00caad2a1003e23385cebc51b8a34566ac31630b2e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
f1bfbacdbacd3ba4c364774d3db9bbea

SHA1
0a091531a9daada877cdaf24a8334d15b2bf914a

SHA256
ff23cd14aeb697fcf9bbb56e6d6a0d6de157a8ea5338ff37ee8154a9e6d94308

SHA512
f90f84fca55bf96f7021208c45c6362acc7aa554d6cbabc155eb161c9f28d00a066aaed26706a3180c336b93acd2c17497b972d17bc4028d1ee4e35d61a70f20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
c1adfaf60127df471669615f3d778338

SHA1
d5c57a1426d6bdd079aa771d47712fab3e2acbf4

SHA256
d283ce6f4628cb48550603a544f9a39ddae223b87bbf3d4cbefca00210870865

SHA512
c182b599caa75e1f3f59a9cc7bde4d339a70fe89a0e0ef529025410e7c9f813dc73a4c4f519cd9ec57a112751dbad9f8627e8fdd8038f474c70351bcebdf4b86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
401a231a66d5927820da3bfeb3788c05

SHA1
3e7c03246334aa0bf92f158c1b4ecd3d9b46d278

SHA256
9e52fa8d2872b6b8eeb56753ee0007f934dbdf50003ed193ae8fade46c1b8f81

SHA512
5e013b4fdf14d800f0a98a21414f0737de089a6760de4d54e87a110c8c4a07e37b95644c8da1d16d15f4a16739ed7a5238deb7cb5c286f24d61d2fdc95b65215

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
a7e100a96a1f75d5e9d3116ea7f34fb9

SHA1
2d67bfe98fb0dee0e1f04e9563c294a156ea490a

SHA256
2b72d9a5cbf64e70632cdb1b3c5d5f9b2d4b31a2089fb1c0993d0a175170125b

SHA512
949d4ddae0e41cd0acdfa717d2a49a186331927b796d49cd9a1511d46752546427723892e1762b1bf92117ef98e780507339f3d8fb9bcfc81dc8061a9d871d24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
0c657755cbf62df717386334334ea09d

SHA1
017f4c72f83c65bfaf556360560b5e62d58ea6d0

SHA256
00480e4a5a055db46e7f6eb78116b04e00392b7b4745c8079d53bcf7ea4494e8

SHA512
d94a7d629975b069c9a0df7a11a6bf721878b5917fa1851ebeb4d0bcae27431e4abfae109904557420be846184696e4abd1b183d999516d03fe00e44db86935f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
580ffd103ab23bec2fd1430f4da8e377

SHA1
3ac0e108bbb97f0d4b6ac15b2b93eb752726bae5

SHA256
42edce525577f9f65b49e9923ddc629056f6d64c0b8650afc49a39e86178e3bb

SHA512
69fdc7a5794b7e827b1ea2de139948cf3699dacead0fb4cf8a2a6f5a0365e022a97821470e37fc3a5689499e2a73afa0387385c63059e3e89f5fb609ee0e48da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
b30baef76cdcab23eb31ca72c49b3207

SHA1
f77ac1def8a8b20f5005133eb5702c3c8389dfda

SHA256
d1bd3036c186c7b8f7c4e3f31ca59558edeb730c332abf1633e9620c877bb103

SHA512
230215da841f6b317fc39084748c8cd44fb66b067bbd0b103776f3e23763b1279c23881a20869b1de19e5678bd603c4ae06562788d5cf55bcf32c803f30d3936

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
9bf970d82e49441d72828ef0388e0235

SHA1
4f3b6121f0e5f66a73b6eaaec1e899f477ccde48

SHA256
46982458c013264b7c19b6077df18dc92022bbfe732714afadbfc0493e6e9b46

SHA512
7bf959509675d81e2e702e924e414730cda7be240d9752522698917b1b3e0cd1b5de6f77b3de7fdb26be41ad8573fe5723287db33eb2f6fcef34cd7165599751

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
b30334c3c050c84dd251a4e4d42c53f4

SHA1
60d767b5a471fab44563af6cfecc47b2daa9f717

SHA256
0c2030d8fe1fd050a9123ca517cc3b3fbab976e5ad1f65d3b937d76432493833

SHA512
4955cd56656f384854d3ee8b589336ba72e5a1de29375bfbd5f54e53b770c4f99d994b619bf9fedb6aff48efd83a9e1a7741bcf0f562d527ce1396c37a51fb29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
1dbc3063769eeffa42b05fa806b415c7

SHA1
1caaab011923d280c9ea166ea65ff6daa7362cb0

SHA256
5a9047355dfbe66fad0b9aaff016cb5a6cf23b39bdbd4b854089a144d213bb22

SHA512
3d6ac563806f21498da152dbf985f938837625eb505319bdf14cc527fe1e03ac9071cbf3503abd3493ae93530fe8f72966b0e5fd5cd3a15dd49a1d949b62b1b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
f102c2def21feee18e8272da0c6211f6

SHA1
77da1d588a1f37e0b5477e27c0356678949b1238

SHA256
e2fdc21af5451e688bb65565d348ea9a0df1fb482c2a6eb8d227e7360c1700ef

SHA512
4cdb9f981a79e85eb50116b4e895328766e9b65f0a4510157008caf327004e356f326a57463a4ed7d293bf999e80e5a2fb1c008e1534a65dc92e6852ae198fbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
4387a2651a131ec5f707f76b91347613

SHA1
5d7637530f68d32bdfa2cfe8c7ffb9126d14f836

SHA256
764101cdb538186e1897ae114511939673a80e5fe8472c377f5f6b324069374c

SHA512
13256e693695c3ed727a9ffb748879c979f1993586ed24ac7c6be863b256caa53d39786f09f03e3c597dd198faee6e963d3894af87cb28b265ae23ab3fd552f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
82a9760f6e9db763f92adbcd285fc145

SHA1
8db89160c74163c5f795e65837cfab5229b47ccb

SHA256
ea9cb290e47a8f1a063930274412db51a9d40335a8db6869c1832e1a55880d13

SHA512
c404a14eb171ea5aa6d5714c8a9d109dbe2399ea53a65869ec1a9ca6dd9cc6378bcdf279c46ef88ef856a8415b4cfdfa18b7923a53ba349b23e9a041b7759d4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
29e641e159f3d612a773814ae679f052

SHA1
582b4ecacd666d7ce123219fc317afe9c75572e5

SHA256
90ca8a18f176b2be38e988dabe44afaf75ef19af3cb074e05c1383c776e4d02a

SHA512
875d3ed25fd47e64a612b2774ff96d7c08d2ca8ecb5f856c89d0d712461e1593de2d7b033d223c00f4ea7bc1e2b78da9ec7106eab45cc956c25600e9eaadf218

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
bb166e83277a6c0b7827af6cb903cec3

SHA1
795b6a18f63eb09a4739aef54eb59cde0f05ffd6

SHA256
b89ce342be27a7409095fd2be7d041b2ccf9a319af12f0b0fefb886fa86a4c73

SHA512
23b63196c245833dc1cf536f500116049e7b1ef83479bc4685cd808460d328e189ea900f117fd89db61bc47f731f0a0cd4d06b7c5cacdba5763df8835a915897

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
5999bfef3f9f5db9cc7025af755e5d10

SHA1
415e400f09347bbe03e205676cdb1a7941bdecf2

SHA256
600d873b310bcd2a58429001f2e7fb36b7b24d1459cd04aa393803f814a2991f

SHA512
90d472b0102f195ac4a0711182e5c42dc9aaf2c20dede7171596292d02780fbf0f4aefaf9356a279a26a093e2c0defc4ae0c703602b7c49d67a9d3736b8f2817

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
5a47d26e93bc2af7301e37c557053c8b

SHA1
7a2646597e772176724062a3e04da7ad4d541551

SHA256
853a51d14fc57e8cd23f5842fca8d8f006f61ca601baecba58dbe6eaf89def9c

SHA512
9d3d0bcd8b8a158aa2400800348aa50986b257c83e63d562e463b4c52cbfa4a7e58832528d0974cb313149c486523dd41198700c070cd66495c69c5a2088b82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
1492aba515f2d11f9119435d181075dd

SHA1
c08e6c3a766dbc63587272f2a5727ecfdbdf1743

SHA256
09508b44722abe913c2ff02aa630d1ae69f45dad8bf3cdba0af2935e91c8c239

SHA512
3752f7b30e29d876aac37039d801f0dd6219da41d85ba492a9e2046df63b46403e8f493e94987c59addfd9f666d11c2f4d1b82260ec5b9786651309e3f56d4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
979897bca81c4ac5234d0b6203e66198

SHA1
391f1059d1f8fc8cfba0a6d18789760a8881531d

SHA256
50c0108215a89bb66a67a68b02b23d27dbd5b59fd632d3f64bf8e6971b094654

SHA512
f242276e4ea09dcbb7e90ee763e92ff96b93d70ef4dd8b4fc15d528b5902e152c7f88ee599d6b1212f1ade09e4f19e795c01cec00718c3f4373ec02b211ec824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
b19076074606454447370db1cd8e71f7

SHA1
a3b22dd7eedae3c1cdf07d01644d8f22d8ad3a39

SHA256
c1c524ef91a8f6e66c8bc9b426fbaf05941d129f659278ee454cfde01319840d

SHA512
15c17ce5460a618ab120796897557014dc3f858c187bdc55c8896aa065627b6977e94d873776d317e97aaec7011631ecbec39e5eb541624e26d20334c7d34531

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
a43802a1f257bfd89fb4f3ba1b211a90

SHA1
1de3bcf6458617bd8dd9f6d9cc99fed6857edebf

SHA256
725a895277c14c9de1d5c1a6f5f6622f3bc9ad63c073cde5ae646c9196e56f8c

SHA512
e37ec840051bfa671de6d771ad7170978dd33307ccab8fe8c2c4eeab8f9f22c94f2a3021910777ddd2cca96957e3af21275b6df7f307f04142bf288239043883

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
62157e6556828894284b0126434165cf

SHA1
044d942895078fb87b74184a83c3f1093b213790

SHA256
67722911b1ae17334942439ac81465dc4ae9676e74bacd1a960074d93c60ff1e

SHA512
4ae4b35214fb617645f4df8d202560082701b88f47c28dcbc67ce3ac463d86e3b18bd98fb9fc4305bf25f216a9103e5733b4f0ffdaa6719a7e8f89d76062f702

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
26a5555e748ab916901b6bef0899bf6d

SHA1
d615a78f8aaa04df783b2e394765bc96d3714412

SHA256
05c0718fb7ce058d4868e15d9e90c560d3a52819377048e6de648c0fd79eaba0

SHA512
15de08acc27a95f2cf8eff6a36fd8758e334e1d61ce787a4a49c419388378373964219ef7cd567a5f6f81e1c20b8fd82e56a2776b21a83992c310ddbfc160f0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
4ac8d6cc000e8643590eb3dfce32870c

SHA1
884f3e5c23f5d45e0bcb4f7426494575ceddb9d3

SHA256
3c67b980a481ab5509550c6d7f8a115ecfd0a2cd0e17328f5fa9b02864bc5170

SHA512
769e81045fecc2b447b6ad845e86ec28b75e20544fa3fb2a3f5e8a62c7597584cfd9d3d9e82ea3adfdc67670d5a29aa82f10178d96cba99656ed101e8149870f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
3f0f7710219126ddab1477e53d24d935

SHA1
426328f5b1d241d75979c4093040aae338cb8510

SHA256
f8c93abb7e7c69722ea8da017ca6f72eff8ce2dc7eb75b880e92bb421cb8737b

SHA512
d3ab6faa1689c0837194b7dfb4ab1472707a5cb0d24fbfd397756ed7dc5ca9e9a55e1c19b3b2082a28f12c7b26acc9d6ed17fec0c411e929db43487d642db2b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
2a1f0adcb05fe624052e3945c5764e3b

SHA1
51594a747a70f1acc352fdf154b443968e543944

SHA256
de281094744fcf18f695dd173a4dab7076d9ca0a98e8496c3412e373c7684f52

SHA512
401ff3b69b6f6304a33d58d856db0318d7ceee1dacb84662620c40dcd4d90ad3431fe777b9de72a88548d954f8675ea7472f92a59930b4efd37f6c4989b7af3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
7b17222a8b6a5c79076daa71e1a4e7ad

SHA1
11a168c9360ce16df614da9308f192843b144c84

SHA256
c94060faf2e46a2e40a96cfa9012b771d469d9d43f7c26ea1d70904336be7641

SHA512
6f59f8f90866b04b32f5083aefed739e83ec593ea34b3614b9050540fad0698a14c05add9cb435a0e5c4a760fea5071cec9d3b94e5603bb3878444a0ce928bad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
1d22ff4b8af570818529abb507ae61d1

SHA1
37a027a0a8165691dc2af643e6f54b5555f35b8e

SHA256
179d1e41016da568f5d0d0f974a5f4f611bdc93b59f3472d3c17b1b38413747b

SHA512
492f1cda1ca255bc4699f60173b01c36101b8a0be5dd8beee24b0ddd1521a038ebe71924a861d1653b2344124ce86a39d9b7184856009ed6d7a8041c6fd486f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
4aad06374fb9b8a4e6364bd838b73873

SHA1
05dcef363541518c49dd6274674ae8faeea9d8bd

SHA256
71b25873a4a67c63fc2cc65d36d4cef97b9d49801f65499ed6b2d91ac80e808c

SHA512
246ceddb414ccbc9e74b5e21cf2d3083333380a6a292d40c594858fd330fc7e5846ba8e648a2cf48da95758f37175d4ca5647e16e182b346368d3f996d4b8c2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
26fe2301c9cebd01d74256ea36e259cb

SHA1
9a115dd38b1f652e33fcd836284434facc61fc75

SHA256
f6dcf25211811e68c0fc66a380b710bce527c7b0fe88507a39f1d37df8c1dac7

SHA512
7b06a51f2cd0b5d226c795427666994896676dbd70138b161072a0e0cbcbf9a588d6d871114067e0fbdb980c9cee90577edefff973faf978f1d0be0ff2ec105c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
c3e032f4dffa0aff858a89b6f163c933

SHA1
987c5145b21eae41dd640956e17fc2427c426a49

SHA256
a6eee57626050298025c8bee700c40dbd7be08dddacbe6b869f7a0aa7513ccc3

SHA512
967dc3818130d9208600b605eb020fef85e8181a7119c36f88cd314ae0684c1dc6e06e6d9fcb2d4b80e623ae2401fe31ab64eb2170581421894cc2fd8ee8e874

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
1766c16f57239e7cd7d236063af08911

SHA1
54da29d75ce015cf36e5156146d578ef4ba23f18

SHA256
e87d4017f82a7e97d5ed26863fcde45ebc9262272a904787e784fc3cb903aaa2

SHA512
1d7ceba5e550422c05e98509b252371496fa989b0d5790f3a8e4b5812dfae0274cc9cbde6591c879676f242b343ca03d00e1b17581074bba79925ed68866db22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
8b301969f4a7bd595e0241d95e8acddc

SHA1
07e3097ac45aaf1437172b1458e5481762ce4a97

SHA256
3e75fc6d10f410ed17c0611cdfcc23d11a079a4c95d9d06b89b08f3f8bba23ca

SHA512
ffb8a38d7a7e85b2830540218898fb93855f695d85eb97857b55731f0f5237ef7809ccc02c7e7edb73e4fe5371a6f82592c71232ad19dd4f914207029c750e6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
b02885330560d823c0c516d31b961a44

SHA1
b308668c74c01bf6e5b9bf8b169f394190a704d7

SHA256
a6416737cfa2e5f801e104785e06de4df901bc7d768076c7285fd4376cb7b391

SHA512
501cf5d3a36c48c84c85d8716883eb1efe116fc03e91b91a01c7fbb3bb65ed280c8d658d1c888fb900e2871ef4cd70cf59c09c6f70504b6e3534691fa01cdc0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
508ce40031605bae7ed7d0b4fe60278b

SHA1
c4d636d3be1f4eed3049b25a2126260c019acadb

SHA256
ae0364c614467009841095751428ab1e1ea83ed046ecdfdb1929d20013d221d5

SHA512
d5a97931e49f1145335bd8274276f3ede9146dd4c155590b95de7757be9edca81d0bb9f9eef344815c7839369698590d55e931389c48445fb399cc3881c6d6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
b5826984cd4a008d890e3db1a7f45502

SHA1
3b4d6dc0c1a2754f01de10464b8fc303a1765152

SHA256
8d5bab0e58b950e20b980e08f1b2c6ff49b9f76a9fd0da9ae2d679aa9616a6f8

SHA512
5552c629c9535f4a81c6be32e687f8627f46d84d63ee958a1290c0650aac1d2f56ed2f2e99a073fa43062ee5ac67d1662b9d01fc8a2788cb77af0624bba1d477

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\22749

Filesize
7KB

MD5
3f0a547409bfd678a5381473a0096a75

SHA1
9dabd6ecce04e49280e166fa0e22edfa3e5e602a

SHA256
a9d6d6bae1c92c18bac570a4f5a8d38351231412e02dd27b3494e1c068e2ede0

SHA512
eb197b5303e20b7ca948a08ce6a80f09e713094836ce26aefc179d3f64db15efa9ffb2ceba2db04ee3f01878e89c0b1eb0661e2d5b88e723fde8a65551f4498b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\30504

Filesize
8KB

MD5
fbeede2f25d6a82b9a0e12752b931e49

SHA1
bfc55d87f5ecfaa3f480e4ace9107edce62d8bf1

SHA256
01b813b16e5f1a05d56731a4ea18c1365919abe80690dfa5fe50dd27576065cb

SHA512
df153c48b015e21997af22b6ab29583977951d2519130e0d47131cdd62500e6fdb8a3ba28bf0af7fe218853eb23781c99bda8484495cebb7c6645a44dcadf653

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\4DABAF7EFACD377F68614B900873860C74399618

Filesize
220KB

MD5
f5379f09aed35a288ab95b3dfcfe2f6a

SHA1
79b6b91ab6efbf9e25bcfe83c4d3708ce625f823

SHA256
783da0f957eddf6c1d0081d490d0eec4e4a9339c12d357f294c44b67aca043e5

SHA512
ea1a507a4263cdf1f9e44c6045ebec5d56f09d46ef982f26def78136ad6577f8c4e07a828f73ed10726d06fa18f4d7f1062616cfe6698990e1f98bfa52c08d47

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A

Filesize
13KB

MD5
0bea486adea5622d0d30de80aa8f0cf4

SHA1
f4843f81e46adb28f856e4200355cb0280261ebc

SHA256
d5caeaae36e9276f83b6ba6fabf8eae7bd4486e701eff87d1625bd2fd85cb670

SHA512
7c9ad26282b9804c659758f7eb6cf505a34aa69455fdd22681d604991e36d6baece5017c9c8753b6034f357f13c8722ce6ca28eeac7728932d959b4e1fb3c315

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\8A011D3FEBBDA9B9C46229715A74F1937B2EEC47

Filesize
60KB

MD5
0c65a18e5a2fbf18f585b3925e244353

SHA1
7c3887f6c016f0dd1c6616e949b95c253ba0ed7e

SHA256
9ff04d3ccd6c3f273f8b9ac18f80c067dddc0037648aceb9f1197186bc470a91

SHA512
3c2317271a663b99452501dfa320fe7582da9e6fa21f8421337bdd8cedbf038f5390a5640cfde2e68042ac897af3ca3fe823d73a79f2df51b8e856d0e830ae2e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\C79080D6B96DE2577C1D688BA27AD43D8D789F0D

Filesize
18KB

MD5
5ab2ccf628a4b9595d2e92813ffa7bcc

SHA1
eb5cc352afd3814e54b97505f21da25c274230b3

SHA256
88975336da8bfe6a1df3e0a28d0852a263ff662fa7d71ed359a23d8b0acd7290

SHA512
5d8ece8aa8f71290c493bed4ab1607f048c354620e6b2100a3c980deab28f7f6e450d7075d1d772e7a119d701d614e302d92c4d5de1fa220c982dad1d6db9b28

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_3s5q0s1h.hhs.ps1

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
C:\Users\Admin\AppData\Local\Temp\dcd.exe

Filesize
227KB

MD5
b5ac46e446cead89892628f30a253a06

SHA1
f4ad1044a7f77a1b02155c3a355a1bb4177076ca

SHA256
def7afcb65126c4b04a7cbf08c693f357a707aa99858cac09a8d5e65f3177669

SHA512
bcabbac6f75c1d41364406db457c62f5135a78f763f6db08c1626f485c64db4d9ba3b3c8bc0b5508d917e445fd220ffa66ebc35221bd06560446c109818e8e87

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl5EB4.tmp\ioSpecial.ini

Filesize
604B

MD5
77060a5b15b222fa74f7144a01d4d91f

SHA1
9e1594c0f1b45ad937ff6e1bb75e59054fbaead2

SHA256
034f58fbff6c0e9af659fe8f6afcb40782ee85e870034c062b49563f98ae2771

SHA512
95744e6e66d9c5a8876ca05a9f00678c518019029c8b861889f23d0783c659b8eb8063658cf1fc56b228842709c3f8baa9530c46976e9e4fac8f45f243c0df74

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl5EB4.tmp\ioSpecial.ini

Filesize
604B

MD5
d294c241cc2daf7e490f5f08e81d56f2

SHA1
8fb1e843ec0bba7a7c12364d72f487b214e354b2

SHA256
71664a99fab96b06c0cbcc70d9326e128d0875b517517523c51fe15aa14d2d5b

SHA512
8a5a2b81afe156e42e73230c8706ebc39d237346b32d0e5aadf1b545d3539e9413d42f60aaba288c9d5c21fba747c9960349afe2e6913c06ca2f1234906f042f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl5EB4.tmp\ioSpecial.ini

Filesize
776B

MD5
6638cb332741f4f8648721b52df838b7

SHA1
036922238c4e3141c88397472dabc6e4d1924fc8

SHA256
5fb361eb89106075c9272a29e35430bf910fab43fac5872e90442eba64edc39c

SHA512
df4679ff7110aa02993d0d6cf76066dceb782337a8fa7d88354beec0c7c71292644648f6e9dfa7538798b8391807fe42828910b93554474156faa6bca76bdc5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl5EB4.tmp\ioSpecial.ini

Filesize
803B

MD5
b2cf058fce39858f25b13549fd153daa

SHA1
cebe307c75fe9e04460d017242edd02f0309eda2

SHA256
370f6f065fbfd6bddb7b98b166ae3f8d98028abb1b494a973caf3cec6a7c2e5c

SHA512
c9f4bc1d6e5c7072e439408458c97b7b800b4beb4390e3abadf0be2560af7931e2bc23087c91f2ae73cad9889412e76a5a55ed8e9593b6da847aff28f10f19ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\d4c477c06e8e36b233d74f11ff7737b4112fa9ec51cd8283eca1ca154c524cae\win-dpapi\build\Release\node-dpapi.node

Filesize
159KB

MD5
68207c09c1dcd7d01260cb5591440d58

SHA1
c6f384c2851e0d7fe9405cd9146e3a2baa35c118

SHA256
d4c477c06e8e36b233d74f11ff7737b4112fa9ec51cd8283eca1ca154c524cae

SHA512
22f8ea4f02c93920acfc0136d5f72212537cffb733af3adb84b1fd3142cedbb84b769545384518339d2f64b941af6ba85998244b739b8decba6d98cc50cafaa6

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\ed50b7a14738309152b04f29fd25167df6b1ec72e784ab890290cf3b2bf17d2f\sqlite3\lib\binding\napi-v6-win32-unknown-x64\node_sqlite3.node

Filesize
1.7MB

MD5
9565f317f636bc179fbd18bc32cab579

SHA1
e9ee53b2b541e5e4a37468a09420d7b1d9ce0373

SHA256
ed50b7a14738309152b04f29fd25167df6b1ec72e784ab890290cf3b2bf17d2f

SHA512
298e0ce5f2b6d84bee0e831d617f960b975429b492050d1bea99b3b72736b5cc6f6e91da33a842e045947cecb567f4bd0bfadeb521a1b55e9c90842b2876f83f

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\f4fc2ca373eef7e3dae99793fcf28da42c7d26d4570d3b5af3dcb2bbda7b1dfa\node-hide-console-window\build\Release\node-hide-console-window.node

Filesize
113KB

MD5
faf3b08bc3d5b0b31d3a30f68a0e6b5a

SHA1
c48ef8f73709da4a054254ce69e164089e2b41aa

SHA256
f4fc2ca373eef7e3dae99793fcf28da42c7d26d4570d3b5af3dcb2bbda7b1dfa

SHA512
febab6386b1b94bfb6bdb618c01e4dc078b1f5df4ede6fcdae185dda1f6c7c207a71d70a30f24f0f6d19a0c252ed01dfbf35be196f8909c10d348e77c4192797

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\logo.png

Filesize
1KB

MD5
d6bd210f227442b3362493d046cea233

SHA1
ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

SHA256
335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

SHA512
464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
15KB

MD5
ca9c2a1562794b230f7b0d340dcf3e15

SHA1
1378e1a6b90798760f6f07a6edddcd98139d4d5d

SHA256
d6d853aff5b24dee4e4c3dbc92d53c77975d4bb37960c4178f702290078550a6

SHA512
867dd97b6706b4a0d3963d2b473ab02cf1de792b0203ae2d72eab0cf29c49fc3544776ff813c56268e1d4d3eb9b3a9ba1d4a2c8cced5a5557669d25a67c27649

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\broadcast-listeners.json.tmp

Filesize
216B

MD5
66742c1d48bf58a879a4d4ed76455539

SHA1
e9976ab587725330903ff67ae96d850c2a7b81f0

SHA256
1dcc5a915e253f4ff02b3ec8cae29c17ea021a4c3b79995054921a2610bce2d2

SHA512
23d7180a9dae8596d3dfe998588edf850775253cf3c205c17f3e3d5c223beb8061325a7cfa7b89601c1672cb7edea4a5142ebb1f0db7decb67ff750e6436d3a6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cookies.sqlite

Filesize
512KB

MD5
3c8a6ce7e49c613a823fbac840810df5

SHA1
9dafefce8c0451a600bae442f7bce6c34294829c

SHA256
ebd1a7958884e553cade99e7afcf920cb11a0c90c209325bf0cb84354bb8ab57

SHA512
9a168a7b36cf7573719962235f0f7df588de5a9c3465f735e24079fe24989b3b2e93d3f7350b0b97eec3506799df5a1009972a4e754e6b48f086a8a457a1a890

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\crashes\store.json.mozlz4.tmp

Filesize
66B

MD5
a6338865eb252d0ef8fcf11fa9af3f0d

SHA1
cecdd4c4dcae10c2ffc8eb938121b6231de48cd3

SHA256
078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965

SHA512
d950227ac83f4e8246d73f9f35c19e88ce65d0ca5f1ef8ccbb02ed6efc66b1b7e683e2ba0200279d7ca4b49831fd8c3ceb0584265b10accff2611ec1ca8c0c6c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\db\data.safe.bin

Filesize
18KB

MD5
ad820b451b35824874a70b42580b262d

SHA1
c67ba522e139b1c9db0cc111a6ea3a09df02d171

SHA256
fe6e77f70a8310aad4511b8214fc43de9da3c5af5bbd00694e279df91fb0324f

SHA512
a4113b8538ab3b16b22b8bab654aa31a7c7ccc7652ccefac6e6f77f70224b5a17da777bc1871bb67db2c6e1e8bd019cbbdfa61bd607d2c2ad87cb2fa8f81121c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
badfc18fc83439c34f557464de123ee8

SHA1
83d40bd6932de59a0e15f670d0902879cb35e2ab

SHA256
2459ea173dac14dc1c777f512ee79c323444abaccad3f9f77fa8a674f1ad1557

SHA512
ded25c3fbb8fce8044d22d3f4fa0ef32406778e90fb61489957f2691392e29950b5326a815d6c075b26d37636d962cb706684821189a00ade421b817a6c5b438

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\db\data.safe.bin

Filesize
18KB

MD5
bd8c0574c2b680675537bbbd7cec548b

SHA1
06049495a33fa41f834fcb53396304a886df6652

SHA256
cd3582b7afb71d73af57870deb2e2841d66995348c71001a6bc030b122c2be6a

SHA512
1a50da586af095fba0192a62a8dbb04130ff85592fae2bf58d3ea0d779f6376a9e89aeba86d9be62c59c40a6a80a1c799855dfe7d2c3d4788c28b3bd6201c2db

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\pending_pings\08cc341b-84cb-429c-b2be-0adb681ea2b2

Filesize
746B

MD5
b915d9fc8f7ca40af72b9618432ca21c

SHA1
61b963b5cac4709bc9aa2a1ab608d90f511d781f

SHA256
3dd9162ce99e972144e706f5ad92083ae101e8f014ee76f0b3362cd612d162cd

SHA512
580510d4f99556eda25f4c4c7c0ce357874029d47e8f715dc8618b742c52002a236e3c0a8caa061658a9c6885aef6aaf12f59b2dfad54e5e5053b64511807c14

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\pending_pings\0d9cf3cf-6890-45e1-a42e-fc5c129563c8

Filesize
11KB

MD5
2439d012b609c9a5f0ccca99f9a19388

SHA1
43588f77cbea35288c7ff7d32562f13f28c6db17

SHA256
4954ab9053a90997a43fd6ae524ee8fb0d12180b235fe145127bc058f82d3d56

SHA512
12d74c49c58f616acd1c96a2ddba0de0502914357aaf7b08ebf72d49ba5b84b2b91b4c9b68f8e5130ffa892c61ec29288e05a028726e7fc967436419dc1fba12

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\pending_pings\10a17523-ed23-49ca-b564-c789a5811536

Filesize
1KB

MD5
dd9d047477089acc7af27e32554204ff

SHA1
a3c47931e068923c4653e3b077366a059db08b47

SHA256
ed7f787d98a7b0112d4a1373acf4c674755c58e9d8014fb278d629e17d670c22

SHA512
f8fbf75b69f1bffa6e815cb741643f90bed5035056626d4210a51d937312925afb58c61ee91c5e49302563dd7fdc0d906dd9760de7782dd2fa73118b452a9f6a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\pending_pings\4858aa54-fa16-4172-b140-e12c3160136b

Filesize
855B

MD5
02e1bc534badb8a1d5c4c5d72fc9dcb3

SHA1
c0b3619121f931e05286a1fb3ff0a2b3ca0a3714

SHA256
118f117c4831b171578947bff557534b055b3d2d8c1358331bd41e76d4c87055

SHA512
f5f04aad9c0ba96a198522370a327a3b54df1ff6b8925b99422281c654541ef43be41ae3df0519210b429594d45a8daaf9a7be3081271a18a1a6b2d3554b38e1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\pending_pings\630d9267-4de1-41f2-87ee-547d1cd73c4b

Filesize
838B

MD5
3c1ca4ac5466137c3c36d0bf3c6e442d

SHA1
83b93b48ac5b28e9fb6d493631d6c228c4f2fe3f

SHA256
008606762ece56ffd5c44029cd822ab944c9f28eb22a8deb2b82ee1e441403eb

SHA512
d468abacd2b52d98dad99f32da40ad294cc7b9635274f4a2d2ed4d8597287efc1775e3bb8ed9879c79992915728b26355a2e2cdcf093a68fc615e045ccf8e75a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\pending_pings\e48df93b-5690-4c42-a67a-296834f289db

Filesize
668B

MD5
380679b18cc9c98afb5f1ba54d1567f7

SHA1
208fe8c3b51ca7edecc0355cc2f716472090bf26

SHA256
0541daffba00127d1e596e9a031c8bb26231e8881497a3774bca4db579bc0b54

SHA512
4ff2101cda446e80146a7b3099b0bef98a2b3d649f3083993e4af7c4072bdfa308a0aa0310579a81490114f8ef1d8cf6db8e5b41fb2746b5d25adf47d86b9383

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\pending_pings\e70357db-8098-47f7-9b1d-abedf8f03224

Filesize
713B

MD5
530259b45cd6ed057944a4e6b9e62ab7

SHA1
ad7ecc65d68b5d55f74a8051ecdfbf5fb96dd6f6

SHA256
738f558718278a4be1e6b856229636ab20fd54ed1aa2855335a9e15c0a3e8dfb

SHA512
ed12c529e9ade891364f6df4c6a94455f55f9bb12c5a7625e6244a2b8c69faea8d35c224abbca8a8f360765cc541baad6814d7d494b4e492f4d88b90707e72b2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\places.sqlite

Filesize
5.0MB

MD5
663f75fa16f24b2546eecb033ef360ef

SHA1
a8ac72326235761e27e5fe821ae8eb0095d9e581

SHA256
233104f1b7ebc08fac5720c9a7a67c0b97265926dd3c01d9a324f8c3f6bf75a5

SHA512
49513582e59dc1f0ee28384ffce6b5fad3f472f218339cd2fcb02355363ed0c0ca8b4c13abe573afddef1344c184bcbae0c8c1fcc30f9a5035fd549dd657bf72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs-1.js

Filesize
10KB

MD5
526422e797c110a04f4b5a28d438c105

SHA1
7fc01a997c9dea970d261c9ea3fd968a02dec433

SHA256
6795d695b65232b82b001e613ddd54c66d987f4f49c015cf07b44453f1f434ff

SHA512
050234f3d4ebf707d0310264b7564fe2ce8d171c28c86a9676e48e378ce38e12641da69b8c6c9e976a6df318721c19171419230bc7ad256371db718e52892f48

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs-1.js

Filesize
10KB

MD5
84f7afebd88c90859c152a0d7102e485

SHA1
eff4ce1e639e4ee02013ff70be0d8fe3962a3931

SHA256
800f0156940495d6ec3074eba498d29004517aeed3504fa6700f26c44ebdc5a3

SHA512
c6e95433916f9857cfd3cdc11042828e1b5e97c54aa17369d9d8b1bb8e05f3591b5ca0e4670db49023d5234bd63bc791e7fb242c1b5548fc448c9047dfd628fe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs-1.js

Filesize
7KB

MD5
2b84e3be1d16e105c65e12f53b05ed44

SHA1
dd953dc44558e114a4ddef712f6bf855ca9b5357

SHA256
b39f36e5217cbbe970f122b1e9963757a78d71ad8b0b1c33149984f41357a540

SHA512
250331cb230b501ebef0aca87a7871950ab2bdc55568317d960eac940dfb7b19990e0d26da409550eaac1a7771db6541e4123b50c3aa9cdc9246cba755c1d667

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs-1.js

Filesize
10KB

MD5
90c93d694d4ed0b031fe21c0507bed68

SHA1
49f9f3f47f1798d1e83f09b51e129affc6231ad6

SHA256
e4960829b88d84aaaf33b5fa93dfb766829de7a5873d188704d7df261586dfe1

SHA512
24cc611fbd8330f40e2541efe0af22ac681814d60b81261e3b5b97157bd505706037266703231d317debf6dd89f8d7a1e338308bedd7cce7d7db4af74e2cc19e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs-1.js

Filesize
9KB

MD5
cdb8c7bda01beec4aefad55bb6c2678a

SHA1
2fb3f611f75c426dd69aef5d8c3a9c8fdcba860d

SHA256
1ee7f70f98a9f20845970b9c0487e8a6db754522b81af99520789b03c1c19e9e

SHA512
e579fd7cf65533b27889f37315e47f9e52955c2432e69ddcb481becd92b1dd10e9059eff0a6cf1d73f75ad878a59962513dd7759a04c9d19eb8818d74a5c87f3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs.js

Filesize
6KB

MD5
e7e26fff2832fea54d5d93d744d59feb

SHA1
d925b79061d145fa97931206248707ed40a87d86

SHA256
009e83a419b688d7b8245391a54c4b21a79d5de7ce51069c6728edc7295277a3

SHA512
4d702112747bc69b90fbd400f5b930d84736958d396a4419247e20c2f81672742d41b1ed2827669bd5bcddec56be42c5be984020d0b00c8040c65791575a46d5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs.js

Filesize
10KB

MD5
52289f09ae1b3617f9a93a7cbe1fb2ee

SHA1
0d41b2fd72a51826f6e331672aaea518a5188aa2

SHA256
1265a1477332f8847c64e0d041e3a401e760af5a4774f3e76b1e7891dfc6cf74

SHA512
501316d85cd49b51420de3b4d948739c9aeeeb8249cec445f081bb37fe93cac8eb3a84ac23181556bba85a74beab3be804cc419c8f2b2dae1b082750c3243223

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionCheckpoints.json.tmp

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionCheckpoints.json.tmp

Filesize
122B

MD5
99601438ae1349b653fcd00278943f90

SHA1
8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9

SHA256
72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a

SHA512
ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionCheckpoints.json.tmp

Filesize
146B

MD5
65690c43c42921410ec8043e34f09079

SHA1
362add4dbd0c978ae222a354a4e8d35563da14b4

SHA256
7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d

SHA512
c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionCheckpoints.json.tmp

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionCheckpoints.json.tmp

Filesize
259B

MD5
c8dc58eff0c029d381a67f5dca34a913

SHA1
3576807e793473bcbd3cf7d664b83948e3ec8f2d

SHA256
4c22e8a42797f14510228f9f4de8eea45c526228a869837bd43c0540092e5f17

SHA512
b8f7c4150326f617b63d6bc72953160804a3749f6dec0492779f6c72b3b09c8d1bd58f47d499205c9a0e716f55fe5f1503d7676a4c85d31d1c1e456898af77b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
f6221db4f29a015050f4cdad07ac8e76

SHA1
ab946aff1034420ba8d98796c98390b2194f6276

SHA256
e3804efe95bd2619b12d32c0acd957b2783cc336a8f73fab0dab0a80e9a88ef9

SHA512
49c8fd2d42a96e81a8f5459f7bbbec2d7d160c9f94dfc484e4217d3d4f812c87cc2eff0fd70e3a2239c8b1355cf3c3660e75bd61c78ec3fc0eae664be112097b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
a8865b5b204910d2ecf4959842ede50a

SHA1
b4af00f9ecba02f22f68c101599bd1a534ef99b7

SHA256
9c8bc95313055bdd1bd36920378b760127f3e34fdcaed8959e654dcc59d15313

SHA512
ace2d96e9966ff93d237ba9abc4ca02e3ac3d41835759bdb92fc90d048ff80bf549663196535d95fbe4ec357acfe35a21272704adc708c825f167c53b30dd48d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
ccbdb80324c48cb28d7f33e8b23c2d19

SHA1
71b7d212b1f157630ce073ca8a41b30d1bdaf2ee

SHA256
791da3830a283311629e9a57a9c86a3b91b026786203a1cffa258e08e9ea9a0a

SHA512
80a2134ffa4b3f73028fc32f66bb1eb103176593e233cc867efded295c2a2d0ed8cad8de8d4bda7adcf9536ce7bf2da57aa40b314018c639d2bb595679f36419

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
36KB

MD5
af3cf7c56f26ea124779fc3731549e21

SHA1
2a14b0bbd981fd0b12bf080b7d2d5771006a5fe7

SHA256
e90cb4bb9591ec4e11cf40c1aafc045c9ae4a3364a1de0161d822355d0f40bed

SHA512
4b567e14847343298193e00131cabb502216261abf2f6d42a2ea76b4111b1c53865c3e1a5400e958eb4f9a41abfa6250ad5294183a6f39e48fde5e0beb8ec1f0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
12KB

MD5
353c27d33e20395ec39e1b9530c98671

SHA1
c05b637e3c8ca353448e89e5604d2436ea15f033

SHA256
c7b5377d52a3c85b8239ab0518979dd0c5bdea18a3707f8e7490538a5c15bc9d

SHA512
432d1b4f5f106791c3487b71906355803cc9dc7113ea602c3312b7819d0ece6e8abdaf76a33489be655e4184784f4c57898a59f2db8d059b97e8bb0c233c2ee2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
38KB

MD5
5cf7ab275ced261be0aad2940f8e76ef

SHA1
7701a243a524be00d997cccc882f4e952758e46f

SHA256
6ad6c1d5ba1da675d7d8ad807b0c61194045ca9ace63ca00526f2c7818e1f3e6

SHA512
9497da7f6cdd5871e23a4a9a38be753d5d179cbf7793fad9e353f1984c7b2196f344837f4f6b69789c3b4819374584cad339fa1cc275fa58cdf830ef6e2fc058

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
e9be7eb26833c3cd3dc492e420a19a70

SHA1
8156cb1667638297952b4c39c17e4e02c5cd54d6

SHA256
10d6b49bcb5f3cf88a915311db22889088ad30e7b51f1031f314c538bf8326ab

SHA512
0c47c3468c3605642d1346b48d7a837c4a5994499ea6d4b071198098550fbda8d1de5cedec9ada0d9893747891e92d221e481b3965728823fbdb026c8fd43ada

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
40KB

MD5
cf6493f6c04fcb0ae53948f28d730ab8

SHA1
3da3f0b8b4cd1150d2dd92172241e22e7f60a7fb

SHA256
1a217329f27ee142ae33a7d764269e81fbe01f4c19307e97b4f6f9c468d3cfc9

SHA512
b2c6c48de28a6625e8177827947ed43c880aa60cb3b03ce03abb7d853b652fb5939ee41de2e50c1e18c8089ca45a6adc032a731339c99526edf169a7659632ca

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
d7eb069fd90ede172ecfc2afc6646b35

SHA1
37bd07f4d19b9c64c6bea6f390f4f7c69eeb4ab2

SHA256
c4e32f5c16ed5936b5cb679901bc6248d598baf4a01ec3817e366e73aa4579b8

SHA512
a427d5c24d5fdfb16feba0de70096b0f1cf1d4fdcf24c6d7a8e295799c7385d3854948589c36783722988b3b2ed1c6b4dcc4f6baeb8bc3dd80525536ebef57c1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
ba6dc687ffa6761cea4c3a66c1849e6b

SHA1
46d820426a2488092de4d41248b1956003282d57

SHA256
cd6bf6e460c199197a6e82fbc3be504f0508db3547d67ff997107075cad9ed5f

SHA512
12cf56f9621e55a2cee99c14b63f5a0a69a10e466a73f2654e225928a80759045803be909830ca8076c2419c4e79087e9c11373a1397dc699754d61b381d1b7f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
54969805b3fcd320aba1d0c77dbe7b26

SHA1
0c85c299a6a23e53c876c89de40e34c875fd9ae0

SHA256
68caa4376bf143446404d37f9b5e869da6f60329551428a88ac5a9ed94b83712

SHA512
8dc872c0f78b4680639f9aa8f48631b9b7b68e5846da831cf9d880d018af7e0a22d7e0ce17d8d7087f308789283dd2fbd94af23446739d6609c03d8ebe6218a3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
bdc84a68089acd38b2da2844f4892b3d

SHA1
fbd483db5cb7ef6f11b0c4875a8be931e00a89f6

SHA256
97ff31e0f3efbc088e18dd7b40e788978a2f59eded915dab91bfda411331cb99

SHA512
c51273a68711c378d3363528c7e40d6daf2098ab8f27829202c9912e17c95ddd1f4ca5365bc0f596161ac4b5bd39f6cea10abbd5b02b8f3f46c4fe1368520603

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
be835f218ad2d1b174dc423b6069c160

SHA1
8076131acb7be61f0d24025ebc64b7bb264b11c3

SHA256
a8a15aa4884d9bcb9d186f899550c7272b15772f6bd89f4a07dea79694df7b5e

SHA512
7cc331ab410e3d9c035ccc27e9ae6fa0a784680d019217c8266b8eaa52de6bf43426fa8eb36b6514c68b497c370769bf5db49315ac0bd053bc3de3c772227dd0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
74a004129ca3c0878ba1240340bdf4db

SHA1
9aff743ce26e0872c8c903b79740a3d566e94f01

SHA256
2901fefb497137689a4a673b1d6c4248f6c172b884e8d86d8848ea37e4805c8c

SHA512
8fbeee9144fbdd2c6501b1cde8fc5513447df5c07f465badbecee511df960167e3ae1ca664c7c11a1695c7e02346f743c6f2acf637b36ef8e2719f9924a83074

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
36KB

MD5
b19509f36290fa305319db4aecb53630

SHA1
11a283b1420b4f4bd18aa10ce04ff1c87adf52da

SHA256
03e423ee04c3de87284f4155d9d4209a4fcf82fcf4c84b318c887cd9fc817048

SHA512
3c15f59c2e3c69abdcc75b6d02b9a8f3b6d7089c7cd55f50a8231aae38eb6a166c0c5e38559c0116982c65f4d6fa7aa7ffc57fcfbcb58b2f51ab623f6c4b4982

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
a453d065e898fb458b8ac7a3d0fa620e

SHA1
bee847d004a947ac80dea93b8633556fa5381c68

SHA256
2d3152c6b4888457feb85b4fb927d3222368240fda74c11ce1fff4d6868d0133

SHA512
6e60138d4860a99dc6fef33d985e30373c61212b6a04e6525017e072626e4e8cc19b34d1ef342ae7903bb7650c6942d6e34e3b170784bf6898e9758185b091c7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
fbc850e2fe6171081e1c3bf18b8221d8

SHA1
c3611135d40e565878d2ab7dc3322f4a6728d9f7

SHA256
bf34dbad870e7658217d0396da2356c5ab319fffb9519ced01a1777ed0cc328a

SHA512
702a36fbac8bb71ee40619bc3fd787e8ff095a22bab058f3a16b7fe508e820c065ca7521a09dd56f3d2e116afea1d3bf6804e879d0319031deab94e47aae117d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
39KB

MD5
a1a04144c11fb296864682bb3b2bdf3a

SHA1
1e021f6e174b48d69c43eb153ded3f2301d83ca3

SHA256
7045850015242d9d64b2d47b3c2f64d7594324762892cd85e4939316c62d5c66

SHA512
a79866c476e5eb251eb5ad2b63f6965720566cb62eab74f58b404cfbbf3e363517821b924dd16ff580e58627ba3d8b4164b348b201aabb4582af19863b54dee4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore.jsonlz4

Filesize
9KB

MD5
0ea3e6ea59af3f1463cc3dedddebaa67

SHA1
446870562d4954061ba2f7689ca34b203919bfd0

SHA256
5cf797d3c1eb09c5280679c339f1954e4d2119180f20d00176a5a54e4fb67cf2

SHA512
b13cbd56af49d6fc5aefebadeb7652cde39abfc3a3034909eef53619922dd7a0c5b6f08d5c7ea123bb488dbaf1b0c0ecab6df39901de17509c8aba840619edb6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore.jsonlz4

Filesize
35KB

MD5
4268eaafcffad5a3e4714e37bc5b1518

SHA1
47eae29e9a820f5e0d6923c38bbc9feb1317ab51

SHA256
3d2e6ff28528c9f9338b36a457d2dde6b967a82ef7a7fa9a7a330542182155bc

SHA512
550b2d4622c0bb3c630b4971e1465b762259402d62922f679fbbf65d5a643d5c69da3470ee63031330c128b51dd607f2f0490044a3e95ba66ece5eafccf4e7d0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\storage\default\https+++usersdrive.com\idb\2323548853sewsDaabta.sqlite

Filesize
48KB

MD5
6e35e617752f723deba3bc5ca5dc7b37

SHA1
09191c733dad987783ab5dc3e2ed4e696e8010a9

SHA256
c5c908bf58f5b25c2cc7db4a8a4b25a5050efc7e6c2a567c54947dd3ae58c7a7

SHA512
6c1e607eb350e424be0f698476053be71275de318679df0a1cc4ac9b4de4c9bc1c311f41904051d770872294fa237225d6275e43b58b3aa0ff73eb8932139ed1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
7.7MB

MD5
dafcf107f15cb17d5927ba3f35411781

SHA1
0bd5334ba3ef788ca22a5d490a1ea98ebeb5aa65

SHA256
f2754c1ec8d37a04d6ca8d7eedb69138377485ed6a8920c1bf7027d5b849dbb8

SHA512
fbb43284b4e9f4369b9fd29089605f3180758ea1c8c329ee76ff1aafa9fd9e4393b5149fa7aa383c03aaf88e5af4b3a986e209fccbc091d79a98dc020b19d3f2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\xulstore.json.tmp

Filesize
141B

MD5
1995825c748914809df775643764920f

SHA1
55c55d77bb712d2d831996344f0a1b3e0b7ff98a

SHA256
87835b1bd7d0934f997ef51c977349809551d47e32c3c9224899359ae0fce776

SHA512
c311970610d836550a07feb47bd0774fd728130d0660cbada2d2d68f2fcfbe84e85404d7f5b8ab0f71a6c947561dcffa95df2782a712f4dcb7230ea8ba01c34c

Download Submit
C:\Users\Admin\Desktop\Growtopia.lnk

Filesize
1KB

MD5
03bbcb88f381b391b91c6c9afe20b7d6

SHA1
ca2dd145eea8570ddbe1748e97933c0bbe9db17d

SHA256
fa22530f2386b4b1252d692e20d0ac9b86d772b9bd6047fdea4050acb96de2ec

SHA512
1359350597c1c492f76f7c24dd383b827b3f2d3fe01126ef96e63c7ceac80a871408086350c862bc2c9864c1eaef5cfa90e819a07c10f363d1c403f980fe741c

Download Submit
C:\Users\Admin\Downloads\GrowtopiaInstaller.0XUkFacA.exe.part

Filesize
7KB

MD5
68da258f80c4cfd6d747a24be370432f

SHA1
b92435c0a093186c2d800efd075712163c739c77

SHA256
0ee558fcf36323cf7c28ace4459686e14bcc6fdbb9caf5c031808d4eecf0f400

SHA512
d335ab6a30f7d8360ed9f86a57536fd97d60ffa46e0670ab1110444b0ccb9c1ddb9e4337b268fd256b3ba1f8ee141b8a602a75152ab9c7f287c3531ca410dea0

Download Submit
C:\Users\Admin\Downloads\Nightfarm.WTMFy_p-.exe.part

Filesize
512B

MD5
27457e85c03faf499550d50d86a0cc83

SHA1
8bc8957bc9501b78e28d240970855d67f40f93b3

SHA256
663036f63d17c39dee938f7e9b61fb3188dc8c68553b35aa1fbea1117de8b570

SHA512
79b4589b66e404563ad5d658bc262b133f0925db6f770722c2618d75ed26dd29b0d1f7639c2740f202f005e91709af3fedd0ea0910cb996fa51ce15417ed13c0

Download Submit
C:\Users\Admin\Downloads\Nightfarm.exe

Filesize
932KB

MD5
fe645d9509824ffb8e793a845f189e5a

SHA1
52c8db36d840550c50cba8b8b4832dd8c49e30cb

SHA256
55b1342e783f0b32c8e8440f2c0d9e0eaba4489194f40d052abd6e579f8b8552

SHA512
814e4ab5e7f250cb550ea8edfc9e75bfcbec9a2f609ce87199ab1357869fa3f8a1a9532e3d8562d7ea2df233865050cec900bf5fc1dfd14df48140ffa1d71372

Download Submit
C:\Users\Admin\Downloads\Nightfarm.s1wrHqbZ.zip.part

Filesize
29.6MB

MD5
d9f901acc5b3d1c61549d3c3cafbb4df

SHA1
759c25905da2c29e2211bc4bf2b27c31bd451fce

SHA256
0a24b520b5b02577bdb59e5e9672262f0087b7a4df5fd7e2b4c02c55688407df

SHA512
2fa106d2365fc6f0c7ab0a934f7ced936a5664c76d5006e11ce9b7dc895878ab4d310a91b47e8fae2dce893b02f0b20133ea942cbc4311b4498a14181ca5870f

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini

Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
\Users\Admin\AppData\Local\Growtopia\SecureEngineSDK64.dll

Filesize
28KB

MD5
023ca3f56ce9d9aff9e4839301e82c82

SHA1
fec3bca7c4f43c9c44ffcfca1f41b5a480cba78b

SHA256
9387fedbd201f2886a28f32d1ec155a69ac86ea78e331381f6db521f8b4b5a11

SHA512
18bea9d3fde048dbd7ed0f039d44c36ccb112334b4188632772c35de06042e6d4077e1dc68ce6ac4f3a8fc4d1134940d24216a9451c79a813cd0ac33c56d354b

Download Submit
\Users\Admin\AppData\Local\Growtopia\fmod64.dll

Filesize
1.7MB

MD5
29b36598d48261aec75b1eee69dab669

SHA1
ae3143a5603badeed76a36f5f2429999ce4e7015

SHA256
e5fa4e47ae9ac18d7d2927651130a1630bfff97546f01646792384b9f3552f79

SHA512
6f316cfd68b3b9294e5ae929eeac1fee317ca17c64f3dda9e6e8504a16a8022ad19ca0169b4088fe91697cc48c33d8fb9c25558c5a364602e1511ed440ada5c0

Download Submit
\Users\Admin\AppData\Local\Temp\nsl5EB4.tmp\InstallOptions.dll

Filesize
14KB

MD5
3e277798b9d8f48806fbb5ebfd4990db

SHA1
d1ab343c5792bc99599ec7acba506e8ba7e05969

SHA256
fe19353288a08a5d2640a9c022424a1d20e4909a351f2114423e087313a40d7c

SHA512
84c9d4e2e6872277bffb0e10b292c8c384d475ad163fd0a47ca924a3c79077dfde880f535a171660f73265792554129161d079a10057d44e28e2d57ebc477e92

Download Submit
\Users\Admin\AppData\Local\Temp\nsl5EB4.tmp\System.dll

Filesize
11KB

MD5
3f176d1ee13b0d7d6bd92e1c7a0b9bae

SHA1
fe582246792774c2c9dd15639ffa0aca90d6fd0b

SHA256
fa4ab1d6f79fd677433a31ada7806373a789d34328da46ccb0449bbf347bd73e

SHA512
0a69124819b7568d0dea4e9e85ce8fe61c7ba697c934e3a95e2dcfb9f252b1d9da7faf8774b6e8efd614885507acc94987733eba09a2f5e7098b774dfc8524b6

Download Submit
\Users\Admin\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\wixstdba.dll

Filesize
118KB

MD5
4d20a950a3571d11236482754b4a8e76

SHA1
e68bd784ac143e206d52ecaf54a7e3b8d4d75c9c

SHA256
a9295ad4e909f979e2b6cb2b2495c3d35c8517e689cd64a918c690e17b49078b

SHA512
8b9243d1f9edbcbd6bdaf6874dc69c806bb29e909bd733781fde8ac80ca3fff574d786ca903871d1e856e73fd58403bebb58c9f23083ea7cd749ba3e890af3d2

Download Submit
memory/504-19-0x00007FFF43B30000-0x00007FFF4451C000-memory.dmp

Filesize
9.9MB

Download
memory/504-60-0x00007FFF43B30000-0x00007FFF4451C000-memory.dmp

Filesize
9.9MB

Download
memory/504-54-0x00007FFF43B30000-0x00007FFF4451C000-memory.dmp

Filesize
9.9MB

Download
memory/504-18-0x00007FFF43B30000-0x00007FFF4451C000-memory.dmp

Filesize
9.9MB

Download
memory/504-17-0x0000026773410000-0x0000026773432000-memory.dmp

Filesize
136KB

Download
memory/504-22-0x0000026773710000-0x0000026773786000-memory.dmp

Filesize
472KB

Download
memory/504-23-0x00007FFF43B30000-0x00007FFF4451C000-memory.dmp

Filesize
9.9MB

Download
memory/4112-7-0x00007FFF43B30000-0x00007FFF4451C000-memory.dmp

Filesize
9.9MB

Download
memory/4112-8-0x00007FFF43B30000-0x00007FFF4451C000-memory.dmp

Filesize
9.9MB

Download
memory/4112-554-0x00007FFF43B30000-0x00007FFF4451C000-memory.dmp

Filesize
9.9MB

Download
memory/4112-6-0x00007FFF43B30000-0x00007FFF4451C000-memory.dmp

Filesize
9.9MB

Download
memory/4112-0-0x00007FFF43B33000-0x00007FFF43B34000-memory.dmp

Filesize
4KB

Download
memory/4112-5-0x00007FFF43B30000-0x00007FFF4451C000-memory.dmp

Filesize
9.9MB

Download
memory/4112-4-0x000000001B050000-0x000000001B08E000-memory.dmp

Filesize
248KB

Download
memory/4112-1-0x0000000000470000-0x0000000000566000-memory.dmp

Filesize
984KB

Download
memory/4112-2-0x0000000002720000-0x0000000002770000-memory.dmp

Filesize
320KB

Download
memory/4112-3-0x00007FFF43B30000-0x00007FFF4451C000-memory.dmp

Filesize
9.9MB

Download
memory/5196-6460-0x0000000140000000-0x0000000141000000-memory.dmp

Filesize
16.0MB

Download
memory/5196-6365-0x00007FFF5F940000-0x00007FFF5F942000-memory.dmp

Filesize
8KB

Download
memory/5196-6364-0x00007FFF5F930000-0x00007FFF5F932000-memory.dmp

Filesize
8KB

Download
memory/5548-7071-0x0000000000CA0000-0x0000000000D8E000-memory.dmp

Filesize
952KB

Download
memory/5548-7072-0x000000001B790000-0x000000001B7CE000-memory.dmp

Filesize
248KB

Download