Analysis Overview
SHA256
19d6f5d93cb6c9f12bafcf7c277c7cef3c167108ee5ef501d35241d89675217c
Threat Level: Known bad
The file yemazo-beta.html was found to be: Known bad.
Malicious Activity Summary
Hexon stealer
Hexon family
Uses browser remote debugging
Drops startup file
Executes dropped EXE
Reads user/profile data of web browsers
Loads dropped DLL
Checks installed software on the system
Enumerates processes with tasklist
Drops file in Windows directory
System Location Discovery: System Language Discovery
Browser Information Discovery
Program crash
Enumerates physical storage devices
Suspicious use of AdjustPrivilegeToken
NTFS ADS
Checks processor information in registry
Uses Task Scheduler COM API
Modifies registry class
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Kills process with taskkill
Enumerates system info in registry
Suspicious use of SendNotifyMessage
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-11 21:12
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-11 21:12
Reported
2024-11-11 21:42
Platform
win11-20241007-en
Max time kernel
1380s
Max time network
1799s
Command Line
Signatures
Hexon family
Hexon stealer
Uses browser remote debugging
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\startup.vbs | C:\Users\Admin\AppData\Local\Programs\unrealgame\YemazoV43.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\startup.vbs | C:\Users\Admin\AppData\Local\Programs\unrealgame\YemazoV43.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\startup.vbs | C:\Users\Admin\AppData\Local\Programs\unrealgame\YemazoV43.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\startup.vbs | C:\Users\Admin\AppData\Local\Programs\unrealgame\YemazoV43.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\startup.vbs | C:\Users\Admin\AppData\Local\Programs\unrealgame\YemazoV43.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Checks installed software on the system
Enumerates processes with tasklist
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\setuperr.log | C:\Windows\System32\oobe\UserOOBEBroker.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\setupact.log | C:\Windows\System32\oobe\UserOOBEBroker.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\diagerr.xml | C:\Windows\System32\oobe\UserOOBEBroker.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\diagwrn.xml | C:\Windows\System32\oobe\UserOOBEBroker.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Downloads\YemazoV33\YemazoV33.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\find.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\YemazoV33\YemazoV33.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\YemazoV33\YemazoV33.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\tasklist.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\tasklist.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Programs\unrealgame\Uninstall YemazoV43.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\find.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\find.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\tasklist.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\find.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\find.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\tasklist.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\tasklist.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Kills process with taskkill
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix | C:\Windows\system32\BackgroundTransferHost.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2410826464-2353372766-2364966905-1000\{1C5F5696-A719-4DFD-9CF8-D25D909863FC} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\system32\BackgroundTransferHost.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2410826464-2353372766-2364966905-1000\{3E4A2086-8460-4340-AD52-7D87F06A99BC} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2410826464-2353372766-2364966905-1000\{407F3895-6491-41C9-829C-AE76127FBFD7} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\system32\BackgroundTransferHost.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2410826464-2353372766-2364966905-1000\{84D5E363-1873-49CF-8848-C3CCD6FA7CC4} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\MuiCache | C:\Windows\system32\BackgroundTransferHost.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2410826464-2353372766-2364966905-1000\{AC8C14ED-3476-4F89-BF95-F1B47C18C281} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\YemazoV33.rar:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\yemazo-beta.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcd7553cb8,0x7ffcd7553cc8,0x7ffcd7553cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,15541074513359928403,32790430998037560,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,15541074513359928403,32790430998037560,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2512 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,15541074513359928403,32790430998037560,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2608 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,15541074513359928403,32790430998037560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,15541074513359928403,32790430998037560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,15541074513359928403,32790430998037560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1928,15541074513359928403,32790430998037560,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,15541074513359928403,32790430998037560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1928,15541074513359928403,32790430998037560,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,15541074513359928403,32790430998037560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,15541074513359928403,32790430998037560,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,15541074513359928403,32790430998037560,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5668 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,15541074513359928403,32790430998037560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,15541074513359928403,32790430998037560,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\YemazoV33\" -spe -an -ai#7zMap23532:80:7zEvent18571
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,15541074513359928403,32790430998037560,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5088 /prefetch:2
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\YemazoV33\" -spe -an -ai#7zMap8173:80:7zEvent10601
C:\Users\Admin\Downloads\YemazoV33\YemazoV33.exe
"C:\Users\Admin\Downloads\YemazoV33\YemazoV33.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3164 -ip 3164
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 808
C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
C:\Users\Admin\Downloads\YemazoV33\YemazoV33.exe
"C:\Users\Admin\Downloads\YemazoV33\YemazoV33.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq YemazoV43.exe" | %SYSTEMROOT%\System32\find.exe "YemazoV43.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq YemazoV43.exe"
C:\Windows\SysWOW64\find.exe
C:\Windows\System32\find.exe "YemazoV43.exe"
C:\Users\Admin\AppData\Local\Programs\unrealgame\YemazoV43.exe
"C:\Users\Admin\AppData\Local\Programs\unrealgame\YemazoV43.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic csproduct get uuid"
C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
C:\Users\Admin\AppData\Local\Programs\unrealgame\YemazoV43.exe
"C:\Users\Admin\AppData\Local\Programs\unrealgame\YemazoV43.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\unrealgame" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1784 --field-trial-handle=1812,i,774255616325661550,856336292029807393,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Users\Admin\AppData\Local\Programs\unrealgame\YemazoV43.exe
"C:\Users\Admin\AppData\Local\Programs\unrealgame\YemazoV43.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\unrealgame" --mojo-platform-channel-handle=2000 --field-trial-handle=1812,i,774255616325661550,856336292029807393,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /f /im msedge.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "where /r . cookies.sqlite"
C:\Windows\system32\taskkill.exe
taskkill /f /im msedge.exe
C:\Windows\system32\where.exe
where /r . cookies.sqlite
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"
C:\Windows\system32\taskkill.exe
taskkill /IM chrome.exe /F
C:\Windows\system32\taskkill.exe
taskkill /IM chrome.exe /F
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:/Program Files/Google/Chrome/Application/chrome.exe" --allow-pre-commit-input --disable-background-networking --disable-background-timer-throttling --disable-backgrounding-occluded-windows --disable-breakpad --disable-client-side-phishing-detection --disable-component-extensions-with-background-pages --disable-default-apps --disable-dev-shm-usage --disable-extensions --disable-hang-monitor --disable-infobars --disable-ipc-flooding-protection --disable-popup-blocking --disable-prompt-on-repost --disable-renderer-backgrounding --disable-search-engine-choice-screen --disable-sync --enable-automation --export-tagged-pdf --generate-pdf-document-outline --force-color-profile=srgb --metrics-recording-only --no-first-run --password-store=basic --use-mock-keychain --disable-features=Translate,AcceptCHFrame,MediaRouter,OptimizationHints,ProcessPerSiteUpToMainFrameThreshold,IsolateSandboxedIframes --enable-features=PdfOopif "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --headless=new --hide-scrollbars --mute-audio about:blank --profile-directory=Default --no-sandbox --disable-setuid-sandbox --remote-debugging-port=0
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffcd3a1cc40,0x7ffcd3a1cc4c,0x7ffcd3a1cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-sandbox --disable-breakpad --headless=new --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1756,i,16401191582451170350,17151612519468730141,262144 --enable-features=PdfOopif --disable-features=AcceptCHFrame,IsolateSandboxedIframes,MediaRouter,OptimizationHints,PaintHolding,ProcessPerSiteUpToMainFrameThreshold,Translate --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1752 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --mute-audio --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --no-appcompat-clear --field-trial-handle=1840,i,16401191582451170350,17151612519468730141,262144 --enable-features=PdfOopif --disable-features=AcceptCHFrame,IsolateSandboxedIframes,MediaRouter,OptimizationHints,PaintHolding,ProcessPerSiteUpToMainFrameThreshold,Translate --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2056 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --mute-audio --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --no-appcompat-clear --field-trial-handle=2076,i,16401191582451170350,17151612519468730141,262144 --enable-features=PdfOopif --disable-features=AcceptCHFrame,IsolateSandboxedIframes,MediaRouter,OptimizationHints,PaintHolding,ProcessPerSiteUpToMainFrameThreshold,Translate --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2232 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --no-appcompat-clear --no-sandbox --disable-background-timer-throttling --disable-breakpad --enable-automation --force-color-profile=srgb --remote-debugging-port=0 --allow-pre-commit-input --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2872,i,16401191582451170350,17151612519468730141,262144 --enable-features=PdfOopif --disable-features=AcceptCHFrame,IsolateSandboxedIframes,MediaRouter,OptimizationHints,PaintHolding,ProcessPerSiteUpToMainFrameThreshold,Translate --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2932 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --no-appcompat-clear --no-sandbox --disable-background-timer-throttling --disable-breakpad --enable-automation --force-color-profile=srgb --remote-debugging-port=0 --allow-pre-commit-input --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2876,i,16401191582451170350,17151612519468730141,262144 --enable-features=PdfOopif --disable-features=AcceptCHFrame,IsolateSandboxedIframes,MediaRouter,OptimizationHints,PaintHolding,ProcessPerSiteUpToMainFrameThreshold,Translate --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2808 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --no-appcompat-clear --no-sandbox --disable-background-timer-throttling --disable-breakpad --enable-automation --force-color-profile=srgb --remote-debugging-port=0 --allow-pre-commit-input --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=2868,i,16401191582451170350,17151612519468730141,262144 --enable-features=PdfOopif --disable-features=AcceptCHFrame,IsolateSandboxedIframes,MediaRouter,OptimizationHints,PaintHolding,ProcessPerSiteUpToMainFrameThreshold,Translate --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4060 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F"
C:\Windows\system32\taskkill.exe
taskkill /IM msedge.exe /F
C:\Windows\system32\taskkill.exe
taskkill /IM msedge.exe /F
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:/Program Files (x86)/Microsoft/Edge/Application/msedge.exe" --allow-pre-commit-input --disable-background-networking --disable-background-timer-throttling --disable-backgrounding-occluded-windows --disable-breakpad --disable-client-side-phishing-detection --disable-component-extensions-with-background-pages --disable-default-apps --disable-dev-shm-usage --disable-extensions --disable-hang-monitor --disable-infobars --disable-ipc-flooding-protection --disable-popup-blocking --disable-prompt-on-repost --disable-renderer-backgrounding --disable-search-engine-choice-screen --disable-sync --enable-automation --export-tagged-pdf --generate-pdf-document-outline --force-color-profile=srgb --metrics-recording-only --no-first-run --password-store=basic --use-mock-keychain --disable-features=Translate,AcceptCHFrame,MediaRouter,OptimizationHints,ProcessPerSiteUpToMainFrameThreshold,IsolateSandboxedIframes --enable-features=PdfOopif "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --headless=new --hide-scrollbars --mute-audio about:blank --profile-directory=Default --no-sandbox --disable-setuid-sandbox --remote-debugging-port=0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffcd7553cb8,0x7ffcd7553cc8,0x7ffcd7553cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1440,3659028811574702505,10539276908547931309,131072 --enable-features=PdfOopif --disable-features=AcceptCHFrame,IsolateSandboxedIframes,MediaRouter,OptimizationHints,ProcessPerSiteUpToMainFrameThreshold,Translate --no-sandbox --disable-breakpad --headless=new --headless --export-tagged-pdf --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --override-use-software-gl-for-tests --mojo-platform-channel-handle=1456 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1440,3659028811574702505,10539276908547931309,131072 --enable-features=PdfOopif --disable-features=AcceptCHFrame,IsolateSandboxedIframes,MediaRouter,OptimizationHints,ProcessPerSiteUpToMainFrameThreshold,Translate --lang=en-US --service-sandbox-type=none --no-sandbox --use-gl=swiftshader-webgl --mute-audio --headless --export-tagged-pdf --mojo-platform-channel-handle=1648 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-sandbox --disable-background-timer-throttling --disable-breakpad --enable-automation --force-color-profile=srgb --remote-debugging-port=0 --allow-pre-commit-input --field-trial-handle=1440,3659028811574702505,10539276908547931309,131072 --enable-features=PdfOopif --disable-features=AcceptCHFrame,IsolateSandboxedIframes,MediaRouter,OptimizationHints,ProcessPerSiteUpToMainFrameThreshold,Translate --lang=en-US --headless --export-tagged-pdf --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1876 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-sandbox --disable-background-timer-throttling --disable-breakpad --enable-automation --force-color-profile=srgb --remote-debugging-port=0 --allow-pre-commit-input --field-trial-handle=1440,3659028811574702505,10539276908547931309,131072 --enable-features=PdfOopif --disable-features=AcceptCHFrame,IsolateSandboxedIframes,MediaRouter,OptimizationHints,ProcessPerSiteUpToMainFrameThreshold,Translate --lang=en-US --headless --export-tagged-pdf --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2096 /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /T /IM chrome.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /T /IM msedge.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /T /IM chrome.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /T /IM msedge.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /T /IM chrome.exe
C:\Windows\system32\taskkill.exe
taskkill /F /T /IM msedge.exe
C:\Windows\system32\taskkill.exe
taskkill /F /T /IM msedge.exe
C:\Windows\system32\taskkill.exe
taskkill /F /T /IM chrome.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "where /r . *.sqlite"
C:\Windows\system32\where.exe
where /r . *.sqlite
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /T /IM chrome.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /T /IM msedge.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /T /IM msedge.exe
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\taskkill.exe
taskkill /F /T /IM chrome.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM EpicGamesLauncher.exe /F"
C:\Windows\system32\taskkill.exe
taskkill /IM EpicGamesLauncher.exe /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM javaw.exe /F"
C:\Windows\system32\taskkill.exe
taskkill /IM javaw.exe /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM Steam.exe /F"
C:\Windows\system32\taskkill.exe
taskkill /IM Steam.exe /F
C:\Users\Admin\AppData\Local\Programs\unrealgame\YemazoV43.exe
"C:\Users\Admin\AppData\Local\Programs\unrealgame\YemazoV43.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic csproduct get uuid"
C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
C:\Users\Admin\AppData\Local\Programs\unrealgame\YemazoV43.exe
"C:\Users\Admin\AppData\Local\Programs\unrealgame\YemazoV43.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\unrealgame" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1800,i,12360570221256824820,8393403076056878304,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Users\Admin\AppData\Local\Programs\unrealgame\YemazoV43.exe
"C:\Users\Admin\AppData\Local\Programs\unrealgame\YemazoV43.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\unrealgame" --mojo-platform-channel-handle=1992 --field-trial-handle=1800,i,12360570221256824820,8393403076056878304,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "where /r . cookies.sqlite"
C:\Windows\system32\where.exe
where /r . cookies.sqlite
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Users\Admin\AppData\Local\Programs\unrealgame\YemazoV43.exe
"C:\Users\Admin\AppData\Local\Programs\unrealgame\YemazoV43.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"
C:\Windows\system32\taskkill.exe
taskkill /IM chrome.exe /F
C:\Windows\system32\taskkill.exe
taskkill /IM chrome.exe /F
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:/Program Files/Google/Chrome/Application/chrome.exe" --allow-pre-commit-input --disable-background-networking --disable-background-timer-throttling --disable-backgrounding-occluded-windows --disable-breakpad --disable-client-side-phishing-detection --disable-component-extensions-with-background-pages --disable-default-apps --disable-dev-shm-usage --disable-extensions --disable-hang-monitor --disable-infobars --disable-ipc-flooding-protection --disable-popup-blocking --disable-prompt-on-repost --disable-renderer-backgrounding --disable-search-engine-choice-screen --disable-sync --enable-automation --export-tagged-pdf --generate-pdf-document-outline --force-color-profile=srgb --metrics-recording-only --no-first-run --password-store=basic --use-mock-keychain --disable-features=Translate,AcceptCHFrame,MediaRouter,OptimizationHints,ProcessPerSiteUpToMainFrameThreshold,IsolateSandboxedIframes --enable-features=PdfOopif "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --headless=new --hide-scrollbars --mute-audio about:blank --profile-directory=Default --no-sandbox --disable-setuid-sandbox --remote-debugging-port=0
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffcd386cc40,0x7ffcd386cc4c,0x7ffcd386cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-sandbox --disable-breakpad --headless=new --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2260,i,15049640605409848951,5715234348768910268,262144 --enable-features=PdfOopif --disable-features=AcceptCHFrame,IsolateSandboxedIframes,MediaRouter,OptimizationHints,PaintHolding,ProcessPerSiteUpToMainFrameThreshold,Translate --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2256 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --mute-audio --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --no-appcompat-clear --field-trial-handle=1824,i,15049640605409848951,5715234348768910268,262144 --enable-features=PdfOopif --disable-features=AcceptCHFrame,IsolateSandboxedIframes,MediaRouter,OptimizationHints,PaintHolding,ProcessPerSiteUpToMainFrameThreshold,Translate --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2412 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --mute-audio --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --no-appcompat-clear --field-trial-handle=1880,i,15049640605409848951,5715234348768910268,262144 --enable-features=PdfOopif --disable-features=AcceptCHFrame,IsolateSandboxedIframes,MediaRouter,OptimizationHints,PaintHolding,ProcessPerSiteUpToMainFrameThreshold,Translate --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2428 /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic csproduct get uuid"
C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --no-appcompat-clear --no-sandbox --disable-background-timer-throttling --disable-breakpad --enable-automation --force-color-profile=srgb --remote-debugging-port=0 --allow-pre-commit-input --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2780,i,15049640605409848951,5715234348768910268,262144 --enable-features=PdfOopif --disable-features=AcceptCHFrame,IsolateSandboxedIframes,MediaRouter,OptimizationHints,PaintHolding,ProcessPerSiteUpToMainFrameThreshold,Translate --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2816 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --no-appcompat-clear --no-sandbox --disable-background-timer-throttling --disable-breakpad --enable-automation --force-color-profile=srgb --remote-debugging-port=0 --allow-pre-commit-input --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2812,i,15049640605409848951,5715234348768910268,262144 --enable-features=PdfOopif --disable-features=AcceptCHFrame,IsolateSandboxedIframes,MediaRouter,OptimizationHints,PaintHolding,ProcessPerSiteUpToMainFrameThreshold,Translate --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2944 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --no-appcompat-clear --no-sandbox --disable-background-timer-throttling --disable-breakpad --enable-automation --force-color-profile=srgb --remote-debugging-port=0 --allow-pre-commit-input --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3948,i,15049640605409848951,5715234348768910268,262144 --enable-features=PdfOopif --disable-features=AcceptCHFrame,IsolateSandboxedIframes,MediaRouter,OptimizationHints,PaintHolding,ProcessPerSiteUpToMainFrameThreshold,Translate --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3936 /prefetch:1
C:\Users\Admin\AppData\Local\Programs\unrealgame\YemazoV43.exe
"C:\Users\Admin\AppData\Local\Programs\unrealgame\YemazoV43.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\unrealgame" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1832 --field-trial-handle=1836,i,662573568502511052,892162944028664006,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Users\Admin\AppData\Local\Programs\unrealgame\YemazoV43.exe
"C:\Users\Admin\AppData\Local\Programs\unrealgame\YemazoV43.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\unrealgame" --mojo-platform-channel-handle=1992 --field-trial-handle=1836,i,662573568502511052,892162944028664006,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F"
C:\Windows\system32\taskkill.exe
taskkill /IM msedge.exe /F
C:\Windows\system32\taskkill.exe
taskkill /IM msedge.exe /F
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:/Program Files (x86)/Microsoft/Edge/Application/msedge.exe" --allow-pre-commit-input --disable-background-networking --disable-background-timer-throttling --disable-backgrounding-occluded-windows --disable-breakpad --disable-client-side-phishing-detection --disable-component-extensions-with-background-pages --disable-default-apps --disable-dev-shm-usage --disable-extensions --disable-hang-monitor --disable-infobars --disable-ipc-flooding-protection --disable-popup-blocking --disable-prompt-on-repost --disable-renderer-backgrounding --disable-search-engine-choice-screen --disable-sync --enable-automation --export-tagged-pdf --generate-pdf-document-outline --force-color-profile=srgb --metrics-recording-only --no-first-run --password-store=basic --use-mock-keychain --disable-features=Translate,AcceptCHFrame,MediaRouter,OptimizationHints,ProcessPerSiteUpToMainFrameThreshold,IsolateSandboxedIframes --enable-features=PdfOopif "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --headless=new --hide-scrollbars --mute-audio about:blank --profile-directory=Default --no-sandbox --disable-setuid-sandbox --remote-debugging-port=0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffcc5c13cb8,0x7ffcc5c13cc8,0x7ffcc5c13cd8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1544,7451868292124294691,16041600525062641256,131072 --enable-features=PdfOopif --disable-features=AcceptCHFrame,IsolateSandboxedIframes,MediaRouter,OptimizationHints,ProcessPerSiteUpToMainFrameThreshold,Translate --no-sandbox --disable-breakpad --headless=new --headless --export-tagged-pdf --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --override-use-software-gl-for-tests --mojo-platform-channel-handle=1552 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1544,7451868292124294691,16041600525062641256,131072 --enable-features=PdfOopif --disable-features=AcceptCHFrame,IsolateSandboxedIframes,MediaRouter,OptimizationHints,ProcessPerSiteUpToMainFrameThreshold,Translate --lang=en-US --service-sandbox-type=none --no-sandbox --use-gl=swiftshader-webgl --mute-audio --headless --export-tagged-pdf --mojo-platform-channel-handle=1620 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-sandbox --disable-background-timer-throttling --disable-breakpad --enable-automation --force-color-profile=srgb --remote-debugging-port=0 --allow-pre-commit-input --field-trial-handle=1544,7451868292124294691,16041600525062641256,131072 --enable-features=PdfOopif --disable-features=AcceptCHFrame,IsolateSandboxedIframes,MediaRouter,OptimizationHints,ProcessPerSiteUpToMainFrameThreshold,Translate --lang=en-US --headless --export-tagged-pdf --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1852 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-sandbox --disable-background-timer-throttling --disable-breakpad --enable-automation --force-color-profile=srgb --remote-debugging-port=0 --allow-pre-commit-input --field-trial-handle=1544,7451868292124294691,16041600525062641256,131072 --enable-features=PdfOopif --disable-features=AcceptCHFrame,IsolateSandboxedIframes,MediaRouter,OptimizationHints,ProcessPerSiteUpToMainFrameThreshold,Translate --disable-gpu-compositing --lang=en-US --headless --export-tagged-pdf --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2040 /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /f /im chrome.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /f /im msedge.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "where /r . cookies.sqlite"
C:\Windows\system32\where.exe
where /r . cookies.sqlite
C:\Windows\system32\taskkill.exe
taskkill /f /im msedge.exe
C:\Windows\system32\taskkill.exe
taskkill /f /im chrome.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "where /r . *.sqlite"
C:\Windows\system32\where.exe
where /r . *.sqlite
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"
C:\Windows\system32\taskkill.exe
taskkill /IM chrome.exe /F
C:\Windows\system32\taskkill.exe
taskkill /IM chrome.exe /F
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:/Program Files/Google/Chrome/Application/chrome.exe" --allow-pre-commit-input --disable-background-networking --disable-background-timer-throttling --disable-backgrounding-occluded-windows --disable-breakpad --disable-client-side-phishing-detection --disable-component-extensions-with-background-pages --disable-default-apps --disable-dev-shm-usage --disable-extensions --disable-hang-monitor --disable-infobars --disable-ipc-flooding-protection --disable-popup-blocking --disable-prompt-on-repost --disable-renderer-backgrounding --disable-search-engine-choice-screen --disable-sync --enable-automation --export-tagged-pdf --generate-pdf-document-outline --force-color-profile=srgb --metrics-recording-only --no-first-run --password-store=basic --use-mock-keychain --disable-features=Translate,AcceptCHFrame,MediaRouter,OptimizationHints,ProcessPerSiteUpToMainFrameThreshold,IsolateSandboxedIframes --enable-features=PdfOopif "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --headless=new --hide-scrollbars --mute-audio about:blank --profile-directory=Default --no-sandbox --disable-setuid-sandbox --remote-debugging-port=0
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffcd386cc40,0x7ffcd386cc4c,0x7ffcd386cc58
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM EpicGamesLauncher.exe /F"
C:\Windows\system32\taskkill.exe
taskkill /IM EpicGamesLauncher.exe /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM javaw.exe /F"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-sandbox --disable-breakpad --headless=new --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1936,i,15327811565780117174,18323440095563761048,262144 --enable-features=PdfOopif --disable-features=AcceptCHFrame,IsolateSandboxedIframes,MediaRouter,OptimizationHints,PaintHolding,ProcessPerSiteUpToMainFrameThreshold,Translate --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1932 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --mute-audio --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --no-appcompat-clear --field-trial-handle=1760,i,15327811565780117174,18323440095563761048,262144 --enable-features=PdfOopif --disable-features=AcceptCHFrame,IsolateSandboxedIframes,MediaRouter,OptimizationHints,PaintHolding,ProcessPerSiteUpToMainFrameThreshold,Translate --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2280 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --mute-audio --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --no-appcompat-clear --field-trial-handle=2056,i,15327811565780117174,18323440095563761048,262144 --enable-features=PdfOopif --disable-features=AcceptCHFrame,IsolateSandboxedIframes,MediaRouter,OptimizationHints,PaintHolding,ProcessPerSiteUpToMainFrameThreshold,Translate --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2288 /prefetch:8
C:\Windows\system32\taskkill.exe
taskkill /IM javaw.exe /F
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --no-appcompat-clear --no-sandbox --disable-background-timer-throttling --disable-breakpad --enable-automation --force-color-profile=srgb --remote-debugging-port=0 --allow-pre-commit-input --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2764,i,15327811565780117174,18323440095563761048,262144 --enable-features=PdfOopif --disable-features=AcceptCHFrame,IsolateSandboxedIframes,MediaRouter,OptimizationHints,PaintHolding,ProcessPerSiteUpToMainFrameThreshold,Translate --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2880 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --no-appcompat-clear --no-sandbox --disable-background-timer-throttling --disable-breakpad --enable-automation --force-color-profile=srgb --remote-debugging-port=0 --allow-pre-commit-input --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2772,i,15327811565780117174,18323440095563761048,262144 --enable-features=PdfOopif --disable-features=AcceptCHFrame,IsolateSandboxedIframes,MediaRouter,OptimizationHints,PaintHolding,ProcessPerSiteUpToMainFrameThreshold,Translate --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3040 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --no-appcompat-clear --no-sandbox --disable-background-timer-throttling --disable-breakpad --enable-automation --force-color-profile=srgb --remote-debugging-port=0 --allow-pre-commit-input --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3856,i,15327811565780117174,18323440095563761048,262144 --enable-features=PdfOopif --disable-features=AcceptCHFrame,IsolateSandboxedIframes,MediaRouter,OptimizationHints,PaintHolding,ProcessPerSiteUpToMainFrameThreshold,Translate --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3908 /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM Steam.exe /F"
C:\Windows\system32\taskkill.exe
taskkill /IM Steam.exe /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F"
C:\Windows\system32\taskkill.exe
taskkill /IM msedge.exe /F
C:\Windows\system32\taskkill.exe
taskkill /IM msedge.exe /F
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:/Program Files (x86)/Microsoft/Edge/Application/msedge.exe" --allow-pre-commit-input --disable-background-networking --disable-background-timer-throttling --disable-backgrounding-occluded-windows --disable-breakpad --disable-client-side-phishing-detection --disable-component-extensions-with-background-pages --disable-default-apps --disable-dev-shm-usage --disable-extensions --disable-hang-monitor --disable-infobars --disable-ipc-flooding-protection --disable-popup-blocking --disable-prompt-on-repost --disable-renderer-backgrounding --disable-search-engine-choice-screen --disable-sync --enable-automation --export-tagged-pdf --generate-pdf-document-outline --force-color-profile=srgb --metrics-recording-only --no-first-run --password-store=basic --use-mock-keychain --disable-features=Translate,AcceptCHFrame,MediaRouter,OptimizationHints,ProcessPerSiteUpToMainFrameThreshold,IsolateSandboxedIframes --enable-features=PdfOopif "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --headless=new --hide-scrollbars --mute-audio about:blank --profile-directory=Default --no-sandbox --disable-setuid-sandbox --remote-debugging-port=0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffcc5c13cb8,0x7ffcc5c13cc8,0x7ffcc5c13cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1436,14133266366959888322,9259839518172004472,131072 --enable-features=PdfOopif --disable-features=AcceptCHFrame,IsolateSandboxedIframes,MediaRouter,OptimizationHints,ProcessPerSiteUpToMainFrameThreshold,Translate --no-sandbox --disable-breakpad --headless=new --headless --export-tagged-pdf --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --override-use-software-gl-for-tests --mojo-platform-channel-handle=1460 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1436,14133266366959888322,9259839518172004472,131072 --enable-features=PdfOopif --disable-features=AcceptCHFrame,IsolateSandboxedIframes,MediaRouter,OptimizationHints,ProcessPerSiteUpToMainFrameThreshold,Translate --lang=en-US --service-sandbox-type=none --no-sandbox --use-gl=swiftshader-webgl --mute-audio --headless --export-tagged-pdf --mojo-platform-channel-handle=1548 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-sandbox --disable-background-timer-throttling --disable-breakpad --enable-automation --force-color-profile=srgb --remote-debugging-port=0 --allow-pre-commit-input --field-trial-handle=1436,14133266366959888322,9259839518172004472,131072 --enable-features=PdfOopif --disable-features=AcceptCHFrame,IsolateSandboxedIframes,MediaRouter,OptimizationHints,ProcessPerSiteUpToMainFrameThreshold,Translate --lang=en-US --headless --export-tagged-pdf --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1848 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-sandbox --disable-background-timer-throttling --disable-breakpad --enable-automation --force-color-profile=srgb --remote-debugging-port=0 --allow-pre-commit-input --field-trial-handle=1436,14133266366959888322,9259839518172004472,131072 --enable-features=PdfOopif --disable-features=AcceptCHFrame,IsolateSandboxedIframes,MediaRouter,OptimizationHints,ProcessPerSiteUpToMainFrameThreshold,Translate --disable-gpu-compositing --lang=en-US --headless --export-tagged-pdf --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2064 /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /T /IM chrome.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /T /IM msedge.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /T /IM msedge.exe
C:\Windows\system32\taskkill.exe
taskkill /F /T /IM chrome.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /T /IM chrome.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /T /IM msedge.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /T /IM chrome.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /T /IM msedge.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "where /r . *.sqlite"
C:\Windows\system32\taskkill.exe
taskkill /F /T /IM chrome.exe
C:\Windows\system32\taskkill.exe
taskkill /F /T /IM chrome.exe
C:\Windows\system32\taskkill.exe
taskkill /F /T /IM msedge.exe
C:\Windows\system32\where.exe
where /r . *.sqlite
C:\Windows\system32\taskkill.exe
taskkill /F /T /IM msedge.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM EpicGamesLauncher.exe /F"
C:\Windows\system32\taskkill.exe
taskkill /IM EpicGamesLauncher.exe /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM javaw.exe /F"
C:\Windows\system32\taskkill.exe
taskkill /IM javaw.exe /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM Steam.exe /F"
C:\Windows\system32\taskkill.exe
taskkill /IM Steam.exe /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "cscript //B "C:\Users\Admin\AppData\Local\Temp\open.vbs""
C:\Windows\system32\cscript.exe
cscript //B "C:\Users\Admin\AppData\Local\Temp\open.vbs"
C:\Users\Admin\AppData\Local\Temp\hexon_d914102618fb8363.exe
"C:\Users\Admin\AppData\Local\Temp\hexon_d914102618fb8363.exe" HXN-MONTHLY-E33DFA7CED3E discord
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "%windir%\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid"
C:\Windows\System32\reg.exe
C:\Windows\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\20241011-2328-111411n.4r1u.png" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESAC4B.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC8FD70D5DEB054CF8A33CBC58D6E14031.TMP"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\20241011-2328-111411n.4r1u.png"
C:\Users\Admin\AppData\Local\Programs\unrealgame\YemazoV43.exe
"C:\Users\Admin\AppData\Local\Programs\unrealgame\YemazoV43.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic csproduct get uuid"
C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
C:\Users\Admin\AppData\Local\Programs\unrealgame\YemazoV43.exe
"C:\Users\Admin\AppData\Local\Programs\unrealgame\YemazoV43.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\unrealgame" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 --field-trial-handle=1808,i,4531964123958613393,14206680399500107072,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Users\Admin\AppData\Local\Programs\unrealgame\YemazoV43.exe
"C:\Users\Admin\AppData\Local\Programs\unrealgame\YemazoV43.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\unrealgame" --mojo-platform-channel-handle=1980 --field-trial-handle=1808,i,4531964123958613393,14206680399500107072,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "where /r . cookies.sqlite"
C:\Windows\system32\where.exe
where /r . cookies.sqlite
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"
C:\Windows\system32\taskkill.exe
taskkill /IM chrome.exe /F
C:\Windows\system32\taskkill.exe
taskkill /IM chrome.exe /F
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:/Program Files/Google/Chrome/Application/chrome.exe" --allow-pre-commit-input --disable-background-networking --disable-background-timer-throttling --disable-backgrounding-occluded-windows --disable-breakpad --disable-client-side-phishing-detection --disable-component-extensions-with-background-pages --disable-default-apps --disable-dev-shm-usage --disable-extensions --disable-hang-monitor --disable-infobars --disable-ipc-flooding-protection --disable-popup-blocking --disable-prompt-on-repost --disable-renderer-backgrounding --disable-search-engine-choice-screen --disable-sync --enable-automation --export-tagged-pdf --generate-pdf-document-outline --force-color-profile=srgb --metrics-recording-only --no-first-run --password-store=basic --use-mock-keychain --disable-features=Translate,AcceptCHFrame,MediaRouter,OptimizationHints,ProcessPerSiteUpToMainFrameThreshold,IsolateSandboxedIframes --enable-features=PdfOopif "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --headless=new --hide-scrollbars --mute-audio about:blank --profile-directory=Default --no-sandbox --disable-setuid-sandbox --remote-debugging-port=0
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffcd386cc40,0x7ffcd386cc4c,0x7ffcd386cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-sandbox --disable-breakpad --headless=new --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1940,i,6360417285300948857,7016464199882125620,262144 --enable-features=PdfOopif --disable-features=AcceptCHFrame,IsolateSandboxedIframes,MediaRouter,OptimizationHints,PaintHolding,ProcessPerSiteUpToMainFrameThreshold,Translate --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1932 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --mute-audio --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --no-appcompat-clear --field-trial-handle=1728,i,6360417285300948857,7016464199882125620,262144 --enable-features=PdfOopif --disable-features=AcceptCHFrame,IsolateSandboxedIframes,MediaRouter,OptimizationHints,PaintHolding,ProcessPerSiteUpToMainFrameThreshold,Translate --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2360 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --mute-audio --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --no-appcompat-clear --field-trial-handle=2060,i,6360417285300948857,7016464199882125620,262144 --enable-features=PdfOopif --disable-features=AcceptCHFrame,IsolateSandboxedIframes,MediaRouter,OptimizationHints,PaintHolding,ProcessPerSiteUpToMainFrameThreshold,Translate --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2440 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --no-appcompat-clear --no-sandbox --disable-background-timer-throttling --disable-breakpad --enable-automation --force-color-profile=srgb --remote-debugging-port=0 --allow-pre-commit-input --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2788,i,6360417285300948857,7016464199882125620,262144 --enable-features=PdfOopif --disable-features=AcceptCHFrame,IsolateSandboxedIframes,MediaRouter,OptimizationHints,PaintHolding,ProcessPerSiteUpToMainFrameThreshold,Translate --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2824 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --no-appcompat-clear --no-sandbox --disable-background-timer-throttling --disable-breakpad --enable-automation --force-color-profile=srgb --remote-debugging-port=0 --allow-pre-commit-input --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2792,i,6360417285300948857,7016464199882125620,262144 --enable-features=PdfOopif --disable-features=AcceptCHFrame,IsolateSandboxedIframes,MediaRouter,OptimizationHints,PaintHolding,ProcessPerSiteUpToMainFrameThreshold,Translate --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3044 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --no-appcompat-clear --no-sandbox --disable-background-timer-throttling --disable-breakpad --enable-automation --force-color-profile=srgb --remote-debugging-port=0 --allow-pre-commit-input --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3872,i,6360417285300948857,7016464199882125620,262144 --enable-features=PdfOopif --disable-features=AcceptCHFrame,IsolateSandboxedIframes,MediaRouter,OptimizationHints,PaintHolding,ProcessPerSiteUpToMainFrameThreshold,Translate --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3940 /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F"
C:\Windows\system32\taskkill.exe
taskkill /IM msedge.exe /F
C:\Windows\system32\taskkill.exe
taskkill /IM msedge.exe /F
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:/Program Files (x86)/Microsoft/Edge/Application/msedge.exe" --allow-pre-commit-input --disable-background-networking --disable-background-timer-throttling --disable-backgrounding-occluded-windows --disable-breakpad --disable-client-side-phishing-detection --disable-component-extensions-with-background-pages --disable-default-apps --disable-dev-shm-usage --disable-extensions --disable-hang-monitor --disable-infobars --disable-ipc-flooding-protection --disable-popup-blocking --disable-prompt-on-repost --disable-renderer-backgrounding --disable-search-engine-choice-screen --disable-sync --enable-automation --export-tagged-pdf --generate-pdf-document-outline --force-color-profile=srgb --metrics-recording-only --no-first-run --password-store=basic --use-mock-keychain --disable-features=Translate,AcceptCHFrame,MediaRouter,OptimizationHints,ProcessPerSiteUpToMainFrameThreshold,IsolateSandboxedIframes --enable-features=PdfOopif "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --headless=new --hide-scrollbars --mute-audio about:blank --profile-directory=Default --no-sandbox --disable-setuid-sandbox --remote-debugging-port=0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffcc5713cb8,0x7ffcc5713cc8,0x7ffcc5713cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1404,3373124614204369780,130672096263804971,131072 --enable-features=PdfOopif --disable-features=AcceptCHFrame,IsolateSandboxedIframes,MediaRouter,OptimizationHints,ProcessPerSiteUpToMainFrameThreshold,Translate --no-sandbox --disable-breakpad --headless=new --headless --export-tagged-pdf --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --override-use-software-gl-for-tests --mojo-platform-channel-handle=1412 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1404,3373124614204369780,130672096263804971,131072 --enable-features=PdfOopif --disable-features=AcceptCHFrame,IsolateSandboxedIframes,MediaRouter,OptimizationHints,ProcessPerSiteUpToMainFrameThreshold,Translate --lang=en-US --service-sandbox-type=none --no-sandbox --use-gl=swiftshader-webgl --mute-audio --headless --export-tagged-pdf --mojo-platform-channel-handle=1656 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-sandbox --disable-background-timer-throttling --disable-breakpad --enable-automation --force-color-profile=srgb --remote-debugging-port=0 --allow-pre-commit-input --field-trial-handle=1404,3373124614204369780,130672096263804971,131072 --enable-features=PdfOopif --disable-features=AcceptCHFrame,IsolateSandboxedIframes,MediaRouter,OptimizationHints,ProcessPerSiteUpToMainFrameThreshold,Translate --lang=en-US --headless --export-tagged-pdf --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1804 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-sandbox --disable-background-timer-throttling --disable-breakpad --enable-automation --force-color-profile=srgb --remote-debugging-port=0 --allow-pre-commit-input --field-trial-handle=1404,3373124614204369780,130672096263804971,131072 --enable-features=PdfOopif --disable-features=AcceptCHFrame,IsolateSandboxedIframes,MediaRouter,OptimizationHints,ProcessPerSiteUpToMainFrameThreshold,Translate --disable-gpu-compositing --lang=en-US --headless --export-tagged-pdf --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2060 /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /T /IM chrome.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /T /IM msedge.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /T /IM chrome.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /T /IM msedge.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /T /IM msedge.exe
C:\Windows\system32\taskkill.exe
taskkill /F /T /IM chrome.exe
C:\Windows\system32\taskkill.exe
taskkill /F /T /IM msedge.exe
C:\Windows\system32\taskkill.exe
taskkill /F /T /IM chrome.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "where /r . *.sqlite"
C:\Windows\system32\where.exe
where /r . *.sqlite
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /T /IM chrome.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /T /IM msedge.exe"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\taskkill.exe
taskkill /F /T /IM chrome.exe
C:\Windows\system32\taskkill.exe
taskkill /F /T /IM msedge.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM EpicGamesLauncher.exe /F"
C:\Windows\system32\taskkill.exe
taskkill /IM EpicGamesLauncher.exe /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM javaw.exe /F"
C:\Windows\system32\taskkill.exe
taskkill /IM javaw.exe /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM Steam.exe /F"
C:\Windows\system32\taskkill.exe
taskkill /IM Steam.exe /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "cscript //B "C:\Users\Admin\AppData\Local\Temp\open.vbs""
C:\Windows\system32\cscript.exe
cscript //B "C:\Users\Admin\AppData\Local\Temp\open.vbs"
C:\Users\Admin\AppData\Local\Temp\hexon_9ca8f8c771bbfd5d.exe
"C:\Users\Admin\AppData\Local\Temp\hexon_9ca8f8c771bbfd5d.exe" HXN-MONTHLY-E33DFA7CED3E discord
C:\Users\Admin\AppData\Local\Programs\unrealgame\YemazoV43.exe
"C:\Users\Admin\AppData\Local\Programs\unrealgame\YemazoV43.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-data-dir="C:\Users\Admin\AppData\Roaming\unrealgame" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1080 --field-trial-handle=1812,i,774255616325661550,856336292029807393,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "%windir%\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid"
C:\Windows\System32\reg.exe
C:\Windows\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\20241011-3792-j6dvmy.v1nyj.png" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\20241011-3792-j6dvmy.v1nyj.png"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "cscript //B "C:\Users\Admin\AppData\Local\Temp\open.vbs""
C:\Windows\system32\cscript.exe
cscript //B "C:\Users\Admin\AppData\Local\Temp\open.vbs"
C:\Users\Admin\AppData\Local\Temp\hexon_0139055727797039.exe
"C:\Users\Admin\AppData\Local\Temp\hexon_0139055727797039.exe" HXN-MONTHLY-E33DFA7CED3E discord
C:\Users\Admin\AppData\Local\Programs\unrealgame\YemazoV43.exe
"C:\Users\Admin\AppData\Local\Programs\unrealgame\YemazoV43.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-data-dir="C:\Users\Admin\AppData\Roaming\unrealgame" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2436 --field-trial-handle=1800,i,12360570221256824820,8393403076056878304,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "%windir%\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid"
C:\Windows\System32\reg.exe
C:\Windows\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\20241011-5212-i4nxb8.2hxvh.png" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\20241011-5212-i4nxb8.2hxvh.png"
C:\Users\Admin\AppData\Local\Programs\unrealgame\YemazoV43.exe
"C:\Users\Admin\AppData\Local\Programs\unrealgame\YemazoV43.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-data-dir="C:\Users\Admin\AppData\Roaming\unrealgame" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2492 --field-trial-handle=1836,i,662573568502511052,892162944028664006,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "cscript //B "C:\Users\Admin\AppData\Local\Temp\open.vbs""
C:\Windows\system32\cscript.exe
cscript //B "C:\Users\Admin\AppData\Local\Temp\open.vbs"
C:\Users\Admin\AppData\Local\Temp\hexon_118abed70ffaad28.exe
"C:\Users\Admin\AppData\Local\Temp\hexon_118abed70ffaad28.exe" HXN-MONTHLY-E33DFA7CED3E discord
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "%windir%\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid"
C:\Windows\System32\reg.exe
C:\Windows\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\20241011-5684-1gejivb.ht6u.png" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\20241011-5684-1gejivb.ht6u.png"
C:\Users\Admin\AppData\Local\Programs\unrealgame\YemazoV43.exe
"C:\Users\Admin\AppData\Local\Programs\unrealgame\YemazoV43.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic csproduct get uuid"
C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
C:\Users\Admin\AppData\Local\Programs\unrealgame\YemazoV43.exe
"C:\Users\Admin\AppData\Local\Programs\unrealgame\YemazoV43.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\unrealgame" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1800,i,4219583514544516862,16777566571529155845,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Users\Admin\AppData\Local\Programs\unrealgame\YemazoV43.exe
"C:\Users\Admin\AppData\Local\Programs\unrealgame\YemazoV43.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\unrealgame" --mojo-platform-channel-handle=1984 --field-trial-handle=1800,i,4219583514544516862,16777566571529155845,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "where /r . cookies.sqlite"
C:\Windows\system32\where.exe
where /r . cookies.sqlite
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"
C:\Windows\system32\taskkill.exe
taskkill /IM chrome.exe /F
C:\Windows\system32\taskkill.exe
taskkill /IM chrome.exe /F
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:/Program Files/Google/Chrome/Application/chrome.exe" --allow-pre-commit-input --disable-background-networking --disable-background-timer-throttling --disable-backgrounding-occluded-windows --disable-breakpad --disable-client-side-phishing-detection --disable-component-extensions-with-background-pages --disable-default-apps --disable-dev-shm-usage --disable-extensions --disable-hang-monitor --disable-infobars --disable-ipc-flooding-protection --disable-popup-blocking --disable-prompt-on-repost --disable-renderer-backgrounding --disable-search-engine-choice-screen --disable-sync --enable-automation --export-tagged-pdf --generate-pdf-document-outline --force-color-profile=srgb --metrics-recording-only --no-first-run --password-store=basic --use-mock-keychain --disable-features=Translate,AcceptCHFrame,MediaRouter,OptimizationHints,ProcessPerSiteUpToMainFrameThreshold,IsolateSandboxedIframes --enable-features=PdfOopif "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --headless=new --hide-scrollbars --mute-audio about:blank --profile-directory=Default --no-sandbox --disable-setuid-sandbox --remote-debugging-port=0
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffcd386cc40,0x7ffcd386cc4c,0x7ffcd386cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-sandbox --disable-breakpad --headless=new --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1868,i,11636565536006208099,13518196133715207970,262144 --enable-features=PdfOopif --disable-features=AcceptCHFrame,IsolateSandboxedIframes,MediaRouter,OptimizationHints,PaintHolding,ProcessPerSiteUpToMainFrameThreshold,Translate --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1864 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --mute-audio --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --no-appcompat-clear --field-trial-handle=1752,i,11636565536006208099,13518196133715207970,262144 --enable-features=PdfOopif --disable-features=AcceptCHFrame,IsolateSandboxedIframes,MediaRouter,OptimizationHints,PaintHolding,ProcessPerSiteUpToMainFrameThreshold,Translate --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2320 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --mute-audio --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --no-appcompat-clear --field-trial-handle=2076,i,11636565536006208099,13518196133715207970,262144 --enable-features=PdfOopif --disable-features=AcceptCHFrame,IsolateSandboxedIframes,MediaRouter,OptimizationHints,PaintHolding,ProcessPerSiteUpToMainFrameThreshold,Translate --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2312 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --no-appcompat-clear --no-sandbox --disable-background-timer-throttling --disable-breakpad --enable-automation --force-color-profile=srgb --remote-debugging-port=0 --allow-pre-commit-input --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2772,i,11636565536006208099,13518196133715207970,262144 --enable-features=PdfOopif --disable-features=AcceptCHFrame,IsolateSandboxedIframes,MediaRouter,OptimizationHints,PaintHolding,ProcessPerSiteUpToMainFrameThreshold,Translate --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2796 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --no-appcompat-clear --no-sandbox --disable-background-timer-throttling --disable-breakpad --enable-automation --force-color-profile=srgb --remote-debugging-port=0 --allow-pre-commit-input --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2776,i,11636565536006208099,13518196133715207970,262144 --enable-features=PdfOopif --disable-features=AcceptCHFrame,IsolateSandboxedIframes,MediaRouter,OptimizationHints,PaintHolding,ProcessPerSiteUpToMainFrameThreshold,Translate --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3052 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --no-appcompat-clear --no-sandbox --disable-background-timer-throttling --disable-breakpad --enable-automation --force-color-profile=srgb --remote-debugging-port=0 --allow-pre-commit-input --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3880,i,11636565536006208099,13518196133715207970,262144 --enable-features=PdfOopif --disable-features=AcceptCHFrame,IsolateSandboxedIframes,MediaRouter,OptimizationHints,PaintHolding,ProcessPerSiteUpToMainFrameThreshold,Translate --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3236 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F"
C:\Windows\system32\taskkill.exe
taskkill /IM msedge.exe /F
C:\Windows\system32\taskkill.exe
taskkill /IM msedge.exe /F
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:/Program Files (x86)/Microsoft/Edge/Application/msedge.exe" --allow-pre-commit-input --disable-background-networking --disable-background-timer-throttling --disable-backgrounding-occluded-windows --disable-breakpad --disable-client-side-phishing-detection --disable-component-extensions-with-background-pages --disable-default-apps --disable-dev-shm-usage --disable-extensions --disable-hang-monitor --disable-infobars --disable-ipc-flooding-protection --disable-popup-blocking --disable-prompt-on-repost --disable-renderer-backgrounding --disable-search-engine-choice-screen --disable-sync --enable-automation --export-tagged-pdf --generate-pdf-document-outline --force-color-profile=srgb --metrics-recording-only --no-first-run --password-store=basic --use-mock-keychain --disable-features=Translate,AcceptCHFrame,MediaRouter,OptimizationHints,ProcessPerSiteUpToMainFrameThreshold,IsolateSandboxedIframes --enable-features=PdfOopif "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --headless=new --hide-scrollbars --mute-audio about:blank --profile-directory=Default --no-sandbox --disable-setuid-sandbox --remote-debugging-port=0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffcc5563cb8,0x7ffcc5563cc8,0x7ffcc5563cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1420,5562905231143898209,2631852683232024367,131072 --enable-features=PdfOopif --disable-features=AcceptCHFrame,IsolateSandboxedIframes,MediaRouter,OptimizationHints,ProcessPerSiteUpToMainFrameThreshold,Translate --no-sandbox --disable-breakpad --headless=new --headless --export-tagged-pdf --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --override-use-software-gl-for-tests --mojo-platform-channel-handle=1464 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1420,5562905231143898209,2631852683232024367,131072 --enable-features=PdfOopif --disable-features=AcceptCHFrame,IsolateSandboxedIframes,MediaRouter,OptimizationHints,ProcessPerSiteUpToMainFrameThreshold,Translate --lang=en-US --service-sandbox-type=none --no-sandbox --use-gl=swiftshader-webgl --mute-audio --headless --export-tagged-pdf --mojo-platform-channel-handle=1632 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-sandbox --disable-background-timer-throttling --disable-breakpad --enable-automation --force-color-profile=srgb --remote-debugging-port=0 --allow-pre-commit-input --field-trial-handle=1420,5562905231143898209,2631852683232024367,131072 --enable-features=PdfOopif --disable-features=AcceptCHFrame,IsolateSandboxedIframes,MediaRouter,OptimizationHints,ProcessPerSiteUpToMainFrameThreshold,Translate --lang=en-US --headless --export-tagged-pdf --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1860 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-sandbox --disable-background-timer-throttling --disable-breakpad --enable-automation --force-color-profile=srgb --remote-debugging-port=0 --allow-pre-commit-input --field-trial-handle=1420,5562905231143898209,2631852683232024367,131072 --enable-features=PdfOopif --disable-features=AcceptCHFrame,IsolateSandboxedIframes,MediaRouter,OptimizationHints,ProcessPerSiteUpToMainFrameThreshold,Translate --disable-gpu-compositing --lang=en-US --headless --export-tagged-pdf --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2016 /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /T /IM chrome.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /T /IM msedge.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /T /IM chrome.exe
C:\Windows\system32\taskkill.exe
taskkill /F /T /IM msedge.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /T /IM chrome.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /T /IM msedge.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /T /IM chrome.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /T /IM msedge.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /T /IM chrome.exe
C:\Windows\system32\taskkill.exe
taskkill /F /T /IM msedge.exe
C:\Windows\system32\taskkill.exe
taskkill /F /T /IM msedge.exe
C:\Windows\system32\taskkill.exe
taskkill /F /T /IM chrome.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "where /r . *.sqlite"
C:\Windows\system32\where.exe
where /r . *.sqlite
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM EpicGamesLauncher.exe /F"
C:\Windows\system32\taskkill.exe
taskkill /IM EpicGamesLauncher.exe /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM javaw.exe /F"
C:\Windows\system32\taskkill.exe
taskkill /IM javaw.exe /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM Steam.exe /F"
C:\Windows\system32\taskkill.exe
taskkill /IM Steam.exe /F
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\Admin\AppData\Local\Programs\unrealgame\YemazoV43.exe
"C:\Users\Admin\AppData\Local\Programs\unrealgame\YemazoV43.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-data-dir="C:\Users\Admin\AppData\Roaming\unrealgame" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 --field-trial-handle=1808,i,4531964123958613393,14206680399500107072,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "cscript //B "C:\Users\Admin\AppData\Local\Temp\open.vbs""
C:\Windows\system32\cscript.exe
cscript //B "C:\Users\Admin\AppData\Local\Temp\open.vbs"
C:\Users\Admin\AppData\Local\Temp\hexon_b14c0a0837c9bf6e.exe
"C:\Users\Admin\AppData\Local\Temp\hexon_b14c0a0837c9bf6e.exe" HXN-MONTHLY-E33DFA7CED3E discord
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "%windir%\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid"
C:\Windows\System32\reg.exe
C:\Windows\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\20241011-4264-13bg8ba.1u84.png" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\20241011-4264-13bg8ba.1u84.png"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Users\Admin\AppData\Local\Programs\unrealgame\YemazoV43.exe
"C:\Users\Admin\AppData\Local\Programs\unrealgame\YemazoV43.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-data-dir="C:\Users\Admin\AppData\Roaming\unrealgame" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1632 --field-trial-handle=1800,i,4219583514544516862,16777566571529155845,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Programs\unrealgame\vulkan-1.dll"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Programs\unrealgame\vulkan-1.dll
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1992 -parentBuildID 20240401114208 -prefsHandle 1924 -prefMapHandle 1916 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b2ed229-e578-4d38-89b8-5d5d7ce583ce} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2412 -parentBuildID 20240401114208 -prefsHandle 2408 -prefMapHandle 2404 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {74eff67e-3eda-4d79-84c7-6435a318276a} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3228 -childID 1 -isForBrowser -prefsHandle 2952 -prefMapHandle 2740 -prefsLen 24739 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ab32992-7922-4c33-bad0-a3feaf8ef149} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3640 -childID 2 -isForBrowser -prefsHandle 3632 -prefMapHandle 3628 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6783ca3c-4efa-4f55-aa8a-bb1fdc00634e} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4480 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4328 -prefMapHandle 1572 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec119947-979d-47d6-9e48-6b9e54638985} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5880 -childID 3 -isForBrowser -prefsHandle 5868 -prefMapHandle 5856 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f5e8629e-d929-4aa7-b1a0-8c7ae7be394b} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6044 -childID 4 -isForBrowser -prefsHandle 5720 -prefMapHandle 5756 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5767db2a-4802-48c7-87aa-7b75b353863d} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6192 -childID 5 -isForBrowser -prefsHandle 6200 -prefMapHandle 6204 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {02c91af1-3b60-4595-83ac-9f9659c58a66} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" tab
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
C:\Users\Admin\AppData\Local\Programs\unrealgame\Uninstall YemazoV43.exe
"C:\Users\Admin\AppData\Local\Programs\unrealgame\Uninstall YemazoV43.exe" /currentuser
C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe
"C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe" /currentuser _?=C:\Users\Admin\AppData\Local\Programs\unrealgame\
C:\Windows\SysWOW64\cmd.exe
cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq YemazoV43.exe" | %SYSTEMROOT%\System32\find.exe "YemazoV43.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq YemazoV43.exe"
C:\Windows\SysWOW64\find.exe
C:\Windows\System32\find.exe "YemazoV43.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c taskkill /im "YemazoV43.exe" /fi "PID ne 564" /fi "USERNAME eq %USERNAME%"
C:\Windows\SysWOW64\taskkill.exe
taskkill /im "YemazoV43.exe" /fi "PID ne 564" /fi "USERNAME eq Admin"
C:\Windows\SysWOW64\cmd.exe
cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq YemazoV43.exe" | %SYSTEMROOT%\System32\find.exe "YemazoV43.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq YemazoV43.exe"
C:\Windows\SysWOW64\find.exe
C:\Windows\System32\find.exe "YemazoV43.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c taskkill /f /im "YemazoV43.exe" /fi "PID ne 564" /fi "USERNAME eq %USERNAME%"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im "YemazoV43.exe" /fi "PID ne 564" /fi "USERNAME eq Admin"
C:\Windows\SysWOW64\cmd.exe
cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq YemazoV43.exe" | %SYSTEMROOT%\System32\find.exe "YemazoV43.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq YemazoV43.exe"
C:\Windows\SysWOW64\find.exe
C:\Windows\System32\find.exe "YemazoV43.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq YemazoV43.exe" | %SYSTEMROOT%\System32\find.exe "YemazoV43.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq YemazoV43.exe"
C:\Windows\SysWOW64\find.exe
C:\Windows\System32\find.exe "YemazoV43.exe"
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.200.35:445 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 216.58.212.225:443 | lh3.googleusercontent.com | tcp |
| US | 172.67.132.40:443 | img.itch.zone | tcp |
| US | 172.67.132.40:443 | img.itch.zone | tcp |
| US | 172.67.132.40:443 | img.itch.zone | tcp |
| US | 172.67.132.40:443 | img.itch.zone | tcp |
| US | 172.67.132.40:443 | img.itch.zone | tcp |
| US | 172.67.132.40:443 | img.itch.zone | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 216.58.212.225:443 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 35.200.250.142.in-addr.arpa | udp |
| GB | 142.250.178.9:443 | resources.blogblog.com | udp |
| GB | 142.250.200.35:139 | fonts.gstatic.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| US | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| GB | 95.101.143.219:443 | tcp | |
| GB | 95.101.143.219:443 | tcp | |
| GB | 92.123.128.133:443 | r.bing.com | tcp |
| GB | 92.123.128.133:443 | r.bing.com | tcp |
| GB | 92.123.128.133:443 | r.bing.com | tcp |
| GB | 92.123.128.133:443 | r.bing.com | tcp |
| GB | 92.123.128.133:443 | r.bing.com | tcp |
| GB | 92.123.128.133:443 | r.bing.com | tcp |
| GB | 23.62.195.195:443 | cxcs.microsoft.net | tcp |
| GB | 92.123.128.175:443 | www.bing.com | tcp |
| GB | 216.58.213.1:443 | lh3.googleusercontent.com | udp |
| GB | 92.123.128.149:443 | www.bing.com | tcp |
| GB | 95.101.143.219:443 | tcp | |
| US | 150.171.32.254:443 | exo-ring-fallback.msedge.net | tcp |
| US | 150.171.22.254:443 | ln-ring.msedge.net | tcp |
| US | 13.89.179.10:443 | browser.pipe.aria.microsoft.com | tcp |
| GB | 92.123.128.133:443 | r.bing.com | tcp |
| GB | 92.123.128.133:443 | r.bing.com | tcp |
| CA | 20.151.152.98:443 | tcp | |
| CA | 20.151.152.98:443 | tcp | |
| CA | 20.151.152.98:443 | tcp | |
| US | 108.181.20.35:443 | catbox.moe | tcp |
| CA | 20.151.152.98:443 | tcp | |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 108.181.20.35:443 | catbox.moe | tcp |
| CA | 20.151.152.98:443 | tcp | |
| CA | 20.151.152.98:443 | tcp | |
| CA | 20.151.152.98:443 | tcp | |
| N/A | 127.0.0.1:50873 | tcp | |
| CA | 20.151.152.98:443 | tcp | |
| N/A | 127.0.0.1:51024 | tcp | |
| CA | 20.151.152.98:443 | tcp | |
| CA | 20.151.152.98:443 | tcp | |
| CA | 20.151.152.98:443 | tcp | |
| US | 108.181.20.35:443 | catbox.moe | tcp |
| CA | 20.151.152.98:443 | tcp | |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| CA | 20.151.152.98:443 | tcp | |
| CA | 20.151.152.98:443 | tcp | |
| US | 108.181.20.35:443 | catbox.moe | tcp |
| CA | 20.151.152.98:443 | tcp | |
| CA | 20.151.152.98:443 | tcp | |
| US | 108.181.20.35:443 | catbox.moe | tcp |
| CA | 20.151.152.98:443 | tcp | |
| N/A | 127.0.0.1:51133 | tcp | |
| CA | 20.151.152.98:443 | tcp | |
| CA | 20.151.152.98:443 | tcp | |
| N/A | 127.0.0.1:51225 | tcp | |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| CA | 20.151.152.98:443 | tcp | |
| US | 108.181.20.35:443 | catbox.moe | tcp |
| CA | 20.151.152.98:443 | tcp | |
| CA | 20.151.152.98:443 | tcp | |
| CA | 20.151.152.98:443 | tcp | |
| N/A | 127.0.0.1:51292 | tcp | |
| N/A | 127.0.0.1:51383 | tcp | |
| CA | 20.151.152.98:443 | tcp | |
| CA | 20.151.152.98:1337 | 20.151.152.98 | tcp |
| CA | 20.151.152.98:1337 | 20.151.152.98 | tcp |
| CA | 20.151.152.98:1337 | 20.151.152.98 | tcp |
| CA | 20.151.152.98:1337 | 20.151.152.98 | tcp |
| CA | 20.151.152.98:1337 | 20.151.152.98 | tcp |
| CA | 20.151.152.98:443 | tcp | |
| CA | 20.151.152.98:443 | tcp | |
| CA | 20.151.152.98:443 | tcp | |
| CA | 20.151.152.98:443 | tcp | |
| US | 108.181.20.35:443 | catbox.moe | tcp |
| CA | 20.151.152.98:443 | tcp | |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 108.181.20.35:443 | catbox.moe | tcp |
| CA | 20.151.152.98:443 | tcp | |
| N/A | 127.0.0.1:51550 | tcp | |
| N/A | 127.0.0.1:51640 | tcp | |
| CA | 20.151.152.98:443 | tcp | |
| CA | 20.151.152.98:443 | tcp | |
| CA | 20.151.152.98:443 | tcp | |
| CA | 20.151.152.98:1337 | 20.151.152.98 | tcp |
| CA | 20.151.152.98:1337 | 20.151.152.98 | tcp |
| CA | 20.151.152.98:1337 | 20.151.152.98 | tcp |
| CA | 20.151.152.98:1337 | 20.151.152.98 | tcp |
| CA | 20.151.152.98:1337 | 20.151.152.98 | tcp |
| CA | 20.151.152.98:443 | tcp | |
| CA | 20.151.152.98:1337 | 20.151.152.98 | tcp |
| CA | 20.151.152.98:1337 | 20.151.152.98 | tcp |
| CA | 20.151.152.98:1337 | 20.151.152.98 | tcp |
| CA | 20.151.152.98:1337 | 20.151.152.98 | tcp |
| CA | 20.151.152.98:1337 | 20.151.152.98 | tcp |
| CA | 20.151.152.98:443 | tcp | |
| CA | 20.151.152.98:1337 | 20.151.152.98 | tcp |
| CA | 20.151.152.98:1337 | 20.151.152.98 | tcp |
| CA | 20.151.152.98:1337 | 20.151.152.98 | tcp |
| CA | 20.151.152.98:1337 | 20.151.152.98 | tcp |
| CA | 20.151.152.98:1337 | 20.151.152.98 | tcp |
| CA | 20.151.152.98:443 | tcp | |
| CA | 20.151.152.98:443 | tcp | |
| CA | 20.151.152.98:443 | tcp | |
| CA | 20.151.152.98:443 | tcp | |
| US | 108.181.20.35:443 | catbox.moe | tcp |
| CA | 20.151.152.98:443 | tcp | |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 108.181.20.35:443 | catbox.moe | tcp |
| N/A | 127.0.0.1:51833 | tcp | |
| N/A | 127.0.0.1:51923 | tcp | |
| CA | 20.151.152.98:443 | tcp | |
| CA | 20.151.152.98:443 | tcp | |
| CA | 20.151.152.98:443 | tcp | |
| CA | 20.151.152.98:443 | tcp | |
| CA | 20.151.152.98:1337 | 20.151.152.98 | tcp |
| CA | 20.151.152.98:1337 | 20.151.152.98 | tcp |
| CA | 20.151.152.98:1337 | 20.151.152.98 | tcp |
| CA | 20.151.152.98:1337 | 20.151.152.98 | tcp |
| CA | 20.151.152.98:1337 | 20.151.152.98 | tcp |
| CA | 20.151.152.98:443 | tcp | |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| N/A | 127.0.0.1:52030 | tcp | |
| US | 8.8.8.8:53 | 149.234.200.54.in-addr.arpa | udp |
| N/A | 127.0.0.1:52068 | tcp | |
| US | 8.8.8.8:53 | support.mozilla.org | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| GB | 95.101.143.219:443 | tcp | |
| GB | 23.62.195.195:443 | cxcs.microsoft.net | tcp |
| GB | 92.123.128.175:443 | www.bing.com | tcp |
| GB | 23.62.195.195:443 | cxcs.microsoft.net | tcp |
| GB | 92.123.128.175:443 | www.bing.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1fc959921446fa3ab5813f75ca4d0235 |
| SHA1 | 0aeef3ba7ba2aa1f725fca09432d384b06995e2a |
| SHA256 | 1b1e89d3b2f3da84cc8494d07cf0babc472c426ccb1c4ae13398243360c9d02c |
| SHA512 | 899d1e1b0feece25ac97527daddcaaeb069cb428532477849eba43a627502c590261f2c26fef31e4e20efd3d7eb0815336a784c4d2888e05afcf5477af872b06 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e9a2c784e6d797d91d4b8612e14d51bd |
| SHA1 | 25e2b07c396ee82e4404af09424f747fc05f04c2 |
| SHA256 | 18ddbb93c981d8006071f9d26924ce3357cad212cbb65f48812d4a474c197ce6 |
| SHA512 | fc35688ae3cd448ed6b2069d39ce1219612c54f5bb0dd7b707c9e6f39450fe9fb1338cf5bd0b82a45207fac2fbab1e0eae77e5c9e6488371390eab45f76a5df1 |
\??\pipe\LOCAL\crashpad_2636_CQNRVDTBBTIDUAKN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b636175d5f1c78eca6de1617dd8f9faa |
| SHA1 | 7e917ae0dd741449ac5a442680ef0c2d2f4ae719 |
| SHA256 | a37cabd0b8cde689bc0e163037c1157cf174e704acf906a844b56962c69366cd |
| SHA512 | d9888b9cc7b5641a1b56cadc47640495df6916dca006e1cc8a25ffedb745f2c8411734bba3a0404841115ef16e818b37500c0cd69b7a2c5c3812274c6b7bf8ca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d01a2cfe277029bd3c1704b741cacfd4 |
| SHA1 | 6c38e7851f3be080aa16f66754e957f93c4169f8 |
| SHA256 | 9af3aeba6ee5a6ebc26f9680221aff7c9b3b7ea013335a02783c9ba74e1be1f6 |
| SHA512 | 9aee1e4068f61543f5fb2b97b46ed9e99f33540d7888da0abfd96f24f3a72a3cd14ed8882cba49c549fb5a5033ae583c251b989b76b337fb83caad586ea8dba1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3a92365a8ad3a536a4bba24e54380b54 |
| SHA1 | 1832967479e134151f47eca4700c21acacff270d |
| SHA256 | d93ec1584bfe42b650236750fd9d1341828efda8e8663ac3e19d280ce6271545 |
| SHA512 | 379c3f8bf8d2bedeb4b2fdd7f8d2b004edc778868dc8f8861b9e5a852c5a4e782101fb5b95bb0c9bfcff68083bcdcc2e8f48fccf7e7457a20bf86c6749e15e93 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\Downloads\YemazoV33.rar:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9433cfc300ba164ac6b14b537ecd5af4 |
| SHA1 | f1c159584a38ff287222ead13c3a09eba2bd8ed2 |
| SHA256 | 821fc7d8f8f623f336ebe18b6e5513055671fb8052cfb9f83cbd23a8553d6b77 |
| SHA512 | a667940cd8f57a15909fc53d341cc8d154e360f461d9c95cc3390a7bc3eb61a4d59fb3864b2221d54b74f917f0a65390f0e23c9f9aa26a5da924f49656d4f18b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | f04e307a0114ed3e81671dd44e16b7fe |
| SHA1 | 6f31b0796666f8375947cd16816b63ce96b7dacd |
| SHA256 | ea4af43a213d7364f9f54f9b7e5507b6df0f8524ef80fa9865daf54a25fc33ff |
| SHA512 | cf1d88444458035ca5e1874b0a525bb62469088ab994a06827d2baf6928ee12a179dcb46528a4394f0ddf0db9e5f099ac822d8c0cb39af2a017aea11af6e6c44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f42b168ac0072935630d71eb6aed3c31 |
| SHA1 | 80a6c8019d3a702332a909124ffe83d268aaee70 |
| SHA256 | 02eb99efb1372a315ca8bc4bf2dc0d831433ba1637cda4073c203df701d83345 |
| SHA512 | 2644a88fb82b958f3c253f74d240c56ece1986f1a17776cb1a488baa9f2ae6b5b11d5cc32d7a4894ca45800c70c2e8bb24f411ffe0bbea54031588d8630428be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a3a79deb38b51c3159772c3f0b7b17e1 |
| SHA1 | bd6dd314bf2678cea97ab25ac4a95bb2dccc4ae3 |
| SHA256 | 113c1f0afb3e1e3653c65d6bd132ed29753d7a0b34b3045e94590f4960cbd8d8 |
| SHA512 | abe987065d7d3cd7ad592a7d4d35bf720ba88eb954ace7a12b632408c97437336e9d8d3d8522d97ebebdf98832b79945f9c058e00bcb14308a48d28b942f8924 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0233586997daa9c57ab5bf963ee8b019 |
| SHA1 | 4fdeeb10dc5e52521a5756661174f9da471c0b64 |
| SHA256 | 20416a5b11b602d48554e9b6db831c548204c9d4966afb9bc8b6567d9caaed57 |
| SHA512 | 9eb1789d3823e2731318acc3d8aa78a48f411a69401aa2f7f19e2cc269d9bee2b1feba0ff81b3e4fa2ee6689edf994dc7a365bf279c869e52662b4a3c89f67c3 |
C:\Users\Admin\Desktop\CompressSkip.odt
| MD5 | 3827d30c7a100d5097c1e7f145ff2f7e |
| SHA1 | a55dc2a9d74d4dedeb5e0b4dbb282760e6de2672 |
| SHA256 | 4699ab1eda1ac91bf3e42638a8548b8f36cfb95f6eba7d5f48829306d9d4e096 |
| SHA512 | 0a1024bca5faf11d08b09c38f596d651f31ef3f9da918dcb723e4e66ee3125922e1877778a4d6b644197a20bd28468af23c903bcc81285cedc455ce7a6ba83e3 |
C:\Users\Admin\Desktop\MoveWrite.inf
| MD5 | 11de4a34c25dbae48dbf4f5a1bafc3c2 |
| SHA1 | cd7fb9cf57cac22fe369bc53b1a685a924bd7209 |
| SHA256 | eca3a2c702c25c81cd287fa7edc06ce1cbd4f5931b49c0333c95e95391d64b88 |
| SHA512 | ef4954748e56a538d6b6ea752f244662ab738c61f3555908d8a94317b23ea71834ad8f0db8f4baa7941308ff8c26d37038915d4495ee6aeb303901bc3c872990 |
C:\Users\Admin\Desktop\MeasureImport.dwg
| MD5 | 4208602c79e776f2534c95c98b423e41 |
| SHA1 | bebf6f80731c10a957ba87a31446d350abc00c2f |
| SHA256 | b32e2986deeedf92ba61359e10264e8aec2e67e392c39cdbd1745bd3b3307f08 |
| SHA512 | 1af5358d72c280983caae73d6f06921b8df808947b43fbf32d7a286284478904043cdd48076c5ebd0632eed464b7332a9011c98c6baac09556cf515366d06f9f |
C:\Users\Admin\Desktop\InitializeUninstall.jfif
| MD5 | 7ba02bab052ec5f0a3f7899935614b74 |
| SHA1 | e6f49ff46107df7bb6ab6e873b11abacc7f45d69 |
| SHA256 | 1cbd27765933d66ec311d05b7efa2f30a130d24e7d55ad9fa99e2ee621c46253 |
| SHA512 | 80d7a1cc7a805b5aa80b57c98251a21c3a35ac2e7e9ecf2e1c5f250a7e3b91601b5eaad5ef823df1eb06473eadb584c0e73ccc692e57ae08ad9bfa622521f9ae |
C:\Users\Admin\Desktop\FindHide.xht
| MD5 | 5109d0afda087978a5abfbb3811acdae |
| SHA1 | ba2e875b39d1aa60988cf0d4301e7e236996f5ae |
| SHA256 | fdabfe9aad10628d3e802b4dcce3b4c8f42ee628c58de79ac7b5996a9d2944d7 |
| SHA512 | e877d4c003eaf449139a9858f66b05a1f64d774561730ac39bf4fec508d3688eba239d774405aa6cbd788b0b1650b5a8a0bd1fa454df03bab14c7491bfe7203f |
C:\Users\Admin\Desktop\ExportCompare.vbe
| MD5 | d0d245b39149d9d5e96695fc94dedb2e |
| SHA1 | 0da0d18d7dcfc0e9ba9a0c5387317dd2ad5ceacb |
| SHA256 | 4a221280b298b81dacecb3e203b6b601e674d9a56b474fe332dfa8d7bd494619 |
| SHA512 | 7254d4e71892104dc64efc4631c5f1b31422e568850e2849c2cd60e6295694c526db1cd10a21cdd725709f6ae018e92f1fb3c4515949a54d8d79134ed7c36d15 |
C:\Users\Admin\Desktop\DisconnectRegister.contact
| MD5 | 938d223c0b2002c47215c1aaead0b24e |
| SHA1 | 60266a0790ca85d4c15a9d2953f9f489aaf0edec |
| SHA256 | cd4b3d9be051d0167c8b7b9279c7e3c3b1c0c0bc91e2088bfe471a82f9529692 |
| SHA512 | 3abbcdacb13b26ee28037ac96c4b30279b46a8abdfbc43d837bc11b8c92fdc66dd4da150ba41d9644cd1f34ffdb0ff7134df2714a9a36b48119a9b163dc31c7b |
C:\Users\Admin\Desktop\ConnectSubmit.pptx
| MD5 | da39821ecf3e0bc786ba048e031cc8bc |
| SHA1 | fa02faf621948f560658b563f882f126d1fb1ba3 |
| SHA256 | 2e75a092cb456a431fd42776a195ec1d03d02fff299bef055deb6f77a5b6b16f |
| SHA512 | db45b1b5a6d4610a6c1ae713f34b7d8f1aac7d0722ea29613e370d106f9b8d3ad9475a6755eae11ed206c1630891dd1be39e63d589d9bbd633a2db6557091682 |
C:\Users\Admin\Desktop\NewGrant.mp3
| MD5 | 15617fc8d629c5b332cedc7bfc874987 |
| SHA1 | 385b42a1aac164dd91239a4712b1b5b9b168b148 |
| SHA256 | 2674ca102810cfc0a1c306508ca4255421240f090b156625871375ca60f6b361 |
| SHA512 | 3e0f7ea8fab000bf3ed853c24e263e6ad699e024ab5397883e49c7b6f1a757591e3e9d81658ab2ba2f77d88421ebebe5188fe1bbda0fc2cfa40c23555c0b20c1 |
C:\Users\Admin\Desktop\PublishInstall.mov
| MD5 | 4e63516758cdd91526ca457151d74d65 |
| SHA1 | 51dc6a7c741e5ebe5b2de05b6037afbb2e4b5dcc |
| SHA256 | cc8c4b0c9153ecf011e3d07718d7fc5f9d859885b2fa7cd52454d00982327a18 |
| SHA512 | 217d18ba41bee1bf2e8c2fcbd49a505a15c77819e2f1c6991f39c082b8742d4ce89f84640a25b4d032acbef5eb6450d11dff2659b7dd0ab3a621c9ae0aa17492 |
C:\Users\Admin\Desktop\UseExit.dwfx
| MD5 | dd9ba5a32f784eb098fe656ec7804537 |
| SHA1 | ca7ea0829d6d63f761e95993f83715ead3162556 |
| SHA256 | 77a4b24c523d1460411c022e057d2c5c474d546de7ce6a872a62f54dac8182e7 |
| SHA512 | 3fe472422e10b62757159444384803bc43d999e8d8797e67cc8a14cad5b7b191ced518fe529c1dc7269a7ded2e6b282840cd1d79682dddd95f751d681a2772fa |
C:\Users\Public\Desktop\Google Chrome.lnk
| MD5 | ed5f09393792286f0c4f6af3decb6535 |
| SHA1 | f515d028d5ea6ef3ee0280c78e9e5c2c9ffe8397 |
| SHA256 | 80a5c030a1a7256c293027b9c8e4c5129d67f6f9051c2f88851f45928cd945aa |
| SHA512 | 502100c8afdf1fc4949256092da1efe68cc917d4ed53683b0036505007f625a4884d6545e12e7cd5663da6295ec5467fa99b342fbce8d2f1a5e29819e4cfb27d |
C:\Users\Public\Desktop\Firefox.lnk
| MD5 | b16a27eeec3157c4bd13e65dc30a8b46 |
| SHA1 | 97ffb673866df975238b3a6e4dc8f5f85e0bc092 |
| SHA256 | cd656d76651b392ce6a42c594a6ca106849aad8371006e566ad0fae48116918b |
| SHA512 | f8dd560bdeb7ed8e92326adba3fad2f2fb5aea7c7943fec00bd84481c9d7a77cdd7346fe5b9a4c43866e49ee641aba88acba4716c6a2e0cd1d8dee2cdcf9c95c |
C:\Users\Public\Desktop\VLC media player.lnk
| MD5 | fdb5efb0e55982667f87e6c3e9721fec |
| SHA1 | afe293158557075e85f6b5891ce6876c5ab66097 |
| SHA256 | bb0b3812a63bc745ec1029853e854473b4ed0c0ca2b25d3f8682db288378416c |
| SHA512 | 520c8a9296676a587896e78a74b2868f7e20a21a87f57d37c2801c83309c696d9cb209e4de652f5f4202962f2669de79f94aea79ccebc2c30da7a0ececf77a5d |
C:\Users\Public\Desktop\Acrobat Reader DC.lnk
| MD5 | a82c8811063782090ed7733237b67bdb |
| SHA1 | 9bbded14a67dedfd4fbb3cf63a7ed1f67b05acc7 |
| SHA256 | 39fef6e66eca40bcb4b9d9710d1d648040fbada53f8a51d264c51be119675863 |
| SHA512 | 4b903adfc6d6b293e7e5c512a7f73395090d9cbc6d053fa892d66fb69651652b04f19e1e11c7ca43c2c520f54089fd67ef3ce40545c70643904d267c7f63462b |
C:\Users\Admin\Desktop\Microsoft Edge.lnk
| MD5 | 79a03cb8943d207566d25565fa0e3bb4 |
| SHA1 | 23196b09a5249b560cc02dcf078055bafc08a5ce |
| SHA256 | e561d747f6eafbabaa5043d14dbbff4883daf3786d1078a88c0e4d1a6ddd2d85 |
| SHA512 | ba591bda09f8732547c271e7c065e70173c49f01dae91b456be4f2e780c43f554f028ac34470c6c2f4c37ff95d18f0741bb137ea615a0fc9ec7dd9314398a95f |
C:\Users\Admin\Desktop\SkipSubmit.xlsx
| MD5 | 52f1efaf534d0e567987b9603e446f47 |
| SHA1 | 2a6dfb5fefa45d1524a25dabf3be74484bedd546 |
| SHA256 | 0efbebc4c9ff63fb880fa81678ccb3e985f957dc851568c4b902de96c8a8c76d |
| SHA512 | 29044da3ce4244db5e70521e2797f5e496d321f23bda1b28496e93d888820c6cc8487a903383209f8b4558570a347cb8fd2416cf6038e436dd05331ea3766caf |
C:\Users\Admin\Desktop\InvokeConfirm.xlsx
| MD5 | f71e034ebf94b71cd93064977938e63c |
| SHA1 | 99d3240443dbd2228ecc808e5ea1eb0de23a13fc |
| SHA256 | 54d392f734bb007fff2ed2606163ad07e6a3f1d9e90b9d61326b4e12c2b791e0 |
| SHA512 | cc2c69f3291d4b3f2c40287219535febf56505f1b6a61f52d794ae59b569f483772eb62d984a2d5649b5ea8fb17bd6f3d81070bece011966f4ff55be9828afb4 |
C:\Users\Admin\Desktop\UseShow.iso
| MD5 | 727c43612f09f2b579846d522a61108f |
| SHA1 | e5266499c87833f2495ea2efe7929b6e8aa3526a |
| SHA256 | ae0c5d855d2e93bf12ec1cf23d2d2be6888921b351ba89f16216e3c5eb9e144f |
| SHA512 | 0cdee6497def7fede1184cf88af4c5fb4622358395828ac4005a08ed917c653866aa76cf1641bc50b813ad7491b86d06f3b32c8716e5be312f2cec9df4942908 |
C:\Users\Admin\Desktop\UninstallUnlock.xltx
| MD5 | b722ee8fcad044b44dd654ee154b7845 |
| SHA1 | e545b24ad9f88267a6ea3adf9c5d7da6a2723f7c |
| SHA256 | 4a0ae500712a1c40a9d08286f93f4bd966d787ad210a2aba1e0dd1b880ce97f1 |
| SHA512 | 2703ff6b889c5d192d7ed331647bde99082140d6d141f731a8f7d79ced649d47808b97d2f5493d375d7fdca87f9b62f5605d856085b14b65ed0ae7a14c8c4587 |
C:\Users\Admin\Desktop\UnblockRegister.docx
| MD5 | b276c31004bf99b9e72dabfef3eeb5ce |
| SHA1 | 6b68132129866e6536953c02820d98ff7ee19c41 |
| SHA256 | 69090a0126c70102e6ed19689ec969135862929c595df13bf0e9c6590e3f3526 |
| SHA512 | 6122959f4a5e3014d582ebf4a66390e6fdb62d8631715ca30a944934ccec3aeeb8793777b6bd03bfe183f821df532df14a9280f7e2f2c7712be4b872abbea8f2 |
C:\Users\Admin\Desktop\SwitchGet.vbs
| MD5 | 2719d6a640ca4c7d0336aa70b1951366 |
| SHA1 | dbdf1296f7168d36764ada2628a1293ec17dce9e |
| SHA256 | 667ba911666cc1bd62f5952643402455d1553ec6a6ee80c8a779e3591b273088 |
| SHA512 | 4badd903513e42360030a478946ad70dca6b570c153ec11ec474600806e12f542a50f56691fb2ed84f2ff603b72796132c241a9144297abdb49cd32154851756 |
C:\Users\Admin\Desktop\SaveSync.xlsm
| MD5 | 9289f443cdda80c86d6b989eaf9893a0 |
| SHA1 | 82d4debf873ead8da1b730b016920cae1fcc6f34 |
| SHA256 | 963ce97992c4becfe9fa51f2f405e7d7ef889e23420588dcd8ec28805d2d1cf7 |
| SHA512 | 5a48177e4d4cbc608eb0caf3bd666ee6e4d1e918c909d205952f8e6817c3946c2929bec1490dbf3b01a4a8bdb369acd85da8c5ad920c2b33ee21b37fd807afd6 |
C:\Users\Admin\Desktop\ResumeStart.jpeg
| MD5 | 795806c22480ab9e8e65aea18ee572bb |
| SHA1 | f53851766643152eb6431696209702a8bf139f25 |
| SHA256 | 6e96b48df459f66ff7f2ad59bc7c9f367ee48035c660e199ce2bcb247e89815b |
| SHA512 | ebe0b4b5947de383c7728ffe07d67e1bd79c91fac526cb8c1221e25a123e46f281b332c660a3af1cace64c8419730568e2b7b0ccc55698cf08bc53ea1dc8cd6e |
C:\Users\Admin\Desktop\ReceiveLimit.gif
| MD5 | 373a7a0d75ea1925df0396742e5588d0 |
| SHA1 | eb881139aee1ce1fb8a1a067e7c4638b71e5540f |
| SHA256 | 4690be3c9b80ad5f3d4c48dba8acdd7bb52deffcd96ca361ecd0135669dd88f4 |
| SHA512 | 783481f61c139f8aff4721cfadc250193211fab4c58e3fa6669749498ac883b2841744a3ba5d2ae0aecc31742da64426aa4a5c2f3f966ced551aede314f0340a |
C:\Users\Admin\Desktop\PushDeny.jpeg
| MD5 | 973655dcfdd5d592c1bcf9e0178dee91 |
| SHA1 | be3a505ed7af2bb6b7b699b99889c53b69476842 |
| SHA256 | bdb7f386fff2ec05f021acb524f2082456cb9b19484c74722fb954a0a83d366a |
| SHA512 | d06ea4c2636fcc9c8e5fcdb45457fde122aded8c66e6462e16daa145f38387c5fd4f849839f9b0ec7c095e3e5cd9bfe0600db7247322fb879e370db8adb90ddc |
C:\Users\Admin\Desktop\PublishSkip.odt
| MD5 | 5b3b1368856f5f3487fea51a4314120c |
| SHA1 | 19dc38b7737ec4e0973fd2fba3006af91719d51d |
| SHA256 | c99f55a772324a861e8bbc45b00379602958141c01f4be398a3ecab2b15057f5 |
| SHA512 | 6e663abdceb1a1edcdb15dbb463c723ae872cba413f91f94ff82a9eef1c553f657d809b85d3633d163cd1e00be4c72ff346ed308484dedffaded8ff1d107c1b7 |
C:\Users\Admin\Desktop\PublishSave.potx
| MD5 | 9797eac6ad7b6e3d639f7a231813d97a |
| SHA1 | 0ab352724f7c0c2f8671d29e511c1fc788d29402 |
| SHA256 | e973c738f31c60ec12176e7b986acfe61d3a198f053908b616c2ddd5e1015561 |
| SHA512 | b094ca4bfb7ba94a85cd4171a3593e9e82855f4798f0d42bacab5056dcc7bfa8353e85f8aa2ce63620aa1b2922f772b5696366433080c9c3359a39d8148f22b9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 07aff2f5e7954496c75eadf0cfedba9a |
| SHA1 | 31b1cb5a21499c46102eb468e42e53db5a4f2ff7 |
| SHA256 | 725fc14c1aa87514ca924ac025517dbcb58b35c0bfbd532cdb3f1dad7f45e9f3 |
| SHA512 | c6e2de04d2640398f351f54cdbbf775c86e27b167d8fc409b3639e6bf7f3299ab51af53f9e0a9534979c372c51d5dd583464fa4329e6f2f5d6a98f5174897245 |
C:\Users\Admin\AppData\Local\Temp\nsp3C94.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\3e21dbdc-3bc5-454c-853e-253d2ef61c4b.down_data
| MD5 | 5683c0028832cae4ef93ca39c8ac5029 |
| SHA1 | 248755e4e1db552e0b6f8651b04ca6d1b31a86fb |
| SHA256 | 855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e |
| SHA512 | aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3 |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\SpiderBanner.dll
| MD5 | 17309e33b596ba3a5693b4d3e85cf8d7 |
| SHA1 | 7d361836cf53df42021c7f2b148aec9458818c01 |
| SHA256 | 996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93 |
| SHA512 | 1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298 |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\nsExec.dll
| MD5 | ec0504e6b8a11d5aad43b296beeb84b2 |
| SHA1 | 91b5ce085130c8c7194d66b2439ec9e1c206497c |
| SHA256 | 5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962 |
| SHA512 | 3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57 |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\nsis7z.dll
| MD5 | 80e44ce4895304c6a3a831310fbf8cd0 |
| SHA1 | 36bd49ae21c460be5753a904b4501f1abca53508 |
| SHA256 | b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592 |
| SHA512 | c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df |
C:\Users\Admin\AppData\Local\Programs\unrealgame\chrome_100_percent.pak
| MD5 | acd0fa0a90b43cd1c87a55a991b4fac3 |
| SHA1 | 17b84e8d24da12501105b87452f86bfa5f9b1b3c |
| SHA256 | ccbca246b9a93fa8d4f01a01345e7537511c590e4a8efd5777b1596d10923b4b |
| SHA512 | 3e4c4f31c6c7950d5b886f6a8768077331a8f880d70b905cf7f35f74be204c63200ff4a88fa236abccc72ec0fc102c14f50dd277a30f814f35adfe5a7ae3b774 |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\chrome_200_percent.pak
| MD5 | 4610337e3332b7e65b73a6ea738b47df |
| SHA1 | 8d824c9cf0a84ab902e8069a4de9bf6c1a9aaf3b |
| SHA256 | c91abf556e55c29d1ea9f560bb17cc3489cb67a5d0c7a22b58485f5f2fbcf25c |
| SHA512 | 039b50284d28dcd447e0a486a099fa99914d29b543093cccda77bbefdd61f7b7f05bb84b2708ae128c5f2d0c0ab19046d08796d1b5a1cff395a0689ab25ccb51 |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\ffmpeg.dll
| MD5 | a007299c49fa50aeff594655859780ae |
| SHA1 | d202f1f617023763a0e9418878e8ecac96be9fd4 |
| SHA256 | b78f0036621ad1d5833289f2ad509963ef78f1a89a3c7df0f1370fd2d35a2804 |
| SHA512 | 444c4baa1e1d941bd04f78184cec519c6eb53a83fbc3aa3ea30522bffc9ecde73ebe7b910c1a37c345429298ada3c0ffcb3e3849e21b2009487b5cd1a02cb2a9 |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\d3dcompiler_47.dll
| MD5 | 2191e768cc2e19009dad20dc999135a3 |
| SHA1 | f49a46ba0e954e657aaed1c9019a53d194272b6a |
| SHA256 | 7353f25dc5cf84d09894e3e0461cef0e56799adbc617fce37620ca67240b547d |
| SHA512 | 5adcb00162f284c16ec78016d301fc11559dd0a781ffbeff822db22efbed168b11d7e5586ea82388e9503b0c7d3740cf2a08e243877f5319202491c8a641c970 |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\libEGL.dll
| MD5 | ca5bb0794b7700601e9438283d458665 |
| SHA1 | 7fcf090b19820b9450937be800575c526448b581 |
| SHA256 | 4a8be3b4d9fe790efdce38cff8f312a2f8276908d6703e0c6c37818e217cf1e3 |
| SHA512 | 36ebab858fe7e014837548575389e7df2e86676888e4a9039c736d0f2e6463102e68989b794d949ddb16d9bcce43ce55737fcf2a4b09b1667bf968a9540e9f32 |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\icudtl.dat
| MD5 | 2134e5dbc46fb1c46eac0fe1af710ec3 |
| SHA1 | dbecf2d193ae575aba4217194d4136bd9291d4db |
| SHA256 | ee3c8883effd90edfb0ff5b758c560cbca25d1598fcb55b80ef67e990dd19d41 |
| SHA512 | b9b50614d9baebf6378e5164d70be7fe7ef3051cfff38733fe3c7448c5de292754bbbb8da833e26115a185945be419be8dd1030fc230ed69f388479853bc0fcb |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\LICENSE.electron.txt
| MD5 | 4d42118d35941e0f664dddbd83f633c5 |
| SHA1 | 2b21ec5f20fe961d15f2b58efb1368e66d202e5c |
| SHA256 | 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d |
| SHA512 | 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63 |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\libGLESv2.dll
| MD5 | 05b585464f18fe0e3bddb20527697d66 |
| SHA1 | 8bcec2f0b409afa9ff054e25f3ce85eb9bd50010 |
| SHA256 | 0bb7c6c08b569c1d2de90a40e6c142591e160a7c6cb15d21807f3404a48c4287 |
| SHA512 | f680ab9c3070f443c7359bb3f0c2032f5c58c88c7823e4592e8212ce8815ea5f463c86df113f5320944c62d3cb4e8d45b9b4dcaadccc1ac9bf203ae4bb52083c |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\LICENSES.chromium.html
| MD5 | 8303b3a19888f41062a614cd95b2e2d2 |
| SHA1 | a112ee5559c27b01e3114cf10050531cab3d98a6 |
| SHA256 | 9c088caac76cf5be69e0397d76fe9397017585cffdba327692ff1b3a6c00d68f |
| SHA512 | 281b2ecc99502a050ee69e31256dec135e8cb877d1a6ba9f1c975fcfb11c062980ee6061d2368b62f91e392953ae6235dd726a9d98e6efc1302f7ed713099179 |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\resources.pak
| MD5 | 31c7d4b11ad95dfe539dd098e0fab736 |
| SHA1 | 5418682d939ce8485ecc9125b872c14ffec662c2 |
| SHA256 | a251019eb08f1e695e935d224544bda37c5ae092ba68a89fa1fe3bd19bde4f5c |
| SHA512 | f868a4afa4e0d5c561873d2a728e267f98da2df3fb90966e5736d496b6a24e71769a02b0346b27b7dcce11cbe07248e309f50a89977dc8e5bbc06d6cc31bf738 |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\snapshot_blob.bin
| MD5 | 4ebd06bdf6cf8dacf6597586fd1704b5 |
| SHA1 | e6819ef37f99f91468f4b94370a4ab467a075a6d |
| SHA256 | 148e4b85983f0d27adecd9c6431b66379ac5538688f320e89d74ff6d48bb740b |
| SHA512 | 17ed5abe702748b4626b3ee6de4d0916738f095c913c2700eee06b65a2bbcaf72afc1f87af7ce0fcce8bd15fe6881508255d397a346c45a82c7791b9b9833ddf |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\v8_context_snapshot.bin
| MD5 | 146e284750735ef4798527dc1cd0e741 |
| SHA1 | 6408985b7d05c768a62bcb912234f14e1898ffdb |
| SHA256 | 3820e8fa1077d02606fea8e1b3a9ca4bf7f4a71d0569d9a8ea9ee7a009d0ce80 |
| SHA512 | 46824df5d20e02fb72c3efd07bee6d832b1ab78c0163688fa84edb831cbfbef2dde12ba9da01f9dd49c4008bd3862a95699a2f6d55b8d4b3165976d3851c7278 |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\vk_swiftshader.dll
| MD5 | 750cbdfb01943e28e08708183ec208b5 |
| SHA1 | 1bee0cd3d0970834b2a47daf384354f243fd1ee0 |
| SHA256 | a6d295dcc3afcb55aa79eac5f896bceb15ccb2b798db3bb076ceeea78073791a |
| SHA512 | dbfdf76f40558ce2f23ca315b8719e283f0f22f46e733f37c2ae237fdafd23cf7962f36547ba1bb2d5b219de11546c3dc06859fac498a7da97df41018c0d80c4 |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\vulkan-1.dll
| MD5 | 6c70aab071c4febc5921e0d39811937a |
| SHA1 | 20d87b3a5333ea3f6d0d7b0333f2c30a281937aa |
| SHA256 | 2233fef6788711089fc5c1a008bfff6559cf2fc3e8363cd8a50196e90d1d9825 |
| SHA512 | 7f786c44376b59be7d7c51d3c40ecb80f30645551b582d042b641ea0a6464daf367ddf7eafaf00a1558e1f11570d99a699d33d224b01048d09f8f00ea501c4bf |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\locales\am.pak
| MD5 | c6ef9c40b48a069b70ed3335b52a9a9c |
| SHA1 | d4a5fb05c4b493ecbb6fc80689b955c30c5cbbb4 |
| SHA256 | 73a1034be12abda7401eb601819657cd7addf011bfd9ce39f115a442bccba995 |
| SHA512 | 33c18b698040cd77162eb05658eca82a08994455865b70d1c08819dfac68f6db6b27d7e818260caa25310ff71cf128239a52c948fde098e75d1a319f478a9854 |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\locales\ca.pak
| MD5 | 01acd6f7a4ea85d8e63099ce1262fbad |
| SHA1 | f654870d442938385b99444c2cacd4d6b60d2a0d |
| SHA256 | b48d1bad676f2e718cbe548302127e0b3567913a2835522d6dd90279a6d2a56a |
| SHA512 | 2bd13eca1a85c219e24a9deb5b767faa5dc7e6b3005d4eb772e3794233ed49cb94c4492538d18acc98658c01d941e35c6f213c18ac5480da151c7545eedeb4ab |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\locales\fa.pak
| MD5 | dcd3b982a52cdf8510a54830f270e391 |
| SHA1 | 3e0802460950512b98cd124ff9f1f53827e3437e |
| SHA256 | e70dfa2d5f61afe202778a3faf5ed92b8d162c62525db79d4ec82003d8773fa3 |
| SHA512 | 3d5b7fa1a685fa623ec7183c393e50007912872e22ca37fdc094badaefddeac018cc043640814a4df21bb429741dd295aa8719686461afa362e130b8e1441a12 |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\locales\et.pak
| MD5 | a94e1775f91ea8622f82ae5ab5ba6765 |
| SHA1 | ff17accdd83ac7fcc630e9141e9114da7de16fdb |
| SHA256 | 1606b94aef97047863481928624214b7e0ec2f1e34ec48a117965b928e009163 |
| SHA512 | a2575d2bd50494310e8ef9c77d6c1749420dfbe17a91d724984df025c47601976af7d971ecae988c99723d53f240e1a6b3b7650a17f3b845e3daeefaaf9fe9b9 |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\locales\es.pak
| MD5 | e9fa4cada447b507878a568f82266353 |
| SHA1 | 4a38f9d11e12376e4d13e1ee8c4e0d082d545701 |
| SHA256 | 186c596d8555f8db77b3495b7ad6b7af616185ca6c74e5dfb6c39f368e3a12a4 |
| SHA512 | 1e8f97ff3daad3d70c992f332d007f3ddb16206e2ff4cffd3f2c5099da92a7ad6fb122b48796f5758fe334d9fbf0bbae5c552414debbb60fe5854aaa922e206e |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\locales\es-419.pak
| MD5 | 5321c1e88c5c6fa20bdbc16043c6d0f6 |
| SHA1 | 07b35ed8f22edc77e543f28d36c5e4789e7723f4 |
| SHA256 | f7caa691599c852afb6c2d7b8921e6165418cc4b20d4211a92f69c877da54592 |
| SHA512 | 121b3547a8af9e7360774c1bd6850755b849e3f2e2e10287c612cf88fb096eb4cf4ee56b428ba67aeb185f0cb08d34d4fa987c4b0797436eea53f64358d2b989 |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\locales\en-US.pak
| MD5 | 5e3813e616a101e4a169b05f40879a62 |
| SHA1 | 615e4d94f69625dda81dfaec7f14e9ee320a2884 |
| SHA256 | 4d207c5c202c19c4daca3fddb2ae4f747f943a8faf86a947eef580e2f2aee687 |
| SHA512 | 764a271a9cfb674cce41ee7aed0ad75f640ce869efd3c865d1b2d046c9638f4e8d9863a386eba098f5dcedd20ea98bad8bca158b68eb4bdd606d683f31227594 |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\locales\en-GB.pak
| MD5 | 0db7f3a3ba228aa7f2457db1aa58d002 |
| SHA1 | bbf3469caadfa3d2469dd7e0809352ef21a7476d |
| SHA256 | cf5aca381c888de8aa6bbd1dcd609e389833cb5af3f4e8af5281ffd70cd65d98 |
| SHA512 | 9c46c8d12579bd8c0be230bbcdb31bdb537d2fea38000cf700547ca59e3139c18cc7cb3e74053475605132404c4c4591f651d2dad2ce7f413ccffd6acf7139e8 |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\locales\el.pak
| MD5 | 6922aaa87431699787c1489e89af17b9 |
| SHA1 | 6fb7771c9271ca2eeebe025a171bfa62db3527f7 |
| SHA256 | 800545f9134914649da91b90e7df65d8208014c3e12f2be551dfd6722bf84719 |
| SHA512 | 367ef8467631e17e0a71d682f5792a499e8578b6c22af93d9a919d9e78709ec2501df9599624f013b43f4c3e9fb825182193116dbead01874995d322b7a6e4d6 |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\locales\de.pak
| MD5 | ed329b35d10e81f55d611fe8748876f8 |
| SHA1 | 0d998732bb4c4d1faad5a5bc0a21d6c5672418d3 |
| SHA256 | 6facd562add58c4684ef4a40de9b63581fea71c5b83049ed8a2c2a2c929c45ce |
| SHA512 | bd713ff78e375fec3a04ab0c9476c0379f87efc6d18359c2a4d297303d78381081120c371848c8675f1f16dd4ab7284d81e5bfc9ae11ab33e12f96c12d89e764 |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\locales\da.pak
| MD5 | bb5252dc6f0f3c01ce3638138bf946c8 |
| SHA1 | bfb584b67c8ca51d94bff40809410553d54da1cf |
| SHA256 | c93f39d0ab9a2fab26977aa729261633225879ba6dc5ea8d0ca89814b2df9fa9 |
| SHA512 | e411fd3cc5285a6059c3fd80c3421253a4ce06b2d0cd1cd1efc25e88191a58fed176452d852922137268be2824e1e162cd4d4a6f8c695a50517a783d15b1c6e7 |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\locales\cs.pak
| MD5 | a934431d469d19a274243f88bb5ac6fb |
| SHA1 | 146845edc7442bf8641bc8b6c1a7e2c021fb01eb |
| SHA256 | 51c36a5acdad5930d8d4f1285315e66b2578f27534d37cd40f0625ee99852c51 |
| SHA512 | 562f07151e5392cbffb6b643c097a08045e9550e56712975d453a2ebaee0745fbfba99d69867eec560d1d58b58dff4f6035811b9d4f0b1b87547efa98f94d55d |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\locales\bn.pak
| MD5 | 8feb4092426a0c2c167c0674114b014d |
| SHA1 | 6fc9a1076723bfaf5301d8816543a05a82ad654d |
| SHA256 | fb0656a687555801edfb9442b9f3e7f2b009be1126f901cf4da82d67ac4ad954 |
| SHA512 | 3de40bdd18e9e7d3f2eceebf7c089e2250ce4d40412a18d718facba8f045e68b996978ef8b4d047b21d3424094056d16b5abb81bd0507f446b805d6b889522a7 |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\locales\bg.pak
| MD5 | 945de8a62865092b8100e93ea3e9828d |
| SHA1 | 18d4c83510455ce12a6ac85f9f33af46b0557e2e |
| SHA256 | f0e39893a39ce6133c1b993f1792207830b8670a6eb3185b7e5826d50fea7ba2 |
| SHA512 | 5f61160ff64b9490a1ad5517d8c1bb81af77d349541fed5045e7f6e5053b7d79b7e8f114630bfbe4d5af30258f70a6569462bfa39ccb765f8ca191f82ee04f3f |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\locales\fi.pak
| MD5 | 5518b51d4af7f1b9d686cbea28b69e71 |
| SHA1 | df7f70846f059826c792a831e32247b2294c8e52 |
| SHA256 | 8ff1b08727c884d6b7b6c8b0a0b176706109ae7fe06323895e35325742fe5bd1 |
| SHA512 | b573050585c5e89a65fc45000f48a0f6aabccd2937f33a0b3fcbd8a8c817beaa2158f62a83c2cae6fcfb655f4a4f9a0c2f6505b41a90bc9d8ede74141ebc3266 |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\locales\ar.pak
| MD5 | 56f6dc44cc50fc98314d0f88fcc2a962 |
| SHA1 | b1740b05c66622b900e19e9f71e0ff1f3488a98e |
| SHA256 | 7018884d3c60a9c9d727b21545c7dbbcc7b57fa93a16fa97deca0d35891e3465 |
| SHA512 | 594e38739af7351a6117b0659b15f4358bd363d42ffc19e9f5035b57e05e879170bbafe51aece62c13f2ae17c84efb2aed2fc19d2eb9dcb95ebd34211d61674e |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\locales\af.pak
| MD5 | 7e51349edc7e6aed122bfa00970fab80 |
| SHA1 | eb6df68501ecce2090e1af5837b5f15ac3a775eb |
| SHA256 | f528e698b164283872f76df2233a47d7d41e1aba980ce39f6b078e577fd14c97 |
| SHA512 | 69da19053eb95eef7ab2a2d3f52ca765777bdf976e5862e8cebbaa1d1ce84a7743f50695a3e82a296b2f610475abb256844b6b9eb7a23a60b4a9fc4eae40346d |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\locales\fr.pak
| MD5 | 0445700799de14382201f2b8b840c639 |
| SHA1 | b2d2a03a981e6ff5b45bb29a594739b836f5518d |
| SHA256 | 9a57603f33cc1be68973bdd2022b00d9d547727d2d4dc15e91cc05ebc7730965 |
| SHA512 | 423f941ec35126a2015c5bb3bf963c8b4c71be5edfb6fc9765764409a562e028c91c952da9be8f250b25c82e8facec5cada6a4ae1495479d6b6342a0af9dda5f |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\locales\it.pak
| MD5 | 7c981a25be0e02fba150e17d9669a536 |
| SHA1 | 3af10feb7cdc7bc091b80173301b1a3d4ef941d4 |
| SHA256 | ee2d2643ad7a8f97b7a6c070910866436cae0267a6691a3d8a88ed0948d8af49 |
| SHA512 | 445eecfa83e7635bc3442937bdf3b9c4a38ef3fbb7f07ca90a1d4222e1a29639f3fdce12b20e798888823f2d612e5972492b3786d37b256aec5c1c96cdb96b28 |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\locales\ms.pak
| MD5 | 9b3e2f3c49897228d51a324ab625eb45 |
| SHA1 | 8f3daec46e9a99c3b33e3d0e56c03402ccc52b9d |
| SHA256 | 61a3daae72558662851b49175c402e9fe6fd1b279e7b9028e49506d9444855c5 |
| SHA512 | 409681829a861cd4e53069d54c80315e0c8b97e5db4cd74985d06238be434a0f0c387392e3f80916164898af247d17e8747c6538f08c0ef1c5e92a7d1b14f539 |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\locales\pt-PT.pak
| MD5 | acffa29064f40a014bc7fe13e5ff58a9 |
| SHA1 | 5a0890c94084075446264469818753f699a3d154 |
| SHA256 | 423e7ccb22d32276320ed72f07186188e095c577db5bce7309c8bd589a2a8858 |
| SHA512 | d4572c81fdd3b7b69d77544f68b23ae0b546158033be503dbaab736d3ca1188b18916688234fae9ea29fa430258b2d2b95a93d0e8b74919a62040b84902d3b6e |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\locales\ta.pak
| MD5 | a8beab6896018a6d37f9b2e5bdd7a78c |
| SHA1 | 64310684247219a14ac3ac3b4c8ebaa602c5f03a |
| SHA256 | c68b708ba61b3eeab5ae81d9d85d6e9f92e416ecfae92e8de9965608732384df |
| SHA512 | 73b0a31235bf4b7c5ad673f08717f3b4f03bcdf2a91440ee7228aa78c2d15dd2aed32498e23ded78ec35bc731dbe16b6a1c236a170f2a84123a464857686c7b5 |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\locales\zh-TW.pak
| MD5 | 8f67a9f38ad36d7d4a6b48e63852208d |
| SHA1 | f087c85c51bdbdef5998cfc3790835da95da982a |
| SHA256 | 92f26e692dc1309558f90278425a7e83e56974b6af84dbd8cc90324785ee71ca |
| SHA512 | 623034bbdfdf5d331de78b630f403aeb9cef27b1827e0d29ec66ad69310f56c7db96c6775df0e749f8112a4a8e75754bcf987903d415fc7ae360e3c39e6e18e0 |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\locales\zh-CN.pak
| MD5 | 9d4f54eb5a12cf4c2f34f5f538dff90b |
| SHA1 | c31b892ce78c733bde0571b6236170103cc9fe7a |
| SHA256 | 58b934a09858f037f1966a495e73d44416180afcdebfaefcee1f5e3377de63f7 |
| SHA512 | 46bf6099c50f7959a6f0800ec679b61a78efabe87985cad8dc0d7d0006470a9c61e659bde0258da6cf7ed6104749a157f5ad133f324479c3460a19fc14e31c37 |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\locales\vi.pak
| MD5 | 9274866d7c6314f43dd63ed293293e25 |
| SHA1 | 4af0e6ec1bcb99588810a9fb69c1dc2bbad892fc |
| SHA256 | dcbdc6d9e11dd10fc1364c10be5438ce2697f61ec5f32997c43b87238087c4e3 |
| SHA512 | 3c8c9e9960a49469af83cae31790a03e41846163c14d3dae45fd92a1a412c82075bdef3317baca02399eb53de0f9164c0a9a17b7cd63e0fa61c3e4617393c42e |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\locales\ur.pak
| MD5 | d7ec7d551dee1e1ef11be3e2820052f9 |
| SHA1 | d7f2d35841883103c2773fc093a9a706b2fe5d36 |
| SHA256 | 05e45371159075048db688564b6bc707e0891303c40f490c3db428b0edd36102 |
| SHA512 | 92e2d32fc106812e08163a26f202a5d0e7eb7028a871f3bc6cbc05ee6c7ce287032179322b19e396308968515bf214534a38d93afc259a780ad7ba8432fab56a |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\locales\uk.pak
| MD5 | e4c4e3700469704b936460ca1a90fcc0 |
| SHA1 | e809990fc07a1d39fe623046382699e648e343c0 |
| SHA256 | 29af2abc75a35bb9e3f9bc6e2904228ba651ea4e0ce8e9c7a2d7e272374b9ebb |
| SHA512 | 68e33f471c5bf2d4ed9cb00ace3e094ef102a5f1566a6e2c8a3007ef7fbd8a24c36eb36b08745f3608e70940444e9fc7a36fabe1a9945d1f00b4f3f28c7bdaf6 |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\locales\tr.pak
| MD5 | 9f24f44cac0997e1d0a6a419520f3bfe |
| SHA1 | edb61859cbb5d77c666aac98379d4155188f4ff5 |
| SHA256 | 3aff7dcbfb1a244cc29b290376b52cfb3e1f844c98facafea17b4a45ce064b8a |
| SHA512 | 65fbe2d7fea37db59b805d031f6ae85d628a51b254e76e8c2b4ef4b5153527b7e2412ed6a0961d174b8a5581b521b0436160fe5ed252f78303bcfde815733d81 |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\resources\elevate.exe
| MD5 | 792b92c8ad13c46f27c7ced0810694df |
| SHA1 | d8d449b92de20a57df722df46435ba4553ecc802 |
| SHA256 | 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37 |
| SHA512 | 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40 |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\locales\th.pak
| MD5 | 293ad7c20c22d744e4db0fb001ec45bb |
| SHA1 | 486c9e0732306a45aceb633da2b3ded281197620 |
| SHA256 | d67d68f24d3347e244a7e8c3b63d47f18fcf37258256f48dad785cf98bb560fa |
| SHA512 | ac2b2dd82095925b3229958e89dcf5283bdce0273734a0c338f5a1aa8b014644806ca517f0fc2003669910e58fedf9c2ca7a009fa3f53d58c07bc5e9191f2e2f |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\locales\te.pak
| MD5 | 02415ded02cc7ac25e8f8d0e83365061 |
| SHA1 | 5a25bf63ec97dbeb37e64ab3825cbbce6326a5cf |
| SHA256 | 97024f0cfac78e0c738e771beea1e35f5a8eb2b132b3043b59ce4ecd6c153523 |
| SHA512 | 54e658c6d432b29b031be278e5b4396ac14b0f85e1f772a0a76c0431d4cbe2370ff2898077837688e2fb9700db1eab7a19e4e350a280a2ffad8176d861d93e45 |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\locales\ru.pak
| MD5 | fc0e2fc09aa9089c5db75bab7a0754a7 |
| SHA1 | f3d1e3e1600ae188e801a81b6d233db9903b82df |
| SHA256 | 188b6405cb6c5b7c0b35050278a119c3ce41fb90883b9adb39fec15da0a05550 |
| SHA512 | 377e685d1d171d0a7158b56f356ca33d4493d07efa58d3c384e272e1b6829933552c69aff95215ae7d1a0f99616a20790708f5187ea10cfe46baa2bb522fc18f |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\locales\sw.pak
| MD5 | ee8da42ffe40fbb916c56390e2cd99e8 |
| SHA1 | 6d824f56afe6b3605a881d2c26e69a46e6675347 |
| SHA256 | 192e248c7ac4644f8712cf5032da1c6063d70662216ccf084205f902253aa827 |
| SHA512 | 7befe72b073000bc35a31323d666fd51d105a188d59c4a85d76ee72b6c8c83a39a1beb935c1079def8e3ffa8c4bf6044cf4f3bef0f1c850c789b57e1144ff714 |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\locales\sv.pak
| MD5 | bbe0785c5f9591e8a1e7c4830fe949d6 |
| SHA1 | da4f3286079d50e1c04e923529e03e7d334c7fff |
| SHA256 | 0ad84f6f95fd7505862278a7c1c92d00a7e7dd4a765569e9c3086f55c1d7059d |
| SHA512 | 38bab6f3a6c9395d3b57e63168045ad2e8188b2f04751a15253e7226ec3043c9678a77be1eb27a3b2e751934a024f3ffc89fffd9f1e229e19638be318b53e961 |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\locales\sr.pak
| MD5 | cf160983a86b51ec42845f4e60ac9123 |
| SHA1 | 4d3bd86a7ef1eaadb8bec0b79ecc6c05b4273a48 |
| SHA256 | ef07512fb337005bb66696c69722a0d65bfb749b9d2f763f5b2ff2885cb247a4 |
| SHA512 | b909fc3614c3250856d2c502cbfed5eb6e398140b801669bf92427e7e8a5939b14052b9abf2c94749f1aea61946ff66be4978c68064196458733bcff0a963ffa |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\WinShell.dll
| MD5 | 1cc7c37b7e0c8cd8bf04b6cc283e1e56 |
| SHA1 | 0b9519763be6625bd5abce175dcc59c96d100d4c |
| SHA256 | 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6 |
| SHA512 | 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\locales\sl.pak
| MD5 | 4d9d56ef0b176e7f7aa14270e964ec77 |
| SHA1 | 515aac37e4f25ca50bd52ea73889b70b1e79863d |
| SHA256 | 6ba684a8f06f7eb175955b15d30c7162d92c7e7c48864dfb853238263e1be8c7 |
| SHA512 | 740adbb7d8b039f98e187f45a1a87d0354136fb48b75262e508f720bfcbeb2746f04d31a57dccd50e37ddb5a1b7c0ad79a01cac6ba5fb98a9af272ad99fcb169 |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\locales\sk.pak
| MD5 | 793c442420f27d54410cdb8d8ecce5ff |
| SHA1 | 8995e9e29dbaaa737777e9c9449b67ca4c5b4066 |
| SHA256 | 5a9d6b77ca43c8ed344416d854c2d945d8613e6c7936445d6fe35e410c7190bb |
| SHA512 | 291e3d2300c973966d85e15a1b270ba05c83696271a7c7d4063b91097a942590c9797a4d22dfbe154564b779dac92fd12db0d5b63f5f0406f818b956b126e7e9 |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\locales\ro.pak
| MD5 | 19cfc7c8f1a2e4a2de1f9f64475469bc |
| SHA1 | bf6c4f373c19b03e116d2593c64e1ceca47d79dc |
| SHA256 | 3e725f7a791aed1fbed57f075ca11ce389a5bd425ccce3c00537dad27e5a8dd6 |
| SHA512 | ff5254e3a3676b8f5e74cba6661ae43d5739c7363c66cb17f74dce158dc36cee103885f055846dd320b932f2e7fbdc831bcee6293d423ff9b842b68644f633bd |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\locales\pt-BR.pak
| MD5 | a23c805ee4d3d67c811b50826ca25a51 |
| SHA1 | c14fa8b9c7073fe88e188cfa4b34883faccc2c09 |
| SHA256 | 62be4fb0bd3b8be563516bfea3f0848924bb7afb0c563d02c1508608a4487e3b |
| SHA512 | c478bd2234eef73aa08085d29b916ad1471576ff213f972c9616757172d0cdec6e5d6797a1f2635ac17a0bac34964a298e4ab4336479456ce10330128cd68a53 |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\locales\pl.pak
| MD5 | 61c093fac4021062e1838a32d79399c2 |
| SHA1 | 84a47537ef58d2507cf7697ea7e1e27b1f812ee8 |
| SHA256 | 58067ec06973f5dd7afebbe57bffce3a3ed9f8e5093af8fcefdb6a65b2b68b22 |
| SHA512 | 475d9d4f27cbc23efd9acf75024f993bcf7a8279e658ccbd84c8ac810e1c828de4dac4141298865faf1bb8858a7a88a12d1a21c467e8c656533e364ceff7e5dc |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\locales\nl.pak
| MD5 | bc41967b2ff493e7f151c7721245739d |
| SHA1 | 7606133ddbb58492dbbf02c03a975fb48da1e26f |
| SHA256 | 3dbe5569f53d1314dcb1bc99540cf6a0fea45b6d67576fd0d14c688107892f32 |
| SHA512 | 9e395a3b5bbf64de3e474c56c4fb39879f107a9db246632cf6bb4b06160e05a82c0161d6496edb2bc29febb4a8f67ca7ea904167b860fd6da96636a6711cb593 |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\locales\nb.pak
| MD5 | 7576c2fa9199a4121bc4a50ff6c439c3 |
| SHA1 | 55e3e2e651353e7566ed4dbe082ffc834363752b |
| SHA256 | 2a3dfc6b41fa50fabed387cb8f05debbc530fa191366b30c9cb9eaae50686bd5 |
| SHA512 | 86c44e43609e6eb61273f23d2242aa3d4a0bfa0ea653a86c8b663fa833283cc85a4356f4df653e85080f7437b81ae6201a3ecf898a63780b5ca67faa26d669fe |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\locales\mr.pak
| MD5 | 25f2b9842e2c4c026e0fc4bc191a6915 |
| SHA1 | 7de7f82badb2183f1f294b63ca506322f4f2aafa |
| SHA256 | 771eb119a20fcc5e742a932a9a8c360a65c90a5fe26ab7633419966ba3e7db60 |
| SHA512 | ac6d2eeb439351eee0cf1784b941f6dd2f4c8c496455479ca76919bf7767cca48a04ba25fccde74751baa7c90b907b347396235a3ce70f15c1b8e5388e5c6107 |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\locales\ml.pak
| MD5 | 3b1305ecca60fb5a7b3224a70398ead9 |
| SHA1 | 04e28fce93fc57360e9830e2f482028ffc58a0a2 |
| SHA256 | c10942f5333f0d710de4d3def7aa410c4576ffe476b3ea84aac736bfb9c40d67 |
| SHA512 | 68fdd944a153c16d18e73dd2aa75593f6ac13b8e87dbfb5bfccdd982a4f885bd9903c3ed1af781581cd3c5d42dd2ff21cc780f54fd71ab04a3237d08ed5a1554 |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\locales\lv.pak
| MD5 | e4f7d9e385cb525e762ece1aa243e818 |
| SHA1 | 689d784379bac189742b74cd8700c687feeeded1 |
| SHA256 | 523d141e59095da71a41c14aec8fe9ee667ae4b868e0477a46dd18a80b2007ef |
| SHA512 | e4796134048cd12056d746f6b8f76d9ea743c61fee5993167f607959f11fd3b496429c3e61ed5464551fd1931de4878ab06f23a3788ee34bb56f53db25bcb6df |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\locales\lt.pak
| MD5 | 96602a3f3b59faa997a4d337889fa02b |
| SHA1 | 94593a270b0d84c006e0959bc136b6c4987dfd3f |
| SHA256 | 51db5311de9dff41fb4eadda8ba7d5e492912f72c3754adaf8e3de23aba46f8a |
| SHA512 | dd45240494d09ad9a41be9d4056ed274e78a50dc85e6bff9438e707a84f65b77ebe522531370da99e50a6887d6063c29e9728b49df2b2b3c61362d774797fac2 |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\locales\ko.pak
| MD5 | b83bc27c5bc2bb4d0ff7934db87e12ad |
| SHA1 | 050f004e82f46053b6566300c9a7b1a6a6e84209 |
| SHA256 | ab3060e7d16de4d1536ff6dd4f82939a73388201ad7e2be15f3afee6a5aae0ef |
| SHA512 | b56b211587fe93a254198ca617cdecd8dc01e4561151a53173721665111c4d2440535f5f6b8a5a69a31840ea60124f4afd2c693d1fc4683fa2cf237c8ede5f0a |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\locales\kn.pak
| MD5 | a603f3d899ccdcd9af20dcd8f87d0ed8 |
| SHA1 | f476355d6ea5c05b35ad74c08e2edfe5ff2881ad |
| SHA256 | 3c11a589aab0c5d9e5c18e6a95dce7e613089d3598b8fe54e656a8d97e22a6fd |
| SHA512 | f6b008080cae44d680faaab02911f62e21d042c55fc5af87e719e9bc4102b282e58e67f19f37f60fe8ba99f5b8cfd4e70a61af9918a9ee8e3d8ae72555d31c15 |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\locales\ja.pak
| MD5 | f47efaa76f5200a6c0c23c33684d7bad |
| SHA1 | 9b24f6491a1171d3dfeae329e1f45ab3e3d9cf22 |
| SHA256 | 5b99d6a11d7b653681b2a2bb616cc1814451ad35c370d178b2ef6650465d4f2a |
| SHA512 | 67d130a66f03a4d1a0a30576b19fe44fa707cba764c6dcd355cbe891a2bcc0b25823ba2106e9271e06ada674f66824a5323b77d4984900516d2a8802af87960e |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\locales\id.pak
| MD5 | bd9636e9c7dc7be4c7f53fb0b886be04 |
| SHA1 | 55421d0e8efcbef8c3b72e00a623fb65d33c953e |
| SHA256 | 5761ee7da9ca163e86e2023829d377a48af6f59c27f07e820731192051343f40 |
| SHA512 | 7c7e88ffd2b748e93122585b95850ded580e1136db39386ced9f4db0090e71394a1f9ceb937262c95969132c26bf6ce1684fbb97b6469ed10414171a2e8cc3a4 |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\locales\hu.pak
| MD5 | b338dcb0e672fb7b2910ce2f561a8e38 |
| SHA1 | cf18c82ec89f52753f7258cdb01203fbc49bed99 |
| SHA256 | bcdf39aa7004984cb6c13aac655b2e43efeb387ce7d61964b063d6cf37773f7a |
| SHA512 | f95f6a8e36d99680fb3cdb439f09439782bcc325923ec54bdc4aeb8ec85cf31a3a2216e40e2b06c73a2f5e7439d8178d8becac72781a6d79808067e8ccf3cac6 |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\locales\hr.pak
| MD5 | 105472bc766a30bb71f13d86081de68d |
| SHA1 | d014103ad930889239efd92ecfdfcc669312af6c |
| SHA256 | a3a853a049735c7d474191dff19550a15503ecd20bafe44938eb12ea60e50b7c |
| SHA512 | ee7479d459eff8ec59206c2269df4e9fc1ca143e9b94a908eb8a5a1e16180bcc88f0b24d73c387f5853ea0418e737641f23146676232c1a3ac794611f7880f11 |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\locales\hi.pak
| MD5 | b7e4892b2030e4f916364856b6cc470a |
| SHA1 | b08ad51e98e3b6949f61f0b9251f7281818cd23e |
| SHA256 | 093119a99f008ab15d0e5b34cd16ec6b4313554e6c3cffe44502bfce51470e3e |
| SHA512 | ca453025d73228592a4bfe747a3ea08b86327f733032a64ced0fc0c9e2e00b02450f133e691b94be13a3e69e22b43bca512e5f77b0e490320f0bf8e65571bb46 |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\locales\he.pak
| MD5 | 93d9261f91bcd80d7f33f87bad35dda4 |
| SHA1 | a498434fd2339c5d6465a28d8babb80607db1b65 |
| SHA256 | 31661709ab05e2c392a7faeed5e863b718f6a5713d0d4bbdab28bc5fb6565458 |
| SHA512 | f213ff20e45f260174caa21eae5a58e73777cd94e4d929326deefbef01759d0200b2a14f427be1bb270dfcd2c6fb2fce789e60f668ac89ecf1849d7575302725 |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\locales\gu.pak
| MD5 | 7b5f52f72d3a93f76337d5cf3168ebd1 |
| SHA1 | 00d444b5a7f73f566e98abadf867e6bb27433091 |
| SHA256 | 798ea5d88a57d1d78fa518bf35c5098cbeb1453d2cb02ef98cd26cf85d927707 |
| SHA512 | 10c6f4faab8ccb930228c1d9302472d0752be19af068ec5917249675b40f22ab24c3e29ec3264062826113b966c401046cff70d91e7e05d8aadcc0b4e07fec9b |
C:\Users\Admin\AppData\Local\Temp\nstFF2.tmp\7z-out\locales\fil.pak
| MD5 | 3165351c55e3408eaa7b661fa9dc8924 |
| SHA1 | 181bee2a96d2f43d740b865f7e39a1ba06e2ca2b |
| SHA256 | 2630a9d5912c8ef023154c6a6fb5c56faf610e1e960af66abef533af19b90caa |
| SHA512 | 3b1944ea3cfcbe98d4ce390ea3a8ff1f6730eb8054e282869308efe91a9ddcd118290568c1fc83bd80e8951c4e70a451e984c27b400f2bde8053ea25b9620655 |
C:\Users\Admin\AppData\Local\Temp\6a51f519-6677-442b-b1bb-48a7ebbc3d33.tmp.node
| MD5 | 04bfbfec8db966420fe4c7b85ebb506a |
| SHA1 | 939bb742a354a92e1dcd3661a62d69e48030a335 |
| SHA256 | da2172ce055fa47d6a0ea1c90654f530abed33f69a74d52fab06c4c7653b48fd |
| SHA512 | 4ea97a9a120ed5bee8638e0a69561c2159fc3769062d7102167b0e92b4f1a5c002a761bd104282425f6cee8d0e39dbe7e12ad4e4a38570c3f90f31b65072dd65 |
C:\Users\Admin\AppData\Local\Temp\l90tlwb9zeew\Cookies\Chrome.txt
| MD5 | 34429a38b19d45ed46d8c588af807361 |
| SHA1 | 4cb98bcdd4bc8c5c5f0cf878a04f9d9fbe8267be |
| SHA256 | b81403c982dbb67eff4778e83f92c28c0d0e595996fd690aa8ac083685feb1bf |
| SHA512 | e060d53df4ca20fc7d7d8472e371b89660050303df8ab835f570f38e45e0bfffbaa336055450651308fc296c9098353d1c8c551ddcd0d6957d77d6421719198a |
C:\Users\Admin\AppData\Local\Temp\passwords_0.db
| MD5 | a182561a527f929489bf4b8f74f65cd7 |
| SHA1 | 8cd6866594759711ea1836e86a5b7ca64ee8911f |
| SHA256 | 42aad7886965428a941508b776a666a4450eb658cb90e80fae1e7457fc71f914 |
| SHA512 | 9bc3bf5a82f6f057e873adebd5b7a4c64adef966537ab9c565fe7c4bb3582e2e485ff993d5ab8a6002363231958fabd0933b48811371b8c155eaa74592b66558 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync App Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 850132b7c2db351d60bbc0715dba428c |
| SHA1 | 10cc4c019824a91dbaae181ef8241fefacf455b4 |
| SHA256 | 60071dc6f647517513563ddf46eecf214bec29a289ed6ea1a410558047e21631 |
| SHA512 | c004e7394e091005ac7b59a039cd49c9bdb7104fe7553c06819e943ba96e58337ff41592313a7c34aecad6090a81eeb2de62f05daf9d9a18260136b8db853222 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 19b6de9eb1fbc596a97d3a6e7af8ef63 |
| SHA1 | 15f8655902d6429563ea547520c56d46820e9563 |
| SHA256 | 0f45ddeccba88cab0e44796b09ea3a20e3bfe4af147bef04efec077327b37a76 |
| SHA512 | 38806fd33b9a6c0ede51cdff15c877bc151805747b70cdf124d66ce067bbf9c5d665870239a07907890cf1d1bcfe66d422800f386a6b30241a5ca11fb2a97bd2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 255dd841bed856636ad6e7f458a82c98 |
| SHA1 | 7a466436edc62a9fd2d20f911d3302eb2aa69de8 |
| SHA256 | 0f8e1bebcf61980edcd64ddbc319922dcc65ea4feec02e9e759d018bdda67c76 |
| SHA512 | 4e82ca80134025314204d82358d0ac298d4dbfdb00dea996733aad480b7f60d5c88991a00f673927dabfb82fd4b509b93274bf3018e37b4cfd3e7539b11053a3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 5e200e0964e75c55a2266e5c02294762 |
| SHA1 | 36a035f9ec9aac9ecaa0218bac40367c76bfb4ef |
| SHA256 | a956abcaec2740f487ed06b360ded1e8a3d08a68f86e67d08a2be3a6449c7c0b |
| SHA512 | d0c32b72d8a9f977416896143c32e4e4f950b8b764a94c6ce143607991432ceb928fdc7a17d72389d441d265522ff908f4eb8487a5be2de56dd24ebe0c4fc43e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Temp\edge_cookies_Default.txt
| MD5 | 83adc10ee26658e1b7c033a3b0a45005 |
| SHA1 | eeb3d26a00a4a9f3d3d58ab15d6c45c88e1af4d8 |
| SHA256 | 5cfdc18535030c98ea94770db13f24ebcb1002add13645abf590bd871e2e098e |
| SHA512 | dd67ab617c611f443ca7e18629913930802f864dd338e164b4b0bacb950593c79d11cc6606a07b1348177f527e33cd06e00ff22f5f71c08f5ae99f81284470ce |
C:\Users\Admin\AppData\Local\Temp\chrome_cookies_Default.txt
| MD5 | 4588ed745df1b90ceb991653d9e7d5b1 |
| SHA1 | 54cec0b84995b7e2f95347e6f0b6ac75eaa13306 |
| SHA256 | 8e952dcaa2723cb3e9ba36bbfac30844df653dcf08c5a5649a81475f08891931 |
| SHA512 | f7b07420fe87551081125c3f5b90510b1973dc5752e540248abb6028c25a16b9195fb88fe49f5469f71f38204188944cb1aa8d493ddb97aff3271aefac6a55ab |
C:\Users\Admin\AppData\Local\Temp\6279d09d-f574-4fad-8c56-d3b85ba3d383.tmp.node
| MD5 | 896fbcbf7a84b10a4cc65b162d39e10d |
| SHA1 | 849d8e22d43975d0cb76f554f41e565b4cf2435f |
| SHA256 | 8a47b439078c21f9f6d148dcfd0095327c7be0726eef43a3c5f1d65c56cfed90 |
| SHA512 | e53029145d92df00e57bd0fa654002e75ed9a079f990fa175ff287be86e379419ebcc0562822ef5068e199ea0bcff46fc88205e87f9b8308e65becfdecdd5703 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\4c13a45d-db13-4ef1-90d1-8de39f6a9b8a.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9722b2dc9d3f3eab8b8b79fb199ef088 |
| SHA1 | ae1a1b1db25167513156d57e21e77c013052bc62 |
| SHA256 | 0e3c4b0ce7717f547ca6d544379ad82bb21b06f38846f42993f899e2ac0216a7 |
| SHA512 | 1a5d082d7a7310748d593327de2dfdfad477e1172011b1a244e1ab1da4ae3ebe0440e72c08bf35f779296e3d55d82afe5e6a33febbea3862aa699d109403fa69 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | c3c4639166b5003d8f582422ff5e7976 |
| SHA1 | 9d6a5025e3b71ce5a551629f6fc03a34a626f48e |
| SHA256 | d69ff8898bed8f353f4112479591f862eb666bb526249b4823150c6b719d38c1 |
| SHA512 | d00585e9f1004323f734fb7967e660f8b0e9a91274b1ccc08f0d79145150b5a4fe6ff0514a4daf8536ac6453009ab835c6d32a0d4f555bd6da9a196104cd27b2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 4df4574bfbb7e0b0bc56c2c9b12b6c47 |
| SHA1 | 81efcbd3e3da8221444a21f45305af6fa4b71907 |
| SHA256 | e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377 |
| SHA512 | 78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a |
C:\Users\Admin\AppData\Local\Temp\passwords_36.db
| MD5 | 14ccc9293153deacbb9a20ee8f6ff1b7 |
| SHA1 | 46b4d7b004ff4f1f40ad9f107fe7c7e3abc9a9f3 |
| SHA256 | 3195ce0f7aa2eae2b21c447f264e2bd4e1dc5208353ac72d964a750de9a83511 |
| SHA512 | 916f2178be05dc329461d2739271972238b22052b5935883da31e6c98d2697bd2435c9f6a2d1fcafb4811a1d867c761055532669aac2ea1a3a78c346cdeba765 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | d8dcc829ecb33503ad84ae3cdd5f9725 |
| SHA1 | 285e86d4730194ced67cda1acb56f9475eddefd5 |
| SHA256 | b298500fd1085b266538e8d36a7f925263b1fcc2b5f02a0517579a1ec58b7ed3 |
| SHA512 | 177f742b439414c9ddbc29f1c0fcd1c0498e4958dd18ba8a194d289c225633d4c5e5bca6d9c835b79dfbc37629c280bd8d01386590d543a677b7724333847899 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0d489771e5e7f9fe37a8452cdc759922 |
| SHA1 | ba18b4271e375d5b229e296670d8b3a2b6488ad5 |
| SHA256 | 649017fed564888b290c4269ff307ceb3b15782ffaa1e8eb2ffd235f8dd10d0d |
| SHA512 | f4ee98a4a4fc28dbce466c21c5b61c43110bbf3dd91f86a4cd6fb866fa5f0f56846763f4fe93b486488894978eec2cdc1e1337b9c6e775488d766c5ddae5cc62 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1
| MD5 | 21c6acf051af969456d09c846f95331b |
| SHA1 | 30259a6fa4a47d58fbf65b1d3049960264d1c097 |
| SHA256 | 3d88cd379022a179134aabba5ce75f7286a7daedfbd9cadf35ea990c30f8a8ef |
| SHA512 | 2bb0d0a1a2d0b8fcb842400c0ae6e2ba80df09a0b061c19436b004041c6eaa33bd01681e107c8f1c5e5d9d5ab7233284e310b0c117fb00e19f46b3ec86d18cbd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0
| MD5 | 9534624da981a905dd79c2bbc6c6709e |
| SHA1 | d252a960d3fc39399c25ac2c03238a5b6c2ce8ff |
| SHA256 | 5e1fa7a0a968410bb2188a5c22200b9ff8eadb73bc87e6e66443c48b65f939e1 |
| SHA512 | 9238c7ae7adea3edbbe11c9c88e8c741e2097ec054831bf25c2b08913f13b47603ef8fe96a611c0bc8ca9061a86f755a4328133911286f168855e17796cca07f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1
| MD5 | f91dc5a827742d2258ad1ea2e9e04f35 |
| SHA1 | a2efb2b0acb507ef2525f76b84b8eef284e91cab |
| SHA256 | e08574d3f13c40aa0379f7a80226737bf8a58b2a7b28430a6bdbe8c735c187ac |
| SHA512 | 3bc40e189ddb000508d237e1f6ac558fc9140f9ad713c980ec529bc5855b4e94c851b8beb27c93bb3c873b6a702a4135081a916a19ca98a1fa814dde9c102b8c |
memory/5796-1643-0x00000000004F0000-0x00000000004FA000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6b7de742b073ad0f21754ff7f20723a1 |
| SHA1 | ca1b86683ab7122f1fca702c6b3c014f6ecd6741 |
| SHA256 | 4be8db17ea48c5616fcc8a11922e2b482c99973d14a360bb43e353f08e11fe7b |
| SHA512 | f98826dd6808e74c1e982032285b15e882cad489c8e9ea5f212ee487d0b6a0d8f8219c2bbea671f2379b456337f92f6d3c96054e85d34a084095eeffe55ea77d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | a93dc1bb6bd2edb618894b95dd2889e4 |
| SHA1 | 0b23c3994e1947265f6e27a27627d38a97660f22 |
| SHA256 | d57260f491740851cd72d2e2a762b8f4e00cfdc9dffde001ed2f75a0e1438dcc |
| SHA512 | 007711d33739849933cc1b05362db9307c0ad22c17dae9659309484a010ef46d518a5ac193a79f14042d491f8f46fbb1fdd6988d9f3d44884f2a3552f3b37ef5 |
memory/5036-1829-0x000002007FC10000-0x000002007FC11000-memory.dmp
memory/5036-1828-0x000002007FC10000-0x000002007FC11000-memory.dmp
memory/5036-1827-0x000002007FC10000-0x000002007FC11000-memory.dmp
memory/5036-1839-0x000002007FC10000-0x000002007FC11000-memory.dmp
memory/5036-1838-0x000002007FC10000-0x000002007FC11000-memory.dmp
memory/5036-1837-0x000002007FC10000-0x000002007FC11000-memory.dmp
memory/5036-1836-0x000002007FC10000-0x000002007FC11000-memory.dmp
memory/5036-1835-0x000002007FC10000-0x000002007FC11000-memory.dmp
memory/5036-1834-0x000002007FC10000-0x000002007FC11000-memory.dmp
memory/5036-1833-0x000002007FC10000-0x000002007FC11000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\X7G8JQW9LFH3YD2KP6ZTQ4VMX5N8WB1RHFJQ.txt
| MD5 | c4efd9a7b61ebf43b608440be5e33369 |
| SHA1 | 926418256c277f1b11b575ec6e92ce6a844612f7 |
| SHA256 | ed4280859199da5a8f25c0c6d533d0873460ac63368c14a69bbd863ea4bfb30f |
| SHA512 | 9ea97363868d61d3d51bd3804d638b71ba8dc65260800b3a54051b4725cf08e9d9880a12422a549d94a339c7267e858a7ff5ca9428d64051657134b5c6c20745 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 405dd156f0b697f2d0702afedb827b80 |
| SHA1 | 41e7bd95b48a39edd67e751abf94c92b6617271a |
| SHA256 | a764eb30b54d11ded5b23807bca8dee0a2a36b921de032d8923b11b5eb835e77 |
| SHA512 | 981f35b0c8c9261a4ad7c6c4cf01c5e062f510c7e58affeea3d541510a8bff28f124a0a0142ced89502b4540b50161d201e61a5a0ba08b7504cb6560f5627d4b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
| MD5 | 961e3604f228b0d10541ebf921500c86 |
| SHA1 | 6e00570d9f78d9cfebe67d4da5efe546543949a7 |
| SHA256 | f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed |
| SHA512 | 535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version
| MD5 | ef48733031b712ca7027624fff3ab208 |
| SHA1 | da4f3812e6afc4b90d2185f4709dfbb6b47714fa |
| SHA256 | c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99 |
| SHA512 | ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6250dcdb9d76ae9c5048084b9878f3d7 |
| SHA1 | 4157621f00df684243956b2085ca13fe5624d3f7 |
| SHA256 | 59ee89a75521d314baf9f52546fc991b6275a6478aa9289bae28cfe05bb59516 |
| SHA512 | e18e7e31e263048b7e746c9fc6df13adf242c2fc999ca9d685184fe2d7b721fcc1679dc31b661bdd600608d95a01024779457e5d603f804f901f767d0df41563 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 4f05032689079b7d51cbe9a7fc4c97dd |
| SHA1 | c6bf8a9e0d72cb2345e7f3c509c7e54770a0a2f6 |
| SHA256 | 1e9a0ee051a1c8722aecaf585b18a928ddca1cfca1f427db087f2480156f7430 |
| SHA512 | 543e2b2e27e4e448e1de90ff464745164f44a4d18176ebcb3de3a680b96951385746088c3f4d1fb72bdd754f0d13c5c45bc068930eea750fb13fc1cde1a20210 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log
| MD5 | 226f5ed4cb77ed2a09007500b0dca1b5 |
| SHA1 | a4aded73a9d06f7fc0ba85eb240b1778393df288 |
| SHA256 | 316dd6098e6b2dbbd17af2c089ecd9fdb09a620dbe965feaef6fdddac5e9a62f |
| SHA512 | a5cb084295cd117748b206a27835af44b69e5fd89ea37fdefdb2e7d5a683cd4a48d34f2feb8c71e73ed4010ec9a2bfda2d2ee210119831f9dfefbdccc0fcae80 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
| MD5 | bc6142469cd7dadf107be9ad87ea4753 |
| SHA1 | 72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c |
| SHA256 | b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557 |
| SHA512 | 47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182 |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
| MD5 | 2501036888afa69b6c8c86c1c4d6fc8d |
| SHA1 | 5fcbbc1dfec93d031c0cc332796b99af820e1073 |
| SHA256 | d5a12e1f29d4f88f8ba195dd65fedd26c674cb99ff30b88bc069b35d5f757e6a |
| SHA512 | df257b0ef7b3a2ab8a27d37e9f26c0bc61b8bbfec18cadd8b40d9adfb732fe1dd6d5de8faa14fdd256fb4f2d86b7176327e23928a92dfac2fc1488b084add851 |
C:\Users\Admin\AppData\Roaming\All_Wallets.zip
| MD5 | 76cdb2bad9582d23c1f6f4d868218d6c |
| SHA1 | b04f3ee8f5e43fa3b162981b50bb72fe1acabb33 |
| SHA256 | 8739c76e681f900923b900c9df0ef75cf421d39cabb54650c4b9ad19b6a76d85 |
| SHA512 | 5e2f959f36b66df0580a94f384c5fc1ceeec4b2a3925f062d7b68f21758b86581ac2adcfdde73a171a28496e758ef1b23ca4951c05455cdae9357cc3b5a5825f |
memory/5020-2076-0x000002497A050000-0x000002497A051000-memory.dmp
memory/5020-2078-0x000002497A050000-0x000002497A051000-memory.dmp
memory/5020-2077-0x000002497A050000-0x000002497A051000-memory.dmp
memory/5020-2080-0x000002497A050000-0x000002497A051000-memory.dmp
memory/5020-2085-0x000002497A050000-0x000002497A051000-memory.dmp
memory/5020-2084-0x000002497A050000-0x000002497A051000-memory.dmp
memory/5020-2083-0x000002497A050000-0x000002497A051000-memory.dmp
memory/5020-2082-0x000002497A050000-0x000002497A051000-memory.dmp
memory/5020-2081-0x000002497A050000-0x000002497A051000-memory.dmp
C:\Users\Admin\AppData\Local\D3DSCache\f41801ed8d082ad4\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
| MD5 | f49655f856acb8884cc0ace29216f511 |
| SHA1 | cb0f1f87ec0455ec349aaa950c600475ac7b7b6b |
| SHA256 | 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba |
| SHA512 | 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | d1eb262844b12ed43b37c17dc4f8f19c |
| SHA1 | 517d4ca848645f1ce24c5729b4d85dcc3df050e7 |
| SHA256 | d556be756222adce99d9112a5ea890a14a23ff5696a227d8437941b04deba199 |
| SHA512 | beda7a41b00b22fa3d45aec32d686a0d00819f2506f6419ceb1ae027370cebc52ebb77ce7312819945d4a78a359c181b2525d619bb4b2f8d74f9a931748ab3db |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\datareporting\glean\pending_pings\fcc77077-607a-4a87-9264-6fce4e55ee63
| MD5 | 7c1833f987626927a5a097cc89df6113 |
| SHA1 | 4e65cca33aa60c519d6cf7d020ded8c0edc7c6e0 |
| SHA256 | 6022b66c69fccb751ca867fe81137ca4812ec4835debe2721201a15ed6a58d0c |
| SHA512 | 719ddfc0cfb0f882698bdf3b9839b8e56753f244ae6a391b82fc76276d705c06f92a58fd6b6e39427e805f36f87101c662098d61ccdfdc002cfce07bed3ef0ea |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | e1d8bd148dbc1da043c2157f63f3ae47 |
| SHA1 | a0fb52af1347d3a5a61c88b07e2d2c43308606b1 |
| SHA256 | e5dc0eb9be5319613b834e59646eed7a8f3e0d26f7c3d2f0272d010f592ebee8 |
| SHA512 | a8c92dc12e9de47f23edb346abba9fe0dddc9fb7ffc35a55e734d89528f82197821265a7774c4d9bb5cacefb760c57b802aa18ac8f415331c49a97e16054f091 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\datareporting\glean\pending_pings\2450c9af-3a7c-4b96-ba8b-9717eb47def8
| MD5 | 4f6e6abc7caf74f840124e2391793acc |
| SHA1 | a4727bc8965f49d112f7846e3ea1c26f731a865e |
| SHA256 | 8b273a1cdc365e9d8756ed645908ba4ddce002f420f8f9ff48eef6cdabbb8f29 |
| SHA512 | 5aa8f17d962edcbb5f7a9f4b669f7037a5b70d10e1f5d11b754f55838c2323d253a4d4012ca6ff00a1a85fa7512b10a8d8c0149009228a9ebfeb71d975a83bb9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\datareporting\glean\pending_pings\0f07ca74-c328-48c6-b5b5-c3547760aa3a
| MD5 | 209977899f4f6834e1bb5d5313f8b026 |
| SHA1 | 239cc3911aee53c369d2354cd5c132143fc3b49a |
| SHA256 | f3268b3c6bab96a15c4003ea7102d7fb714dd816371350227458e78c7f3bf932 |
| SHA512 | feff76b8c79a8e5e23a403fc3d0fb3957dddbbfc6a0e55aefe7a928992126718c628179670086bf537dd76ee05e23edcca911d4c24396720f01c241927e500eb |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\maevrvll.default-release\activity-stream.discovery_stream.json
| MD5 | 88224217f5d414ebcd712b9ff96bbaa9 |
| SHA1 | 436f36932c026b1fc13a611651792ef6de6afab2 |
| SHA256 | 5f5ecdced48eb35cab3ba24b27f9e12ddf2b9593ed1920bd6f5ae2271a7ac368 |
| SHA512 | bbd221a43135c9833c655cbaed060a63bba05090af35192ee08205abd7d3bb65214694150e1f3dcea9ab285bc1454003abc6b9e09d056fd8c2c674dc5b91a065 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 0501efa12a4c7a2b1aa19640de86f1e3 |
| SHA1 | ae07d7f72ae70ebcc2bebec63e5b464a3cacb5e0 |
| SHA256 | 126e541ba43d6da3d0fb7500f530ede03b048d71b3ef2c6aff188331e9a6df1d |
| SHA512 | eaa39706587335c79143195e7a2960a6cc41bee016c72d890d7988364dfa572bcb723b97710620c7c844b609e9c6525e58f3b8f9addf88e3c5d557bb14865698 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\prefs-1.js
| MD5 | eae4b6fc81c831426c44599f73ef5daf |
| SHA1 | 79841d9811a1f49c4e192e8b439e648fbdb7cc59 |
| SHA256 | 907f554041c9ebb8d50a8aae8b92115b00b208bbd3efd1e195119dfb28887b49 |
| SHA512 | 71ed3c838545869b73ade4761fb12f1652c11db791a8d105ec09fa2eb79d35d08058a89f530a9bb125a6bea9f6651e42ae45d69a93443924b6830daa56ad21f1 |